Advanced Google Dorking Commands | Cybrary https://www.cybrary.

it/blog/0p3n/advanced-google-dorking-commands/

Home / 0P3N Blog / Advanced Google Dorking Commands

Ready to Start Your Career?

Create Free Account

Advanced Google Dorking Commands

By: Aditya010
December 5, 2020

Google hacking, also known as Google Dorking, is a computer hacking technique. It uses
advanced Google search operators to find security holes in the configuration and code that
websites use. It is also useful for retrieving hidden information not easily accessible by the public.

Google Dorking involves using advanced operators in the Google search engine to locate specific
text strings within search results. Some of the more popular examples are finding specific
versions of vulnerable web applications.

This article will give examples of advanced Google Dorks that can help Open Source Intelligence
(OSINT) gatherers and penetration testers locate exposed files containing sensitive information.

Advanced Google Dorks

Writing Google Dorks is not a straightforward process like the simple search query entered on
Google's main page. The process takes some time to get used to. However, the returned results
can be worth the effort. Before we begin writing advanced Dorks, it is worth noting that Google
Privacy - Terms

1 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

offers a powerful Advanced Search (https://www.google.com/advanced_search) that gives more

specific search results with an easy to use graphical user interface (see Figure 1).

alt_text

Here are some examples of Google Dorks:

Finding exposed FTP servers

Google can index open FTP servers. Use the following Google Dork to find open FTP servers.

intitle:"index of" inurl:ftp

To make the query more interesting, we can add the "intext" Google Dork, which is used to locate
a specific word within the returned pages (see Figure 2).

alt_text

2 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Find email lists

It is relatively easy to find email lists using Google Dorks. In the following example, we are going
to find text files that contain email lists.

filetype:txt inurl:"email.txt"

alt_text

Live cameras We can use Google to find open cameras that are not access restricted by IP
address. The following Google dorks retrieve live cameras web pages.

inurl:"view.shtml" "Network Camera" (see Figure 4)

"Camera Live Image" inurl:"guestimage.html"

3 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Finding passwords

Finding passwords is the most attractive task for both legitimate and ill-intentioned online
searchers. The following Google Dorks retrieve exposed passwords.

1. site:pastebin.com intext:admin.password (find the text "admin.password" in the Pastebin

website; this site is used by hackers to publish sensitive leaked information) (see Figure 5).

4 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

2. "admin_password" ext:txt | ext:log | ext:cfg (find the text “admin-password” in exposed

files of the following types: TXT, LOG, CFG) (see Figure 6).

3. filetype:log intext:password after:2016 intext:@gmail.com | @yahoo.com |

@hotmail.com (search for all files of type "log" that contain the word "password" within
them, are indexed after 2016, and contain any of the following text in their body:
@gmail.com, @yahoo.com, or @hotmail.com) (see Figure 7).

5 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Other advanced Google Dorks can be found in the following list. Try them on your own to
discover what each one returns.

1. site:static.ow.ly/docs/ intext:@gmail.com | Password

2. filetype:sql intext:wp_users phpmyadmin

3. intext:"Dumping data for table orders"

4. "Index of /wp-content/uploads/backupbuddy_backups" zip

5. Zixmail inurl:/s/login?

6. inurl:/remote/login/ intext:"please login"|intext:"FortiToken clock drift detected"

7. inurl:/WebInterface/login.html

8. inurl:dynamic.php?page=mailbox

9. inurl:/sap/bc/webdynpro/sap/ | "sap-system-login-oninputprocessing"

10. intext:"Powered by net2ftp"

Google Dorks lists

There are different places to find ready to use Google Dorks. The first place is Google Hacking
Database. This is a free public database containing thousands of Google Dorks for finding
sensitive publicly available information (see Figure 8).

6 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Other websites that list important Google Dorks are Gbhackers and Intelligence X.

Summary

This article has demonstrated how to use Google Dorks to find vulnerable servers, websites, and
online cameras. Google Dorks are used by criminals to locate information about their targets and
to discover easy to attack targets by searching for vulnerable websites and networks. On the
good side, security researchers and friendly penetration testers use Google Dorks to find leaked
sensitive information, unintentionally exposed files, and to discover vulnerable servers and web
applications, so they can close these security holes before they get exploited by malicious actors.

Previous Next

Schedule Demo

7 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Related Blogs

What Is Offensive Security?

By: Cybrary Staff

What is offensive security, and why does it matter? Offensive security takes a proactive and adversarial
approach to information security to help organizations prepare for the most sophisticated cyber threats.
Summary: With the cyber threat landscape constantly evolving, businesses are now more proactive in
securing their data and operations. From penetration ...

B LO G

Insider Threat Program: What Is It And Why Is Having One Important?

By: Nihad Hassan

Cyberattacks are increasing significantly in both sophistication and number. Protecting digital assets from
the ever-increasing number of cyber threats has become a top priority for organizations worldwide. To
counter the increased number of attacks, organizations employ various technological solutions, such as
Firewalls, IDS, IPS, SIEM, and NDR. Despite all these ...

B LO G

8 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

OSCP Certification
By: Cybrary Staff

Which jobs can one get with an OSCP certification? Although OSCP is an entry-level certification, it sets
the foundation for a successful career in penetration testing. Here are some of the best opportunities.
Summary: OSCP is a widely respected and highly specialized certification that can open new niches in
information security. The ...

B LO G

Related Courses

How to Use How to Use theHarvester (BSWJ)

theHarvester In this course, we will be reviewing a reconnaissance and information-gathering tool known
(BSWJ) as “theharvester”. ...

CYB RA RY CO U R S E I N T E R ME D I AT E 6 MI N U T E S C E RT I F I C AT E O F CO MPL E T I O N O F F E R E D

Penetration Penetration Testing and Ethical Hacking

Testing and To assess the strength of your organization’s cybersecurity posture, you need to gather
Ethical Hacking information, perform ...

CYB RA RY CO U R S E I N T E R ME D I AT E 7 H O U R S 6 MI N U T E S 7 C E U / C PE H O U R S AVA I L A B L E

C E RT I F I C AT E O F CO MPL E T I O N O F F E R E D PO PU L A R

ISC2 CISSP ISC2 CISSP Practice Test: Certified Information Systems

Practice Test: Security Professional
Certified
There is a growing need for information security leaders who possess the depth of expertise
Information ...
Systems Security
Professional

C Y B E R V I S TA PR A C T I C E T E S T I N T E R ME D I AT E 3 H OURS

9 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using
the fastest growing catalog in the industry

Upgrade Now

Create Free Account

Solutions Platform

For Individuals Catalog

For Teams Instructors

Government Alliances

10 of 11 08/01/2022, 3:54 pm
Advanced Google Dorking Commands | Cybrary https://www.cybrary.it/blog/0p3n/advanced-google-dorking-commands/

Company Resources

About Cybrary Text Blog

Logo
Black SVG
Careers Help Center

Press Verify Certificate

© 2022 Cybrary
The Cybrary Podcast
Terms of Service Privacy Policy Server Status
Mobile App

Report a Vulnerability

11 of 11 08/01/2022, 3:54 pm