EdCatalyst Logo
426 dorks · full content

Google Dorking

Objective: Use advanced search techniques to find exposed information.

Requirements: Dorking, Publicly Indexed Files.

  • Use Google operators (site:, filetype:, inurl:) to find open directories.
  • Search for login portals and exposed credentials.
  • Extract sensitive PDF, XLS, and TXT files.
  • Report findings ethically.
  • TryHackMe Session
400+ dorks
Basic Google Dorking
  • Filetype: This operator searches for specific file types. For example, filetype:pdf would return PDF files.
  • Inurl: The inurl: operator can be used to find specific words within the URL of a page. For example, inurl:login would return pages with login in the URL.
  • Intext: With the intext: operator, you can search for specific text within the content of a web page. For example, intext:password would yield pages that contain the word “password”.
  • Intitle: The intitle: operator is used to search for specific terms in the title of a webpage. For example, intitle:index of could reveal web servers with directory listing enabled.
  • Link: The link: operator can be used to find pages that link to a specific URL. For example, link:example.com would find pages linking to example.com.
  • Site: The site: operator allows you to search within a specific site. For example, site:example.com would search within example.com.
Google and Bing Search Operators
OperatorDescription
"Search Term"Search for the exact phrase within quotes.
-Remove pages that mention a given term from the search results.
+Force Google to return common words that might ordinarily be discarded. (Deprecated in Google, but used in some contexts)
ORSearch for a given search term OR another term.
site:Search within a given domain.
filetype:Search for a certain file type (e.g., PDF, DOCX).
intitle:Search for sites with the given word(s) in the page title.
inurl:Search for sites with the given word(s) in the URL.
intext:Search for sites with the given word(s) in the text of the page.
inanchor:Search for sites that have the given word(s) in links pointing to them.
cache:Show the most recent cached version of a webpage.
IP:Bing only: Finds results based on a given IP address.
linkfromdomain:Bing only: Search for links on the given domain.
Yandex Search Operators
OperatorExampleDescription
"Search * Term""I * music"Find all results with any word where the asterisk (*) is located.
``Cheshire cat
+croquet +flamingoMandates that the page must include "flamingo" but not necessarily "croquet".
rhost:rhost:org.wikipedia.*Reverse host search.
mime:mime:pdfSearch for a specific file type (e.g., PDF).
!!Curiouser !and !curiouserSearch for multiple identical words.
-Twinkle twinkle little -starExclude “star” from search results.
lang:lang:enNarrow search by language (e.g., English).
date:date:200712*, date:20071215..20080101, date:>20091231Narrow search by a specific date or date range.
Alternative Search Engines — click any link (opens new tab)
StartpageGoogle results with privacy protectionStartpage
DuckDuckGoPrivacy-focused, no trackingDuckDuckGo
QwantEuropean search engine with privacy focusQwant
MojeekIndependent search engine with its own indexMojeek
Wolfram AlphaComputational knowledge engineWolfram Alpha
EcosiaPlants trees with search revenueEcosia
SwisscowsFamily-friendly and encrypted searchSwisscows
GibiruUncensored search with privacy featuresGibiru
Brave SearchIndependent index with built-in privacyBrave Search
AhmiaSearches Tor hidden services (.onion sites)Ahmia
MetaGerGerman meta-search engineMetaGer
YaCyDecentralized, peer-to-peer searchYaCy
Searching Archived
ToolDescriptionUsageURL (click to open)
Wayback MachineStores historical snapshots of websites. Useful for retrieving deleted content.Enter a URL to browse past versions.archive.org/web/
Archive TodayCaptures and stores static snapshots of web pages.Enter a URL to archive or retrieve pages.archive.is (also archive.today)
References

1. Gardner, B., Long, J., & Brown, J. (2011). Google hacking for penetration testers (Vol. 2). Elsevier.
https://www.google.co.in/books/edition/Google_Hacking_for_Penetration_Testers/bvB1-MmhEjQC?hl=en&gbpv=0

2. Bazzell, M. (2016). Open source intelligence techniques: resources for searching and analyzing online information. CreateSpace Independent Publishing Platform.
https://dl.acm.org/doi/abs/10.5555/3033260

Important Links
Class LAB Performance: Execute the maximum number of dorks in class to achieve the highest marks. Lab evaluation begins with the highest number of completed tasks, supported by screenshots.

