The Google-Hacking-Database (GHDB) is a comprehensive collection of Google search queries, known as "Google Dorks," that help security professionals discover sensitive information exposed online. These queries utilize advanced search operators to locate specific types of data, such as files containing passwords, vulnerabilities on web servers, and other publicly available information that can be leveraged in security assessments. The GHDB is an essential resource for ethical hackers, penetration testers, and anyone interested in cybersecurity.
Google Dorking describes the process of using advanced search filters that allow to retrieve more efficient results. It is a technique often used by cybersecurity professionals in order to find valuable information about a target. While Google Dorking itself is legal (in most countries), it might quickly lead to actions that aren't, such as visiting sites with illegal content. Hence using TOR or a VPN is recommended. Using a search aggregator like SearX can enhance search privacy and efficiency.
| Operator | Description | Syntax | Example |
|---|---|---|---|
| () | Group multiple terms or operators. Allows advanced expressions | (<term> or <operator>) | inurl:(html | php) |
| * | Wildcard. Matches any word | <text> * <text> | How to * a computer |
| "" | The given keyword has to match exactly. case-insensitive | "<keywords>" | "google" |
| m..n / m...n | Search for a range of numbers. n should be greater than m | <number>..<number> | 1..100 |
| - | Documents that match the operator are excluded. NOT-Operator | -<operator> | -site:youtube.com |
| + | Include documents that match the operator | +<operator> | +site:youtube.com |
| | | Logical OR-Operator. Only one operator needs to match in order for the overall expression to match | <operator> | <operator> | "google" | "yahoo" |
| ~ | Search for synonyms of the given word. Not supported by Google | ~<word> | ~book |
| @ | Perform a search only on the given social media platform. Rather use site | @<socialmedia> | |
| after | Search for documents published / indexed after the given date | after:<yy(-mm-dd)> | after:2020-06-03 |
| allintitle | Same as intitle but allows multiple keywords separated by a space | allintitle:<keywords> | allintitle:dog cat |
| allinurl | Same as inurl but allows multiple keywords separated by a space | allinurl:<keywords> | allinurl:search com |
| allintext | Same as intext but allows multiple keywords separated by a space | allintext:<keywords> | allintext:math science university |
| AROUND | Search for documents in which the first word is up to n words away from the second word and vice versa | <word1> AROUND(<n>) <word2> | google AROUND(10) good |
| author | Search for articles written by the given author if applicable | author:<name> | author:Max |
| before | Search for documents published / indexed before the given date | before:<yy(-mm-dd)> | before:2020-06-03 |
| cache | Search on the cached version of the given website. Use Google's cache to do so | cache:<domain> | cache:google.com |
| contains | Search for documents that link to the given filetype. Not supported by Google | contains:<filetype> | contains:pdf |
| date | Search for documents published within the past n months. Not supported by Google | date:<number> | date:3 |
| define | Search for the definition of the given word | define:<word> | define:funny |
| ext | Search for a specific filetype | ext:<documenttype> | ext:pdf |
| filetype | Refer to ext | filetype:<documenttype> | filetype:pdf |
| inanchor | Search for the given keyword in a website's anchors | inanchor:<keyword> | inanchor:security |
| index of | Search for documents containing direct downloads | index of:<term> | index of:mp4 videos |
| info | Search for information about a website | info:<domain> | info:google.com |
| intext | Keyword needs to be in the text of the document | intext:<keyword> | intext:news |
| intitle | Keyword needs to be in the title of the document | intitle:<keyword> | intitle:money |
| inurl | Keyword needs to be in the URL of the document | inurl:<keyword> | inurl:sheet |
| link / links | Search for documents with links containing the given keyword. Useful for finding documents that link to a specific website | link:<keyword> | link:google |
| location | Show documents based on the given location | location:<location> | location:USA |
| numrange | Refer to m..n | numrange:<number>-<number> | numrange:1-100 |
| OR | Refer to | | <operator> OR <operator> | "google" OR "yahoo" |
| phonebook | Search for related phone numbers associated with the given name | phonebook:<name> | phonebook:"william smith" |
| relate / related | Search for documents that are related to the given website | relate:<domain> | relate:google.com |
| safesearch | Exclude adult content such as pornographic videos | safesearch:<keyword> | safesearch:sex |
| source | Search on a specific news site. Rather use site | source:<news> | source:theguardian |
| site | Search on the given site. Given argument might also be just a TLD such as com, net, etc | site:<domain> | site:google.com |
