13-07-25, 08:21 PM
Well, friends, search on google dorks!!!!! What is it all about? Google Dorks = special commands for Google that find hidden information on the Internet. Basic Search: Admin Passwords Dork search: intext:"password" site:example.com Result: A regular search will return garbage, the doc will find real passwords on the site. Why is it necessary? Find the admin panel of sites Find password databases Find documents with secret information Find vulnerable sites Collect information about the purpose (OSINT)
The Complete Google Dorkov Cheat Sheet 2025 Basic Operators Operator Description Example site: Search only on the specified site site:example.com admin filetype: Search for files of a specific type filetype:pdf password inurl: Search the URL of the page inurl:admin intitle: Search in the page header intitle:"admin panel" intext: Search the text of the page intext:"mysql_connect" link: Pages linking to URLs link:example.com cache: The cached version of the cache:example.com page
## Basic Operators | Operator | Description | Example | |--------------|-----------------------------------|----------------------------------------| | site: | Search within a specific site | site:example.com admin | | filetype: | Search for specific file types | filetype:pdf password | | inurl: | Search in URL | inurl:admin | | intitle: | Search in page title | intitle:"Admin Panel" | | intext: | Search in page content | intext:"mysql_connect" | | link: | Pages linking to a URL | link:example.com | | cache: | View cached version of a page | cache:example.com |
## Advanced Operators | Operator | Description | Example | |------------------|-----------------------------------------|---------------------------------------------| | allintitle: | All keywords in title | allintitle:admin login | | allinurl: | All keywords in URL | allinurl:admin config php | | allintext: | All keywords in text | allintext:username password email | | info: | Information about a page | info:example.com | | related: | Similar websites | related:facebook.com | | define: | Get definition | define:phishing | ## Logical Operators | Operator | Description | Example | |--------------|-----------------------------------------|----------------------------------------------| | "phrase" | Exact phrase | "admin login" | | OR / | | Logical OR | admin OR administrator | | AND / + | Logical AND | admin AND panel | | -word | Exclude word | hacking -game | | * | Wildcard | admin * panel | | () | Grouping | (admin OR login) site:gov | ## File Types **Documents**: `filetype:pdf`, `filetype:doc`, `filetype:xls` **Configs**: `filetype:conf`, `filetype:ini`, `filetype:env`
**Web files**: `filetype:php`, `filetype:html`, `filetype:xml` **Databases**: `filetype:sql`, `filetype:sqlite` **Archives**: `filetype:zip`, `filetype:rar` **Logs/Backups**: `filetype:log`, `filetype:bak` ## Example Dorks ### Admin Panels - inurl:admin - intitle:"Admin Panel" - inurl:wp-login ### Password Files - filetype:txt password - intext:"username" intext:"password" ### Databases - filetype:sql "INSERT INTO" - intext:"mysql_fetch_array" ### Confidential Docs - filetype:pdf confidential - filetype:xls salary ### Email & Contacts - "@gmail.com" filetype:xls - intext:"email" intext:"phone"
### Camera Feeds - inurl:"view.shtml" intitle:"Live View" - inurl:"axis-cgi/mjpg" ## Security Use Cases - SQL Injection Dorks - XSS Testing URLs - File Inclusion Examples - Directory Traversal Patterns ## Defense Against Dorks **robots.txt** ``` User-agent: * Disallow: /admin/ Disallow: /config/ Disallow: /backup/ ``` **.htaccess** ``` Order allow,deny Deny from all
``` **Meta Tags** ```html ```
Category: Jenkins, Kibana, Grafana and CI/CD
intitle:"Dashboard [Jenkins]"
intitle:"Grafana" inurl:login
intitle:"Kibana" inurl:login
inurl:jenkins/login
API
inurl:api intext:"api_key"
inurl:api intext:"Authorization: Bearer"
filetype:json intext:"access_token"
filetype:env "API_SECRET="
[align=start]
[align=initial]
[align=initial]Category: Dorks by searching for credentials in co[/align]
[/align]
[/align]
site:github.com "DB_PASSWORD="
site:bitbucket.org "ftp_password"
site:gitlab.com "AWS_SECRET_ACCESS_KEY"
[align=start]
[align=initial]
[align=initial]Category: Dorks for finding .env file leaks
intitle:"Index of" ".env"
inurl:.env DB_PASSWORD
filetype:env SECRET_KEY
Category: Open directories with dumps or logs
intitle:"index of" dbdump
intitle:"index of" access.log
intitle:"index of" error.log
intitle:"index of" /logs/
Category: Dorks for searching.git and.svn
intitle:"index of" ".git"
intitle:"index of" ".svn"
inurl:.git/config