Minimum = 100 Dorks Commands.

Dork Commands 426 verified dorks
S.NoDorkScreenshot
1site:ap.*.* intitle:"login"
2Indexof:admin site:*.com
3intext:"index of" "config"
4inurl:GeminiVAIdServer
5inurl:GeminiVAIdServer
6inurl:backup filetype:sql
7intitle:"index of /" intext:".db
8intext:phpMiniAdmin inurl:phpminiadmin ext:php
9Index:Index of /wp-admin
10intitle:index.of intext:log inurl:nasa
11intitle:"index of" intext:"Apache/1.4"
12inurl:"/wp-content/plugins/imagemagick-engine/"
13intitle:index of "wc.db"
14intext:"index of" "backuop/*.sql"
15site:*/AdminLogin.aspx
16intitle:phaser inurl:/frameprop.htm
17intitle:"index of" "login.sh"
18inurl:assystnetmob
19intitle: index of /secrets/
20inurl: wp-content/plugin/8-degree-notification-bar
21intitle:BioTime AND intext:ZKTeco Security LLC
22inurl: wp-content/plugin/404-redirection-manager
23intext:"index of" ".git"
24intext:"index of" "xmlrpc.php"
25intext:"index of" "phpinfo"
26intext:"index of" "phpMyAdmin"
27intitle:"Oracle WebLogic Server"
28site:investor.*.* AND inurl:home/default.aspx
29site:cp.*.* intitle:"login"
30inurl: administrator/components
31inurl: administrator/components/com_admin/sql/updates/sqlazure
32inurl: administrator/components/com_admin/sql/updates/mysql/
33inurl:"device.rsp" -com
34inurl:"/adfs/ls/"
35inurl:authorization.do intext:"ADSelfService Plus"
36inurl index.php id= site.bd
37intitle:"Parallels User Portal"
38intitle:"NB1601 Web Manager"
39intitle:"Index of /webcam/"
40intitle:"Netgate pfSense Plus - Login"
41allintitle:"wireless controller login"
42intitle:"index of /database/migrations"
43intitle:"WAMPSERVER Homepage"
44intitle:"index of" inurl:superadmin
45intitle:"index of" intext:"Apache/2.2.3"
46intitle:"IIS Windows Server"
47inurl: json beautifier online
48intext:"index of" ".sql"
49intitle:"index of" inurl:SUID
50inurl:/sym404/root
51inurl:"index.php?page=news.php"
52intitle:'olt web management interface'
53allintitle:"Log on to MACH-ProWeb"
54inurl:"admin/default.aspx"
55intitle:Index of "/venv"
56filetype:reg [HKEY_USERSDEFAULT]
57intitle: "index of" intext: human resources
58intitle:"index of"|"access_token.json"
59inurl:viewer/live/index.html
60intitle:"WEB SERVICE" "wan" "lan" "alarm"
61inurl: /wp-includes/uploads
62intitle:"index of" intext:"Apache/2.2.3"
63intitle:"index of" "release.sh"
64intitle:"index of" "setup.sh"
65intitle:"index of" "after.sh"
66intitle:"index of" "deploy.sh"
67intitle:"index of" "*db.sh"
68intitle:"index of" "configure.sh"
69intitle:"Gargoyle Router Management Utility" -com|net
70intext:"index of" "phonepe" "wp-content"
71intitle:"index of" "cookies" "php"
72intext:"login to authorize" "DynDNS"
73intitle:"index of" "cron.sh"
74intitle:"bugs" Analysis Report
75intext:"index of" ".html"
76intitle:"NoVus IP camera" -com
77intext:"index of" "httpclient" "login"
78inurl:_admin "login.aspx"
79inurl:443 ext:php inurl:login
80intext:"index of" "transaction"
81intitle:" TROJANS" Analysis Report
82intext: "admin" "subscribe" filetype:php
83intitle:"index of /" intext:".env"
84intext:"index of" "ipaddress"
85intitle:"index of smtp"
86index of:"backtrack" "hack" ext:php
87intitle:"Device(IP CAMERA)" "language" -com|net
88intitle:"User Authentication : IR*"
89intext:"index of" "repository"
90intext:"sign up" "**" filetype:php
91intitle:"Synnefo Admin"
92intitle:"Pi-hole-ip" inurl:admin
