Pen-Testing-Google-Dorks icon indicating copy to clipboard operation
Pen-Testing-Google-Dorks copied to clipboard

Published 9 months ago verified publisher icon yogsec

Metadata

Google Dorks that can be used for penetration testing, security research, and information gathering.

Pen Testing Google Dorks

Pen Testing Google Dorks

Pen Testing Google Dorks contains an extensive list of Google Dorks that can be used for penetration testing, security research, and information gathering. Google Dorking (or Google Hacking) is a technique that leverages advanced search queries to find sensitive information, exposed directories, login pages, vulnerable files, and more.

Disclaimer: This project is for educational and ethical hacking purposes only. Always obtain proper authorization before testing on any system.

WhatsApp Channel Telegram Channel LinkedIn WhatsApp Channel Lichess Email Telegram Channel

📌 Features

  • Categorized Google Dorks for different penetration testing use cases.
  • Regularly updated with new dorks.
  • Useful for Bug Bounty Hunting, OSINT, and Reconnaissance.
  • Includes search queries for finding exposed credentials, admin panels, sensitive files, and more.

📖 How to Use

  1. Open Google (or any search engine that supports advanced queries).
  2. Copy a dork from the list and paste it into the search bar.
  3. Modify the query as needed to target specific domains or file types.

Example:

intitle:"index of" "admin"

This query finds open directories with the keyword "admin" in the title.

🚀 Google Dorks List

🔍 Finding Exposed Files & Directories

intitle:"index of" site:example.com

Lists open directories.

site:example.com ext:log | ext:txt | ext:conf

Finds log, text, and config files.

site:example.com ext:sql | ext:db

Searches for exposed database files.

site:example.com inurl:backup | inurl:old | inurl:bak

Finds backup files.

site:example.com intitle:"Index of /" "password"

Searches for password files.

🔑 Finding Sensitive Credentials

site:example.com inurl:wp-config.php

Finds WordPress config files with database credentials.

site:example.com filetype:env "DB_PASSWORD"

Searches for exposed .env files.

site:example.com "password" filetype:xls | filetype:csv | filetype:txt

Looks for passwords in documents.

site:example.com "API_KEY" | "secret" | "token"

Detects leaked API keys or tokens.

site:example.com intext:"password="

Finds hardcoded passwords in source code.

🔒 Finding Login Pages & Admin Panels

site:example.com inurl:admin

Finds admin login pages.

site:example.com inurl:login

Searches for login pages.

site:example.com intitle:"admin login"

Finds admin authentication portals.

site:example.com inurl:"phpmyadmin" | intitle:"phpmyadmin"

Searches for phpMyAdmin panels.

site:example.com inurl:dashboard

Detects exposed dashboards.

🔍 Detecting Web Vulnerabilities

site:example.com inurl:php?id=

Looks for SQL injection-prone URLs.

site:example.com inurl:"search.php?q="

Finds search pages vulnerable to XSS.

site:example.com "Apache/2.4.49" inurl:"server-status"

Checks for vulnerable Apache servers.

site:example.com ext:action | ext:do "username"

Finds Java-based endpoints (Struts exploits).

site:example.com filetype:xml inurl:"sitemap"

Detects sitemaps with exposed paths.

📂 Exposing Sensitive Information

site:example.com ext:json "password"

Finds JSON files with sensitive data.

site:example.com ext:xml "phpinfo"

Searches for exposed PHP info pages.

site:example.com ext:conf "nginx.conf" | "httpd.conf"

Finds web server configuration files.

site:example.com "Error: SQL syntax near"

Detects SQL errors exposing database details.

site:example.com "Warning: include("

Searches for local file inclusion (LFI) vulnerabilities.

🛠 Detecting Outdated Software & Exposed Services

site:example.com inurl:wp-content/plugins/

Finds outdated WordPress plugins.

site:example.com "Server: Apache/2.2.3"

Detects old Apache versions.

site:example.com "X-Powered-By: PHP/5.6"

Finds outdated PHP versions.

site:example.com inurl:"/cgi-bin/"

Looks for vulnerable CGI scripts.

site:example.com intitle:"Webmin"

Finds exposed Webmin panels.

