Skip to content

Instantly share code, notes, and snippets.

@aw-junaid

aw-junaid/googledorking.md

Last active November 18, 2025 21:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aw-junaid/cba1717689b9a1a942451b774085aa32 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aw-junaid/cba1717689b9a1a942451b774085aa32 to your computer and use it in GitHub Desktop.
Download ZIP
Google Dorking, also known as Google Hacking, is the practice of using advanced Google search operators to find specific information that isn't readily available through normal searches.
Raw
googledorking.md

The Ultimate Google Dorking Master Guide

Complete Reference for Advanced Search Operators

Table of Contents

  1. Fundamentals of Google Dorking
  2. Basic Search Filters
  3. Advanced Search Operators
  4. Boolean Logic & Combinations
  5. Practical Use Cases
  6. Security Research Techniques
  7. Information Gathering Methods
  8. Automation & Tools
  9. Ethical Guidelines

Fundamentals of Google Dorking

What is Google Dorking?

Google Dorking refers to using advanced search operators to find specific information that's not readily accessible through normal searches. These techniques leverage Google's extensive indexing capabilities to locate vulnerable systems, exposed data, or specific file types.

How Google Indexing Works

  • Google's web crawlers continuously scan and index web content
  • Over 130 trillion web pages indexed
  • Processes over 3.5 billion searches daily
  • Stores cached versions of web pages
  • Indexes various file types (PDF, DOC, XLS, etc.)

Importance in Cybersecurity

  • Vulnerability assessment
  • Penetration testing
  • Digital forensics
  • Threat intelligence
  • OSINT (Open Source Intelligence)

Basic Search Filters

Content-Based Search Operators

intext - Body Text Search

Searches for keywords within the main content of web pages.

Detailed Examples:

# Basic usage
intext:"username"
intext:"password"

# Multiple terms
intext:"login" intext:"credentials"

# Combination with other operators
intext:"admin" site:example.com

allintext - Exact Phrase Requirement

Requires ALL specified keywords to appear in page content.

Detailed Examples:

# All terms must be present
allintext:"database connection string"

# Specific technical information
allintext:"API key" "authentication" "endpoint"

# Security-related searches
allintext:"vulnerability" "disclosure" "patch"

URL-Based Search Operators

inurl - URL Keyword Search

Finds specified keywords within the URL path.

Detailed Examples:

# Administrative interfaces
inurl:admin
inurl:login
inurl:dashboard
inurl:cp

# Configuration files
inurl:config
inurl:settings
inurl:configuration

# API endpoints
inurl:api
inurl:endpoint
inurl:rest

allinurl - Multiple URL Keywords

Requires ALL specified keywords to appear in the URL.

Detailed Examples:

# Specific path combinations
allinurl:admin login
allinurl:wp content uploads
allinurl:phpmyadmin config

# Database-related URLs
allinurl:php?id=
allinurl:asp?content=

Title-Based Search Operators

intitle - Page Title Search

Searches for keywords in HTML <title> tags.

Detailed Examples:

# Directory listings
intitle:"index of"
intitle:"directory listing"

# Login pages
intitle:"login"
intitle:"sign in"
intitle:"authentication"

# Error pages
intitle:"error"
intitle:"404"
intitle:"not found"

allintitle - Multiple Title Keywords

Requires ALL specified keywords in the page title.

Detailed Examples:

# Specific title combinations
allintitle:"server statistics"
allintitle:"web analytics"
allintitle:"admin panel"

Domain and Site Operators

site - Domain-Restricted Search

Limits searches to specific domains or TLDs.

Detailed Examples:

# Specific domain
site:github.com
site:example.com

# Top-Level Domains (TLDs)
site:.gov
site:.edu
site:.mil

# Subdomains
site:*.example.com
site:docs.*.com

# Multiple domains
site:com | site:org | site:net

File Type Operators

filetype - Specific File Extensions

Searches for specific file formats.

