Google Dorks

ExploitDB has a google hacking DB. Dorking can also be done on github if you find the cooperate github or employee github.

Automated Dorking:

Foca

https://www.elevenpaths.com/innovation-labs/tools/focawww.elevenpaths.com

Will Google Dork for files and download them for you and will also extract file metadata to try to find information in that.

Google Dork Cheat Sheet

Search filters

Filter

Description

Example

Examples

intext:"index of /"
Nina Simone intitle:”index.of” “parent directory” “size” “last modified” “description” I Put A Spell On You (mp4|mp3|avi|flac|aac|ape|ogg) -inurl:(jsp|php|html|aspx|htm|cf|shtml|lyrics-realm|mp3-collection) -site:.info
Bill Gates intitle:”index.of” “parent directory” “size” “last modified” “description” Microsoft (pdf|txt|epub|doc|docx) -inurl:(jsp|php|html|aspx|htm|cf|shtml|ebooks|ebook) -site:.info
parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
filetype:config inurl:web.config inurl:ftp
“Windows XP Professional” 94FBR
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential

Operators

Search Term

This operator searches for the exact phrase within speech marks only. This is ideal when the phrase you are using to search is ambiguous and could be easily confused with something else, or when you’re not quite getting relevant enough results back. For example:

"Tinned Sandwiches"

This self-explanatory operator searches for a given search term OR an equivalent term.

site:facebook.com | site:twitter.com

AND

site:facebook.com & site:twitter.com

Operators combinaison

(site:facebook.com | site:twitter.com) & intext:"login"
(site:facebook.com | site:twitter.com) (intext:"login")

Include results

This will order results by the number of occurrences of the keyword.

-site:facebook.com +site:facebook.*

Exclude results

site:facebook.* -site:facebook.com

Synonyms

Adding a tilde to a search word tells Google that you want it to bring back synonyms for the term as well. For example, entering “~set” will bring back results that include words like “configure”, “collection” and “change” which are all synonyms of “set”.

~set

Glob pattern (*)

Putting an asterisk in a search tells Google ‘I don’t know what goes here’. Basically, it’s really good for finding domains, subdomains, directories, etc.

site:*.com

PreviousUsers NextActive Scanning

Last updated 2 years ago