# Google Dorks

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

{% embed url="<https://taksec.github.io/google-dorks-bug-bounty/>" %}

{% embed url="<https://netlas.io/blog/google_dorking_in_cybersecurity/>" %}

dork.py:

```python
# 1 - Select all the results from https://taksec.github.io/google-dorks-bug-bounty/ by pressing Ctrl+A.
# 2 - Paste them into a file named result.txt.
# 3 - Run the script.
# 4 - Copy and paste the generated URLs into https://dnschecker.org/url-opener.php to open them all at once.

import re

# Path to the file containing the Google Dorks
file_path = "result.txt"

# Function to read the file content and generate URLs
def generate_google_dork_urls(file_path):
    try:
        # Read the file
        with open(file_path, "r") as file:
            content = file.read()
        
        # Extract Google Dorks (expressions containing "site:", "inurl:", "intitle:", etc.)
        pattern = r'(site:[^\n]+|inurl:[^\n]+|intitle:[^\n]+|ext:[^\n]+|".+?")'
        dorks = re.findall(pattern, content)
        
        # Remove extra spaces and unnecessary characters
        dorks = [dork.strip() for dork in dorks]
        
        # Generate Google Search URLs
        urls = [f"https://www.google.com/search?q={dork.replace(' ', '+')}" for dork in dorks]
        
        return urls
    except FileNotFoundError:
        print(f"Error: The file {file_path} was not found.")
        return []

# Call the function
urls = generate_google_dork_urls(file_path)

# Write the results to a file
output_file = "google_dork_urls.txt"
with open(output_file, "w") as file:
    file.write("\n".join(urls))

print(f"URLs generated and saved in the file '{output_file}'.")

```

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2F67ffkmE33lztvUZQOzAy%2Fimage.png?alt=media&#x26;token=98abdc6f-50e3-4c89-b42a-17d68e8a8357" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2F1lvPey4KqlBnSVkEAiGP%2Fimage.png?alt=media&#x26;token=2ffd7823-a4a3-4245-9668-be1b9ff59da9" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2F1aV1mDHgG3Mfwe9f119f%2Fimage.png?alt=media&#x26;token=ec750436-24d3-4446-b9ed-efe0ad05c690" alt=""><figcaption></figcaption></figure>

```
inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php site:example[.]com
```

```
inurl:http://example.com intitle:"index of"
inurl:http://example.com intitle:"index of" "database.sql"
inurl:http://example.com intitle:"index of /" "*key.pem"
inurl:http://example.com ext:log
inurl:http://example.com intitle:"index of" ext:sql|xls|xml|json|csv
inurl:http://example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git
inurl:http://example.com intitle:"index of" "config.db"
inurl:http://example.com allintext:"API_SECRET*" ext:env | ext:yml
inurl:http://example.com intext:admin ext:sql inurl:admin
inurl:http://example.com allintext:username,password filetype:log site:http://example.com "-----BEGIN RSA PRIVATE KEY-----" - inurl:id_rsa
site:http://codepad.co "keyword"
site:http://scribd.com "keyword"
site:http://npmjs.com "keyword"
site:http://npm-runkit.com "keyword"
site:http://libraries.io "keyword"
site:http://ycombinator.io "keyword"
site:http://coggle.it "keyword"
site:http://papaly.com "keyword"
site:http://google.com "keyword"
site:http://trello.com "keyword"
site:http://prezi.com "keyword"
site:http://jsdelivr.net "keyword"
site:http://codepen.io "keyword"
site:http://codeshare.io "keyword"
site:http://sharecode.io "keyword"
site:http://pastebin.com "keyword"
site:http://repl.it "keyword"
site:http://productforums.google.com "keyword"
site:http://gitter.im "keyword"
site:http://bitbucket.org "keyword"
site:*http://atlassian.net "keyword"
inurl:gitlab "keyword"
inurl:github "keyword"
```

## Xnldorker

{% embed url="<https://github.com/xnl-h4ck3r/xnldorker>" %}

{% embed url="<https://osintteam.blog/automating-google-dorking-for-bug-bounty-2339abb4b910>" %}

## Grab a cofee and wait

{% embed url="<https://github.com/six2dez/dorks_hunter>" %}

{% embed url="<https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan>" %}

{% embed url="<https://raw.githubusercontent.com/netlas-io/netlas-scripts/refs/heads/main/google_dorking_automatization.py>" %}

```
python3 google_dorking_automatization.py -i file_with_scope
```

{% embed url="<https://github.com/revoltsecurities/googledorker>" %}

## DorkSearch

{% embed url="<https://dorksearch.com/>" %}

## Find Subdomains

```
site:.example.com -site:www.example.com
```

Return indexed results linked to `*.example.com` but exclude `www.example.com`.

