What Is a Google Dork?

A “Google dork” is an advanced Google search technique. “Google dorking” (aka “Google
hacking”) is the activity of performing advanced searches on Google. You can combine
different Google dorks to comb data otherwise inaccessible to ordinary users of Google
search.

On a browser, if you make too many Google searches in a short time, Google requires that
you unscramble garbled letters in an image called a captcha before you can proceed.
Captcha completion can frustrate end users like you, but Google servers must nip
denial-of-service cyberattacks in the bud.

Unlike most cheat sheets, we cannot guarantee that the commands below will remain
unchanged in perpetuity. Google updates its dorks continually, so deprecated techniques
don’t appear here, even if you can find them elsewhere on the Internet.

Before You Begin Google Dorking

Google dorking is not a playground where you can flood commands to your heart’s content:
● Google limits your Google search rate from a single device.
● It may ban your IP if you issue too many queries.
● Abuse of dorks may have legal repercussions.

No, you’re not immune even if you’re working from a virtual machine toying with sqlmap.

If you know you can’t resist having fun with it (and you will), you could work from Pagodo,
which automates Google searching for potentially vulnerable web pages and applications on
the Internet. It also lets you automate the rate at which your device issues Google dorks.

Regardless of how you use Google dorks, respect Google’s Terms of Service. Be careful.
Examples of Creepy Dorks
These dorks reveal vulnerabilities in websites, and their contents may be newsworthy
depending on the zeitgeist.

For details on how the following commands work, refer to Text dorks, Google Dorks
Operators, and Scope-Restricting Dorks.

Examples Description

inurl:"view.shtml" "Network Camera", Get web applications showing live webcam

"Camera Live Image", (online camera) footage.
inurl:"guestimage.html", intitle:"webcamXP
5’"

"Not for Public Release" + "Confidential" Get links to documents meant to be

ext:pdf | ext:doc | ext:xlsx classified. Some come from governmental
websites.

site:.hk & inurl:wp-login Get login pages of WordPress sites ending

in the notoriously unsafe domain “.hk”

”index of” inurl:ftp secret Get FTP servers you want to access
containing the keyword “secret”

Critical dorks performed on .env files Popular web development frameworks use
yielding results such as: .env files to declare general variables and
configurations for local and online dev
environments, often including passwords.

The dork used to produce the screenshot

exposes database passwords. Hence it’s
vital to keep .env files from being publicly
accessible.

(If you’ve read this cheat sheet in its

entirety, you will be able to guess the dork
used here.)

This often-updated exploit database contains other Google dorks that expose sensitive
information. Proceed with caution.

Google Dorks Search Parameters

A search parameter in a Google dork is the text string payload affixed to or used with the
Google dorking command or operator. Without a suitable search parameter, Google treats
the dork keyword as an ordinary query keyword at best and returns zero results at worst.

For example, in the search site:stationx.net, the domain “stationx.net” is the parameter. In
(psychology OR computer science) AND design, the three subjects of psychology, computer
science, and design are the parameters. In 16 F to C (converting a temperature from
degrees Fahrenheit to Celsius), 16 is the parameter.

Search parameters include web domains, file extensions, numbers, and character strings
with or without quotes.

Google Dorking Commands

As Google’s internal documentation on dorks frequently changes, the following is not an
exhaustive list but a list of commands known to return meaningful results. Some of the given
commands may be obsolete because they return similar results as a dork-free search.
Deprecated commands don’t appear below.

Scope-Restricting Dorks
These help specify your target range of websites or data types. For example, in hunting for
e-books, the Google dork “filetype:pdf” is indispensable.

If a command listed below ends with a symbol, include no space between the command and
the parameter. The correct way to use each command is in the “Example usage” column.
Otherwise, Google will treat the command as an ordinary search keyword rather than a dork.

Command Description Example usage

site: Restrict search to a site:google.com,

particular website, top-level site:maps.google.com,
domain, or subdomain. site:.org tax return

Additional query items are

optional.

filetype:, ext: Restrict the returned web filetype:pdf car design,

addresses to the designated ext:log username
file type.
Compare with filetype:pdf,
Unlike most other dorks, this ext:txt, etc.
requires additional
keywords in the search bar
or will return no results.

Here is Google’s official list

of common file types it can
search.

Google also supports the file

extensions db, log, and
html.

Nonetheless, searches on
mp3 and mp4 with and
 without additional search
terms have yielded no
results.

@ Restrict search to a @twitter pentest, @youtube

particular social platform. google dorking

It supports popular platforms

such as Facebook, Twitter,
YouTube, and Reddit.

A downside is it’s not as

precise as the “site:” dork.

define: Return definitions of a word Compare define:privacy and

or phrase a plain search on privacy.

stocks: Check the financial activity stocks:META (Meta),

of a particular stock stocks:gm (General Motors),
stocks:pfizer

movie: Return information about Compare movie:"phantom

any movie with the given of the opera" and "phantom
title of the opera".

source: Find reports from a Google source:cnn

News source.

