Google Dorking Reference
Reconnaissance
Google Dorking (Google Hacking) uses advanced search operators to find sensitive information that has been inadvertently exposed and indexed by search engines.
Responsible Use
Google Dorking can reveal sensitive data. Only use these techniques against targets you have
authorization to test. Accessing exposed data without permission may be illegal.
Interactive Dork Builder
Scope guard
Normalize target scope, exclude unrelated domains, and keep broad searches visible before opening Google.
No target scope
Generated query
Unscoped - 0 parts
Build a scoped query to begin.
Use manual searches within authorized scope. The share URL stores the current query configuration in the browser address.
Target scope
Query checks
Build a query before copying or opening it.
Parts
0
Length
0
Excludes
0
Scoped presets
Choose a focused starting point, then edit each query part before running it manually.
Query part editor
Add operators as editable rows. Disable, reorder, or remove fragments without rebuilding the query.
Choose a preset or add an operator to start building a query.
Dorking Automation Tools
GoogleDorker
AutomationPython tool for automating Google dork searches.
Installation
bash
pip install googledorkerpip install googledorkerDorkify
AutomationGoogle dorks automation tool with custom queries.
Installation
bash
git clone https://github.com/hhhrrrttt222111/Dorkify.gitgit clone https://github.com/hhhrrrttt222111/Dorkify.gitPagodo
AutomationPassive Google Dork automation.
Installation
bash
pip install pagodopip install pagodoGHDB Scraper
DatabaseScrapes Google Hacking Database for fresh dorks.
Installation
bash
git clone https://github.com/cipher387/GHDB_scraper.gitgit clone https://github.com/cipher387/GHDB_scraper.gitBasic Search Operators
text
# Site Restriction - limit to specific domain
site:target.com
site:*.target.com # Include subdomains
-site:www.target.com # Exclude www
# URL Content
inurl:admin
inurl:login
inurl:"/admin/config"
# Title Content
intitle:"index of"
intitle:"login"
allintitle:admin login
# Body Content
intext:"password"
allintext:username password
# File Types
filetype:pdf
filetype:doc OR filetype:docx
ext:php # Alternative to filetype
ext:asp OR ext:aspx
# Cache
cache:target.com # View cached version
# Related Sites
related:target.com # Similar websites
# Link Analysis
link:target.com # Pages linking to target (deprecated but sometimes works)
# Wildcard
site:*.target.com # Any subdomain
inurl:admin* # admin followed by anything# Site Restriction - limit to specific domain
site:target.com
site:*.target.com # Include subdomains
-site:www.target.com # Exclude www
# URL Content
inurl:admin
inurl:login
inurl:"/admin/config"
# Title Content
intitle:"index of"
intitle:"login"
allintitle:admin login
# Body Content
intext:"password"
allintext:username password
# File Types
filetype:pdf
filetype:doc OR filetype:docx
ext:php # Alternative to filetype
ext:asp OR ext:aspx
# Cache
cache:target.com # View cached version
# Related Sites
related:target.com # Similar websites
# Link Analysis
link:target.com # Pages linking to target (deprecated but sometimes works)
# Wildcard
site:*.target.com # Any subdomain
inurl:admin* # admin followed by anythingPowerful Combinations
text
# Login Pages
site:target.com inurl:login | inurl:signin | inurl:admin | inurl:portal
site:target.com intitle:"login" | intitle:"sign in"
site:target.com inurl:wp-login.php # WordPress
site:target.com inurl:administrator # Joomla
# Configuration Files
site:target.com ext:xml | ext:conf | ext:cnf | ext:config | ext:ini | ext:env
site:target.com filetype:env # Environment files
site:target.com filetype:yml | filetype:yaml # YAML configs
site:target.com filetype:json intext:password
# Database Files & Backups
site:target.com ext:sql | ext:db | ext:mdb | ext:sqlite
site:target.com ext:bak | ext:backup | ext:old | ext:temp
site:target.com "sql dump" | "database dump"
site:target.com filetype:sql "insert into" password
# Directory Listings
site:target.com intitle:"index of" | intitle:"directory listing"
site:target.com intitle:"index of" "parent directory"
site:target.com intitle:"index of" inurl:backup
# Error Messages (information disclosure)
site:target.com "error" | "warning" | "fatal"
site:target.com "mysql" error | warning
site:target.com "sql syntax" | "mysql_fetch"
site:target.com "ORA-" | "Oracle error"
site:target.com "stack trace" | "exception"
site:target.com "PHP Parse error" | "PHP Warning"# Login Pages
site:target.com inurl:login | inurl:signin | inurl:admin | inurl:portal
site:target.com intitle:"login" | intitle:"sign in"
site:target.com inurl:wp-login.php # WordPress
site:target.com inurl:administrator # Joomla