## Cloud - All in One

```
site:.s3.amazonaws.com OR site:.blob.core.windows.net OR site:.storage.googleapis.com OR:.r2.cloudflarestorage.com OR site:.r2.dev "company"
```

## Google Search for AWS

` intext:cie_name inurl:amazonaws.com`` `

{% content-ref url="../../cloud/aws" %}
[aws](https://0xss0rz.gitbook.io/0xss0rz/cloud/aws)
{% endcontent-ref %}

### S3 Buckets

```
site:.s3.amazonaws.com "company"
```

Public bucket ? Search for credentials and secrets:&#x20;

{% embed url="<https://github.com/saw-your-packet/CloudShovel>" %}

Permissions ?

{% content-ref url="../../cloud/aws" %}
[aws](https://0xss0rz.gitbook.io/0xss0rz/cloud/aws)
{% endcontent-ref %}

### R2 Storage Bucket

If your target is making use of R2 storage buckets, check if R2 .dev is enabled - R2 .dev is a feature to make buckets public for development purposes and is recommended to be turned off when the storage bucket is used for production

```
site:.r2.dev "company"
```

## Google Search for Azure

`intext:cie_name inurl:core.windows.net`

{% content-ref url="../../cloud/azure" %}
[azure](https://0xss0rz.gitbook.io/0xss0rz/cloud/azure)
{% endcontent-ref %}

## Google Search for GCP

{% content-ref url="../../cloud/gcp" %}
[gcp](https://0xss0rz.gitbook.io/0xss0rz/cloud/gcp)
{% endcontent-ref %}

### Bucket

```
site:storage.googleapis.com
```

```
site:console.cloud.google.com/storage/browser/_details
site:console.cloud.google.com/storage/browser
```

### BigQuery DB

```
site:cloud.google.com "BigQuery dataset"
site:*.cloud.google.com inurl:bigquery "dataset"
```

### KMS

```
inurl:"keyRing" inurl:"cryptoKey" intext:"Google Cloud"
site:cloud.google.com "KMS" "keys"
filetype:pdf "kms" "keyRing" "cryptoKey"
filetype:pdf "bindings" "role" "serviceAccount" "kms"
```

### VM Instances

```
intitle:"Google Cloud" inurl:"compute" "vm image"
site:github.com "google cloud" "vm image" filetype:yaml OR filetype:json
inurl:"compute/docs/images" intitle:"Google Cloud"
```

```
filename:*.yaml "image:" "gce-vm-image"
filename:*.tf "source_image" "google_compute_instance"
filename:*.yml "hosts:" "tasks:" "google_compute"
```

### SQL DB

```
intitle:"Google Cloud SQL" inurl:docs "instance"
site:*.com filetype:sql "google_cloud_sql"
site:github.com "google cloud sql" filename:*.tf
```

```
filename:.env "sql_password" OR "db_password"
filename:credentials.json "type":"service_account" "sqladmin.googleapis.com"
filename:*.json "databaseVersion" "google_sql_database_instance"
```

## Cloudflare R2 Buckets

**Search for private CF R2 buckets:**

```
site:.r2.cloudflarestorage.com "company"
```

**Search for public CF R2 buckets (with R2.dev enabled):**

```
site:.r2.dev "company"
```

{% embed url="<https://blog.intigriti.com/hacking-tools/hacking-misconfigured-cloudflare-r2-buckets-a-complete-guide>" %}

## Finding Login Pages

`site:example.com inurl:login`

`site:example.com (inurl:login OR inurl:admin)`

## Identifying Exposed Files

`site:example.com filetype:pdf`

`site:example.com (filetype:xls OR filetype:docx)`

## Uncovering Configuration Files

`site:example.com inurl:config.php`

`site:example.com (ext:conf OR ext:cnf)` (searches for extensions commonly used for configuration files)

