Skip to content

Google Dorks

General search operators

Operator Operator Description Example Example Description
site: Limits results to a specific website or domain. site:example.com Find all publicly accessible pages on example.com.
inurl: Finds pages with a specific term in the URL. inurl:login Search for login pages on any website.
filetype: Searches for files of a particular type. filetype:pdf Find downloadable PDF documents.
intitle: Finds pages with a specific term in the title. intitle:"confidential report" Look for documents titled "confidential report" or similar variations.
intext: or inbody: Searches for a term within the body text of pages. intext:"password reset" Identify webpages containing the term “password reset”.
cache: Displays the cached version of a webpage (if available). cache:example.com View the cached version of example.com to see its previous content.
link: Finds pages that link to a specific webpage. link:example.com Identify websites linking to example.com.
related: Finds websites related to a specific webpage. related:example.com Discover websites similar to example.com.
info: Provides a summary of information about a webpage. info:example.com Get basic details about example.com, such as its title and description.
define: Provides definitions of a word or phrase. define:phishing Get a definition of "phishing" from various sources.
numrange: Searches for numbers within a specific range. site:example.com numrange:1000-2000 Find pages on example.com containing numbers between 1000 and 2000.
allintext: Finds pages containing all specified words in the body text. allintext:admin password reset Search for pages containing both "admin" and "password reset" in the body text.
allinurl: Finds pages containing all specified words in the URL. allinurl:admin panel Look for pages with "admin" and "panel" in the URL.
allintitle: Finds pages containing all specified words in the title. allintitle:confidential report 2023 Search for pages with "confidential," "report," and "2023" in the title.
AND Narrows results by requiring all terms to be present. site:example.com AND (inurl:admin OR inurl:login) Find admin or login pages specifically on example.com.
OR Broadens results by including pages with any of the terms. "linux" OR "ubuntu" OR "debian" Search for webpages mentioning Linux, Ubuntu, or Debian.
NOT Excludes results containing the specified term. site:bank.com NOT inurl:login Find pages on bank.com excluding login pages.
* (wildcard) Represents any character or word. site:socialnetwork.com filetype:pdf user* manual Search for user manuals (user guide, user handbook) in PDF format on socialnetwork.com.
.. (range search) Finds results within a specified numerical range. site:ecommerce.com "price" 100..500 Look for products priced between 100 and 500 on an e-commerce website.
" " (quotation marks) Searches for exact phrases. "information security policy" Find documents mentioning the exact phrase "information security policy".
- (minus sign) Excludes terms from the search results. site:news.com -inurl:sports Search for news articles on news.com excluding sports-related content.

Google Dorks

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.

This is an awesome database with more than 7K googledork entries: https://www.exploit-db.com/google-hacking-database.

Google Dorking Query Expected results
intitle:"api" site: "example.com" Finds all publicly available API related content in a given hostname. Another cool example for API versions: inurl:"/api/v1" site: "example.com"
intitle:"json" site: "example.com" Many APIs use json, so this might be a cool filter
inurl:"/wp-son/wp/v2/users" Finds all publicly available WordPress API user directories.
intitle:"index.of" intext:"api.txt" Finds publicly available API key files.
inurl:"/api/v1" intext:"index of /" Finds potentially interesting API directories.
intitle:"index of" api_key OR "api key" OR apiKey -pool This is one of my favorite queries. It lists potentially exposed API keys.
site:*.domain.com It enumerates subdomains for the given domain "domain.com"
site:*.domain.com filetype:pdf sales It searches for pdf files named "sales" in all subdomains.
cache:domain.com/page It will display the google.com cache of that page.
inurl:passwd.txt It retrieves pages that contains that in the url.
Last update: 2024-09-12
Created: January 3, 2023 12:54:46