Google
Hacking

Google Dork Cheat Sheet

Posted on

Here’s a cheat sheet for Google Dorks, which are advanced search operators used to refine search results on Google:

Basic Search Operators:

  1. site: Search within a specific website.
   site:example.com
  1. intitle: Search for a specific word in the title of a webpage.
   intitle:keyword
  1. inurl: Search for a specific word in the URL of a webpage.
   inurl:keyword
  1. filetype: Search for specific file types (e.g., PDF, DOC).
   filetype:pdf
  1. related: Find webpages related to a specific URL.
   related:example.com

Advanced Search Operators:

  1. OR: Search for pages that contain either term A or term B.
   keyword1 OR keyword2
  1. AND: Search for pages that contain both term A and term B.
   keyword1 AND keyword2
  1. : Exclude specific terms from search results.
   -keyword
  1. ***: Wildcard operator to match any word.
   keyword *
  1. define: Find definitions of a specific word.
    define:word

Specific Search Queries:

  1. “Exact Match”: Search for an exact phrase. "exact phrase"
  2. inanchor: Search for specific anchor text in links. inanchor:keyword
  3. cache: View Google’s cached version of a webpage. cache:example.com
  4. AROUND(X): Search for terms within a certain proximity of each other. term1 AROUND(5) term2
  5. info: Get information about a specific webpage.
    info:example.com

Application-Specific Queries:

  1. weather: Get weather information for a specific location. weather:location
  2. stocks: Get stock information. stocks:company
  3. movie: Find movie information. movie:title
  4. map: Find map results. map:location
  5. book: Find book information.
    book:title

Here are some Google Dorks that can be used to find various online devices, including cameras, routers, printers, and other network-connected devices:

  1. Webcams/Cameras:
   inurl:/view/index.shtml
   intitle:"Live View / - AXIS"
   intitle:"Live View / - AXIS" | inurl:view/view.shtml
   intitle:"Eagle-Eye" "Network Camera"
   intitle:"Live NetSnap Cam-Server feed"
  1. Routers:
   inurl:/home.asp
   inurl:/index.htm
   intitle:"Router Login" | inurl:/login.htm
   intitle:"ADSL Configuration page"
   intitle:"DSL Device Configuration"
  1. Printers:
   intitle:"Hewlett-Packard" inurl:info_configuration.htm
   intitle:"HP LaserJet" inurl:SSI/index.htm
   intitle:"Print Server Status" intext:"Status (Offline)"
   intitle:"Network Print Server" intext:"TCP/IP" intext:"LPR"
  1. Network Storage Devices:
   intitle:"Index of" / "Size" / "Name"
   intitle:"Index of" "Backup"
   intitle:"Index of" "parent directory" "size" "last modified" "description"
   intitle:"Index of" "Synology Web Station"
  1. Network Devices Configuration Pages:
   intitle:"System Status" intext:"Router Statistics"
   intitle:"Netgear" intext:"NETGEAR Router Configuration"
   intitle:"ZyXEL Prestige Router" "Please log into the ZyXEL Prestige 100 router"
   intitle:"Login - MikroTik RouterOS"
  1. Industrial Control Systems:
   intitle:"SCADA System Login" inurl:/login.html
   intitle:"HMI DOPSoft" inurl:/webserver/mainfrm.html
   intitle:"Rockwell Automation - FactoryTalk View SE"

Here are some Google Dorks that can be used to find sensitive files and directories containing potentially confidential information:

  1. Files Containing Passwords:
   filetype:ini "[PHOTO OF HOTEL FRONT DESK PERSONNEL]"
   filetype:sql intext:password | pass | passwd | pwd
   intitle:index.of htpasswd
   intitle:"Index of" .htpasswd
  1. Configuration Files:
   intitle:"Index of" .env
   intitle:"Index of" .gitconfig
   intitle:"Index of" config.php
   intitle:"Index of" wp-config.php
  1. Backup Files:
   intitle:"Index of" .bak
   intitle:"Index of" .sql.bak
   intitle:"Index of" .zip.bak
   intitle:"Index of" .tar.gz.bak
  1. Log Files:
   intitle:"Index of" access.log
   intitle:"Index of" error.log
   intitle:"Index of" login.log
  1. Database Dumps:
   intitle:"Index of" database.sql
   intitle:"Index of" dbdump.sql
   intitle:"Index of" backup.sql
  1. Configuration Directories:
   intitle:"Index of" .ssh
   intitle:"Index of" .vscode
   intitle:"Index of" .npm
   intitle:"Index of" .docker
  1. Sensitive Documents:
   filetype:pdf "CONFIDENTIAL" | "SECRET" | "SENSITIVE" | "INTERNAL USE ONLY"
   filetype:doc "CONFIDENTIAL" | "SECRET" | "SENSITIVE" | "INTERNAL USE ONLY"
   filetype:xls "CONFIDENTIAL" | "SECRET" | "SENSITIVE" | "INTERNAL USE ONLY"
  1. API Keys and Tokens:
   intitle:index.of api_key
   intitle:index.of aws_keys
   intitle:index.of aws_secret
   intitle:index.of api_secret

Here are some Google Dorks that can be used to find database backups and filesystem backups:

  1. Database Backup Files:
   intitle:"Index of" "database.sql"
   intitle:"Index of" "db_backup.sql"
   intitle:"Index of" "backup.sql"
   intitle:"Index of" "db.sql"
  1. Specific Database Backup Extensions:
   intitle:"Index of" "*.sql.gz"
   intitle:"Index of" "*.sql.bz2"
   intitle:"Index of" "*.sql.zip"
   intitle:"Index of" "*.sql.tar.gz"
  1. Filesystem Backup Files:
   intitle:"Index of" "backup.tar.gz"
   intitle:"Index of" "backup.zip"
   intitle:"Index of" "backup.tar"
   intitle:"Index of" "backup.tgz"
  1. Specific Filesystem Backup Extensions:
   intitle:"Index of" "*.tar.gz"
   intitle:"Index of" "*.tar.bz2"
   intitle:"Index of" "*.zip"
   intitle:"Index of" "*.tgz"
  1. Common Backup Folder Names:
   intitle:"Index of" "backup"
   intitle:"Index of" "backups"
   intitle:"Index of" "old_backup"
   intitle:"Index of" "archive"
  1. Database Backup Path Disclosure:
   "db_backup.sql" filetype:sql -git -github
   "database_backup.sql" filetype:sql -git -github
   "backup.sql" filetype:sql -git -github
  1. Filesystem Backup Path Disclosure:
   "backup.tar.gz" -git -github
   "backup.zip" -git -github
   "backup.tar" -git -github

Here are some Google Dorks that can be used to find passwords, login logs, and other related information:

  1. Passwords in Configuration Files:
   intitle:"Index of" "passwords.txt"
   intitle:"Index of" "password.txt"
   intitle:"Index of" ".htpasswd"
  1. Login Logs and Access Logs:
   intitle:"Index of" "access.log"
   intitle:"Index of" "error.log"
   intitle:"Index of" "login.log"
  1. Database Connection Strings and Configuration Files:
   intitle:"Index of" "database_connection_string.txt"
   intitle:"Index of" "database_config.php"
  1. Configuration Files Containing Passwords:
   intitle:"Index of" "config.ini"
   intitle:"Index of" "config.php"
   intitle:"Index of" "config.txt"
  1. Specific Password Files:
   intitle:"Index of" "passwd"
   intitle:"Index of" "shadow"
  1. SSH Keys and Configuration Files:
   intitle:"Index of" ".ssh"
   intitle:"Index of" "id_rsa"
   intitle:"Index of" "id_dsa"
  1. Other Password-related Files:
   intitle:"Index of" "pwd.txt"
   intitle:"Index of" "password_dump.txt"
   intitle:"Index of" "login_credentials.txt"
  1. Common Password File Names:
   intitle:"Index of" "password"
   intitle:"Index of" "login"
  1. Login Pages with Sensitive Information:
   intitle:"Login" intext:"Username" intext:"Password"
   intitle:"Login" intext:"Login" intext:"Password"

Remember, using Google Dorks to find sensitive information like passwords and login logs can potentially lead to the discovery of confidential data. Always ensure that you have proper authorization and permission to access and interact with the files you discover. Unauthorized access to sensitive information may be illegal and can have serious consequences.