Informational Dorks
These dorks appear to work best if used as standalone commands, i.e., without additional
query items.

Command Description Example usage

$ Search for prices in USD ipad $329, iphone €239

($). This also works for Euro
(€), but not GBP (£) or Yen
(¥).

cache: Get Google’s last saved cache:news.yahoo.com

version of a particular
website. A website snapshot
like this is called “cache”.

link: Find pages linking to the link:stationx.net

given domain

related: Return websites related to related:harvard.edu,

the given website related:bbc.co.uk

map: Get a map of the given map:"new york"

 location

weather: Get the weather of the given weather:london

location

Usable but possibly deprecated commands

location: Find information about a location:NY crime compared

location. with NY crime.

Results may be
inconsistent.

Google now treats “loc”

(formerly an abbreviation of
“location”) as a search term
instead of a dork.

info:, id: Return pages that convey "babylon bee" vs

information about the given info:"babylon bee": a
website. politically conservative satire
website in the US
Finding queries that gave
different results with and
without the “info:” / “id:”
command was difficult.

This command could still

help you find the canonical,
indexed version of a URL.

Google now treats “id”

(possibly shorthand for
“info”) as a search term
instead of a dork.

Here’s how id:"babylon bee"

treats “id” as a search
parameter (bold text) in
some results:
Text Dorks
These are helpful if you want to look for web pages containing certain text strings or follow
particular patterns. For example, those familiar with the URLs of webcam apps, for example,
use Google dorks similar to the first entry in this table to find camera footage to watch.

Command Description Example usage

intitle:, allintitle: Look for pages with titles intitle:toy story, intitle:"toy
containing the search terms. story", allintitle:"toy story",
allintitle:toy story
The dork “intitle:” applies to
its search parameter only, Compare the above with the
while “allintitle:” applies to number of search results of
the entire query string. toy story and "toy story".

inurl: Find links containing the inurl:login.php

character string.

allinurl: Find links containing all Compare allinurl: healthy

words following the colon (:). eating vs inurl:healthy
inurl:eating:
Equivalent to applying
“inurl:” to discrete search
strings.

Usable but possibly deprecated commands

intext:, allintext: Find websites containing the Compare intext:"Index of /"

payload. +.htaccess, allintext:"Index
of /" +.htaccess, and "Index
The dork “intext:” applies to of /" +.htaccess.
its search parameter only,
while “allintext:” applies to Look at intext:"Index of /"
the entire query string. +.htaccess -intitle:"Index of
/" (exclude titles containing
The websites displayed in the search query) too.
the results appear similar to
a search without either
command.
Google Dorks Operators
Unlike certain Google Dorking commands, you may include spaces between Google dorking
operators and your query items. You may combine as many different operators and
commands as are necessary.

Search
These refine the search and constrain the results to follow the rules of logic. Most of the
following are logical operators.

Command Description Example usage

"" Return exact matches of a query string "Google dorking

enclosed in the double quotes. commands".

Note that these are straight and not curly “” Compare 'movie review' and
quotation marks. The curly quotes may or "movie review":
may not return similar results as straight
quotes.

Single quotes don’t work.

OR, | Return sites containing either query item Amazon OR Google yields
joined by OR or the pipe character |. the same number of results
as Amazon | Google.
This is an inclusive OR.

() Group multiple Google dork operators as a (black OR white) hat hacker

logical statement

- Hyphen; exclude search results containing Amazon -reviews, "sql

the word or phrase after the hyphen. injection" -"penetration
testing"
* Wildcard or glob pattern as a placeholder "type * error" returns pages
for query item on Type I and II errors in
statistics.

Compare this with the

search “type i OR ii error”
which doesn’t use this
wildcard:

#..# Search a numerical range specified by the 2006..2008 finds all pages
two endpoints # inclusive that include 2006, 2007, or
2008 in them.

AROUND(N) Match pages containing the search terms read AROUND(2) book,
separated by at most N other words read AROUND(3) book

Usable but possibly deprecated commands

AND, &, + Concatenation; return sites containing both Amazon AND Google,
query items joined by AND, the ampersand Amazon & Google, Amazon
symbol & or the plus sign +. + Google.

Google seems to assume you’re using this Compare with Amazon

dork whenever you have multiple search Google (no quotes):
items in one query.

This is because the websites in the dorked

search results are similar to queries without
these dorks. Curiously, the estimated
number of search results differs.
 _ Wildcard symbol for Google Autocomplete. Suppose you can’t recall the
name of the late singer
Google appears to treat this symbol literally Michael Jackson:
if it’s inside double quotes. Michael _ singer, "Michael
_" singer.

Compare with Michael

singer, "Michael *" singer.