93inurl:http ext:php inurl:login
94intitle:"Login - Residential Gateway"
95intext:"change your SurgeMAIL account settings"
96intitle:"Login to ICC PRO system"
97intitle:"Login page for" inurl:user.cgi
98intitle:"Login to Redash"
99intitle:"Network Camera" inurl:main.cgi
100intitle:"Oracle Access Management" "login" -inurl:oracle
101intitle:"System Administration" inurl:top.cgi
102intitle:"Roteador Wireless" inurl:login.asp
103intitle:"Login" -com "/doc/page/login.asp"
104intitle:"web server login" "please enter your login"
105inurl:_admin "login"
106inurl:"/index.php?qa=login"
107intitle:"JupyterHub" inurl:/hub/login
108inurl:/admin ext:config
109Re: intext:"index of /" "server at"
110inurl:s3.amazonaws.com intitle:"AWS S3 Explorer"
111intitle:"index of" "db.py"
112intitle:"SCM Manager" intext:1.60
113intitle:"index of" "profiler"
114inurl:wp-content/uploads/sites
115allintitle:"A8810-0"
116intitle:"index of" "private.properties"
117Re: inurl:"/user" intitle:"userlogin"
118allintitle:"macOS Server" site:.edu
119Re: inurl:"/admin" intitle:"adminlogin"
120inurl:*/wp-content/plugins/contact-form-7/
121Re: intitle:index.of conf.php
122intitle:"Sharing API Info"
123intitle:"index of" google-maps-api
124intitle:"index of" github-api
125intitle:"Index of" inurl:/backup/ "admin.zip"
126Re: "index of /backup.sql
127inurl:wp-content/uploads/wcpa_uploads
128inurl:user intitle:"Drupal" intext:"Log in" -"powered by"
129inurl:/wp-login.php?action=register intext:"Register For This Site"
130inurl:"php?sql=select" ext:php
131inurl: /libraries/joomla/database/
132inurl:"wp-content" intitle:"index.of" intext:wp-config.php
133intext:"index of" inurl:jwks-rsa
134inurl:"wp-content" intitle:"index.of" intext:backup"
135intitle:"index of "phpunit.yml"
136allintitle:"Opengear Management Console"
137intitle:"index of" "download.php?file="
138intext:"index of" inurl:json-rpc
139inurl: "/wp-content/uploads"
140Re: intitle:"index of" "docker-compose.yml"
141intext:pom.xml intitle:"index of /"
142inurl: "/admin" intitle:"Admin Login"
143intext:"Index of" intext:"backend/"
144intext:"Index of" intext:"backup.tar"
145Index of" intext:"source_code.zip
146intext:"Index of" intext:"plugin/"
147intext:"Index of" intext:"bitbucket-pipelines.yml"
148intext:"Index of" intext:"/etc"
149inurl:cas/login?service=http
150inurl:info.php intext:"PHP Version" intitle:"phpinfo()"
151inurl:"/private" intext:"index of /" "config"
152intitle:"index of" "config.php"
153intitle:"index of " "config/db"
154intitle:"index of" "properties.json"
155inurl:"/private" intext:"index of /" "win64" -litespeed
156inurl:"/private" intext:"index of /" inurl:"owncloud" -litespeed
157intitle:"index of /" "styleci.yml" ".env"
158=?UTF-8?Q?intext:"Please_respect_other_people=E2=80=99s_priva?= =?UTF-8?Q?cy_and_rights_when_using_product."_hikvision?=
159inurl:":8080/" intext:"index of /" "win64" -LiteSpeed
160inurl:".ir/" intext:"index of /" ".ovpn"
161inurl:*/signIn.do
162intitle:"index of /" "public.zip"
163inurl:"/scada-vis"
164allintitle:"Login | wplogin Login
165intitle:"index of /" ".apk" inurl:".ir/"
166intitle:'Sypex Dumper" inurl:sxd
167intext:"index of" downloads" site:*.*
168inurl:/superadmin/login intext:login
169inurl:"/sap/bc/gui/sap/its/webgui?sap-client=SAP*"
170intitle:"index of" "config.html"
171intitle:"index of /" "admin.zip" "admin/"
