Aaj Kya Seekhenge?

  • Google Dorks kya hai bilkul basics se
  • Kaise kaam karta hai Google index ki power
  • Sabhi operators ek ek deeply
  • Bug bounty ke liye best dorks
  • Sensitive files, admin panels, exposed configs
  • GHDB Google Hacking Database
  • Elite automated dorking workflow

Kyun zaroori hai? Shodan aur Censys ke liye API key chahiye Google Dorks bilkul FREE hai! Aur Google itna powerful crawler hai ki usne woh cheezein index kar rakhi hain jo companies kabhi public nahi karna chahti thin! Exposed config files, database backups, passwords sab Google pe mil jaata hai!

Google Dorks Kya Hai? Simple Analogy

Normal Google search:

"best restaurants in Mumbai"
β†’ Restaurant websites milti hain

Google Dork:

site:company.com filetype:sql
β†’ Company ka database backup publicly accessible! 😱

site:company.com inurl:admin intitle:"Login"
β†’ Admin panel Google mein indexed! 🎯

site:company.com ext:env "DB_PASSWORD"
β†’ .env file mein password exposed! πŸ”΄

Dork = Specially crafted Google search query jo sensitive information expose karta hai!

Yeh Kaise Possible Hai?

Samjho ek story se:

Ek developer ne config.php file accidentally public folder mein upload kar di usme database password thaΰ₯€

Developer ko pata bhi nahi chalaΰ₯€

Google ka crawler aaya β†’ File index ho gayi β†’ 3 din baad Google pe searchable!

Tum dork lagate ho:

site:company.com filetype:php "db_password"

Result: Database password seedha Google search mein! πŸ”΄

Yahi Google Dorks ka power hai Google ne pehle se kar rakha hai kaam!

PART 1: Core Operators Sab Samjho

Operator 1: site: Domain Pe Focus Karo

site:example.com
β†’ Sirf example.com ke pages

site:example.com login
β†’ example.com pe login pages

site:*.example.com
β†’ Sabhi subdomains ke pages

# Bug bounty use:
site:target.com
# Pehle dekho kitne pages indexed hain
# Interesting patterns dhundho

Operator 2: inurl: URL Mein Kya Hai?

inurl:admin
β†’ URL mein "admin" wale pages
inurl:login site:target.com
β†’ target.com ke login pages
inurl:dashboard site:target.com
β†’ Dashboards!
inurl:api/v1 site:target.com
β†’ API endpoints!
inurl:.php?id= site:target.com
β†’ Possible SQL injection points! 🎯

Operator 3: intitle: Page Title Mein Kya Hai?

intitle:"Admin Panel" site:target.com
intitle:"phpMyAdmin" site:target.com
intitle:"Dashboard" site:target.com
intitle:"Index of" site:target.com
β†’ Directory listing exposed! 🎯

intitle:"Grafana" site:target.com
intitle:"Jenkins" site:target.com

Operator 4: filetype: / ext: File Type Filter

filetype:pdf site:target.com
β†’ PDF documents β€” internal docs?

filetype:sql site:target.com
β†’ Database backup files! πŸ”΄

filetype:log site:target.com
β†’ Log files β€” usernames, errors!

ext:env site:target.com
β†’ .env files β€” passwords! πŸ”΄

ext:xml site:target.com
β†’ XML config files

ext:bak site:target.com
β†’ Backup files! 🎯

ext:conf site:target.com
β†’ Config files!

ext:txt site:target.com
β†’ Text files β€” sometimes sensitive

ext:json site:target.com "api_key"
β†’ JSON mein API keys! πŸ”΄

Operator 5: intext: Page Content Mein Dhundho

intext:"password" filetype:log site:target.com
β†’ Log file mein password!

intext:"api_key" site:target.com
β†’ Page mein API key exposed!

intext:"DB_PASSWORD" site:target.com
β†’ Database password in page content!

intext:"BEGIN RSA PRIVATE KEY" site:target.com
β†’ Private key exposed! πŸ”΄ Critical!

Operator 6: allinurl: aur allintitle:

allinurl:admin login panel
β†’ URL mein teeno words honge

allintitle:admin login dashboard site:target.com
β†’ Title mein teeno words

Operator 7: -Exclude Karo

site:target.com -www
β†’ www chhod ke baaki subdomains

site:target.com filetype:php -inurl:index
β†’ Index.php chhod ke baaki PHP files

Operator 8: "Exact Match

"Index of /backup" site:target.com
β†’ Exact string match β€” backup directory!

