Google Dorks
Google Dorking
dork.py:
# 1 - Select all the results from https://taksec.github.io/google-dorks-bug-bounty/ by pressing Ctrl+A.
# 2 - Paste them into a file named result.txt.
# 3 - Run the script.
# 4 - Copy and paste the generated URLs into https://dnschecker.org/url-opener.php to open them all at once.
import re
# Path to the file containing the Google Dorks
file_path = "result.txt"
# Function to read the file content and generate URLs
def generate_google_dork_urls(file_path):
try:
# Read the file
with open(file_path, "r") as file:
content = file.read()
# Extract Google Dorks (expressions containing "site:", "inurl:", "intitle:", etc.)
pattern = r'(site:[^\n]+|inurl:[^\n]+|intitle:[^\n]+|ext:[^\n]+|".+?")'
dorks = re.findall(pattern, content)
# Remove extra spaces and unnecessary characters
dorks = [dork.strip() for dork in dorks]
# Generate Google Search URLs
urls = [f"https://www.google.com/search?q={dork.replace(' ', '+')}" for dork in dorks]
return urls
except FileNotFoundError:
print(f"Error: The file {file_path} was not found.")
return []
# Call the function
urls = generate_google_dork_urls(file_path)
# Write the results to a file
output_file = "google_dork_urls.txt"
with open(output_file, "w") as file:
file.write("\n".join(urls))
print(f"URLs generated and saved in the file '{output_file}'.")
inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php site:example[.]cominurl:http://example.com intitle:"index of"
inurl:http://example.com intitle:"index of" "database.sql"
inurl:http://example.com intitle:"index of /" "*key.pem"
inurl:http://example.com ext:log
inurl:http://example.com intitle:"index of" ext:sql|xls|xml|json|csv
inurl:http://example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git
inurl:http://example.com intitle:"index of" "config.db"
inurl:http://example.com allintext:"API_SECRET*" ext:env | ext:yml
inurl:http://example.com intext:admin ext:sql inurl:admin
inurl:http://example.com allintext:username,password filetype:log site:http://example.com "-----BEGIN RSA PRIVATE KEY-----" - inurl:id_rsa
site:http://codepad.co "keyword"
site:http://scribd.com "keyword"
site:http://npmjs.com "keyword"
site:http://npm-runkit.com "keyword"
site:http://libraries.io "keyword"
site:http://ycombinator.io "keyword"
site:http://coggle.it "keyword"
site:http://papaly.com "keyword"
site:http://google.com "keyword"
site:http://trello.com "keyword"
site:http://prezi.com "keyword"
site:http://jsdelivr.net "keyword"
site:http://codepen.io "keyword"
site:http://codeshare.io "keyword"
site:http://sharecode.io "keyword"
site:http://pastebin.com "keyword"
site:http://repl.it "keyword"
site:http://productforums.google.com "keyword"
site:http://gitter.im "keyword"
site:http://bitbucket.org "keyword"
site:*http://atlassian.net "keyword"
inurl:gitlab "keyword"
inurl:github "keyword"Xnldorker
Grab a cofee and wait
python3 google_dorking_automatization.py -i file_with_scopeDorkSearch
Find Subdomains
site:.example.com -site:www.example.comReturn indexed results linked to *.example.com but exclude www.example.com.
Cloud - All in One
site:.s3.amazonaws.com OR site:.blob.core.windows.net OR site:.storage.googleapis.com OR:.r2.cloudflarestorage.com OR site:.r2.dev "company"Google Search for AWS
intext:cie_name inurl:amazonaws.com``
S3 Buckets
site:.s3.amazonaws.com "company"Public bucket ? Search for credentials and secrets:
Permissions ?
