A Google Dork, also known as Google Dorking or Google hacking, is a valuable resource for online investigators. For the average person, Google is just a search engine used to find text, images, videos, and news. However, in the investigation world, Google is a useful tool.
The Google Hacking Database https://www.exploit-db.com/google-hacking-database contains at least 4500 google dorks and each will return at least a 100 result from Google.
Unless you block specific resources from your website using a robots.txt file, Google indexes all the information that is present on any website. Logically, after some time any person in the world can access that information if they know what to search for.
Be aware that Google also knows who you are when you perform this kind of query. For this reason and many others, it’s advised to use it only with good intentions, whether for your own research or while looking for ways to defend your website against this kind of vulnerability.
Google’s search engine has its own built-in query language. The following list of queries can be run to find a list of files, find information about your competition, track people, get information about SEO backlinks, build email lists, and of course, discover web vulnerabilities.
Let’s look at the most popular Google Dorks and what they do.
cache: this dork will show you the cached version of any website, e.g.
allintext: searches for specific text contained on any web page, e.g.
allintext: osint tools
allintitle: exactly the same as allintext, but will show pages that contain titles with X characters, e.g.
filetype: used to search for any kind of file extensions, for example, if you want to search for jpg files you can use:
intitle: used to search for various keywords inside the title, for example,
intitle:osint toolswill search for titles beginning with “osint” but “tools” can be somewhere else in the page.
inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g.
intext: useful to locate pages that contain certain characters or strings inside their text, e.g.
link: will show the list of web pages that have links to the specified URL, e.g.
site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g.
*: wildcard used to search pages that contain “anything” before your word, e.g.
how to * a website, will return “how to…” design/create/hack, etc… “a website”.
|: this is a logical operator, e.g.
"osint" "training"will show all the sites which contain “osint” or “training” or both words.
–: minus operator is used to avoiding showing results that contain certain words, e.g.
osint -trainingwill show pages that use “osint” in their text, but not those that have the word “training.”