"ORA-01756" site:target.com
β†’ Oracle SQL error β€” SQL injection clue!

"Warning: mysql_fetch" site:target.com
β†’ MySQL error β€” database info leak!

Operator 9: OR Multiple Options

site:target.com (ext:env OR ext:cfg OR ext:conf)
β†’ Koi bhi config file!

(inurl:admin OR inurl:administrator OR inurl:panel) site:target.com

Operator 10: * Wildcard

site:*.target.com
β†’ Sabhi subdomains!

"api_key = *" site:target.com
β†’ API key pattern dhundho

PART 2: Bug Bounty Ke Liye Best Dorks Category Wise

Category 1: Exposed Sensitive Files

# Environment files β€” GOLDMINE!
site:target.com ext:env
site:target.com "DB_PASSWORD"
site:target.com "APP_SECRET"
site:target.com ".env" "DB_HOST"

# Config files
site:target.com ext:conf "password"
site:target.com ext:cfg "password"
site:target.com filetype:xml "password"
site:target.com ext:ini "password"

# Database files
site:target.com ext:sql
site:target.com ext:sql.gz
site:target.com ext:db
site:target.com ext:sqlite
site:target.com "mysqldump" filetype:sql

# Backup files
site:target.com ext:bak
site:target.com ext:backup
site:target.com "backup" filetype:zip
site:target.com ext:old

Category 2: Admin Panels + Login Pages

site:target.com intitle:"Admin"
site:target.com inurl:admin/login
site:target.com inurl:administrator
site:target.com inurl:wp-admin
site:target.com inurl:cpanel
site:target.com inurl:webadmin
site:target.com intitle:"Control Panel"
site:target.com inurl:manage
site:target.com inurl:moderator
site:target.com intitle:"Dashboard" inurl:admin

Category 3: Exposed Development Environments

site:target.com inurl:dev
site:target.com inurl:staging
site:target.com inurl:test
site:target.com intitle:"Development"
site:target.com "debug=true"
site:target.com "APP_DEBUG=true"
site:target.com inurl:localhost
site:target.com "TODO" filetype:php
site:target.com "FIXME" filetype:php

Category 4: API Keys + Credentials

site:target.com "api_key"
site:target.com "apikey"
site:target.com "api_secret"
site:target.com "client_secret"
site:target.com "access_token"
site:target.com "Authorization: Bearer"
site:target.com "AWS_SECRET_ACCESS_KEY"
site:target.com "GITHUB_TOKEN"
site:target.com "private_key"
site:target.com "BEGIN RSA PRIVATE KEY"

Category 5: Directory Listing Exposed!

intitle:"Index of" site:target.com
intitle:"Index of /" site:target.com
intitle:"Directory Listing" site:target.com
intitle:"Index of /backup" site:target.com
intitle:"Index of /uploads" site:target.com
intitle:"Index of /admin" site:target.com
intitle:"Index of /logs" site:target.com

🎯 Directory Listing = Files seedha download! Backup files, logs, user uploads sab accessible!

Category 6: Error Messages Information Disclosure

site:target.com "SQL syntax"
site:target.com "ORA-01756"
site:target.com "Warning: mysql"
site:target.com "Fatal error" filetype:php
site:target.com "Uncaught exception"
site:target.com "Stack trace"
site:target.com "at Object.<anonymous>"
site:target.com "server error" "500"

πŸ’‘ Errors = Information Leak! Database type, file paths, version numbers sab error messages mein hota hai!

Category 7: Specific Technologies

# WordPress
site:target.com inurl:wp-content
site:target.com inurl:wp-login
site:target.com "wp-config.php"

# Laravel
site:target.com "APP_KEY" ext:env

# phpMyAdmin
site:target.com intitle:"phpMyAdmin"

# Jenkins
site:target.com intitle:"Jenkins" inurl:jenkins

# Jira
site:target.com intitle:"Jira" inurl:jira

# Swagger API Docs
site:target.com inurl:swagger
site:target.com intitle:"Swagger UI"
site:target.com inurl:api-docs

# Kibana
site:target.com intitle:"Kibana" port:5601

Category 8: Login Bypasses

site:target.com inurl:"redirect="
site:target.com inurl:"next="
site:target.com inurl:"url="
site:target.com inurl:"returnUrl="
β†’ Yeh sab Open Redirect candidates! 🎯

site:target.com inurl:"?debug=1"
site:target.com inurl:"?test=1"
β†’ Debug mode parameters!