🔍 Finding Open Directories & Exposed Data

intitle:"index of /private" site:example.com

site:example.com intitle:"index of /" "backup"

site:example.com intitle:"index of /" "config"

site:example.com inurl:/admin/backup

site:example.com filetype:conf "mysql" | "nginx"

🔑 Finding Leaked Credentials & Sensitive Files

site:example.com filetype:sql "INSERT INTO"

site:example.com filetype:xml "password"

site:example.com filetype:ini "username"

site:example.com filetype:log "error"

site:example.com filetype:cfg "password"

🔒 Finding Login & Admin Panels

site:example.com inurl:"/cpanel"

site:example.com inurl:/admin/login

site:example.com inurl:/user/login

site:example.com intitle:"control panel"

site:example.com inurl:signin | inurl:auth

🔍 Detecting Web Vulnerabilities

site:example.com inurl:.php?id=

site:example.com inurl:"product.php?item="

site:example.com inurl:"view.php?page="

site:example.com inurl:".env" "APP_KEY"

site:example.com "PHP Parse error" | "Fatal error"

📂 Exposing Internal Data & Source Code

site:example.com filetype:json "password"

site:example.com filetype:yaml "secret"

site:example.com filetype:php "config"

site:example.com filetype:log "access.log"

site:example.com "Index of /git"

🛠 Detecting Outdated Software & Misconfigurations

site:example.com inurl:/cgi-bin/

site:example.com "Apache/2.2.15"

site:example.com "X-Powered-By: ASP.NET"

site:example.com intitle:"phpMyAdmin"

site:example.com "Server at example.com Port 80"

🔍 Finding Open Directories & Exposed Data

intitle:"index of /admin" site:example.com

intitle:"index of /backup" site:example.com

site:example.com intitle:"index of /" "database"

site:example.com filetype:cfg "passwd"

site:example.com "Index of /ftp"

🔑 Finding Leaked Credentials & Sensitive Files

site:example.com filetype:json "private_key"

site:example.com filetype:csv "email,password"

site:example.com filetype:ini "db_password"

site:example.com "confidential" filetype:doc | filetype:pdf

site:example.com "restricted" filetype:xlsx | filetype:ppt

🔒 Finding Login & Admin Panels

site:example.com inurl:"/dashboard/login"

site:example.com inurl:admin.cgi

site:example.com intitle:"staff login"

site:example.com "Welcome to phpMyAdmin"

site:example.com inurl:portal/login

🔍 Detecting Web Vulnerabilities

site:example.com inurl:".git"

site:example.com inurl:"debug.log"

site:example.com inurl:"config.php~"

site:example.com inurl:"test.php"

site:example.com inurl:"old_site"

📂 Exposing Internal Data & Source Code

site:example.com filetype:bak "config"

site:example.com filetype:log "credentials"

site:example.com filetype:php "dbconnect"

site:example.com "Index of /gitlab"

site:example.com intext:"API_SECRET"

🛠 Detecting Outdated Software & Misconfigurations

site:example.com inurl:/phpinfo.php

site:example.com "Apache/2.2.15 (Unix)"

site:example.com "X-Powered-By: JSP"

site:example.com intitle:"cPanel Login"

site:example.com "Server at example.com Port 443"

🔍 Finding Exposed Files & Directories

intitle:"index of /private" site:example.com

site:example.com inurl:"/uploads" -intext:"no such"

site:example.com inurl:"backup.zip" | inurl:"database.sql"

site:example.com inurl:".ssh" | inurl:"id_rsa"

site:example.com "Index of" "parent directory" "config"

🔑 Finding Sensitive Credentials

site:example.com filetype:json "aws_secret_access_key"

site:example.com filetype:log "admin password"

site:example.com filetype:ini "smtp_password"

site:example.com filetype:conf "vpn_password"

site:example.com "Authorization: Bearer"

🔒 Finding Login Pages & Admin Panels

site:example.com inurl:"/admin/login.jsp"

site:example.com inurl:"/login.php?redirect="

site:example.com inurl:"/controlpanel"

site:example.com intitle:"webmail login"

site:example.com "Please enter your username and password"

