My Favorite Google Dorks

Photo by on Unsplash

My Favorite Google Dorks

What is Google Dorking

Google Dorking is when you use Google search queries to gain access to hidden information on websites. Some of this information google was not meant to index. This can be things such as log files, passwords, ssh-keys, etc. Google Dorking is a useful skill everyone should know.

How does it work

Before we get into Google Dorking we need first to understand how Google works. This article talks about how search engines work, but here is a quick run down.

Google sends out bots to a bunch of different websites. It indexes everything on the website it is allowed. Using specific search queries on Google you can get that hidden information.

Google Dorking is not illegal along as you don't log in to pages. As soon as you try to log in to a protected page then it becomes illegal and you can get into serious trouble. Always check your local laws.

Furthermore, I would always recommend a VPN when Dorking just as an extra set of protection. You don't need it but it is always good to use. Also, be careful about what you click on, as the stuff you see may not be family-friendly.

Google Dorking

This is a very simple example of what a Google Dork would be: filetype:pdf

Google will search for all PDF files hosted under that domain name. And as you see below it comes up with a bunch of interesting results image.png

I am just going to dump a bunch of useful syntaxes you can go refer to. If you want to see a larger list go here.

""The specified term must be an exact match
OROperator OR
ANDOperator AND
-Excludes a term
*Wildcard, it can be anything
site:The specified site must be the host
filetype:Search for a file by its extension (e.g. PDF)
cache:View Google's Cached version of a specified URL
intitle:The specified phrase MUST appear in the title of the page
inurl:Pages with a certain phrase in the url
ip:The specified IP must be the host
after:after certain period

Advanced searches

These are some fun advanced searches.

Finding passwords

There are lots of different queries for passwords but here is a couple:

password filetype:doc | filetype:docx | filetype:pdf | filetype:xls site:Your site

"admin_password" ext:txt | ext:log | ext:cfg

filetype:log intext:password after:2016 | |

Finding Webcams

There are many dorks to find webcams around the world. Here are a few:

inurl:"view.shtml" "Network Camera"

"Camera Live Image" inurl:"guestimage.html"

intitle:”webcamXP 5

An example of what you can get is:


Penetration Test Documents

Now, this is my favourite one. Why bother doing recon when you can get someone elses work:

intitle: "report" ("qualys" | "nessus" | |acunetix" | "netsparker" | "nmap") filetype:pdf

An example of what you can get is: image.png


Bellow is a collection of dorks. Try them out yourselves. If you want even more their is a ton on exploit-db