# Configuration Files
site:target.com ext:xml | ext:conf | ext:cnf | ext:config | ext:ini | ext:env
site:target.com filetype:env # Environment files
site:target.com filetype:yml | filetype:yaml # YAML configs
site:target.com filetype:json intext:password
# Database Files & Backups
site:target.com ext:sql | ext:db | ext:mdb | ext:sqlite
site:target.com ext:bak | ext:backup | ext:old | ext:temp
site:target.com "sql dump" | "database dump"
site:target.com filetype:sql "insert into" password
# Directory Listings
site:target.com intitle:"index of" | intitle:"directory listing"
site:target.com intitle:"index of" "parent directory"
site:target.com intitle:"index of" inurl:backup
# Error Messages (information disclosure)
site:target.com "error" | "warning" | "fatal"
site:target.com "mysql" error | warning
site:target.com "sql syntax" | "mysql_fetch"
site:target.com "ORA-" | "Oracle error"
site:target.com "stack trace" | "exception"
site:target.com "PHP Parse error" | "PHP Warning"Finding Sensitive Information
text
# Credentials & Secrets
site:target.com "password" | "passwd" | "pwd"
site:target.com "api_key" | "apikey" | "api-key" | "api key"
site:target.com "secret" | "token" | "bearer"
site:target.com "private_key" | "private-key"
site:target.com "aws_access_key" | "aws_secret"
site:target.com "authorization: bearer"
# Connection Strings
site:target.com "jdbc:" | "mongodb://" | "postgres://"
site:target.com "mysql://" | "redis://"
site:target.com intext:"connectionstring"
# Internal Documents
site:target.com filetype:pdf "confidential" | "internal use only" | "not for distribution"
site:target.com filetype:doc "internal" | "draft" | "proprietary"
site:target.com filetype:xls "salary" | "ssn" | "social security"
# Git/Source Control Exposure
site:target.com inurl:.git
site:target.com intitle:"index of" ".git"
site:target.com filetype:gitconfig
site:target.com "-----BEGIN RSA PRIVATE KEY-----"
# AWS/Cloud Leaks
site:target.com "AKIA" # AWS Access Key prefix
site:target.com "s3.amazonaws.com"
site:target.com "blob.core.windows.net"
site:target.com "storage.googleapis.com"# Credentials & Secrets
site:target.com "password" | "passwd" | "pwd"
site:target.com "api_key" | "apikey" | "api-key" | "api key"
site:target.com "secret" | "token" | "bearer"
site:target.com "private_key" | "private-key"
site:target.com "aws_access_key" | "aws_secret"
site:target.com "authorization: bearer"
# Connection Strings
site:target.com "jdbc:" | "mongodb://" | "postgres://"
site:target.com "mysql://" | "redis://"
site:target.com intext:"connectionstring"
# Internal Documents
site:target.com filetype:pdf "confidential" | "internal use only" | "not for distribution"
site:target.com filetype:doc "internal" | "draft" | "proprietary"
site:target.com filetype:xls "salary" | "ssn" | "social security"
# Git/Source Control Exposure
site:target.com inurl:.git
site:target.com intitle:"index of" ".git"
site:target.com filetype:gitconfig
site:target.com "-----BEGIN RSA PRIVATE KEY-----"
# AWS/Cloud Leaks
site:target.com "AKIA" # AWS Access Key prefix
site:target.com "s3.amazonaws.com"
site:target.com "blob.core.windows.net"
site:target.com "storage.googleapis.com"Third-Party Data Leaks
text
# GitHub Leaks
site:github.com "target.com" password
site:github.com "target.com" api_key | apikey | secret
site:github.com "target.com" filename:.env
site:github.com "target.com" extension:sql
site:github.com "target.com" "jdbc:" | "mongodb://"
# GitLab
site:gitlab.com "target.com" password | secret | token
# Pastebin & Code Sharing
site:pastebin.com "target.com"
site:paste.mozilla.org "target.com"
site:codepad.co "target.com"
site:gist.github.com "target.com"
site:jsfiddle.net "target.com"
site:codepen.io "target.com"
site:replit.com "target.com"
# Trello Boards (often expose sensitive data)
site:trello.com "target.com"
site:trello.com "target" password | key | token
# Cloud Storage
site:s3.amazonaws.com "target"
site:storage.googleapis.com "target"
site:blob.core.windows.net "target"
# Document Sharing
site:docs.google.com "target.com"
site:drive.google.com "target.com"
site:dropbox.com "target"# GitHub Leaks
site:github.com "target.com" password
site:github.com "target.com" api_key | apikey | secret
site:github.com "target.com" filename:.env
site:github.com "target.com" extension:sql
site:github.com "target.com" "jdbc:" | "mongodb://"
# GitLab
site:gitlab.com "target.com" password | secret | token
# Pastebin & Code Sharing
site:pastebin.com "target.com"
site:paste.mozilla.org "target.com"
site:codepad.co "target.com"
site:gist.github.com "target.com"
site:jsfiddle.net "target.com"
site:codepen.io "target.com"
site:replit.com "target.com"