PART 3: GHDB Google Hacking Database

GHDB = Google Hacking Database hackers ka community-maintained dorks collection!

URL: https://www.exploit-db.com/google-hacking-database

Yahan milega:
β†’ 10,000+ ready-made dorks
β†’ Category wise sorted
β†’ Regular updates
β†’ Severity level bhi batata hai

Categories:
β”œβ”€β”€ Footholds
β”œβ”€β”€ Files containing passwords
β”œβ”€β”€ Sensitive directories
β”œβ”€β”€ Web server detection
β”œβ”€β”€ Vulnerable files
β”œβ”€β”€ Vulnerable servers
β”œβ”€β”€ Error messages
β”œβ”€β”€ Files containing usernames
└── Sensitive online shopping info

Use kaise karo:

1. exploit-db.com/google-hacking-database kholo
2. Category choose karo
3. Ready dork copy karo
4. site:target.com add karo
5. Google pe search karo!

PART 4: Automated Dorking Elite Technique

Tool 1: dorkscout

# Install karo
pip3 install dorkscout

# Basic use
dorkscout -t example.com

# Custom dorks file ke saath
dorkscout -t example.com -d my_dorks.txt

Tool 2: Pagodo GHDB Automated

# Install karo
git clone https://github.com/opsdisk/pagodo.git
cd pagodo
pip3 install -r requirements.txt

# GHDB dorks download karo
python3 ghdb_scraper.py -j -s

# Automated dorking karo
python3 pagodo.py \
  -d example.com \
  -g dorks.txt \
  -l 50 \
  -s 30 \
  -e

Tool 3: Manual Elite Script

#!/bin/bash
# google_dork_elite.sh

TARGET=$1
echo "πŸ” Google Dorking: $TARGET"
echo "══════════════════════════"

# Auto-open browser ke saath dorks
DORKS=(
  "site:$TARGET ext:env"
  "site:$TARGET ext:sql"
  "site:$TARGET intitle:\"Index of\""
  "site:$TARGET inurl:admin"
  "site:$TARGET \"api_key\""
  "site:$TARGET ext:bak"
  "site:$TARGET inurl:swagger"
  "site:$TARGET filetype:log"
  "site:$TARGET \"DB_PASSWORD\""
  "site:$TARGET inurl:phpinfo.php"
)

for dork in "${DORKS[@]}"; do
  ENCODED=$(python3 -c \
    "import urllib.parse; \
     print(urllib.parse.quote('$dork'))")
  echo "🎯 Dork: $dork"
  echo "πŸ”— URL: https://www.google.com/search?q=$ENCODED"
  echo "──────────────────────────────"
  sleep 2  # Rate limit avoid karo
done

PART 5: GitHub Dorking BONUS Elite Technique!

GitHub pe bhi dorking hoti hai aur wahan toh sach mein gems milti hain!

# GitHub Search mein:

# API Keys
org:targetcompany "api_key"
org:targetcompany "apikey"
org:targetcompany "secret_key"
# Passwords
org:targetcompany "password" filename:.env
org:targetcompany "DB_PASSWORD"
# AWS Keys
org:targetcompany "AWS_SECRET_ACCESS_KEY"
org:targetcompany "AKIA" (AWS Access Key prefix!)
# Private keys
org:targetcompany "BEGIN RSA PRIVATE KEY"
org:targetcompany "BEGIN DSA PRIVATE KEY"
# Config files
org:targetcompany filename:config.php "password"
org:targetcompany filename:.htpasswd
org:targetcompany filename:id_rsa
# Internal URLs
org:targetcompany "internal.company.com"
org:targetcompany "staging"
org:targetcompany "dev.company.com"

πŸ€‘ GitHub Dorking = Highest ROI! Developers accidentally push karte hain secrets phir delete karte hain lekin git history mein rehta hai!

