Google Dork: An Information Gathering method (2025)

Namaste🙏, I’m Ankita Sinha, an MTech CSE student doing a specialization in Information Security. You can connect with me on LinkedIn, and Github.

Google Dork queries, or just dorks, are searching strings that include advanced search operators to find information that may not be readily available online.

There are a variety of approaches to finding information that is not readily available on the web, such as using advanced searches. It is also considered to be an illegal form of hacking by Google, which hackers use often for purposes like cyberterrorism and theft.

By using Google Dorks, we can discover information hidden in databases and exploit vulnerable websites. A hacker can exploit vulnerabilities on a target by using Google’s search algorithm and index, which indexes nearly all websites. Google’s basic syntax for advanced operators is: operator_name:keyword

Press enter or click to view image in full size

Google Dork Syntaxs:

1. Cache: This dork shows you the cached version of any website.

· Syntax: cache:securitytrails.com

· A backup snapshot of each website is taken by Google in case the current one is unavailable. Google then caches these pages.

· You will see a cached version of a site if you click on a link that says “Cached.” or use the above command.

Press enter or click to view image in full size

Press enter or click to view image in full size

Press enter or click to view image in full size

2. allintext: Finds the text contained on any web page.

· Syntax: allintext: hacking tools or allintext: password

· A content search will be conducted on the page. It works somewhat like a plain Google search.

Press enter or click to view image in full size

Press enter or click to view image in full size

3. allintitle: Identical to allintext, but only displays titles with keywords characters.

· Syntax: allintitle:”Security Companies”

· You will request that Google shows you pages that contain the term in the title of their HTML file.

Press enter or click to view image in full size

Press enter or click to view image in full size

4. allinurl: A URL that contains all the characters specified can be fetched using this method.

· Syntex: allinurl:ipsystem or allinurl:rhawk.php

· The URL is searched for the specified term.

Press enter or click to view image in full size

Press enter or click to view image in full size

5. filetype: File extensions of various kinds can be searched for using this feature.

· Syntax: password filetype: txt or email security filetype: pdf

· A search for a specific file type. For instance, filetype:pdf will search for all pdf files on the website.

Press enter or click to view image in full size

Press enter or click to view image in full size

6. inurl: Exactly the same as allinurl, but for a single keyword-only

· Syntax: inurl:admin

· Displays only the results that contain the specified search key words in the URL.

Press enter or click to view image in full size

7. intitle: Searches for various keywords within the title.

· Syntax: intitle:security tools

· intitle:security tools will search for titles beginning with “security” but “tools” may appear elsewhere on the page.

Press enter or click to view image in full size

8. intext: It is useful for finding web pages with certain text strings or characters in them.

· Syntax: intext:”safe internet”

Press enter or click to view image in full size

9. inanchor: You can use this to search for the anchor text used in all links with an exact match.

· Syntax: inanchor:”cyber security”

Press enter or click to view image in full size

10. site: Searches only a specific website.

· Syntax: site:who.int or site:

· Using the domain or subdomain you specify; you will be shown each URL indexed by Google.

Press enter or click to view image in full size

Press enter or click to view image in full size

11. allintext:username filetype:log:

· Using this search will return a large number of results including usernames contained inside *.log files.

Press enter or click to view image in full size

12. DB_USERNAME filetype:env

· This command allows you to find the list of sites that publicly expose their env file.

Press enter or click to view image in full size

13. inurl:/proc/self/cwd:

· These results, along with their exposed directories, will appear in your browser.

· Those servers that allow appending “/proc/self/cwd/” directly to your site’s URL can typically be identified by using the Google Dork listed below.

Press enter or click to view image in full size

14. intitle:”index of” inurl:ftp:

· You can explore public FTP servers, which can often reveal interesting things using the above example.

Press enter or click to view image in full size

15. intitle:index.of id_rsa -id_rsa.pub:

· A list of SSH private keys was found.

Press enter or click to view image in full size

16. filetype:log username putty:

· An easy way to extract SSH usernames from PUTTY logs is to use a simple dork.

Press enter or click to view image in full size

17. filetype:xls inurl:”email.xls”:

· The Excel files that contain the email addresses will be fetched.

Press enter or click to view image in full size

18. inurl:top.htm inurl:currenttime:

· You can find a list of live cams that are publicly accessible by adding “top.htm” to the URL, together with the current time and date.

Press enter or click to view image in full size

19. inurl:”lvappl.htm”:

· The following table lists some of the most common live-view pages hosted by routers.

Press enter or click to view image in full size

20. inurl:.gov/index.php?id=:

· Visit all the government websites on this list.

Press enter or click to view image in full size

21. intitle:”forum” inurl:http after:2018:

· By simply changing the text in the search title, you can search for online forums that use HTTP.

Press enter or click to view image in full size

22. intitle:security + trails:

· A plus sign is used to concatenate words to detect whether a page uses multiple specific keys.

Press enter or click to view image in full size

23. intitle:security — trails:

· By using the minus operator, certain words will not appear in results.

Press enter or click to view image in full size

Conclusion:

We have demonstrated the ability of Google Dorks (also known as Google hacking) to find sensitive content online that is difficult to find when using Google’s simple search interface. You can use Google Dorks to narrow down or restrict your search. Furthermore, they can detect leaked information and vulnerabilities in websites and applications. You should always consider the possibility of malicious actors exploiting Google Dorks in order to find sensitive information about any given entity (e.g. individual or organization) in order to perpetrate their attacks.