🔍 Detecting Web Vulnerabilities

site:example.com inurl:".git/config"

site:example.com inurl:".svn/entries"

site:example.com inurl:"?debug=true"

site:example.com inurl:"/phpinfo.php"

site:example.com inurl:"/server-status"

📂 Exposing Sensitive Information

site:example.com inurl:"/logs/error.log"

site:example.com filetype:db "sqlite"

site:example.com filetype:cfg "site.cfg"

site:example.com "Usernames and passwords"

site:example.com intext:"confidential - do not distribute"

🛠 Detecting Outdated Software & Exposed Services

site:example.com "Apache/2.2.22" -apache.org

site:example.com inurl:"/cgi-bin/test.cgi"

site:example.com "X-Powered-By: ASP.NET 2.0"

site:example.com inurl:"/phpmyadmin/setup.php"

site:example.com "Server: Microsoft-IIS/6.0"

🔍 Finding Exposed Files & Directories

site:example.com inurl:/uploads intitle:index.of

Lists exposed upload directories.

site:example.com inurl:/private | inurl:/confidential

Finds directories labeled as private or confidential.

site:example.com ext:swp | ext:bak | ext:old

Searches for temporary or backup files.

site:example.com inurl:temp | inurl:cache | inurl:old

Finds temporary, cache, and old directories.

site:example.com "Index of /" "userdata"

Locates user data directories.

🔑 Finding Sensitive Credentials

site:example.com ext:ini "mysql_password"

Finds .ini files containing MySQL credentials.

site:example.com "BEGIN RSA PRIVATE KEY"

Searches for leaked private SSH keys.

site:example.com "Authorization: Basic"

Detects HTTP Basic Authentication headers.

site:example.com filetype:cfg "admin_password"

Finds configuration files with admin credentials.

site:example.com "ftp://" intext:"@"

Locates plaintext FTP credentials.

🔒 Finding Login Pages & Admin Panels

site:example.com intitle:"Sign In" | intitle:"Login"

Lists general login portals.

site:example.com inurl:/auth | inurl:/secure

Finds authentication pages.

site:example.com inurl:/portal/login

Searches for employee or customer portals.

site:example.com inurl:"/admin/" filetype:php

Locates PHP-based admin panels.

site:example.com intitle:"Customer Login"

Detects exposed customer login pages.

🔍 Detecting Web Vulnerabilities

site:example.com "Fatal error" "on line"

Finds error messages revealing source code details.

site:example.com inurl:/debug mode

Searches for debug pages left enabled.

site:example.com inurl:/staging | inurl:/test

Finds test and staging environments.

site:example.com inurl:/api/docs

Checks for exposed API documentation.

site:example.com inurl:"/forgot-password" | "reset your password"

Finds password reset forms that might be abused.

📂 Exposing Sensitive Information

site:example.com filetype:log "error.log"

Finds log files with possible sensitive data.

site:example.com ext:conf "smtp.gmail.com"

Finds SMTP configuration files.

site:example.com filetype:csv "email,password"

Detects exposed CSV files with login credentials.

site:example.com filetype:xlsx "username password"

Finds Excel spreadsheets with user credentials.

site:example.com intext:"confidential" | intext:"classified"

Searches for confidential documents.

🛠 Detecting Outdated Software & Exposed Services

site:example.com inurl:/wp-content/plugins/ intitle:"index of"

Finds outdated WordPress plugins.

site:example.com "X-Powered-By: PHP/5.3"

Detects sites running old PHP versions.

site:example.com inurl:/cgi-bin/ intitle:index.of

Finds CGI scripts that may be vulnerable.

site:example.com "Server: nginx/1.12"

Searches for outdated Nginx versions.

site:example.com intitle:"OpenVPN Admin"

Detects exposed OpenVPN administration panels.

Metadata

32
Stars
5
Forks
32
Watchers

Owner

verified publisher icon yogsec

Metadata

Google Dorks that can be used for penetration testing, security research, and information gathering.

Back