172intitle:"index of /" "docker-compose.yml" ".env"
173intitle:"index of " "shell.txt"
174allintitle:"Synapse Mobility Login"
175intitle:"index of "conf.json"
176intitle:index of django/admin site:.*
177intitle:"index of "application.yml"
178allintitle:"MobileIron User Portal: Sign In"
179allintitle:"ResolutionMD Login"
180inurl:adminpanel site:*.in
181allintitle:"VidyoRouter Configuration"
182intitle:"Index of" site:.bd
183intitle:"index of" inurl:admin/php
184inurl:login/login
185inurl:"/api-docs"
186intitle:"index of" "checkout"
187inurl: "phpmyadmin/setup/"
188site:.com intitle:index of /wp-admin
189allintitle:"Login | Control WebPanel"
190site:.in intext:"Index of" intitle:"index of"
191inurl:guest/auth_login.php
192inurl:ssh intitle:index of /files
193intext:"index of" "wp-content.zip"
194intitle:"Toshiba Network Camera"
195intitle:"index of" inurl:wp-json index.json
196intitle:"index of" "database.sql"
197intext:"index of" smb.conf
198inurl:robots filetype:txt
199intext:"index of" "wp-content.zip"
200inurl:"device.rsp" -in
201allintitle:"Cyberoam SSL VPN Portal"
202intitle:"index of" inurl:admin/login
203intitle:"index of" /etc/shadow
204allintitle:"ProjectDox Login"
205site:email.*.* intitle:"login"
206index of:admin.asp
207allintitle:"Supermicro BMC Login"
208allintitle:"OMERO.web - Login"
209intitle:"index of" intext:user inurl:data
210allintitle:"eSlideManager - Login"
211intext: "index of" "wp-config.php.bak"
212allintitle:"Building Operation WebStation"
213allintitle:"Eclypse Login"
214intitle:"Index of /cam/"
215allintitle:"TutorTrac Login"
216allintitle:"Untangle Administrator Login"
217intext:"index of" "config"
218ext:nix "BEGIN OPENSSH PRIVATE KEY"
219site:github.com "BEGIN OPENSSH PRIVATE KEY"
220inurl:home.htm intitle:1766
221intext:"proftpd.conf" "index of"
222intext:"siemens" & inurl:"/portal/portal.mwsl"
223intitle:"SSL Network Extender Login" -checkpoint.com
224intext:"aws_access_key_id" | intext:"aws_secret_access_key" filetype:json | filetype:yaml
225intitle:index of /etc/ssh
226site:.edu filetype:xls "root" database
227inurl:"cgi-bin/koha"
228START test_database ext:log
229intitle:"GlobalProtect Portal"
230intitle:"index of" setting.php
231intitle:index of /etc/openldap
232intitle:"/zircote/swagger-php"
233intext:"dhcpd.conf" "index of"
234ext:log OR ext:txt
235site:uat.* * inurl:login
236site:preprod.* * inurl:login
237intitle:Index of "/etc/network" | "/etc/cni/net.d"
238configmap.yaml | "config.yaml" | "*-config.yaml" intitle:"index of"
239inurl:/s3.amazonaws.com ext:xml intext:index of -site:github.com
240rbac.yaml | "role.yaml" | "rolebinding.yaml" | "*-rbac.yaml" intitle:"index of"
241inurl:pastebin intitle:mastercard
242intitle:"FileCatalyst file transfer solution"
243allintitle:"ITRS OP5 Monitor"
244intitle: index of /concrete/Password
245inurl:"wa.exe?TICKET"
246site:com inurl:invoice
247intitle:"Index of /confidential"
248inurl:"/wp-json/oembed/1.0/embed?url="
249PMB AND ("changelog.txt" OR inurl:opac_css)
250inurl:* "auditing.txt"
251intext:"index of" web
252intitle:"index of" cgi.pl
253inurl:* "encryption.txt"
254allintitle:"Bright Cluster Manager" site:.edu
255intitle:"index of" env.cgi
256intitle:"Welcome to iTop version" wizard
257intitle:"Installation Wizard - PowerCMS v2"
258ext:java intext:"executeUpdate"