# Trello Boards (often expose sensitive data)
site:trello.com "target.com"
site:trello.com "target" password | key | token
# Cloud Storage
site:s3.amazonaws.com "target"
site:storage.googleapis.com "target"
site:blob.core.windows.net "target"
# Document Sharing
site:docs.google.com "target.com"
site:drive.google.com "target.com"
site:dropbox.com "target"Employee & Contact Discovery
text
# LinkedIn Dorking
site:linkedin.com/in "target company"
site:linkedin.com "security engineer" "target company"
site:linkedin.com "CISO" | "security director" "target company"
site:linkedin.com/company/target
# Email Discovery
site:target.com "@target.com"
site:target.com "email" | "contact" | "mailto:"
filetype:pdf site:target.com "@target.com"
# Conference & Presentations
site:slideshare.net "target company"
site:speakerdeck.com "target company"
site:prezi.com "target company"
# Resume/CV Sites
site:indeed.com "target company"
site:monster.com "target company"
site:glassdoor.com "target company"
# Forums & Support
site:stackoverflow.com "target.com"
site:reddit.com "target company"
site:quora.com "target company"
# Press & News (for org structure)
site:businesswire.com "target company"
site:prnewswire.com "target company"# LinkedIn Dorking
site:linkedin.com/in "target company"
site:linkedin.com "security engineer" "target company"
site:linkedin.com "CISO" | "security director" "target company"
site:linkedin.com/company/target
# Email Discovery
site:target.com "@target.com"
site:target.com "email" | "contact" | "mailto:"
filetype:pdf site:target.com "@target.com"
# Conference & Presentations
site:slideshare.net "target company"
site:speakerdeck.com "target company"
site:prezi.com "target company"
# Resume/CV Sites
site:indeed.com "target company"
site:monster.com "target company"
site:glassdoor.com "target company"
# Forums & Support
site:stackoverflow.com "target.com"
site:reddit.com "target company"
site:quora.com "target company"
# Press & News (for org structure)
site:businesswire.com "target company"
site:prnewswire.com "target company"Vulnerable Devices & Services
text
# Webcams & IoT
intitle:"webcamXP 5"
intitle:"Live View / - AXIS"
inurl:"/view.shtml"
intitle:"Network Camera"
# Printers
intitle:"hp laserjet" inurl:info_configuration.htm
intitle:"Printer Status" inurl:status
# Network Devices
intitle:"RouterOS" inurl:winbox
intitle:"D-Link" inurl:"/cgi-bin/"
intitle:"Cisco" inurl:"level/15"
# Database Interfaces
intitle:"phpMyAdmin" intext:"Welcome to phpMyAdmin"
intitle:"Adminer" intext:"Login"
intitle:"pgAdmin"
# Control Panels
intitle:"cPanel Login"
intitle:"Plesk" intext:"Login"
intitle:"DirectAdmin Login"
intitle:"Webmin" intext:"login"
# VPN/Remote Access
intitle:"Cisco WebVPN Service"
intitle:"Pulse Connect Secure"
intitle:"Citrix Gateway"
intitle:"FortiGate" inurl:remote/login
# Development/Staging
site:target.com inurl:staging | inurl:dev | inurl:test | inurl:uat
site:target.com inurl:beta | inurl:preprod | inurl:sandbox# Webcams & IoT
intitle:"webcamXP 5"
intitle:"Live View / - AXIS"
inurl:"/view.shtml"
intitle:"Network Camera"
# Printers
intitle:"hp laserjet" inurl:info_configuration.htm
intitle:"Printer Status" inurl:status
# Network Devices
intitle:"RouterOS" inurl:winbox
intitle:"D-Link" inurl:"/cgi-bin/"
intitle:"Cisco" inurl:"level/15"
# Database Interfaces
intitle:"phpMyAdmin" intext:"Welcome to phpMyAdmin"
intitle:"Adminer" intext:"Login"
intitle:"pgAdmin"
# Control Panels
intitle:"cPanel Login"
intitle:"Plesk" intext:"Login"
intitle:"DirectAdmin Login"
intitle:"Webmin" intext:"login"
# VPN/Remote Access
intitle:"Cisco WebVPN Service"
intitle:"Pulse Connect Secure"
intitle:"Citrix Gateway"
intitle:"FortiGate" inurl:remote/login
# Development/Staging
site:target.com inurl:staging | inurl:dev | inurl:test | inurl:uat
site:target.com inurl:beta | inurl:preprod | inurl:sandboxOperator Quick Reference
| Operator | Description | Example |
|---|---|---|
| site: | Restrict to domain | site:target.com |
| inurl: | URL contains | inurl:admin |
| intitle: | Title contains | intitle:"index of" |
| intext: | Body contains | intext:password |
| filetype: | File extension | filetype:pdf |
| ext: | File extension (alt) | ext:php |
| | | OR operator | admin | login |
| - | Exclude | -site:www.target.com |
| "..." | Exact phrase | "internal use only" |
| * | Wildcard | site:*.target.com |
External Resources
Google Hacking Database (GHDB)
Exploit-DB's collection of Google dorks
DorkSearch
Pre-built Google dork generator
Pentest-Tools Google Dorking
Online Google dorking tool
Search Operators Reference
Comprehensive search operator documentation
DuckDuckGo
Alternative search engine with bang commands
Yandex
Russian search engine - different indexing