Only "Michael *" singer has

a direct entry about Michael
Jackson on the first page of
the search results:

Math
The following are mathematical operations that you can perform on Google.
Operators Description Example usage Result

+ Addition 3 + 20 23

- Subtraction 3 - 20 -17

* Multiplication 3 * 20 60

/ Division 3 / 20 0.15

% of Percentage 33% of 400 6.6

X^Y, X**Y Raise X to the power of Y. 3^2, 3**2 3^2 = 9, 3**2 = 9

Both operators ^ and **

perform the same operation.

in, to Convert a quantity from a 6 ft 2 inches in cm, 6 ft 2 inches =

given unit to another. 140 lbs in kg, 100 187.96 cm, 140
Translate words into another USD to bitcoin, 8 am lbs = 63.5029 kg,
language. London time to 100 USD =
California time, thank
you in spanish

sqrt Square root sqrt(3) 1.73205080757

i Imaginary number. i^2 -1

Use it with other

mathematical operations to
see it in action.

N choose R Find how many combinations 6 choose 4 15

are possible from N items
taken R at a time, where N
and R are integers.

(Combinatorics)

sin, cos, tan Trigonometric functions. You sin(pi/6), sin 30 sin(pi/6) = 0.5, sin
may specify the formula using degrees 30 degrees = 0.5
symbols and natural
language.
 timer Timer timer for 20 minutes

[This has no Generate a random number. flip a coin, roll a dice,

specific show random
operator] Find more on the drop-down number from 10 to 40
dialog box labeled “Tools” on
the results page.

[graph] Graph a mathematical sin(x)/x, graph log(x),

EXPRESSIO EXPRESSION with variables sqrt(x^2+y^2) from
N [from A to x and y on an (optional) -20 to 20
B]
numerical range from A to B.

The “graph” keyword is only

necessary if Google doesn’t
understand your query.

Google also supports other scientific calculator operations on its calculator. This website
features additional examples of mathematical operations you can perform on Google.

Examples of Complex Google Dorks

You can combine Google dorking commands and operations for specific results.

Command Description

inurl:zoom.us/j intext:scheduled Get links to publicly shared Zoom meetings

you may want to access.

"index of" "database.sql.zip" Get unsecured SQL dumps.

 Data from improperly configured SQL
servers will show up on this page.

filetype:yaml inurl:cassandra Get YAML configuration files specific to

Apache Cassandra databases

@youtube trending shorts Find short clips trending on YouTube

@reddit memes -dark Find memes on Reddit that are not dark

site:cdn.cloudflare.net filetype:pdf Find PDFs on the *.cdn.cloudflare.net

domain

secret in spanish inurl:dict Translate the word “secret” to Spanish and

limit results to URLs containing “dict”

link:ox.ac.uk PhD math Find information on “PhD” and “math” that

link to the University of Oxford’s official
website. Compare with ox.ac.uk PhD math:

filetype:doc site:stationx.net nathan StationX with the .doc extension. This looks
for legacy Microsoft Word files containing
the keyword “nathan” (founder’s name).

How to Prevent Google Dorks

With great power comes great responsibility, and even if you use Google Dorks with the
utmost care, other entities may not. Here are some suggestions to avoid becoming the next
victim of unwanted Google Dorking.

● Implement IP-based restrictions and password authentication to protect private

areas. Securing your login portals discourages unauthorized access.
● Encrypt all sensitive information, like usernames, passwords, email addresses,
phone numbers, and physical addresses. This way, in the event of data leakage, the
original data remains unexposed.
 ● Run vulnerability scans to find and disable Google dorks. Examples of vulnerability
scanners are nmap, Nessus, and Qualys.
● Run regular dork queries on your website to discover loopholes and sensitive
information before attacks occur. Sqlmap is a helpful tool.
● If you find sensitive content exposed on your website and you’ve exhausted all other
means of removing it (such as changing your passwords or renaming your login
pages), request its removal through Google Search Console.
● Be judicious in the use of robots.txt. Read the warning below.

A Word of Caution
Other websites mentioning Google Dorks typically recommend using robots.txt to
conceal sensitive content or to stop Google from indexing specific parts of your website. On
your website server, you can find robots.txt in the root-level directory, such as
/public_html.

What seems like a simple, good-faith solution to eliminate complex reconnaissance via
Google Dorks is, to an intelligent hacker, a treasure trove and a cash cow. Instead of backing
off, they’ll attack your website by targeting the items listed in robots.txt.

Hence, it’s best to adopt this measure cautiously. The most prudent use of robots.txt is
instructing Google to exclude one’s entire website, as follows:

User-agent: *
Disallow: /

Such a robots.txt file compels visitors looking for information to use the search function
inside the website. A well-built internal search function may have safeguards against Google
dorking, SQL injection, and other hacking techniques. These safeguards protect the website
better than allowing external search engines such as Google to index the website.

Conclusion
Ethical and legal considerations abound when using Google dorks. They are such powerful
tools for uncovering data and locating vulnerabilities that your intention and frequency in
using them are paramount to your Google dorking experience. Google dorking is an
invaluable tool for practical cyber security research when used responsibly.

We hope this cheat sheet is helpful to you as a penetration tester, ethical hacker, or
someone interested in the security position of your enterprise. You can read our full guide on
Google dorking specific websites here.

Remember: with great power comes great responsibility. More important than enjoying
Google dorking, stay safe.