Google Dorking
Google-Dorking.md
Google Dorking
Overview
Google Dorking (also called Google Hacking) is the technique of using advanced Google search operators to find information that is publicly indexed but not easily discoverable through normal searches. It can surface exposed files, login pages, configuration data, and sensitive documents.
Category
#reconnaissance #osint #passive-recon
Phase
Reconnaissance
Key Operators
| Operator | Example | What It Does |
|---|---|---|
site: |
site:example.com |
Limit results to a domain |
filetype: |
filetype:pdf |
Search for specific file types |
intitle: |
intitle:"index of" |
Match text in page title |
inurl: |
inurl:admin |
Match text in URL |
intext: |
intext:"password" |
Match text in body |
cache: |
cache:example.com |
View Google’s cached version |
link: |
link:example.com |
Find pages linking to a domain |
"..." |
"confidential do not share" |
Exact phrase match |
- |
-site:wikipedia.org |
Exclude results |
Common Dorks
# Find exposed admin panels
site:example.com inurl:admin
# Find open directory listings
intitle:"index of" site:example.com
# Exposed passwords or config files
filetype:env "DB_PASSWORD" site:example.com
filetype:xml "password" site:example.com
# Find login pages
site:example.com inurl:login
# Exposed SQL files
filetype:sql "INSERT INTO" site:example.com
# Camera feeds
inurl:/view/index.shtml
# Exposed .git directories
inurl:"/.git" site:example.com
# Sensitive PDFs
site:gov filetype:pdf "confidential"
Resources
- Google Hacking Database (GHDB) — Exploit-DB’s searchable dork library
- DorkSearch.com — Faster dork searching
- GHDB Categories — Footholds, Files, Vuln Servers, etc.
OPSEC Notes
All queries go through Google and are logged. Google may present CAPTCHAs or block IPs after excessive automated queries. For stealth, space out queries and avoid automation unless using a dedicated search API (e.g., SerpAPI, Custom Search).
Ethical/Legal Note
Accessing files or systems you discover through dorking — even if publicly indexed — without authorization may be illegal. Dorking itself is passive; what you do with results determines legality.
Related Tools
- WHOIS — Follow up domain dorks with registration info
- Maltego — Visualize exposed data across an org
- Nmap — Active scanning after passive recon identifies targets
Tags
#ethical-hacking #reconnaissance #osint #google #passive