Google Dorking
Core Operators
Section titled “Core Operators”| Operator | Purpose | Example |
|---|---|---|
site: | Restrict to a domain | site:example.com |
inurl: | Term must appear in URL | inurl:admin |
intitle: | Term must appear in page title | intitle:"index of" |
filetype: | Search for specific file types | filetype:pdf |
ext: | Same as filetype: | ext:sql |
intext: | Term must appear in page body | intext:"password" |
cache: | Google’s cached version of a page | cache:example.com |
- | Exclude results | site:example.com -www |
"" | Exact match | "default password" |
OR / ` | ` | Either term |
* | Wildcard | "password is *" |
Common Dork Patterns
Section titled “Common Dork Patterns”Exposed directories
Section titled “Exposed directories”intitle:"index of" site:example.comintitle:"index of" "parent directory"Login pages
Section titled “Login pages”site:example.com inurl:loginsite:example.com intitle:"admin" inurl:adminSensitive files
Section titled “Sensitive files”site:example.com filetype:envsite:example.com filetype:sql "INSERT INTO"site:example.com filetype:logsite:example.com filetype:conf inurl:web.configext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:iniCredentials and keys
Section titled “Credentials and keys”site:example.com "password" filetype:txtsite:example.com "api_key" | "api_secret""-----BEGIN RSA PRIVATE KEY-----" filetype:keyExposed databases and backups
Section titled “Exposed databases and backups”site:example.com filetype:sqlintitle:"index of" "database.sql"intitle:"index of" "backup" ext:zip | ext:tar.gzOther Search Engine Dorks
Section titled “Other Search Engine Dorks”Most operators work across engines with minor syntax differences.
| Engine | Notes |
|---|---|
| Bing | Supports site:, filetype:, inurl:, intitle:. Slightly different indexing — may find pages Google missed. |
| DuckDuckGo | Supports site:, filetype:, intitle:. No inurl:. Uses Bing’s index under the hood. |
| Yandex | Strong for .ru domains and Eastern European targets. Supports site:, mime: (instead of filetype:), url:. |
GHDB — Google Hacking Database
Section titled “GHDB — Google Hacking Database”Pre-built dorks organized by category:
Categories include: footholds, files containing usernames/passwords, sensitive directories, web server detection, vulnerable servers, error messages.
Dorking Responsibly
Section titled “Dorking Responsibly”- Dorking public search engines is passive reconnaissance — you’re querying the search engine, not the target directly
- Accessing exposed resources you find may still be unauthorized — finding it doesn’t mean you’re allowed to use it
- Combine with
robots.txtandsitemap.xmlreview for additional path discovery