Beginner
Intermediate
Advanced
Important: Only search data you are legally allowed to access. Many of these queries can uncover sensitive information.
What is Google Dorking?
Google Dorking (or Google hacking) is a method of using special search operators in Google to find very specific information that regular searches don't easily reveal. It's useful for research, OSINT (open-source intelligence), cybersecurity testing, and sometimes just for learning how websites store and share information.
Basic Search Operators
Cache
Shows Google's saved version of a webpage.
Example: cache:example.com
You can also highlight a keyword: cache:example.com password
Intext and Allintext
Find words in the page content.
For one keyword: intext:username
For multiple keywords: allintext:"username" "password"
Filetype and ext
Find specific file formats.
filetype:pdf cybersecurity
ext:log error
Intitle and Allintitle
Find words in the page title.
intitle:"login"
allintitle:"how to" "draw anime"
Inurl and Allinurl
Find keywords in the web address.
inurl:admin
allinurl:dashboard login
Site
Search within a single website.
site:nytimes.com "climate change"
Inanchor and Allinanchor
Find keywords in anchor text (clickable links).
inanchor:"download pdf"
allinanchor:"buy shoes"
Around(X)
Find keywords close to each other.
"artificial intelligence" AROUND(3) ethics
Related
Find websites similar to another site.
related:bbc.com
Quotes
Force exact phrase matching.
"how to make pasta"
Special Search Examples
Exposed databases: "index of" "database.sql"
Public webcams: intitle:"webcamXP 5"
FTP directories: intitle:"index of" inurl:ftp
cPanel reset pages: inurl:_cpanel/forgotpwd
PDF documents from a site: site:nasa.gov filetype:pdf
Combining Commands
You can stack commands for precision.
site:gov filetype:pdf "emergency plan"
This finds PDF files on government websites containing the exact phrase "emergency plan".
Staying Safe
- Never use these queries to access or exploit private data.
- Use them only for authorized security testing or research.
- Website owners should protect sensitive directories with passwords, robots.txt rules, and secure configurations.
- Run your own site through these searches to make sure nothing sensitive is exposed.
Intermediate Google Dorking Techniques
Once you understand basic Google Dork commands like intext:, intitle:, and site:, you can start combining them for more targeted, powerful searches. At the intermediate level, your focus is on precision — removing irrelevant results and pinpointing exactly what you need.
1. Combining Operators
Instead of one filter, stack multiple:
site:example.com inurl:admin intitle:"login"
This finds admin login pages on example.com.
2. Targeting File Types with Keywords
Add filetype: or ext: to locate files that contain specific information.
allintext:"username" "password" filetype:log
This finds log files mentioning both username and password.
3. Finding Open Directories
Look for "index of" pages that expose files.
"index of" "backup.zip"
"index of" "database.sql"
4. Using Proximity Search
Use AROUND(X) to find words near each other.
"confidential" AROUND(5) "project"
This finds pages where "confidential" appears within 5 words of "project."
5. Researching with Related Sites
Use related: to discover similar domains.
related:linkedin.com "resume"
This finds sites like LinkedIn with the word "resume" on them.
6. Finding Files on One Domain
Combine site: and filetype:.
site:who.int filetype:pdf "health policy"
This finds WHO PDFs about health policy.
7. Searching URLs for Clues
Use inurl: with ext: to locate files by extension in the web address.
inurl:report ext:xls
8. Link Text (Anchor) Searches
Find pages linked with specific words using inanchor:.
inanchor:"reset password"
9. Removing Junk Results
Exclude sites or terms with -.
"covid data" -site:facebook.com
10. Multiple Keyword Options
Use OR or | to include alternatives.
site:gov "emergency plan" OR "disaster plan"
11. Synonyms for Wider Search
Use ~ for synonyms.
~tutorial javascript
12. Targeting Specific Services and Devices
Apache default page: intitle:"Apache2 Ubuntu Default Page: It works"
Zoom meetings: inurl:zoom.us/j intext:"scheduled for"
Weather stations: intitle:"Weather Wing WS-2"
13. Hunting for Config Files
"index of" "config.php"
14. Hunting for Kibana / Jira Dashboards
Kibana: inurl:app/kibana intext:"Loading Kibana"
Jira: inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
15. Finding FTP Servers
intitle:"index of" inurl:ftp
16. Social Media Search
tesla @twitter
Advanced Google Dorking Strategies
At the advanced level, Google Dorking becomes more like custom query engineering — mixing multiple operators, exploiting search parameters, & hunting for specific technologies, metadata, or exposed assets. The key is precision & efficiency: Layer 3–5 operators in 1 search, use logic grouping to control operator scope, and target known technologies & file types for OSINT or security auditing.
1. Operator Grouping with ()
(site:gov | site:mil) (filetype:pdf | filetype:xls) "budget 2024"
Searches .gov or .mil domains for PDFs or Excel files mentioning "budget 2024."
2. Exposed Configuration & Credential Files
(intitle:"index of" OR inurl:"config") (filetype:env | filetype:ini | filetype:conf) intext:password
Looks for public directories or configuration files containing passwords.
3. Targeting Database Backups & Dumps
"index of" ("database.sql" | "db_backup.zip" | "dump.sql")
Finds common SQL dump filenames in open directories.
4. Hunting for API Keys & Tokens
(filetype:env | filetype:json | filetype:txt) ("api_key" | "secret" | "token")
Targets environment, JSON, or text files with potential keys.
5. Leveraging as_ Search Parameters (Direct in URL)
You can append parameters to a Google search URL:
as_q= – The search termas_filetype= – Restrict by filetypeas_occt= – Search location (title, url, text)as_qdr= – Time range (d, w, m, y)
Example URL parameter search:
https://www.google.com/search?q=password&as_filetype=txt&as_qdr=m3
6. Metadata Hunting in Documents
site:gov filetype:pdf "Author" "Department of"
Looks for PDF metadata mentioning authors from government departments.
7. Targeting Specific Web Technologies
WordPress login: inurl:wp-login.php
phpMyAdmin panels: inurl:phpmyadmin/index.php
Jenkins dashboards: intitle:"Dashboard [Jenkins]"
8. Chaining AROUND() for Concept Linking
("financial report" AROUND(3) confidential) AROUND(5) "project"
Links multiple concepts near each other for highly focused results.
9. OSINT on Organizations
site:linkedin.com/in "@example.com"
Finds employees listing a specific email domain on LinkedIn.
10. Finding Public Git Repositories with Secrets
site:github.com "SECRET_KEY" language:Python
(Specific to GitHub indexing in Google.)
11. Targeting Camera & IoT Devices
inurl:view/view.shtml intitle:"Live View / - AXIS"
Finds live Axis camera streams.
12. Log Hunting with Service-Specific Patterns
filetype:log ("error" | "fatal" | "critical") site:example.com
13. Search with Wildcards for Unknown Parts
The * matches unknown text.
site:*.example.com inurl:"/admin/"
14. Advanced Time-Sensitive Searches
Use before: and after: (in Google's new syntax) for date ranges:
"data breach" site:news.com before:2024-01-01 after:2023-06-01
15. Sensitive Docs with Multiple Filters
site:gov (filetype:xls | filetype:csv) ("SSN" | "social security number") -sample