Complete File Type List:

# Documents
filetype:pdf
filetype:doc
filetype:docx
filetype:ppt
filetype:pptx
filetype:xls
filetype:xlsx
filetype:rtf
filetype:odt

# Data Files
filetype:sql
filetype:csv
filetype:json
filetype:xml
filetype:log

# Configuration Files
filetype:conf
filetype:config
filetype:ini
filetype:yml
filetype:yaml
filetype:env

# Source Code
filetype:php
filetype:js
filetype:py
filetype:java
filetype:c
filetype:cpp

# Archives
filetype:zip
filetype:rar
filetype:tar
filetype:gz

# Database Files
filetype:mdb
filetype:accdb
filetype:db
filetype:sqlite

Practical Examples:

# Confidential documents
filetype:pdf "confidential" "internal use only"

# Database dumps
filetype:sql "CREATE TABLE" "INSERT INTO"

# Configuration files with credentials
filetype:env "DB_PASSWORD" "API_KEY"

# Log files with sensitive data
filetype:log "password" "username"

Advanced Search Operators

Link and Relationship Operators

link - Backlink Discovery

Finds pages linking to a specific URL.

Detailed Examples:

# Basic backlink check
link:example.com

# Competitor analysis
link:competitor.com

# Authority checking
link:government.gov

related - Similar Sites

Finds websites similar to specified domain.

Detailed Examples:

# Find competitors
related:amazon.com

# Similar services
related:github.com

# Industry peers
related:microsoft.com

Numeric and Range Operators

numrange - Number Range Search

Searches for specific numerical values or ranges.

Detailed Examples:

# Price ranges
"product" numrange:100-500
"cost" numrange:1000-5000

# Version numbers
"version" numrange:2.0-3.0
"release" numrange:2020-2023

# Technical specifications
"memory" numrange:8-16
"storage" numrange:500-1000

daterange - Date Range Search

Searches within specific date ranges (Julian calendar format).

Detailed Examples:

# Julian date format
daterange:2459545-2459580

# Combined with filetype
filetype:pdf daterange:2459545-2459580

Date Filters

before / after - Date Range Filtering

Searches content within specific date ranges.

Detailed Examples:

# Basic date ranges
after:2023-01-01 before:2023-12-31

# Recent content
after:2024-01-01

# Historical content
before:2020-01-01

# Combined searches
filetype:pdf after:2023-01-01 "confidential"

Anchor Text Operators

inanchor / allinanchor - Link Text Search

Searches for text in hyperlinks pointing to pages.

Detailed Examples:

# Download links
inanchor:"download"
inanchor:"click here"

# Security-related anchors
allinanchor:"free download" "full version"

# Navigation elements
inanchor:"home" "about" "contact"

Cache and Info Operators

cache - Cached Page View

Shows Google's stored version of a page.

Detailed Examples:

# View cached version
cache:example.com

# Specific page cache
cache:example.com/admin

# Compare current vs cached
cache:example.com/login

info - Page Information

Shows information Google has about a page.

Detailed Examples:

# Basic info
info:example.com

# Multiple pages
info:example.com/page1 info:example.com/page2

Location-Based Operators

location - Geographic Targeting

Filters results by geographic location.

Detailed Examples:

# Country-specific
location:US
location:UK
location:DE

# Combined with other operators
site:.gov location:US "confidential"

source - News Source Filtering

Filters news results by specific sources.

Detailed Examples:

# Specific news sources
source:bbc
source:reuters
source:associated_press

Boolean Logic & Combinations

Basic Boolean Operators

OR Operator (|)

Broadens search to include multiple alternatives.

Detailed Examples:

# Multiple domains
site:facebook.com | site:twitter.com | site:linkedin.com

# Multiple file types
filetype:pdf | filetype:doc | filetype:docx

# Multiple keywords
"username" | "user" | "login"

AND Operator (&)

Narrows search by requiring multiple conditions.

Detailed Examples:

# Multiple requirements
site:github.com & intext:"API" & intext:"key"

# Complex combinations
filetype:sql & intext:"password" & intext:"users"

NOT Operator (-)

Excludes specific terms from results.

Detailed Examples:

# Exclude specific sites
"database" -site:github.com -site:stackoverflow.com

# Exclude file types
"config" -filetype:pdf -filetype:doc

# Exclude terms
"admin" -"test" -"demo"

Advanced Boolean Combinations

Parentheses for Grouping

Controls operator precedence and complex logic.

Detailed Examples:

# Complex domain searches
(site:facebook.com | site:twitter.com) & (intext:"login" | intext:"signin")

# Multiple conditions
(filetype:pdf | filetype:doc) & ("confidential" | "secret") & -"public"

# Nested logic
(site:.gov | site:.edu) & (intext:"research" | intext:"study") & -"publication"

Sequential Filtering

Combining multiple operators for precision.

Detailed Examples:

# Progressive filtering
site:.edu intext:"database" filetype:sql -"test"

# Multiple exclusion criteria
"password" filetype:txt -site:pastebin.com -site:github.com

Inclusion/Exclusion Techniques

Force Inclusion (+)

Requires specific terms to be present.

