Exploring Google Dorks

  1. cache: Will present you with a cached version of any website.
    eg: cache:orkut.com
  2. intitle: Will present you with the webpages which have the word mentioned in the dork.
    eg: intitle:security
  3. allintitle: Will present you the webpages with the mentioned title(Will consider all the words mentioned).
    eg: allintitle:cyber offence
  4. intext: Will present you with the webpages which contain the specified word in the dork.
    eg: intext:github
  5. allintext: Will present you the webpages which have all the mentioned text.
    eg: allintext:tools hacker
  6. inurl: Will present you with the webpages which have the mentioned word in the URL.
    eg: inurl:ac.in
  7. allinurl: Will present you with the webpages which have all the mentioned words in the URL.
    eg: allinurl:tech lead
  8. filetype: Will return links to files that are accessible, depending on the file format given as input. The filetypes can be doc, odt, xlsx, csv, pdf, etc.
    eg: filetype:pdf
  9. inanchor: Will return anchor texts/links to pages for the mentioned words.
    eg: inanchor:“cyber security”
  10. site: Will present you with the full list of all the indexed URLs for the specified domain/sub-domain.
    eg: site:demo.testfire.net
  11. *: The wildcard acts as “anything”. This can be placed before, after or in between words to find interesting results.
    eg: “Conquering the * and * of Grief”
  12. |: The logical operator OR(“|”) can be used to get result in between two or multiple words.
    eg: The search “security” | “skills” will give you results containing the keyword security or skills.
  13. +: The operator will add any two or more words to give results which contain all of them.
    eg: security + attacks will give results where both the keywords security and attacks are present.
  14. -: The operator is used to avoid a particular keyword while searching.
    eg: The search query “security -cve” will provide results which do not have the keyword cve.
  15. @: The result can restrict the outputs to a particular social media platform defined.
    eg: Bikes @facebook
  16. info: This helps in finding information related to the domain you are searching for.
    eg: info:domainname.com
  17. before/after: Used to search within a particular date range.
    eg: twitter after:2018
  1. Excluding error and xml sitemaps: technical seo -“404 errors” -“xml sitemaps”
  2. Excluding irrelevant sites: security -site:pinterest.com
  3. Excluding subdomains: site:domainname.com -inurl:stage -inurl:dev -inurl:staging
  4. Finding open files with passwords of colleges: inurl:ac.in filetype:xlsx password
  5. Explore Configurations Using ENV files: DB_USERNAME filetype:env
  6. Finding Live cameras(Looks scary, I know):
    inurl:top.htm inurl:currenttime
    or one can also use inurl:”lvappl.htm” or inurl:”view.shtml” “camera”
    You can also try for webcapxp-based transmission camers with: intitle:”webcamXP 5"
  7. Looking for FTP servers: intitle:”index of” inurl:ftp (You can also try for forced http search with: intitle:“index of” inurl:http after:2018)
  8. Look for videos, mp3: You can look out for open videos with “index of friends”(Yeah you get all Friend’s episodes). For mp3: intitle: index of mp3
  9. Zoom videos: inurl:zoom.us/j and intext:scheduled for
  10. SQL Dumps: “index of” “database.sql.zip”
  11. WordPress Admin: intitle:”Index of” wp-admin
  12. phpMyAdmin page: “Index of” inurl:phpmyadmin
  13. Government docs: allintitle: restricted filetype:doc site:gov
  14. Apache2 webpages: intitle:“Apache2 Ubuntu Default Page: It works”
  1. Encrypt sensitive information(Username, Passwords, Card details, etc.)
  2. Run periodic vulnerability scan. These use Google Dork and can thus detect sensitive data accessible to public.
  3. Restrict important data with authentication and if possible with IP based authentication.
  4. Block sensitive content to be crawled by using robots.txt.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mr. Torjan Captain

Mr. Torjan Captain

A security enthusiast making way into the future. Your neighborhood cyberman.