Google isn’t just a search engine—it’s a treasure trove of information waiting to be unlocked with the right queries. Whether you’re a cybersecurity professional, a digital investigator, or a curious tech enthusiast, Google dorks can help you uncover insights hidden deep in the web.
In this guide, we’ll explore what Google dorks are, how to use them effectively, and provide real-world examples for practical use.
Google Dorks are advanced search queries that leverage Google’s powerful search operators to locate specific types of information online. These queries are widely used for:
Locating public files (PDFs, Excel sheets, etc.).
Researching contact information or email addresses.
Identifying vulnerabilities in websites.
Exploring cached or indexed pages.
Use Google Dorks for ethical purposes only: Google Dorks should only be used for ethical purposes, such as security testing, OSINT investigations, or finding publicly available information. Using Google Dorks for malicious purposes, such as hacking or stealing confidential information, is illegal and unethical!
Google Dork Syntax
Here, the operator is a special character or word that modifies the search query, and the keyword is the specific piece of information that the user is searching for.
Operator | Description | Example |
site: | Restricts search to a specific domain. | site:example.com "login" |
filetype: | Searches for specific file types. | filetype:pdf "manual" |
inurl | Searches for terms within a URL. | inurl:admin |
intitle: | Searches for terms in the title of a webpage. | intitle:"index of /" |
intext: | Searches for terms within the body text of a page. | intext:"@gmail.com" |
cache: | Views the cached version of a page. | cache:example.com |
Finding Publicly Shared Files
Files like PDFs, spreadsheets, and Word documents often end up indexed by search engines unintentionally.
For example, you can search for PDFs by using the query:
filetype:pdf "business strategy"This will reveal publicly available documents from companies outlining their strategic goals. Similarly, searching for Excel files like filetype:xlsx "sales report" could uncover spreadsheets containing sales data, which could be useful for market research.
If you’re looking for Word documents, a query such as filetype:doc OR filetype:docx "confidential" might locate internal documents inadvertently shared online.
Identifying Vulnerable Pages
Google dorks are particularly useful for cybersecurity professionals identifying weak spots.
For instance, searching for admin login pages with
inurl:admin loginThis might reveal URLs such as https://example.com/admin-login. If these pages are not properly secured, they could become potential attack points.
Another example is using
intitle:"phpinfo()" "PHP Version"This will find PHP configuration pages like https://example.com/phpinfo.php, which often disclose sensitive server information.
Discovering Open Directories
Open directories can be treasure troves of files that should ideally be private.
intitle:"index of /" "parent directory" This will list directories such as https://example.com/uploads/ or https://example.com/logs/, where you could browse exposed files.
If you’re specifically looking for backups, searching for intitle:"index of /" "backup" might lead you to URLs like https://example.com/backup/ containing files such as db-backup.zip.
Finding Contact Information
If you’re doing outreach or research, Google dorks can help you locate contact information.
intext:"@gmail.com" site:example.com This will uncover email addresses like contact@example.com or support@example.com.
To find contact pages directly, you could use "contact us" inurl:contact site:example.com, which would lead you to URLs such as https://example.com/contact-us/ or https://example.com/contact/.
Viewing Public IP Cameras
Publicly accessible IP cameras often stream video feeds unintentionally.
inurl:/view.shtmlThis will find feeds like http://203.0.113.1/view.shtml. These could show footage from places like parking lots, offices, or storefronts.
Researching Cached Content
When a live webpage is unavailable, Google’s cache can be a lifesaver.
cache:example.comView Google’s stored version of a page. This can be especially helpful if a news article or blog post has been taken down, as the cached version might still contain the information you need.
Real-World Illustration: A Security Audit
Here’s how these examples could come together during a security audit:
Start by identifying potential entry points with site:example.com inurl:login, which might reveal pages like https://example.com/admin-login.
Search for configuration files using site:example.com filetype:config. This could lead you to files such as https://example.com/config/settings.config.
Finally, check for backup directories by searching for site:example.com intitle:"index of /" "backup". This might uncover directories like https://example.com/backup/ containing sensitive files such as backup.zip.
Ethical Considerations
While Google dorks are powerful, they must be used responsibly:
Do not access unauthorized data. This violates privacy and can result in legal consequences.
Secure what you find. If you discover a vulnerability, report it to the website owner responsibly.
Stay within legal boundaries. Ensure all your actions comply with local and international laws.
For more examples check out this resource from:
Additional examples
site:target.com inurl:api_key
site:target.com inurl:email
site:target.com inurl:amount
intitle:”index of” “/etc/mysql/”
site:”target.com” database.yml
inurl:group_concat(username, filetype:php intext:admin
inurl:/wwwboard/passwd.txt
filetype:reg reg HKEY_CLASSES_ROOT -git
inurl:/database* ext:sql intext:index of -site:target.com