Google Dorking Database (Dorks) – Useful for Web Application Penetration Testing

What is Google Dorking/Google Hacking ?

A Google Dork query (google hacking database), sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. It helps to pull sensitive information of websites. Using google dorks an individual can uncover some sensitive information or data such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information.

The basic syntax for advanced operators in Google is:

  • operator_name:keyword

Simple Google Dorks Syntax

  • site – will return website on following domain.
  • allintitle and intitle – contains title specified phrase on the page.
  • inurl – restricts the results contained in the URLS of the specified phrase.
  • filetype – search for specified filetype formats.

What Data Can We Find Using Google Dorks/Hacking?

  • Admin login pages
  • Username and passwords
  • Vulnerable entities
  • Sensitive documents
  • Govt/military data
  • Email lists
  • Bank account details and lots more
Don't Miss : Top 10 Advanced Information Gathering Tools For Linux/Windows

Here is the huge list of Google Hacking/Dorks –

1.Google Dorks – Sensitive Directories (Source – exploit-db.com) 
:DIR | intitle:index of inurl://whatsapp/ 
Unconfirmed Websites leaking Whatsapp Databases.

inurl:/typo3/typo3conf 
Find interesting files from TYPO3 CMS installation.

intitle:backup+index of 
Checking for the public backup folder on the web server, It might include the sensitive files or database.

index of" "database.sql.zip
This Google Dork discovers servers with open directories exposing database backup files.

index of" "database_log
This Google Dork discovers servers exposing sensitive SQL log data.

Index of" "database.sql
This Google Dork discovers servers with open directories exposing database files.

intitle:index.of id_rsa -id_rsa.pub
A simple dork to find SSH private keys indexed by google! Where many of the keys work

intitle:\index.of inurl:/websendmail/
Sites with WebGais - Websendmail.

inurl:/wp-includes/certificates/
Find a lot of certificates from websites

intitle:"index of /bins" arm
Find servers infected with mirai

allintext:'HttpFileServer 2.3k'
Dork about sensitive directory of HFS File Share Server

inurl:'listprojects.spr'
Dork show a list of project in Codebeamer directory

inurl:"RootFolder=" Allitems "confidential" | "classified" | "passwords" | username
SharePoint directories exposing sensitive information, usernames and somtimes passwords

inurl:"paypal" intitle:"index of" backup | db | access -github
Some juicy information regarding paypal backups and more.

"Powered by Apache Subversion version"
Looking for the SVN source code folder.

inurl:"/wp-content/uploads/db-backup"
Searching for the backup directory of WP-DB Backup plugin (WordPress).

index of /node_modules/ -github -stackoverflow
Find a several of nodejs folders with important files.

intitle:"index.of" | inurl:/filemanager/connectors/ intext:uploadtest.html
Open Custom File Uploader specifically in "/ FCKeditor/.."

intitle:"Index.Of.Applications (Parallels)" -stackoverflow -quora
Dork will give application folder of parallels virtual machines showing what is installed in the virtual machines.

intitle:index.of home/000~root~000/
This Dork lists files under Root Directory.

intitle:"Index Of" intext:".Trash"
Dorks containing trash folders on Linux/Unix machines.

intitle:CV+index of 
Able to search and download the CV from web directory.

inurl:"apps/backend/config/"
Directories containing Symfony CMS juicy info and files.

intext:"Powered by ViewVC" | intitle:"ViewVC Repository Listing" 
ViewVC Repository Listing

inurl:/openwebmail/cgi-bin/openwebmail/etc/

2.Google Dorks – Vulnerable Servers (Source – exploit-db.com)
inurl:"q=user/password" 
for finding Drupal

inurl:"/user/register" "Powered by Drupal" -CAPTCHA -"Access denied"
Drupal CMS - Drupalgeddon2

inurl:"index.php?option=com_joomanager"
Joomla! com_joomanager - Arbitrary File Download

inurl:/proc/self/cwd
Vulnerable web servers that have either been misconfigured or compromised in some manner already.