259intitle:"OpenVpn Status Monitor"
260intitle:"index of" database.properties
261inurl:install.php intitle:"Froxlor Server Management Panel - Installation"
262(site:jsonformatter.org | site:codebeautify.org) & (intext:aws | intext:bucket | intext:password | intext:secret | intext:username)
263filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
264intitle:"Fleet Management Portal"
265inurl:"?url=http"
266site:.com "index of docker"
267intext:"user" filetype:php intext:"account" inurl:/admin
268intext:"userfiles" intitle:"Index Of" site:*.com.*
269intitle:"Index of" intext:"php" site:*.com.*
270intitle:"Index of" intext:"config" site:*.com.*
271intitle:index of db.py
272intext:"index of" app
273site:id filetype:sql
274allintitle:"ASPECT Control Panel"
275allintitle:"CAT12CE - WebInterface"
276allintitle:"code-server login"
277inurl:"UserLogin/" intitle:"Panel"
278intext:"administrator" filetype:txt intext:"account" inurl:/admin , intext:"administrator" filetype:txt intext:"account" allinurl:
279intitle:"phpinfo" site:*.com.* intext:"HTTP_HOST"
280intext:"index of"store
281inurl:/HappyAxis.jsp
282intext:"index of" server.conf
283site:*.* inurl:php_error.log - Sensitive information disclosure
284site:*.*.* intitle:"index of" *.pcapng
285intitle:"index of" "configuration.php"
286site:*.edu.* filetype:template
287site:*.ac.* filetype:template
288inurl:."install.appcenter.ms/orgs/"
289site:.edu intext:"robotics" inurl:/research
290inurl:typo3/index.php
291filetype:log intext:"Account Number"
292intitle:"WAMPSERVER Homepage"
293intitle:index.of /logs.txt
294inurl: /adminer.php
295intext:"index of" "pins" site:*.com
296site:*.com */admin.txt
297site:s3.amazonaws.com "index of /"
298intext:"Reportico" site:.com OR site:.org OR site:.net OR site:.gov OR site:.edu
299site:*.ac.* intitle:"index of" *.ics
300filetype:txt CLAVE*.txt OR clave*.txt
301site:*.edu.* intitle:"index of" *.ics
302inurl:"/wp-includes/user.php" -site:wordpress.org -site:github.com -site:fossies.org
303inurl:"/wp-content/debug.log"
304allinurl:"add_vhost.php?lang=english"
305inurl:signup | inurl:sign-up | inurl:register | inurl:registration
306intitle:"index of" inurl:/config/
307site:*.edu.* inurl:globalprotect
308intitle:"index of" "wp-config.php.old" | "wp-config.php.backup"
309intitle:"index of"Eventlog Analyzer
310site:admin.*.* inurl:login
311intitle:"index of" private
312inurl:pastebin "VISA"
313site:prod.*.* inurl:login
314intitle:"index of " *.js"
315site:login.*.* site:portal.*.*
316inurl:adminpanel site:*.* -site:github.com
317site:login.*.* | site:portal.*.*
318intitle:"index of" "config.php.txt"
319inurl: edu + site: admin
320intext:"index of" "infophp()"
321intitle:"index of" "secret.txt"
322site:.com inurl:login | inurl:logon | inurl:sign-in | inurl:signin | inurl:portal
323inurl:"/database.json"
324intitle:"Webcam" inurl:WebCam.htm
325intitle:"index of" "*robots.txt" site:.edu
326intitle:"Index of /node"
327intitle:"Index of /_MACOSX"
328intitle:"Index of /flipbook"
329intext:"index of wp-content/uploads"
330intitle:"index of" ec2 -aws
331Google Dork: inurl:"/bitrix/redirect.php?goto="
332intitle:"Index of /vendor/guzzlehttp"
333intitle:"index of" "plesk-stat"
334intitle:"Index of /node_modules/"
335intitle:"Index of /biuro"
336intitle:"Index of /app/webroot/img"
337intitle:"Index of /wp-includes/sitemaps"
