Dorking WhatsApp and Telegram

Recently, A tweet attracted a lot of interest as it showed how it is possible to list publicly-indexed WhatsApp groups with a little Google Dorking. The dork takes advantage of Groups that has enabled “Invite to Group via Link” feature.

A group admin can then generate a shareable public link to the group for others to join. This feature allows the groups to be indexed by Google and many other search engines that causes it to be available across the internet. This was initially considered as a misconfiguration in WhatsApp as indexing could have been prevented through using “noindex” meta tag but Facebook didn't accept it as a security bug.

Google has removed the indexing of WhatsApp links after the tweet got viral however other search engines didn't do so.

 Google Dork: site:chat.whatsapp.com

Before Google removed the indexing

After Indexing was removed

However, these are still present in other search engines like DuckDuck Go, Bing, Yahoo etc. To exploit this we can attach search term either on prefix or suffix of the dork to list the groups that has related name.

site:chat.whatsapp.com | hacking | bitcoin | family 
(or)
hacking site:chat.whatsapp.com

DuckDuckGo

Yahoo

Bing

Even the Telegram Groups are being indexed the same way causing the Groups to be listed on the same way.

site:t.me/joinchat

It is important to note that even if ‘its’ not a critical issue but lot of user’s data can be retrieved.

Happy Dorking!