Google Dorking (Google Hacking) uses advanced search operators to find sensitive information, vulnerable systems, or exposed data indexed by Google. It's a passive reconnaissance technique that doesn't directly interact with target systems.
site: Limit to specific domain
inurl: Search within URLs
intitle: Search page titles
filetype: Find specific file types
ext: File extension
intext: Search page content
cache: View cached version# Exposed configuration files
site:example.com ext:env OR ext:config
# Backup files
site:example.com ext:bak OR ext:old OR ext:backup
# Database files
filetype:sql site:example.com
# Admin panels
site:example.com inurl:admin OR inurl:login
# Directory listings
intitle:"index of" site:example.com
# Exposed git directories
intitle:"index of" ".git"
# Error messages
site:example.com "mysql error" OR "syntax error"
# API keys in code
site:github.com "api_key" "example.com"# Specific software versions
intitle:"Apache/2.4.1" "server at"
# Default installations
intitle:"Welcome to nginx!" inurl:example.com
# phpMyAdmin
inurl:phpMyAdmin/index.phpThe GHDB (exploit-db.com/google-hacking-database) contains thousands of pre-built dorks for finding specific vulnerabilities.