338intitle:"index of" graphql-api
339inurl:/admin.php
340intitle:index of "main.js"
341inurl: "index of" "phpstan.neon"
342intitle:"cs141 webmanager"
343intitle:"Index of /databases"
344inurl:/restgui/start.html
345inurl:"/cgi-bin/home.ha"
346Re: site:www.openbugbounty.org intext:"xss" intext:"Unpatched"
347Fwd: site:.co.in intitle:index of /wp-admin
348Reporting a New Google Dork : intitle:"index of" mysql inurl:./db/
349intitle:"Login - Jorani"
350intitle: "index of" administrator
351intext:"index of" "phpinfo" site:*.in
352intitle:index.of./.database
353intitle:index.of login.js
354site:.com intitle:"index of" /mobikwike
355site:.com intitle:"index of"/sbi
356intitle:"index of" "/config/prod/"
357site:..us inurl:"login.php"
358site:.com intitle:"index of"/csb
359structure + ext:sql
360intitle:"Unibox Administration"
361site:.co.in intitle:index of /wp-admin
362site:www.openbugbounty.org intext:"xss" intext:"Unpatched"
363index of "cloudapp.net"
364intitle:"index of" "about-me"
365index of "cloudapp.azure.com"
366intitle:"index of" "*.phtml" site:.edu
367inurl:"xslt?PAGE=C_4_0"
368intitle:"index of" "/userlist/"
369Fwd: Google Dork: inurl:login/login-user
370Fwd: intitle:"index of" "login" site:bd
371initial:inurl:uux.aspx
372intitle:"online portal login"
373intitle:"Error log for /LM/".edu
374index of /wp-admin.jpg site:bd
375intitle:index.of intext:log site:.bd
376inurl:/ui/login.aspx
377intitle:"Index of" inurl:/backup/ "wp-config"
378inurl:"/login.php" intitle:"admin"
379inurl:"/spotfire/login.html"
380intitle:"index of" intext: "login.php"
381site:linkedin.com intitle:"@gmail"
382intitle:"index of" "postman_collection.json"
383site:.com inurl:/signup.aspx
384Shopping Website Login Pages
385intitle:"index of" "login.php.txt"
386intitle:"index of" "npm-debug.log"
387intitle:"index of" "bugs.txt"
388intitle:"index of" "configuration.txt"
389allintitle: "smart office suite - login page"
390intitle:"index of" "backup.zip"
391intitle:"Documentation Index" intext:"Apache Tomcat Servlet" inurl:"docs"
392intitle:"index of" "creds.txt"
393intitle:"index of" "domain.txt"
394intitle:"index of" "C:Windows"
395intitle:"index of" "username.txt"
396site: zoom+meeting+passcode
397intitle:"index of" ".sql"
398intitle:"Index of /bank/"
399intitle:"Index of /api/"
400inurl:tech "login"
401inurl:wp-config.txt intext:mysql
402inurl:/phpMyAdmin/index.php?server=1
403inurl:wp-includes
404intitle:"index of /wp-content/plugins"
405inurl:"adminLogin/" intitle:"Admin Panel"
406intext:"Login" inurl:/secure
407inurl:"cf/assets" "MultiFileUpload.swf"
408intitle:"index of" ".ssh" OR "ssh_config" OR "ssh_known_hosts" OR "authorized_keys" OR "id_rsa" OR "id_dsa"
409index of: /aadhar
410inurl:php?id=1 site:com
411allintext:static/uploads
412inurl: /default.rdp
413inurl:uux.aspx
414intitle:"index of" "pass.txt"
415intitle:"index of" "config.txt"
416site:co.in inurl:/login.aspx
417site:.org inurl:/login.aspx
418site:.com inurl:/login.aspx
419inurl:"/geoserver/ows?service=wfs"
420site:.org inurl:/admin.aspx
421site:co.in inurl:/admin.aspx
422intitle:"PaperCut login"
423RE: inurl:/wp-content/uploads/wpo_wcpdf
424inurl:"/login.aspx" intitle:"user"
425inurl:"/login.aspx" intitle:"adminlogin"
426intext:"ArcGIS REST Services Directory" intitle:"Folder: /"
#EthicalHacking · 426 dorks · 100+ minimum required