Google Dorks Cheat Sheet
A "Google dork" is a search string that uses advanced operators to find sensitive information that is not readily available on the open web. Learning Google dorks can help with penetration testing, security research, and more. This cheat sheet provides some handy Google dorks to get started.

Basic Search Operators
These are some basic Google search operators that can be combined with keywords to refine results:
Operator | Description | Example |
---|---|---|
" " | Search for an exact phrase | "password compromised" |
* | Wildcard symbol | password * |
OR | Either term A or B | password OR compromised |
- | Exclude a term | password -compromised |
.. | Number range | login attempts ..100 |
Filetype Search
Searching by filetype allows finding specific kinds of documents:
filetype:pdf
filetype:doc
filetype:xls
filetype:ppt
filetype:txt
Can be combined with other search terms, e.g. api key filetype:txt
Site Search
Use site:
to restrict results to a particular site:
site:example.com
site:example.com password
site:*.example.com
- search all subdomains
Intitle and Inurl
intitle:
- search page titlesinurl:
- search page URLs
For example:
intitle:"index of"
inurl:"wp-config.php"
Link and Cache Searches
link:example.com
- find pages linking to the sitecache:example.com
- find Google's cached pages for the site
Login Page Search
Many login pages follow similar naming conventions and can be found with:
inurl:signin
inurl:login
inurl:admin
intitle:"login page"
Database Searches
Find exposed databases:
intitle:"index of" db
filetype:config dbpasswd
filetype:env DB_PASSWORD
Document Searches
Find sensitive documents:
filetype:pdf secret -site:gov -site:.edu
filetype:doc confidential -site:gov -site:.edu
Security Searches
Find misconfigured servers and software:
intext:"sql syntax near" -gitlab -github
intitle:"index of" intext:id_rsa
intitle:"index of" intext:id_dsa
filetype:pem intext:private
Custom Date Ranges
Use custom date ranges to find recent data:
password leak after:2018/01/01
breach since:last week
Google Dorks Give You Power
With the right search techniques, you can leverage Google to uncover all kinds of useful information. Use these Google dorks carefully and ethically! Let me know if you need any clarification or have additional questions.
One Pager Cheat Sheet
- A Google dorks cheat sheet is a guide for using search strings that utilize
advanced operators
to locate sensitive information not readily available, useful for tasks likepenetration testing
andsecurity research
. - Basic Google search operators include " " for
exact phrase
,*
forwildcard substitution
,OR
foreither/or
,-
toexclude a term
, and..
to indicate anumber range
. - Searching by
filetype
allows users to find specific kinds of documents, which can be combined with other search terms. - Use the
site:
operator in a search to restrict results to a specific site or subdomain. - The
intitle:
andinurl:
search operators are used to search page titles and URLs, respectively, with examples beingintitle:"index of"
andinurl:"wp-config.php"
. - The
link:example.com
command helps to find pages linking to the site, whilecache:example.com
is used to find Google's cached pages for the site. - Many login pages can be found using similar naming conventions such as
inurl:signin
,inurl:login
,inurl:admin
, andintitle:"login page"
. - Search for exposed databases by using
technical search terms
likeintitle:"index of" db
,filetype:config dbpasswd
, andfiletype:env DB_PASSWORD
. - Use the
filetype:pdf secret -site:gov -site:.edu
andfiletype:doc confidential -site:gov -site:.edu
commands to find sensitive documents. - The document offers various search parameters to locate misconfigured servers and software using
technical terms
likeintext:"sql syntax near"
,intitle:"index of" intext:id_rsa
,intitle:"index of" intext:id_dsa
, andfiletype:pem intext:private
. - You can use custom date ranges to find recent data, using
technical terms
likepassword leak after:2018/01/01
orbreach since:last week
. - Using Google dorks, one can uncover useful information with the right search techniques, but must use these tools carefully and ethically.