Using advanced Google search operators to find sensitive information, exposed files, and vulnerable systems indexed by search engines.
Google Dorking (Google Hacking) uses advanced search operators to find sensitive information, vulnerable systems, or exposed data indexed by Google. It's a passive reconnaissance technique that doesn't directly interact with target systems.
site: Limit to specific domain
inurl: Search within URLs
intitle: Search page titles
filetype: Find specific file types
ext: File extension
intext: Search page content
cache: View cached version# Exposed configuration files
site:example.com ext:env OR ext:config
# Backup files
site:example.com ext:bak OR ext:old OR ext:backup
# Database files
filetype:sql site:example.com
# Admin panels
site:example.com inurl:admin OR inurl:login
# Directory listings
intitle:"index of" site:example.com
# Exposed git directories
intitle:"index of" ".git"
# Error messages
site:example.com "mysql error" OR "syntax error"
# API keys in code
site:github.com "api_key" "example.com"# Specific software versions
intitle:"Apache/2.4.1" "server at"
# Default installations
intitle:"Welcome to nginx!" inurl:example.com
# phpMyAdmin
inurl:phpMyAdmin/index.phpThe GHDB (exploit-db.com/google-hacking-database) contains thousands of pre-built dorks for finding specific vulnerabilities.