Google Hacking Dorks
Search-engine recon operators and ready-made dork queries.
Use these only against assets you are explicitly authorized to test. Google dorking surfaces data that is already public, but acting on it without permission can still be illegal.
Filetype
Find indexed files of a specific type.
filetype:config site:example.comfiletype:xls site:example.comfiletype:pem private key site:example.comfiletype:doc site:example.comIntext
Match pages containing specific body text.
intext:"sql syntax near" OR intext:"syntax error has occurred" OR intext:"incorrect syntax near"intext:"Powered by phpBB" inurl:/viewtopic.phpintext:"MyBB SQL Error" site:example.comintext:"WordPress" inurl:"wpconfig.php" filetype:logInurl
Match a string inside the URL.
inurl:/wpcontent/uploads/inurl:cv OR filetype:pdf "cv"inurl:/phpinfo.phpinurl:/view/view.shtmlinurl:/adminIntitle
Match a string inside the page title.
intitle:"webcamXP 5" inurl:8080intitle:"index of" "apache at"intitle:"Welcome to nginx!"intext:"Welcome to our server!"intitle:"Index of /admin"Cache
View Google's cached copy of a page.
cache:example.com intext:some_one_secret_filecache:example.comcache:"example.com" "MySQL dump"cache:example.com filetype:doc pdf xlsInfo
Get Google's info about a site.
info:example.com filetype:conf confinfo:example.cominfo:example.com allinurl:configinfo:example.com allinurl:adminPhonebook
Look up phone / contact listings (legacy).
phonebook:+"phone number" OR "cell number"phonebook:example.comphonebook:+"firstname lastname" OR "lastname firstname"phonebook:john smith site:example.comMap
Surface map-related results for a site.
map:example.commap:example.com site:mapquest.commap:example.com inurl:mapmap:example.com intitle:mapLink
Find pages linking to a site (legacy).
link:example.comlink:example.com "link directory"link:example.com inurl:directorylink:example.com site:blogspot.comBasic Google Hacking Dorks
Common index and password-exposure queries.
allinurl:/cgibin/ + "?" + "password"intitle:Index of + ".htpasswd"allinurl:passwords.txt + "email"Index of/ + "config.php" wordpress demointitle:Index of / + "passwords.txt"intitle:Index of / + "admin" + "password.txt"Sensitive Information Search Dorks
Hunt credentials inside indexed documents.
site:targetwebsite.com filetype:ppt username passwordsite:targetwebsite.com filetype:pdf username passwordsite:targetwebsite.com filetype:docx passwordsite:targetwebsite.com ext:xls passwordsite:targetwebsite.com ext:xlsx passwordsite:targetwebsite.com ext:doc passwordVulnerable Website Dorks
Fingerprint CMS / platforms by their footer signatures.
"Powered by WordPress""Powered by vBulletin""Powered by Vanilla forums"intext:Drupal + "Powered By Drupal forums""powered by PHPmotion v3""Powered by osCommerce""Powered by TinyMCE"Other Google Hacking Dorks
Misc exposed panels, dumps and paths.
inurl:/elfinder/connector.phpinurl:/main.php?x=intext:phpMyAdmin SQL Dump filetype:sqlinurl:admin.php site:targetwebsite.comcache:www.targetwebsite.cominurl:/proc/self/cwdintitle:"WAMPSERVER homepage"inurl:/muieblackcatAdvanced Google Hacking Dorks
High-value targeted recon queries.
intitle:phpmyadmin inurl:server_privileges OR intitle:"login for server * at"site:targetwebsite.com inurl:/phpmyadmin/* ext:sql ext:sql.gz ext:sql.bz2 ext:sqlsite:urlscan.io + "activity"intitle:"Index of" .ssh/id_rsaintext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." edufiletype:.log intext:passwordinurl:twiki bin view/TWiki/WebHomeintitle:"Please login with admin pass"inurl:/vpn/tmindex.htmlCompiled from the “Google Hacking Dorks” chart by Hacking Articles (Ignite Technologies).