07. Google Dorks

Google Dorks also called Google Dorking are advanced search queries used to extract specific information from Google’s index. These queries are useful for reconnaissance, ethical hacking, and finding sensitive or hidden information.

1. Basic Site Search¶

Query: site:example.com
Description: Lists all indexed pages of the specified website.
Example: site:example.com → Displays all pages indexed under example.com.

2. In-URL Keyword Search¶

Query: site:example.com inurl:keyword
Description: Searches for pages on the site that contain the keyword in their URL.
Example: site:example.com inurl:login → Finds all pages with "login" in the URL.

3. Subdomain Search¶

Query: site:*.example.com
Description: Finds all indexed subdomains of the website.
Example: site:*.example.com → Displays subdomains like blog.example.com or shop.example.com.

4. Subdomain and Title Keyword¶

Query: site:*.example.com intitle:keyword
Description: Finds subdomain pages with the keyword in their titles.
Example: site:*.example.com intitle:admin → Displays pages on subdomains with "admin" in the title.

5. Site Search with Keyword¶

Query: site:example.com keyword
Description: Searches for pages on the site containing the specified keyword.
Example: site:example.com password → Finds pages with "password" on example.com.

6. Filetype Search¶

Query: site:example.com filetype:pdf
Description: Searches for specific file types on the website.
Example: site:example.com filetype:pdf → Displays all PDF files on example.com.

7. Index Directory Search¶

Query: intitle:index of
Description: Finds open directory listings on the server.
Example: intitle:index of → Displays directory indexes often containing downloadable files.

8. Search for Password Files¶

Query 1: intitle:passwd.txt
Query 2: inurl:passwd.txt
Description: Looks for text files that might inadvertently expose passwords.
Example: inurl:passwd.txt → Finds files named passwd.txt in URLs.

9. Auth User File Search¶

Query: inurl:auth_user_file.txt
Description: Searches for user authentication files stored publicly.
Example: inurl:auth_user_file.txt → Locates auth_user_file.txt files.

10. Cached Version of a Page¶

Query: cache:example.com
Description: Displays Google's cached version of the website.
Example: cache:example.com → Shows the last cached copy of example.com.

Additional Useful Keywords and Parameters¶

Login Pages:
- inurl:login
- intext:login
- Admin Pages:
- inurl:admin
- intitle:admin
- Email Listings:
- intext:@example.com
- filetype:xls intext:@example.com
- Sensitive Configuration Files:
- inurl:config.php
- inurl:wp-config.php
- Database Dumps:
- filetype:sql "dump"
- inurl:backup filetype:sql
- Error Pages:
- intext:"sql syntax error"
- inurl:error.log
- Open Cameras:
- inurl:/view/index.shtml
- intitle:"webcamXP" inurl:webcamxp.cgi
- Sensitive Documents:
- filetype:doc site:example.com
- filetype:pdf confidential
- Directories with Backups:
- intitle:"index of" backup
- intitle:"index of" "parent directory" "database"

Wayback Machine¶

The Wayback Machine (accessible via waybackmachine.com or archive.org/web) is a tool to view archived versions of websites. It is useful for research, historical analysis, and identifying changes to a website.

Steps to Use Wayback Machine:¶

Go to waybackmachine.com or archive.org/web.
Enter the URL of the website in the search bar.
Select a date from the calendar to view an archived version of the website.

Key Use Cases:¶

View Deleted Content: Access content removed from a website.
- Example: Archived pages of example.com to see its older versions.
Analyze Website Changes: Track changes to a website over time.
- Example: Compare example.com from 2015 vs. 2020.
Recover Lost Data: Retrieve data or information from deleted pages.

Important Notes¶

Use these tools ethically and responsibly. Misuse can violate laws and regulations.
Google Dorks and Wayback Machine are primarily intended for security research and data recovery purposes.