GitHub Dorking Tool GitDorker

# Install karo
git clone https://github.com/obheda12/GitDorker
cd GitDorker
pip3 install -r requirements.txt

# Run karo
python3 GitDorker.py \
  -tf ~/.github_token \
  -q targetcompany \
  -d dorks/medium_dorks.txt

PART 6: Dorks Quick Reference Cheat Sheet

# ─── OPERATORS ────────────────────────────
site:          β†’ Domain limit karo
inurl:         β†’ URL mein text
intitle:       β†’ Title mein text
intext:        β†’ Content mein text
filetype:/ext: β†’ File type
allinurl:      β†’ URL mein sab words
"exact phrase" β†’ Exact match
-word          β†’ Exclude
OR             β†’ Multiple options
*              β†’ Wildcard
# ─── TOP BUG BOUNTY DORKS ─────────────────
site:T ext:env
site:T ext:sql
site:T intitle:"Index of"
site:T inurl:admin
site:T "api_key"
site:T ext:bak
site:T inurl:swagger
site:T "DB_PASSWORD"
site:T "BEGIN RSA PRIVATE KEY"
site:T inurl:phpinfo.php
site:T inurl:.git
site:T "debug=true"
site:T inurl:staging
site:T filetype:log "password"
site:T intext:"sql syntax error"

(T = target domain)

Important: Google Anti-Bot Se Kaise Bachein

❌ Problem: Bahut fast queries β†’ Google CAPTCHA!

βœ… Solution:
1. Queries ke beech 30-60 second wait karo
2. Google account se login karke use karo
3. VPN change karo agar block ho
4. Bing Dorks bhi try karo (less restrictive!)
5. Automated tools mein delay parameter use karo
Bing Version:
site:example.com filetype:sql
(Google jaisa kaam karta hai Bing pe bhi!)

Aaj Ka Homework

1. exploitdb.com/google-hacking-database kholo
2. "Files containing passwords" category dekho
3. Top 5 dorks copy karo
4. site:hackerone.com laga ke Google pe test karo
5. Kya koi interesting result mila?

Bonus:
6. GitHub pe search karo:
   org:google "api_key" filename:.env
   (Publicly accessible repos mein kya hai?)
7. Apna custom dork banao - comment mein share karo!

Quick Revision

πŸ” Google Dorks = Special search queries
                  sensitive info expose karti hain
πŸ“š GHDB         = 10,000+ ready-made dorks
πŸ—‚οΈ Best Dorks   = ext:env, ext:sql, "Index of",
                  "api_key", "DB_PASSWORD"
πŸ™ GitHub Dorks = Source code mein secrets dhundho
⚠️ Rate Limit   = Slow down β€” CAPTCHA se bachna
πŸ”‘ Key Insight  = Google ne index kar rakha hai β€”
                  tum sirf query likhte ho!
πŸ’° Bug Types    = Config exposure, API key leak,
                  Admin panels, Directory listing,
                  Database backups

Meri Baat…

Ek din maine ek bug bounty program pe simple dork lagaya:

site:targetcompany.com ext:env

Pehla result:

https://targetcompany.com/backend/.env

Content:
APP_NAME=TargetApp
APP_ENV=production
APP_KEY=base64:xxxxxxxxxxx
DB_CONNECTION=mysql
DB_HOST=db.internal.targetcompany.com
DB_PORT=3306
DB_DATABASE=production_db
DB_USERNAME=root
DB_PASSWORD=SuperSecret123!
STRIPE_SECRET=sk_live_xxxxxxxxxxxxxxxxxx
AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxx

Poori company ki production credentials.env file publicly accessible!

Stripe live key, AWS secret key, database root password sab kuch ek file meinΰ₯€

Bounty: $5,000 Critical! πŸŽ‰

Google pe 30 second mein mila koi tool install nahi, koi scan nahi!

Lesson: Sabse powerful tool kabhi kabhi sirf ek Google search hota hai!

Agle article mein Waybackurls + GAU Internet Archive se purane hidden endpoints nikalo jo developers sochte hain "delete" ho gaye lekin actually abhi bhi exist karte hain! πŸ”₯

HackerMD Bug Bounty Hunter | Cybersecurity Researcher GitHub: BotGJ16 | Medium: @HackerMD

Previous: Article #10 Shodan + Censys Next: Article #12 Waybackurls + GAU: Purane Endpoints Se Bugs Nikalo!

#GoogleDorks #GHDB #BugBounty #Recon #EthicalHacking #Hinglish #PassiveRecon #GitHubDorking #HackerMD