Google Dorking Reference

Reconnaissance

Google Dorking (Google Hacking) uses advanced search operators to find sensitive information that has been inadvertently exposed and indexed by search engines.

Responsible Use

Google Dorking can reveal sensitive data. Only use these techniques against targets you have authorization to test. Accessing exposed data without permission may be illegal.

Interactive Dork Builder

🏗️ Build Query

Add Operators

Quick Presets

Dorking Automation Tools

GoogleDorker

Automation
Docs

Python tool for automating Google dork searches.

Installation

bash 
pip install googledorker

Dorkify

Automation
Docs

Google dorks automation tool with custom queries.

Installation

bash 
git clone https://github.com/hhhrrrttt222111/Dorkify.git

Pagodo

Automation
Docs

Passive Google Dork automation.

Installation

bash 
pip install pagodo

GHDB Scraper

Database
Docs

Scrapes Google Hacking Database for fresh dorks.

Installation

bash 
git clone https://github.com/cipher387/GHDB_scraper.git

Basic Search Operators

basic-operators.txt
text 
# Site Restriction - limit to specific domain
site:target.com
site:*.target.com  # Include subdomains
-site:www.target.com  # Exclude www

# URL Content
inurl:admin
inurl:login
inurl:"/admin/config"

# Title Content
intitle:"index of"
intitle:"login"
allintitle:admin login

# Body Content  
intext:"password"
allintext:username password

# File Types
filetype:pdf
filetype:doc OR filetype:docx
ext:php  # Alternative to filetype
ext:asp OR ext:aspx

# Cache
cache:target.com  # View cached version

# Related Sites
related:target.com  # Similar websites

# Link Analysis
link:target.com  # Pages linking to target (deprecated but sometimes works)

# Wildcard
site:*.target.com  # Any subdomain
inurl:admin*  # admin followed by anything

Powerful Combinations

combinations.txt
text 
# Login Pages
site:target.com inurl:login | inurl:signin | inurl:admin | inurl:portal
site:target.com intitle:"login" | intitle:"sign in"
site:target.com inurl:wp-login.php  # WordPress
site:target.com inurl:administrator  # Joomla

# Configuration Files
site:target.com ext:xml | ext:conf | ext:cnf | ext:config | ext:ini | ext:env
site:target.com filetype:env  # Environment files
site:target.com filetype:yml | filetype:yaml  # YAML configs
site:target.com filetype:json intext:password

# Database Files & Backups
site:target.com ext:sql | ext:db | ext:mdb | ext:sqlite
site:target.com ext:bak | ext:backup | ext:old | ext:temp
site:target.com "sql dump" | "database dump"
site:target.com filetype:sql "insert into" password

# Directory Listings
site:target.com intitle:"index of" | intitle:"directory listing"
site:target.com intitle:"index of" "parent directory"
site:target.com intitle:"index of" inurl:backup

# Error Messages (information disclosure)
site:target.com "error" | "warning" | "fatal"
site:target.com "mysql" error | warning
site:target.com "sql syntax" | "mysql_fetch"
site:target.com "ORA-" | "Oracle error"
site:target.com "stack trace" | "exception"
site:target.com "PHP Parse error" | "PHP Warning"

Finding Sensitive Information

sensitive-info.txt
text 
# Credentials & Secrets
site:target.com "password" | "passwd" | "pwd"
site:target.com "api_key" | "apikey" | "api-key" | "api key"
site:target.com "secret" | "token" | "bearer"
site:target.com "private_key" | "private-key"
site:target.com "aws_access_key" | "aws_secret"
site:target.com "authorization: bearer"

# Connection Strings
site:target.com "jdbc:" | "mongodb://" | "postgres://"
site:target.com "mysql://" | "redis://"
site:target.com intext:"connectionstring"

# Internal Documents
site:target.com filetype:pdf "confidential" | "internal use only" | "not for distribution"
site:target.com filetype:doc "internal" | "draft" | "proprietary"
site:target.com filetype:xls "salary" | "ssn" | "social security"

# Git/Source Control Exposure
site:target.com inurl:.git
site:target.com intitle:"index of" ".git"
site:target.com filetype:gitconfig
site:target.com "-----BEGIN RSA PRIVATE KEY-----"