Detailed Examples:

# Required terms
+site:facebook.* +intext:"admin"

# Multiple requirements
+"API" +"key" +"authentication"

Strategic Exclusion

Removing unwanted results effectively.

Detailed Examples:

# Exclude common false positives
"index of" -"html" -"htm" -"php"

# Exclude specific content types
"password" -filetype:html -filetype:php

Practical Use Cases

Security Vulnerability Discovery

Exposed Configuration Files

# Common config files
inurl:"config.xml" | inurl:"config.json" | inurl:".env"
filetype:env DB_PASSWORD
inurl:"wp-config.php" 
"database_password" filetype:cfg

# Framework-specific configs
"settings.py" "SECRET_KEY"
"config/database.yml" 
"application.properties" "spring.datasource.password"

Open Directory Listings

# Basic directory listings
intitle:"index of" 
"parent directory" 
"directory listing for"

# Specific content types
intitle:"index of" "mp3"
intitle:"index of" "pdf"
intitle:"index of" "backup"

# Advanced directory searches
intitle:"index of" "site.tar.gz"
intitle:"index of" "database.sql"
intitle:"index of" "backup.zip"

Exposed Administrative Interfaces

# Common admin panels
inurl:/admin/
inurl:/phpmyadmin/
inurl:/cpanel/
inurl:/webmin/

# Device-specific interfaces
intitle:"router" inurl:"login"
intitle:"camera" inurl:"login"
"network device" "configuration" inurl:admin

Information Gathering

Employee and Organizational Data

# Employee directories
"employee directory" site:company.com
"staff list" filetype:xls site:org.com
"organizational chart" filetype:pdf

# Contact information
"@company.com" "phone" "extension"
"contact us" filetype:vcf
"email" "directory" site:edu

Financial and Business Information

# Financial documents
filetype:pdf "financial report" "Q1 2024"
"profit and loss" filetype:xlsx
"balance sheet" "confidential"

# Business plans
"business plan" "proprietary" "competitive analysis"
"strategic roadmap" "internal use only"

Technical Information Discovery

Network and Infrastructure Data

# Network diagrams
"network diagram" "infrastructure" filetype:vsd | filetype:pdf
"topology" "internal network" 
"rack layout" "data center"

# Server information
"server status" "internal" 
"monitoring" "dashboard" inurl:8080

API and Development Data

# API documentation
"API documentation" "endpoints" "authentication"
"Swagger" "OpenAPI" filetype:json | filetype:yaml

# Source code exposure
"source code" "repository" inurl:.git
filetype:sql "CREATE TABLE" "users"

Security Research Techniques

Credential Discovery

Password and Key Exposure

# Various credential formats
"password" filetype:txt | filetype:log | filetype:sql
"api_key" "=" 
"ssh-rsa" "PRIVATE KEY"
"BEGIN RSA PRIVATE KEY"

# Platform-specific keys
"AWS_ACCESS_KEY"
"AZURE_STORAGE_CONNECTION_STRING"
"GOOGLE_API_KEY"

Authentication Data

# Login credentials
"login" "password" filetype:csv
"username" "password" filetype:xlsx
"authentication" "credentials" filetype:xml

# Session data
"session_id" "cookie" 
"token" "expires"

System Vulnerability Identification

Version Disclosure

# Software versions
"Powered by" "Version" 
"Apache" "Server Version"
"nginx" "built on"

# Vulnerability-specific searches
"vulnerable version" "update required"
"security patch" "CVE-2024"

Error Messages and Debug Information

# Debug information
"debug mode" "true"
"stack trace" "exception"
"error occurred at"

# Database errors
"mysql_fetch_array()"
"ODBC Driver" "error"
"SQLException"

Network Service Discovery

Open Ports and Services

# Service banners
"Apache" "Server at" "port"
"nginx" "welcome to"
"ISS" "Windows Server"

# Protocol-specific
"ftp" "anonymous" "login"
"telnet" "connected to"
"ssh" "authorized"

Device-Specific Interfaces

# IoT devices
"router login" "default password"
"camera" "web interface"
"printer" "configuration page"

# Industrial control systems
"SCADA" "HMI" "login"
"PLC" "interface" "control"

Information Gathering Methods

Corporate Intelligence

Internal Documentation

# Policy and procedure documents
"internal policy" "confidential" filetype:pdf
"employee handbook" "proprietary"
"standard operating procedure" "SOP"