Category: Google Dorks for Bug Bounty
site:*.bugcrowd.com inurl:admin
site:*.hackerone.com inurl:login
site:*.bugcrowd.com filetype:pdf confidential
If anyone has questions, you can write in private messages @euvetements[/align]
[/align]
[/align]
[align=start] [/align]
The Complete Google Dorkov Cheat Sheet 2025 Basic Operators Operator Description Example site: Search only on the specified site site:example.com admin filetype: Search for files of a specific type filetype:pdf password inurl: Search the URL of the page inurl:admin intitle: Search in the page header intitle:"admin panel" intext: Search the text of the page intext:"mysql_connect" link: Pages linking to URLs link:example.com cache: The cached version of the cache:example.com page
## Basic Operators | Operator | Description | Example | |--------------|-----------------------------------|----------------------------------------| | site: | Search within a specific site | site:example.com admin | | filetype: | Search for specific file types | filetype:pdf password | | inurl: | Search in URL | inurl:admin | | intitle: | Search in page title | intitle:"Admin Panel" | | intext: | Search in page content | intext:"mysql_connect" | | link: | Pages linking to a URL | link:example.com | | cache: | View cached version of a page | cache:example.com |
## Advanced Operators | Operator | Description | Example | |------------------|-----------------------------------------|---------------------------------------------| | allintitle: | All keywords in title | allintitle:admin login | | allinurl: | All keywords in URL | allinurl:admin config php | | allintext: | All keywords in text | allintext:username password email | | info: | Information about a page | info:example.com | | related: | Similar websites | related:facebook.com | | define: | Get definition | define:phishing | ## Logical Operators | Operator | Description | Example | |--------------|-----------------------------------------|----------------------------------------------| | "phrase" | Exact phrase | "admin login" | | OR / | | Logical OR | admin OR administrator | | AND / + | Logical AND | admin AND panel | | -word | Exclude word | hacking -game | | * | Wildcard | admin * panel | | () | Grouping | (admin OR login) site:gov | ## File Types **Documents**: `filetype:pdf`, `filetype:doc`, `filetype:xls` **Configs**: `filetype:conf`, `filetype:ini`, `filetype:env`
**Web files**: `filetype:php`, `filetype:html`, `filetype:xml` **Databases**: `filetype:sql`, `filetype:sqlite` **Archives**: `filetype:zip`, `filetype:rar` **Logs/Backups**: `filetype:log`, `filetype:bak` ## Example Dorks ### Admin Panels - inurl:admin - intitle:"Admin Panel" - inurl:wp-login ### Password Files - filetype:txt password - intext:"username" intext:"password" ### Databases - filetype:sql "INSERT INTO" - intext:"mysql_fetch_array" ### Confidential Docs - filetype:pdf confidential - filetype:xls salary ### Email & Contacts - "@gmail.com" filetype:xls - intext:"email" intext:"phone"
### Camera Feeds - inurl:"view.shtml" intitle:"Live View" - inurl:"axis-cgi/mjpg" ## Security Use Cases - SQL Injection Dorks - XSS Testing URLs - File Inclusion Examples - Directory Traversal Patterns ## Defense Against Dorks **robots.txt** ``` User-agent: * Disallow: /admin/ Disallow: /config/ Disallow: /backup/ ``` **.htaccess** ``` Order allow,deny Deny from all
``` **Meta Tags** ```html ```
Category: Jenkins, Kibana, Grafana and CI/CD
intitle:"Dashboard [Jenkins]"
intitle:"Grafana" inurl:login
intitle:"Kibana" inurl:login
inurl:jenkins/login
API
inurl:api intext:"api_key"
inurl:api intext:"Authorization: Bearer"
filetype:json intext:"access_token"
filetype:env "API_SECRET="
[align=start]
[align=initial]
[align=initial]Category: Dorks by searching for credentials in co[/align]
[/align]
[/align]
site:github.com "DB_PASSWORD="
site:bitbucket.org "ftp_password"
site:gitlab.com "AWS_SECRET_ACCESS_KEY"
[align=start]
[align=initial]
[align=initial]Category: Dorks for finding .env file leaks
intitle:"Index of" ".env"
inurl:.env DB_PASSWORD
filetype:env SECRET_KEY
Category: Open directories with dumps or logs
intitle:"index of" dbdump
intitle:"index of" access.log
intitle:"index of" error.log
intitle:"index of" /logs/
Category: Dorks for searching.git and.svn
intitle:"index of" ".git"
intitle:"index of" ".svn"
inurl:.git/config
Category: Google Dorks for Bug Bounty
site:*.bugcrowd.com inurl:admin
site:*.hackerone.com inurl:login
site:*.bugcrowd.com filetype:pdf confidential
If anyone has questions, you can write in private messages @euvetements[/align]
[/align]
[/align]
[align=start] [/align]