A Google dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.
Google will highlight those words within the cached document.
usage: cache:www.google.com web
This will show the cached content with the word “web” highlighted.
This will list webpages that have links to the specified webpage.
This will list webpages that have links pointing to the Google homepage.
This will list web pages that are “similar” to a specified web page.
This will list web pages that are similar to the Google homepage.
This will present some information that Google has about that web page.
This will show information about the Google homepage.
This will provide a definition of the words you enter after it, gathered from various online sources.
Google will restrict the results to those websites in the given domain.
usage: help site:www.google.com
This will find pages about help within http://www.google.com.
Google will restrict the results to those with all of the query words in the title.
usage: allintitle: google search
This will return only documents that have both “google” and “search” in the title.
Google will restrict the results to documents containing that word in the title.
usage: intitle:google search
This will return documents that mention the word “google” in their title, and mention the word “search” anywhere in the document (title or no).
dork is basically used to find the entered text in url.
usage: inurl:google search
This will return documents that mention the word “google” in their url, and mention the word “search” anywhere in the document (url or no).
This google dork is used to find entered text in url and description as if we enter intext: welcome admin user name . now this will search every text in description and url too.
This google dork is used to find text every where weather in title or description or in url etc as if we enter inall:admin login this will search every where admin login text in website.
You can use ‘filteype’ at place of ‘ext’.:
ext:ppt hacking – this will return powerpoint presentations (ppt files) on topic ‘hacking’.
ext:doc hacking – this will return microsoft word files on topic ‘hacking’
Extensions that google supports are pdf,swf,rtf,doc,ppt,dwf,ps,kml,kmz,xls.
Files Containing Usernames:
filetype:conf inurl:proftpd.conf -sample
finding admin panel examples:
inurl:/admin/index.php & intext:/welcome admin user name pass
and lot more.
Unsafe control panels Dorks examples:
inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin
SQL Injection example:
intext:SQL syntax & inurl:index.php?=id
Files containg passwords examples:
filetype:sql insite:pass && user
ext:sql intext:@hotmail.com intext :password
filetype:sql inurl:wp-content/backup-*(Search for WordPress MySQL database backup.)
filetype:sql "phpmyAdmin SQL Dump" (pass|password|passwd|pwd)
inurl:ftp "password" filetype:xls
filetype:sql "PostgreSQL database dump" (pass|password|passwd|pwd)
filetype:ini "[FFFTP]" (pass|passwd|password|pwd)
filetype:ini "FtpInBackground" (pass|passwd|password|pwd)
filetype:ini "precurio" (pass|passwd|password|pwd)
filetype:ini "SavedPasswords" (pass|passwd|password|pwd)
filetype:ini "pdo_mysql" (pass|passwd|password|pwd)
inurl:config/databases.yml -trac -trunk -"Google Code" -source -repository
"login: *" "password= *" filetype:xls
filetype:sql "insert into" (pass|passwd|password)
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
ext:yml database inurl:config
finding upload paths example:
inurl:.co.in & inurl:upload.php & intext:browse
intitle:"Live View / - AXIS" | inurl:view/view.shtml
"Powered by webcamXP"
inurl:indexFrame.shtml "Axis Video Server"
intitle:flexwatch intext:"Copyright by Seyeon TECH Co"
intitle:"Live View/ — AXIS
inurliaxis-cgi/mjpg (motion-JPEG) (disconnected)
intitle:"live view" intitle:axis
allintitle:"Network Camera NetworkCamera" (disconnected)
intitleiaxis intitle:"video server"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View/ — AX|S"
intitle:"Live View/ — AXIS 206M"
iintitle:"live View / — AXIS 706W"
intitle:"Live View/ — AXIS 210?
intitle:"WJ-NTI 04 Main Page"
intitle:"sony network camera snc-pl ?
intitle:"sony network camera snc-ml ?
intitle:"Toshiba Network Camera" user Iogin
intitle:"netcam live image" (disconnected)
intitle:"i-Catcher Console — Web Monitor"