WhatsApp Dorks And Tricks21st February 2020
EDIT: As of this morning (22nd Feb) this dork no longer works. WhatsApp have modified their URLs so that they are no longer indexed by Google. The other dorks on this post still work though.
A tweet by Jordan Wildon attracted a lot of interest this week after he showed how it was possible to find publicly-indexed WhatsApp groups with a little Google Dorking. The dork takes advantage of the way that WhatsApp creates public groups. A group Admin can then generate a shareable public link to the group for others to join. Google has indexed these links so that it is possible conduct a targeted search for WhatsApp groups that are about a particular theme. The broadest search method is as simple as:
It brings back almost 460,000 indexed group invitations:
To exploit this we can amend the search term by specifying a subject that we’re interested in finding out about. So if we wanted to find a group where we might find a few scammers we could try a search like:
site:chat.whatsapp.com crypto | forex | bitcoin | invest
Google does not actually index group chat content in this way though – to find the content and phone numbers associated to these groups still requires joining the group itself.
Getting WhatsApp Content
So can we get actual WhatsApp content with a few other Google Dorks? It isn’t possible to gather content directly but with a little creativity it is actually possible to get some WhatsApp content from open sources. For example backed up WhatsApp images can be found when they have been uploaded to openly accessible servers. These backups can be found with the following search:
intitle: “WhatsApp Images”
Google finds open directories that contain WhatsApp Image backups:
Although this technique works, it’s quite limited in its effectiveness these days. The main reason is that the default backup options offered by WhatsApp tend to be for Cloud services like Google Drive or Dropbox, which are not indexed and so not searchable.
We can also combine the inurl and intitle parameters to search for directories that contain WhatsApp content such as messages, backups, and images:
intitle:index of inurl://whatsapp/
For more fun with this method, you can replace “whatsapp” in the search parameter with something like “DCIM” or “Dropbox” or “Backups”. Happy dorking!