Google Dorks Cheat Sheet

A "Google dork" is a search string that uses advanced operators to find sensitive information that is not readily available on the open web. Learning Google dorks can help with penetration testing, security research, and more. This cheat sheet provides some handy Google dorks to get started.

Basic Search Operators

These are some basic Google search operators that can be combined with keywords to refine results:

Filetype Search

Searching by filetype allows finding specific kinds of documents:

• filetype:pdf
• filetype:doc
• filetype:xls
• filetype:ppt
• filetype:txt

Can be combined with other search terms, e.g. api key filetype:txt

Site Search

Use site: to restrict results to a particular site:

• site:example.com
• site:example.com password
• site:*.example.com - search all subdomains

Intitle and Inurl

• intitle: - search page titles
• inurl: - search page URLs

For example:

• intitle:"index of"
• inurl:"wp-config.php"

Link and Cache Searches

• link:example.com - find pages linking to the site
• cache:example.com - find Google's cached pages for the site

Login Page Search

Many login pages follow similar naming conventions and can be found with:

• inurl:signin
• inurl:login
• inurl:admin
• intitle:"login page"

Database Searches

Find exposed databases:

• intitle:"index of" db
• filetype:config dbpasswd
• filetype:env DB_PASSWORD

Document Searches

Find sensitive documents:

• filetype:pdf secret -site:gov -site:.edu
• filetype:doc confidential -site:gov -site:.edu

Security Searches

Find misconfigured servers and software:

• intext:"sql syntax near" -gitlab -github
• intitle:"index of" intext:id_rsa
• intitle:"index of" intext:id_dsa
• filetype:pem intext:private

Custom Date Ranges

Use custom date ranges to find recent data:

• password leak after:2018/01/01
• breach since:last week

Google Dorks Give You Power

With the right search techniques, you can leverage Google to uncover all kinds of useful information. Use these Google dorks carefully and ethically! Let me know if you need any clarification or have additional questions.

One Pager Cheat Sheet

• A Google dorks cheat sheet is a guide for using search strings that utilize advanced operators to locate sensitive information not readily available, useful for tasks like penetration testing and security research.
• Basic Google search operators include " " for exact phrase, * for wildcard substitution, OR for either/or, - to exclude a term, and .. to indicate a number range.
• Searching by filetype allows users to find specific kinds of documents, which can be combined with other search terms.
• Use the site: operator in a search to restrict results to a specific site or subdomain.
• The intitle: and inurl: search operators are used to search page titles and URLs, respectively, with examples being intitle:"index of" and inurl:"wp-config.php".
• The link:example.com command helps to find pages linking to the site, while cache:example.com is used to find Google's cached pages for the site.
• Many login pages can be found using similar naming conventions such as inurl:signin, inurl:login, inurl:admin, and intitle:"login page".
• Search for exposed databases by using technical search terms like intitle:"index of" db, filetype:config dbpasswd, and filetype:env DB_PASSWORD.
• Use the filetype:pdf secret -site:gov -site:.edu and filetype:doc confidential -site:gov -site:.edu commands to find sensitive documents.
• The document offers various search parameters to locate misconfigured servers and software using technical terms like intext:"sql syntax near", intitle:"index of" intext:id_rsa, intitle:"index of" intext:id_dsa, and filetype:pem intext:private.
• You can use custom date ranges to find recent data, using technical terms like password leak after:2018/01/01 or breach since:last week.
• Using Google dorks, one can uncover useful information with the right search techniques, but must use these tools carefully and ethically.