I always wondered how cybersecurity professionals can identify all these vulnerabilities in systems. How can they find sensitive files and information? After a bit of research, I realized that Google Dorking was used to make that possible.
What is Google Dorking? How is it used in cybersecurity?
Google Dorking utilizes search operators to locate specific information on the internet. In the realm of cybersecurity, this tool is extremely useful for reconnaissance to search for vulnerabilities. They can expose information such as:
- Leaked Passwords
- Web Vulnerabilities
- Exposed Databases
- Log Files
This article will dive into a variety of Google Dorking commands. QUICK REMINDER: These commands are for learning purposes. They should not be used maliciously.
Valuable Google Dorking Commands:
- Admin Panels:
site:website.com inurl:adminThe site refers to the website we are targeting. Inurl checks whether the URL contains the specified keyword. This command allows us to see any vulnerabilities related to the admin.
2. Lists of Emails:
for filetype:txt inurl:"email.txt"Filetype searches for a specific file that is mentioned. The query above searches for txt files that include emails. This is valuable in reconnaissance to find emails of targets.
3. Login Pages:
site:starbucks.com intitle:loginIntitle checks to see if the keyword, in this case — login, is in the title. The query listed above searches for Starbucks websites that have login in their name. This is useful for finding different login pages, and who knows — one may be vulnerable.
4. LinkedIn Page:
site:linkedin.com intext:"person-name-here"This query can search for information about the target. The target could have listed their work experiences and other personal information.
5. Confidential Files:
site:website.com intext:"confidential"Anything that has the word confidential and is related to the website would be shown. Secret information can be collected using this technique.
6. Username Files:
"Header for logs at time" ext:logExt aids in finding a specific file type. This query is beneficial for locating log files for usernames.
7. Vulnerable Servers:
intitle:"FileCatalyst file transfer solution"This could find vulnerable servers.
8. HTTP Websites:
intitle:"index of" inurl:http after:2015Vulnerable HTTP websites could be found by using this query.
9. Interesting Information:
site:website.com inurl:invoiceThis could be used to find interesting information regarding invoices.
10. Locate Person's Socials:
nameOfPerson site:socialMedia.comThis could be used to find a person's socials on the specified social media website.
11. Spreadsheet of Data:
filetype:csv intext:"email" "phone"Emails and phone numbers would be in the spreadsheet.
12. SQL Dumps:
filetype:sql "dump" "password"Here is another command used to find passwords, this time in SQL dumps.
13. Vulnerable Webservers:
inurl:email.xls ext:xlsThis is a command to obtain insecure websites. This vulnerability allows people to gain unauthorized access to webservers.
Thank you for reading this blog! I hope I helped you in your cybersecurity journey. Feel free to check out one of my reverse engineering writeups: https://medium.com/bugbountywriteup/quantum-scrambler-picoctf-2025-writeup-c6d892805c6f