| stock | Search for information about a market stock | stock:<stock> | stock:dax |
| weather | Search for information about the weather of the given location | weather:<location> | weather:Miami |
"google" 1..100
Search for websites that contain the word "google" and a number between 1 and 100
Videos -site:youtube.*
Search for the term "Videos" but exclude results from YouTube
How to * a computer after:2022-01-01
Search for websites published after the 1st January 2022 dealing about how to
use/repair/shutdown/...a computer
allintext:homework teacher school site:gov before:2020 ext:(html | php | asp)
Search for websites published before 2020 which have the TLD
.gov, are either html or php documents and contain the words "homework", "teacher" and "school"
@instagram chr3st5an
Search for the term "chr3st5an" on instagram
intitle:"webcamXP 5" | inurl:"lvappl.htm"
Find open/public webcams
intext:password ext:log
Find log documents that have the string "password" in it
inurl:/proc/self/cwd
Find vulnerable webservers
inurl:email.xls ext:xls
Find excel documents that contain email addresses
index of:mp3 intext:.mp3
Find mp3 (music) documents
You can find more Google Dorks at the exploit-db - maltego
other nvd.nist.gov/cxsecurity or vulnerability-lab
Explore the following resources to deepen your understanding of Google Dorking and its applications:
-
Google Advanced Search Operators: Learn about the full range of search operators supported by Google.
-
Google Dorking Tutorial: A beginner's guide to mastering Google Dorking.
-
OWASP Google Hacking Project: A resource provided by the Open Web Application Security Project for more advanced use cases.
-
Cybersecurity Blogs: Follow industry news and insights from leading cybersecurity experts.
While using Google Dorking, it's essential to maintain good security practices to protect your privacy and avoid any potential legal issues. Here are some tips:
-
Use Anonymity Tools: Always use a VPN or the TOR network to maintain anonymity during your searches.
-
Avoid Malicious Sites: Be cautious about clicking on suspicious links, especially those leading to potentially illegal or harmful content.
-
Respect Legal Boundaries: Ensure that your actions remain within legal limits and respect privacy and data protection laws.
-
Secure Your Data: When conducting searches, avoid using personal or sensitive information that could expose you to risk.
-
Regularly Update Security Tools: Keep your VPN, antivirus, and other security tools up to date to protect against new threats.
The Google-Hacking-Database (GHDB) is intended for educational and ethical purposes only. Users of this database are advised to operate within the boundaries of the law and to use the information responsibly. The authors and contributors to this project are not liable for any misuse or illegal activity arising from the use of the information contained herein.
By using this database, you agree to abide by all relevant laws and regulations and to refrain from accessing, downloading, or distributing any content obtained through illegal or unethical means.
Q: What is Google Dorking?
- A: Google Dorking refers to using advanced search operators to find information that is not easily accessible through normal search queries.
Q: Is Google Dorking legal?
- A: Yes, Google Dorking is legal. However, accessing or using the information discovered in illegal ways is not legal.
Q: Can I contribute new dorks to this project?
- A: Absolutely! We encourage contributions. Please follow the Contributing Guidelines to submit new dorks or improvements.
Q: How can I stay safe while using Google Dorking?
- A: Use tools like VPNs and TOR for anonymity, avoid illegal content, and follow security best practices.
We welcome contributions to improve and expand the Google-Hacking-Database. To contribute:
-
Fork the Repository: Start by forking the project repository to your own GitHub account.
-
Create a Branch: Create a new branch for your changes to keep your work separate from the main codebase.
-
Make Changes: Implement your changes, whether adding new dorks, improving documentation, or fixing issues.
-
Test Thoroughly: Ensure your changes work as expected and do not introduce any new issues.
-
Submit a Pull Request: Open a pull request, providing a clear description of your changes, and reference any relevant issues.
-
Follow the Code of Conduct: Make sure to adhere to the project's Code of Conduct while contributing.
If you need help, have questions, or want to discuss Google Dorking with others, join our community:
-
GitHub Discussions: Participate in discussions, ask questions, and share insights on our GitHub Discussions page.
-
Issue Tracker: Report bugs or suggest new features using the Issue Tracker.
-
Social Media: Follow us on Twitter for updates and news about the project.
-
Chat Room: Join our live chat on Gitter for real-time support and collaboration.
The information provided here is dedicated to the public domain. Use them as you wish.