## Locating Database Backups

`site:example.com inurl:backup`

`site:example.com filetype:sql`

| Operator                | Operator Description                                         | Example                                             | Example Description                                                                     |
| ----------------------- | ------------------------------------------------------------ | --------------------------------------------------- | --------------------------------------------------------------------------------------- |
| `site:`                 | Limits results to a specific website or domain.              | `site:example.com`                                  | Find all publicly accessible pages on example.com.                                      |
| `inurl:`                | Finds pages with a specific term in the URL.                 | `inurl:login`                                       | Search for login pages on any website.                                                  |
| `filetype:`             | Searches for files of a particular type.                     | `filetype:pdf`                                      | Find downloadable PDF documents.                                                        |
| `intitle:`              | Finds pages with a specific term in the title.               | `intitle:"confidential report"`                     | Look for documents titled "confidential report" or similar variations.                  |
| `intext:` or `inbody:`  | Searches for a term within the body text of pages.           | `intext:"password reset"`                           | Identify webpages containing the term “password reset”.                                 |
| `cache:`                | Displays the cached version of a webpage (if available).     | `cache:example.com`                                 | View the cached version of example.com to see its previous content.                     |
| `link:`                 | Finds pages that link to a specific webpage.                 | `link:example.com`                                  | Identify websites linking to example.com.                                               |
| `related:`              | Finds websites related to a specific webpage.                | `related:example.com`                               | Discover websites similar to example.com.                                               |
| `info:`                 | Provides a summary of information about a webpage.           | `info:example.com`                                  | Get basic details about example.com, such as its title and description.                 |
| `define:`               | Provides definitions of a word or phrase.                    | `define:phishing`                                   | Get a definition of "phishing" from various sources.                                    |
| `numrange:`             | Searches for numbers within a specific range.                | `site:example.com numrange:1000-2000`               | Find pages on example.com containing numbers between 1000 and 2000.                     |
| `allintext:`            | Finds pages containing all specified words in the body text. | `allintext:admin password reset`                    | Search for pages containing both "admin" and "password reset" in the body text.         |
| `allinurl:`             | Finds pages containing all specified words in the URL.       | `allinurl:admin panel`                              | Look for pages with "admin" and "panel" in the URL.                                     |
| `allintitle:`           | Finds pages containing all specified words in the title.     | `allintitle:confidential report 2023`               | Search for pages with "confidential," "report," and "2023" in the title.                |
| `AND`                   | Narrows results by requiring all terms to be present.        | `site:example.com AND (inurl:admin OR inurl:login)` | Find admin or login pages specifically on example.com.                                  |
| `OR`                    | Broadens results by including pages with any of the terms.   | `"linux" OR "ubuntu" OR "debian"`                   | Search for webpages mentioning Linux, Ubuntu, or Debian.                                |
| `NOT`                   | Excludes results containing the specified term.              | `site:bank.com NOT inurl:login`                     | Find pages on bank.com excluding login pages.                                           |
| `*` (wildcard)          | Represents any character or word.                            | `site:socialnetwork.com filetype:pdf user* manual`  | Search for user manuals (user guide, user handbook) in PDF format on socialnetwork.com. |
| `..` (range search)     | Finds results within a specified numerical range.            | `site:ecommerce.com "price" 100..500`               | Look for products priced between 100 and 500 on an e-commerce website.                  |
| `" "` (quotation marks) | Searches for exact phrases.                                  | `"information security policy"`                     | Find documents mentioning the exact phrase "information security policy".               |
| `-` (minus sign)        | Excludes terms from the search results.                      | `site:news.com -inurl:sports`                       | Search for news articles on news.com excluding sports-related content.                  |

***

## Online Tools

{% embed url="<https://taksec.github.io/google-dorks-bug-bounty/>" %}

{% embed url="<https://abhijithb200.github.io/investigator/>" %}

{% embed url="<https://iamunixtz.github.io/LazyDork/>" %}

{% embed url="<https://dorkking.blindf.com/>" %}

{% embed url="<https://sacsecurity.tech/dork.html?s=03>" %}

{% embed url="<https://pentest-tools.com/information-gathering/google-hacking>" %}

## Database

{% embed url="<https://www.exploit-db.com/google-hacking-database>" %}

## Resources&#x20;

{% embed url="<https://blog.intigriti.com/hacking-tools/google-dorking-for-beginners-how-to-find-more-vulnerabilities-using-google-search>" %}

## [Earn Free Crypto / BTC with Cointiply](https://cointiply.com/r/pkZxp)

[**Play Games Earn Cash Rewards**](https://cointiply.com/r/pkZxp)

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2FtT3srZzbUxV8iN6zjNrl%2Fimage.png?alt=media&#x26;token=962e4759-e8b9-4e26-b998-6df524fdfaf8" alt=""><figcaption></figcaption></figure>

## Interesting Books

{% content-ref url="../../interesting-books" %}
[interesting-books](https://0xss0rz.gitbook.io/0xss0rz/interesting-books)
{% endcontent-ref %}

{% hint style="info" %}
**Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
{% endhint %}

* [**Open Source Intelligence Techniques**](https://www.amazon.fr/dp/169903530X?tag=0xss0rz-21)\
  Learn how to gather data using OSINT tools and strategies.

## Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

[![buymeacoffee](https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png)](https://buymeacoffee.com/0xss0rz)