AWSR2 Storage Bucket
If your target is making use of R2 storage buckets, check if R2 .dev is enabled - R2 .dev is a feature to make buckets public for development purposes and is recommended to be turned off when the storage bucket is used for production
site:.r2.dev "company"Google Search for Azure
intext:cie_name inurl:core.windows.net
Google Search for GCP
GCPBucket
site:storage.googleapis.comsite:console.cloud.google.com/storage/browser/_details
site:console.cloud.google.com/storage/browserBigQuery DB
site:cloud.google.com "BigQuery dataset"
site:*.cloud.google.com inurl:bigquery "dataset"KMS
inurl:"keyRing" inurl:"cryptoKey" intext:"Google Cloud"
site:cloud.google.com "KMS" "keys"
filetype:pdf "kms" "keyRing" "cryptoKey"
filetype:pdf "bindings" "role" "serviceAccount" "kms"VM Instances
intitle:"Google Cloud" inurl:"compute" "vm image"
site:github.com "google cloud" "vm image" filetype:yaml OR filetype:json
inurl:"compute/docs/images" intitle:"Google Cloud"filename:*.yaml "image:" "gce-vm-image"
filename:*.tf "source_image" "google_compute_instance"
filename:*.yml "hosts:" "tasks:" "google_compute"SQL DB
intitle:"Google Cloud SQL" inurl:docs "instance"
site:*.com filetype:sql "google_cloud_sql"
site:github.com "google cloud sql" filename:*.tffilename:.env "sql_password" OR "db_password"
filename:credentials.json "type":"service_account" "sqladmin.googleapis.com"
filename:*.json "databaseVersion" "google_sql_database_instance"Cloudflare R2 Buckets
Search for private CF R2 buckets:
site:.r2.cloudflarestorage.com "company"Search for public CF R2 buckets (with R2.dev enabled):
site:.r2.dev "company"
Finding Login Pages
site:example.com inurl:login
site:example.com (inurl:login OR inurl:admin)
Identifying Exposed Files
site:example.com filetype:pdf
site:example.com (filetype:xls OR filetype:docx)
Uncovering Configuration Files
site:example.com inurl:config.php
site:example.com (ext:conf OR ext:cnf) (searches for extensions commonly used for configuration files)
Locating Database Backups
site:example.com inurl:backup
site:example.com filetype:sql
site:
Limits results to a specific website or domain.
site:example.com
Find all publicly accessible pages on example.com.
inurl:
Finds pages with a specific term in the URL.
inurl:login
Search for login pages on any website.
filetype:
Searches for files of a particular type.
filetype:pdf
Find downloadable PDF documents.
intitle:
Finds pages with a specific term in the title.
intitle:"confidential report"
Look for documents titled "confidential report" or similar variations.
intext: or inbody:
Searches for a term within the body text of pages.
intext:"password reset"
Identify webpages containing the term “password reset”.
cache:
Displays the cached version of a webpage (if available).
cache:example.com
View the cached version of example.com to see its previous content.
link:
Finds pages that link to a specific webpage.
link:example.com
Identify websites linking to example.com.
related:
Finds websites related to a specific webpage.
related:example.com
Discover websites similar to example.com.
info:
Provides a summary of information about a webpage.
info:example.com
Get basic details about example.com, such as its title and description.
define:
Provides definitions of a word or phrase.
define:phishing
Get a definition of "phishing" from various sources.
numrange:
Searches for numbers within a specific range.
site:example.com numrange:1000-2000
Find pages on example.com containing numbers between 1000 and 2000.
allintext:
Finds pages containing all specified words in the body text.
allintext:admin password reset
Search for pages containing both "admin" and "password reset" in the body text.
allinurl:
Finds pages containing all specified words in the URL.
allinurl:admin panel
Look for pages with "admin" and "panel" in the URL.
allintitle:
Finds pages containing all specified words in the title.
allintitle:confidential report 2023
Search for pages with "confidential," "report," and "2023" in the title.
AND
Narrows results by requiring all terms to be present.
site:example.com AND (inurl:admin OR inurl:login)
Find admin or login pages specifically on example.com.
OR
Broadens results by including pages with any of the terms.
"linux" OR "ubuntu" OR "debian"
Search for webpages mentioning Linux, Ubuntu, or Debian.
NOT
Excludes results containing the specified term.
site:bank.com NOT inurl:login
Find pages on bank.com excluding login pages.
* (wildcard)
Represents any character or word.
site:socialnetwork.com filetype:pdf user* manual
Search for user manuals (user guide, user handbook) in PDF format on socialnetwork.com.
.. (range search)
Finds results within a specified numerical range.
site:ecommerce.com "price" 100..500
Look for products priced between 100 and 500 on an e-commerce website.
" " (quotation marks)
Searches for exact phrases.
"information security policy"
Find documents mentioning the exact phrase "information security policy".
- (minus sign)
Excludes terms from the search results.
site:news.com -inurl:sports
Search for news articles on news.com excluding sports-related content.
Online Tools
Database
Resources
Interesting Books
Interesting BooksOpen Source Intelligence Techniques Learn how to gather data using OSINT tools and strategies.
Support this Gitbook
I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.
Last updated