# AWS/Cloud Leaks
site:target.com "AKIA"  # AWS Access Key prefix
site:target.com "s3.amazonaws.com"
site:target.com "blob.core.windows.net"
site:target.com "storage.googleapis.com"

Third-Party Data Leaks

third-party-leaks.txt
text 
# GitHub Leaks
site:github.com "target.com" password
site:github.com "target.com" api_key | apikey | secret
site:github.com "target.com" filename:.env
site:github.com "target.com" extension:sql
site:github.com "target.com" "jdbc:" | "mongodb://"

# GitLab
site:gitlab.com "target.com" password | secret | token

# Pastebin & Code Sharing
site:pastebin.com "target.com"
site:paste.mozilla.org "target.com"
site:codepad.co "target.com"
site:gist.github.com "target.com"
site:jsfiddle.net "target.com"
site:codepen.io "target.com"
site:replit.com "target.com"

# Trello Boards (often expose sensitive data)
site:trello.com "target.com"
site:trello.com "target" password | key | token

# Cloud Storage
site:s3.amazonaws.com "target"
site:storage.googleapis.com "target"
site:blob.core.windows.net "target"

# Document Sharing
site:docs.google.com "target.com"
site:drive.google.com "target.com"
site:dropbox.com "target"

Employee & Contact Discovery

employee-discovery.txt
text 
# LinkedIn Dorking
site:linkedin.com/in "target company"
site:linkedin.com "security engineer" "target company"
site:linkedin.com "CISO" | "security director" "target company"
site:linkedin.com/company/target

# Email Discovery
site:target.com "@target.com"
site:target.com "email" | "contact" | "mailto:"
filetype:pdf site:target.com "@target.com"

# Conference & Presentations
site:slideshare.net "target company"
site:speakerdeck.com "target company"
site:prezi.com "target company"

# Resume/CV Sites
site:indeed.com "target company"
site:monster.com "target company"
site:glassdoor.com "target company"

# Forums & Support
site:stackoverflow.com "target.com"
site:reddit.com "target company"
site:quora.com "target company"

# Press & News (for org structure)
site:businesswire.com "target company"
site:prnewswire.com "target company"

Vulnerable Devices & Services

vulnerable-devices.txt
text 
# Webcams & IoT
intitle:"webcamXP 5"
intitle:"Live View / - AXIS"
inurl:"/view.shtml"
intitle:"Network Camera"

# Printers
intitle:"hp laserjet" inurl:info_configuration.htm
intitle:"Printer Status" inurl:status

# Network Devices
intitle:"RouterOS" inurl:winbox
intitle:"D-Link" inurl:"/cgi-bin/"
intitle:"Cisco" inurl:"level/15"

# Database Interfaces
intitle:"phpMyAdmin" intext:"Welcome to phpMyAdmin"
intitle:"Adminer" intext:"Login"
intitle:"pgAdmin"

# Control Panels
intitle:"cPanel Login"
intitle:"Plesk" intext:"Login"
intitle:"DirectAdmin Login"
intitle:"Webmin" intext:"login"

# VPN/Remote Access
intitle:"Cisco WebVPN Service"
intitle:"Pulse Connect Secure"
intitle:"Citrix Gateway"
intitle:"FortiGate" inurl:remote/login

# Development/Staging
site:target.com inurl:staging | inurl:dev | inurl:test | inurl:uat
site:target.com inurl:beta | inurl:preprod | inurl:sandbox

Operator Quick Reference

Operator Description Example
site: Restrict to domain site:target.com
inurl: URL contains inurl:admin
intitle: Title contains intitle:"index of"
intext: Body contains intext:password
filetype: File extension filetype:pdf
ext: File extension (alt) ext:php
| OR operator admin | login
- Exclude -site:www.target.com
"..." Exact phrase "internal use only"
* Wildcard site:*.target.com

External Resources

Google Hacking Database (GHDB)

Exploit-DB's collection of Google dorks

DorkSearch

Pre-built Google dork generator

Pentest-Tools Google Dorking

Online Google dorking tool

Search Operators Reference

Comprehensive search operator documentation

DuckDuckGo

Alternative search engine with bang commands

Yandex

Russian search engine - different indexing

Related Topics

OSINT Overview

OSINT Tools

Web Reconnaissance