"dirLIST - PHP Directory Lister" "Banned files: php | php3 | php4 | php5 | htaccess | htpasswd | asp | aspx" "index of" ext:php
Find vulnerable servers: dirLIST - PHP Directory Lister v0.3.0

allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit
Show all the sites that uses Smart Pool php module.

3.Google Dorks – Network or Vulnerability Data (Source – exploit-db.com)
intext:ZAP Scanning Report Summary of Alerts ext:html
This Google Dork discovers badly configured servers exposing sensitive OWASP ZAP reports.

"ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of"
Target's system configuration, networks, etc...

intitle:"Malware Analysis Report"
This dork show many report Malware Analysis of organization.

"index of /ups.com/WebTracking"
Emotet infected domains.

inurl:"AllItems.aspx?FolderCTID=" "firewall" | "proxy" | "configuration" | "account"
IT infrastructure documents, device configuration and documentation and other juicy info.

inurl:/munin/localdomain/localhost.localdomain/open_files.html
Search for the page that generated by Munin, this page will contains the sensitive information on the systems & application.

intitle:"Statistics Report for HAProxy" + "statistics report for pid" 
Statistics Report for HAProxy

intext:"Powered by Nibbleblog"
Finding blogs that are powerded by the Nibbleblog CMS.

":: Arachni Web Application Security Report"
Finds reports left behind by Arachini (web vulnerability scanner).

"IBM Security AppScan Report" ext:pdf
This dork show results that was created by IBM Security AppScan Standard.

intitle:"Burp Scanner Report" | "Report generated by Burp Scanner"
Finds reports left behind by Burp Scanner (vulnerability scanner).

intitle: "Generated by Acunetix WVS Reporter"
Finds reports left behind by Acunetix (vulnerability scanner).

 

4.Google Dorks – Various Online Devices (Source – exploit-db.com)
intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build"
Can be used to find public facing build servers such as Bamboo

inurl:"/gitweb.cgi?"
A web-enabled interface to the open source
distributed version control system Git

(intitle:"plexpy - home" OR "intitle:tautulli - home") AND intext:"libraries"
Helps to locate unprotected (no user/password needed) Tautulli servers. Tautulli (Formerly PlexPy) is a 3rd party application for monitoring the activity and tracks various statistics of a Plex Media Server.

intitle:"UltraDNS Client Redirection Service"
UltraDNS client

intext:"Powered by www.yawcam.com"
Yawcam cameras online

inurl:'/SSI/Auth/ip_configuration.htm'
Dork about internal IP exposures and configuration from HP Printer

intext:"default values: admin/1234"
default password of WATTrouter M - System Web Interface
5.Google Dorks – Files Containing Passwords (Source – exploit-db.com)
intitle:"index of" intext:login.csv
This Google Dork discovers servers with open directories exposing login information files.

inurl:"trello.com" and intext:"username" and intext:"password"
Looking for the Username & Password from the public Trello board

inurl:"wp-license.php?file=../..//wp-config"
File contain password and directory traversal vulnerability

"battlefield" "email" site:pastebin.com
Hacked EA/Origin passwords

inurl:wp-config.bak
This Google Dork discovers badly configured servers exposing sensitive WordPress setup information.

"whoops! there was an error." "db_password"
Dork with lots of passwords!.

intext:"rabbit_password" | "service_password" filetype:conf
Passwords in openstack setups.

intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github
Some spreadsheet containing passwords

intext:"please change your" password |code | login file:pdf | doc | txt | docx -github
Passwords

inurl:configuration.php and intext:"var $password="
A Google dork that gives the information about target database. Containing username and password in plain text.

inurl:wp-config-backup.txt
You can see user and pass database.

 

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.thehackerstuff.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Do you want to write for TheHackerStuff ? If you have an interesting and intelligent topic you think we would like to publish, send it to thehackerstuff@gmail.com

Akshay Sharma

Akshay Sharma is a Cyber Security Analyst. He is a CCNA certified and owner of TheHackerStuff.

Leave a Reply