Dorks

Advanced Google Search

https://www.exploit-db.com/google-hacking-databasewww.exploit-db.com

Google Hacking Database

Build-in Queries

Specific site

"<word>" site:<example.com>

Key Words in the URL

inurl:"</PATH/IN/THE/SITE.php>" site:<example.com>

Key words in title

intitle:"<word>" site:<example.com>

Multiple key words in title

allintitle:"admin" "dashboard" site:example.com
allintitle:"login" "admin" site:sub.example.com

Specific File Type

filetype:<log> site:<example.com>
site:example.com ext:php

Search for multiple words

allinurl:login.asp

Restricts the search to a specific website or domain

site:example.com

Shows the cached version of a webpage

cache:example.com

Finds pages that link to a specific URL

link:example.com

Searches for specific words within the body text of a webpage

intext:"username"

Avoid auto-corrections

tbs=li:1

Operators

Wildcard (*)

"How to hack * using google"

Quation marks (")

Adding quotation marks around your search terms forces an exact match.

OR (|)

"how to hack" site:(reddit.com | stackoverflow.com)

Minus (-)

site:example.com password -ext:txt

Enumeration

Subdomains

inurl:'/content/dam' ext:txt

Login Pages

intitle:"Admin" inurl:login  
intitle:"Control Panel" intext:"Username" "Password"
site:example.com inurl:login  
site:github.com intitle:"Sign in"
intext:"Username" "Password" filetype:php  
intitle:"Login" intext:"Default password"      
intitle:"phpMyAdmin" inurl:phpmyadmin/index.php  
inurl:":8080/login" intitle:"Tomcat"
inurl:login intext:"SQL syntax"  
intitle:"Login" intext:"error" "password"  
inurl:/admin/login.php site:.org
inurl:/admin/ "Router Login"

Directories

intitle:"index of /" "passwords"
intitle:"index of" "backup"
intitle:"Index of /" site:.gov "backup"
intitle:"Index of /" "database" ext:sql
intitle:"Index of /" "config.php"  

PDF files

filetype:pdf "cybersecurity report"
"confidential" filetype:pdf site:company.com  
"confidential" OR "secret" filetype:pdf intitle:"internal"  
"confidential" filetype:pdf inurl:"/documents/" 

Sensible files

site:example.com ext:log
filetype:log "GET /admin/" "200 OK"  
inurl:/backup/ "db" ext:sql site:myshopify.com
filetype:sql "INSERT INTO users" OR "CREATE TABLE users"
"error.log" "PHP Fatal error" intext:"password"  
filetype:env "DB_PASSWORD" -github -gitlab
inurl:/proc/self/environ ext:log
ext:log "user: admin" "password: *"

Password files

site:example.com ext:txt password
filetype:xls "username" "password" site:github.com  
filetype:xls inurl:"credentials" OR inurl:"passwords"  
filetype:xlsx "login info" OR "user credentials"
site:pastebin.com "@company.com" "password"  

Finding Vulnerable Servers intitle:"phpinfo()" "disable_functions" site:.edu

"phpinfo()" "DB_USER" "DB_PASSWORD" ext:php -github 
intitle:"phpinfo()" "PHP Version" "System" "mysql" site:.gov -forum -tutorial
inurl:"include.php?file=../../../../proc/self/environ"
intitle:"phpinfo()" "PHP Version 7." "disable_functions" -tutorial     

Emails

site:linkedin.com "@company.com" "VP of Engineering"
filetype:xlsx "@company.com" "password" -sample
filetype:csv "@target.com" "last_name" "employee_id"
site:pastebin.com "@gmail.com" "password" after:2023   

Amazon Buckets

site:s3.amazonaws.com <Companay_name>
ext:env "AWS_ACCESS_KEY_ID" -git  

Kibana

site:example.com inurl:app/kibana

Cisco Anyconnect

intitle:index.of cisco anyconnect

Adobe Experience Manager

inurl:'/content/dam' ext:txt

Wordpress

allintitle:"wordpress" "login" "admin" site:target.com
inurl:/wp-login.php  
intitle:"WordPress" inurl:login

Joomla

inurl:/administrator/index.php  
intitle:"Joomla Login"

Cameras

inurl:"view/view.shtml" intitle:"Live View"
inurl:"view/view.shtml" "gas station"
"inurl:\view\index.shtml"
intitle:"Live View / - AXIS"
intitle:"Live View / - AXIS" "traffic"
inurl:/axis-cgi/mjpg/video.cgi
filetype:mjpg inurl:axis-cgi
intitle:"Live View / - AXIS" "prison"

Printers

intitle:"Printer Status" inurl:/hp/device/