What Are Google Dorks?
Google Dorks (also called Google hacking) use advanced search operators to find information not readily available through normal searches. Security researchers, OSINT analysts, and penetration testers use these operators to discover exposed data, vulnerabilities, and publicly indexed sensitive information.
📚 Reference: Maltego Google Dorks Guide
💡 Quick Start Tips
Combine operators: site:example.com filetype:pdf
Multiple keywords: Use confidential OR backup OR private
Exact phrases: Wrap in quotes: "internal use only"
Exclude terms: Use minus: -site:gov -site:edu
All Search Operators
🔍 Basic Search Operators
""
(Exact Phrase)
Searches for the exact phrase inside quotes
"confidential document"
OR
(Alternative Terms)
Searches for either term (| also works)
confidential OR private OR secret
AND
(Required Terms)
Both terms must appear (space also works)
password AND database
-
(Exclude Term)
Excludes results containing the term
security -vendor -advertisement
*
(Wildcard)
Acts as a wildcard for unknown words
"admin * panel"
()
(Group Terms)
Groups terms or operators together
site:edu (login OR admin)
📄 File Type Operators
filetype:
(File Extension)
Finds files of a specific type
filetype:pdf confidential
ext:
(Same as filetype)
Alternative form of filetype:
ext:xlsx financial report
🌐 Site & Domain Operators
site:
(Specific Site/Domain)
Searches within a specific website or domain
site:example.com admin
related:
(Similar Sites)
Finds sites similar to a given URL
related:github.com
📋 Title Operators
intitle:
(Term in Title)
Finds pages with the term in the title
intitle:"index of" backup
allintitle:
(All Terms in Title)
All terms must appear in the title
allintitle: admin login panel
🔗 URL Operators
inurl:
(Term in URL)
Finds pages with the term in the URL
inurl:admin
allinurl:
(All Terms in URL)
All terms must appear in the URL
allinurl: admin php login
📝 Text Content Operators
intext:
(Term in Body)
Finds pages with the term in body text
intext:"database error"
allintext:
(All Terms in Body)
All terms must appear in body text
allintext: username password admin
inanchor:
(Term in Anchor Text)
Finds pages with term in anchor text
inanchor:"download pdf"
allinanchor:
(All Terms in Anchor)
All terms must be in anchor text
allinanchor: click here download
🛠️ Utility Operators
cache:
(Cached Page)
Displays Google's cached version of a page
cache:example.com
define:
(Word Definition)
Shows definition of a word
define:phishing
weather:
(Weather Info)
Shows weather for a location
weather:Seattle
stocks:
(Stock Info)
Displays stock info for a ticker
stocks:AAPL
map:
(Map Location)
Shows map for a location
map:New York City
movie:
(Movie Info)
Finds info about a movie or showtimes
movie:Inception
📅 Date & Time Operators
before:
(Before Date)
Finds results published before a date
before:2020-01-01 vulnerability
after:
(After Date)
Finds results published after a date
after:2023-01-01 data breach
daterange:
(Julian Date Range)
Filters by Julian date range (advanced)
daterange:2457388-2457753
📍 Location & News Operators
loc:
(Location Filter)
Limits results to a specific location
loc:"San Francisco" tech news
location:
(News Location)
Similar to loc:, for news location filtering
location:London
source:
(News Source)
Filters news by source (Google News)
source:reuters cybersecurity
⚡ Advanced Operators
AROUND(X)
(Proximity Search)
Finds words near each other, within X words
security AROUND(3) vulnerability
🎯 Real-World Examples
Finding Exposed Configuration Files
filetype:env DB_PASSWORD
Searches for .env files containing database passwords
Finding Specific PDFs on a Domain
site:example.com filetype:pdf intitle:"financial report"
Finds PDF financial reports on a specific domain
Finding Directory Listings
intitle:"index of" (backup OR private OR confidential)
Finds open directory listings with sensitive data
Finding Login Panels
inurl:/admin/ inurl:/login/ site:edu
Finds admin login pages on educational domains
⚠️ Legal & Ethical Use
Authorization Required: Only use these operators on systems you own or have explicit written permission to test.
Legal Consequences: Unauthorized access and exploitation violate the Computer Fraud and Abuse Act (CFAA) and can result in criminal prosecution.
Responsible Disclosure: If you discover vulnerabilities, report them through proper channels. Do not exploit or share them publicly.
Educational Purpose: This guide is for educational and authorized security research only.
Ready to Build Your Query?
Use DorkFlow to combine these operators and create powerful search queries