# Strategic documents
"strategic plan" "internal"
"roadmap" "product development"
"competitive analysis" "restricted"

Communication and Meeting Data

# Meeting minutes
"meeting minutes" "action items" filetype:doc
"board meeting" "confidential"

# Email and communication
"internal memo" "distribution list"
"announcement" "employees only"

Educational and Research Data

Academic Resources

# Research papers
filetype:pdf "dissertation" "thesis"
"research paper" "unpublished"
"study" "preliminary findings"

# Course materials
"syllabus" "lecture notes" filetype:pdf
"assignment" "solution manual"

Institutional Data

# University information
"campus" "faculty" "directory"
"student records" "FERPA"
"research data" "dataset"

Automation & Tools

Google Dorking Automation

Python Scripting Examples

import requests
from googlesearch import search

def google_dork_search(query, num_results=100):
    """
    Perform automated Google dork searches
    """
    results = []
    try:
        for url in search(query, num_results=num_results):
            results.append(url)
    except Exception as e:
        print(f"Error: {e}")
    return results

# Example searches
queries = [
    'filetype:sql "CREATE TABLE" "users"',
    'inurl:admin "login"',
    'intitle:"index of" "parent directory"'
]

for query in queries:
    print(f"Searching: {query}")
    results = google_dork_search(query)
    for result in results:
        print(f"  - {result}")

Bash Scripting for Dorking

#!/bin/bash

# Google dork automation script
search_terms=(
    'filetype:pdf "confidential"'
    'inurl:admin "password"'
    'intitle:"index of" "database"'
)

for term in "${search_terms[@]}"; do
    echo "Searching: $term"
    # Use lynx or curl for automated searching
    lynx -dump "https://www.google.com/search?q=${term}" | grep -oP 'http[s]?://[^"]+' >> results.txt
done

Advanced Tool Integration

Using with Security Tools

# Combine with nmap for targeted scanning
google_dork_results | grep -oP 'https?://[^/]+' | sort -u | \
xargs -I {} nmap -sV {}

# Integrate with wayback machine
google_dork_results | waybackurls | tee archived_urls.txt

Custom Search Engines

Creating custom Google search engines for specific dorking purposes.

Ethical Guidelines

Responsible Usage Principles

Legal Compliance

  • Always respect robots.txt directives
  • Adhere to computer fraud and abuse acts
  • Respect intellectual property rights
  • Follow international cyber laws

Professional Ethics

  • Use for authorized testing only
  • Obtain proper permissions
  • Respect privacy boundaries
  • Report vulnerabilities responsibly

Responsible Disclosure Process

Vulnerability Reporting

  1. Identification: Confirm the vulnerability
  2. Documentation: Collect evidence ethically
  3. Notification: Contact organization responsibly
  4. Coordination: Work with security team
  5. Resolution: Verify fix implementation

Evidence Handling

  • Do not download sensitive data
  • Take minimal screenshots for proof
  • Encrypt all communications
  • Securely store temporary data

Legal Considerations

Jurisdictional Awareness

International Laws

  • Computer Fraud and Abuse Act (CFAA) - USA
  • Computer Misuse Act - UK
  • GDPR - European Union
  • Local cybercrime legislation

Compliance Requirements

  • Penetration testing authorization
  • Bug bounty program rules
  • Academic research guidelines
  • Corporate security policies

Risk Mitigation Strategies

Documentation and Authorization

  • Maintain written permission
  • Document scope and boundaries
  • Keep detailed activity logs
  • Use encrypted communications

Safe Testing Practices

  • Test only authorized systems
  • Avoid production environments
  • Use test accounts when possible
  • Implement time restrictions

Advanced Techniques and Pro Tips

Search Optimization Strategies

Performance Tips

  • Use specific over broad terms
  • Combine multiple operators
  • Leverage caching for repeated searches
  • Schedule searches during off-peak hours

Precision Techniques

  • Progressive filtering approach
  • Multiple verification methods
  • Cross-reference with other sources
  • Validate findings manually

Staying Current

Continuous Learning

  • Monitor security researcher blogs
  • Follow Google search updates
  • Participate in security communities
  • Practice regularly with test environments

Resource Maintenance

  • Update dork databases regularly
  • Maintain operator cheat sheets
  • Document successful techniques
  • Share knowledge with community
@pwned0x1
Copy link

pwned0x1 commented Nov 11, 2025

Thanks for sharing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment