Pen Testing Google Dorks contains an extensive list of Google Dorks that can be used for penetration testing, security research, and information gathering. Google Dorking (or Google Hacking) is a technique that leverages advanced search queries to find sensitive information, exposed directories, login pages, vulnerable files, and more.
Disclaimer: This project is for educational and ethical hacking purposes only. Always obtain proper authorization before testing on any system.
- Categorized Google Dorks for different penetration testing use cases.
- Regularly updated with new dorks.
- Useful for Bug Bounty Hunting, OSINT, and Reconnaissance.
- Includes search queries for finding exposed credentials, admin panels, sensitive files, and more.
- Open Google (or any search engine that supports advanced queries).
- Copy a dork from the list and paste it into the search bar.
- Modify the query as needed to target specific domains or file types.
Example:
intitle:"index of" "admin"This query finds open directories with the keyword "admin" in the title.
intitle:"index of" site:example.comLists open directories.
site:example.com ext:log | ext:txt | ext:confFinds log, text, and config files.
site:example.com ext:sql | ext:dbSearches for exposed database files.
site:example.com inurl:backup | inurl:old | inurl:bakFinds backup files.
site:example.com intitle:"Index of /" "password"Searches for password files.
site:example.com inurl:wp-config.phpFinds WordPress config files with database credentials.
site:example.com filetype:env "DB_PASSWORD"Searches for exposed .env files.
site:example.com "password" filetype:xls | filetype:csv | filetype:txtLooks for passwords in documents.
site:example.com "API_KEY" | "secret" | "token"Detects leaked API keys or tokens.
site:example.com intext:"password="Finds hardcoded passwords in source code.
site:example.com inurl:adminFinds admin login pages.
site:example.com inurl:loginSearches for login pages.
site:example.com intitle:"admin login"Finds admin authentication portals.
site:example.com inurl:"phpmyadmin" | intitle:"phpmyadmin"Searches for phpMyAdmin panels.
site:example.com inurl:dashboardDetects exposed dashboards.
site:example.com inurl:php?id=Looks for SQL injection-prone URLs.
site:example.com inurl:"search.php?q="Finds search pages vulnerable to XSS.
site:example.com "Apache/2.4.49" inurl:"server-status"Checks for vulnerable Apache servers.
site:example.com ext:action | ext:do "username"Finds Java-based endpoints (Struts exploits).
site:example.com filetype:xml inurl:"sitemap"Detects sitemaps with exposed paths.
site:example.com ext:json "password"Finds JSON files with sensitive data.
site:example.com ext:xml "phpinfo"Searches for exposed PHP info pages.
site:example.com ext:conf "nginx.conf" | "httpd.conf"Finds web server configuration files.
site:example.com "Error: SQL syntax near"Detects SQL errors exposing database details.
site:example.com "Warning: include("Searches for local file inclusion (LFI) vulnerabilities.
site:example.com inurl:wp-content/plugins/Finds outdated WordPress plugins.
site:example.com "Server: Apache/2.2.3"Detects old Apache versions.
site:example.com "X-Powered-By: PHP/5.6"Finds outdated PHP versions.
site:example.com inurl:"/cgi-bin/"Looks for vulnerable CGI scripts.
site:example.com intitle:"Webmin"Finds exposed Webmin panels.
intitle:"index of /private" site:example.comsite:example.com intitle:"index of /" "backup"site:example.com intitle:"index of /" "config"site:example.com inurl:/admin/backupsite:example.com filetype:conf "mysql" | "nginx"site:example.com filetype:sql "INSERT INTO"site:example.com filetype:xml "password"site:example.com filetype:ini "username"site:example.com filetype:log "error"site:example.com filetype:cfg "password"site:example.com inurl:"/cpanel"site:example.com inurl:/admin/loginsite:example.com inurl:/user/loginsite:example.com intitle:"control panel"site:example.com inurl:signin | inurl:authsite:example.com inurl:.php?id=site:example.com inurl:"product.php?item="site:example.com inurl:"view.php?page="site:example.com inurl:".env" "APP_KEY"site:example.com "PHP Parse error" | "Fatal error"site:example.com filetype:json "password"site:example.com filetype:yaml "secret"site:example.com filetype:php "config"site:example.com filetype:log "access.log"site:example.com "Index of /git"site:example.com inurl:/cgi-bin/site:example.com "Apache/2.2.15"site:example.com "X-Powered-By: ASP.NET"site:example.com intitle:"phpMyAdmin"site:example.com "Server at example.com Port 80"intitle:"index of /admin" site:example.comintitle:"index of /backup" site:example.comsite:example.com intitle:"index of /" "database"site:example.com filetype:cfg "passwd"site:example.com "Index of /ftp"site:example.com filetype:json "private_key"site:example.com filetype:csv "email,password"site:example.com filetype:ini "db_password"site:example.com "confidential" filetype:doc | filetype:pdfsite:example.com "restricted" filetype:xlsx | filetype:pptsite:example.com inurl:"/dashboard/login"site:example.com inurl:admin.cgisite:example.com intitle:"staff login"site:example.com "Welcome to phpMyAdmin"site:example.com inurl:portal/loginsite:example.com inurl:".git"site:example.com inurl:"debug.log"site:example.com inurl:"config.php~"site:example.com inurl:"test.php"site:example.com inurl:"old_site"site:example.com filetype:bak "config"site:example.com filetype:log "credentials"site:example.com filetype:php "dbconnect"site:example.com "Index of /gitlab"site:example.com intext:"API_SECRET"site:example.com inurl:/phpinfo.phpsite:example.com "Apache/2.2.15 (Unix)"site:example.com "X-Powered-By: JSP"site:example.com intitle:"cPanel Login"site:example.com "Server at example.com Port 443"intitle:"index of /private" site:example.comsite:example.com inurl:"/uploads" -intext:"no such"site:example.com inurl:"backup.zip" | inurl:"database.sql"site:example.com inurl:".ssh" | inurl:"id_rsa"site:example.com "Index of" "parent directory" "config"site:example.com filetype:json "aws_secret_access_key"site:example.com filetype:log "admin password"site:example.com filetype:ini "smtp_password"site:example.com filetype:conf "vpn_password"site:example.com "Authorization: Bearer"site:example.com inurl:"/admin/login.jsp"site:example.com inurl:"/login.php?redirect="site:example.com inurl:"/controlpanel"site:example.com intitle:"webmail login"site:example.com "Please enter your username and password"site:example.com inurl:".git/config"site:example.com inurl:".svn/entries"site:example.com inurl:"?debug=true"site:example.com inurl:"/phpinfo.php"site:example.com inurl:"/server-status"site:example.com inurl:"/logs/error.log"site:example.com filetype:db "sqlite"site:example.com filetype:cfg "site.cfg"site:example.com "Usernames and passwords"site:example.com intext:"confidential - do not distribute"site:example.com "Apache/2.2.22" -apache.orgsite:example.com inurl:"/cgi-bin/test.cgi"site:example.com "X-Powered-By: ASP.NET 2.0"site:example.com inurl:"/phpmyadmin/setup.php"site:example.com "Server: Microsoft-IIS/6.0"site:example.com inurl:/uploads intitle:index.ofLists exposed upload directories.
site:example.com inurl:/private | inurl:/confidentialFinds directories labeled as private or confidential.
site:example.com ext:swp | ext:bak | ext:oldSearches for temporary or backup files.
site:example.com inurl:temp | inurl:cache | inurl:oldFinds temporary, cache, and old directories.
site:example.com "Index of /" "userdata"Locates user data directories.
site:example.com ext:ini "mysql_password"Finds .ini files containing MySQL credentials.
site:example.com "BEGIN RSA PRIVATE KEY"Searches for leaked private SSH keys.
site:example.com "Authorization: Basic"Detects HTTP Basic Authentication headers.
site:example.com filetype:cfg "admin_password"Finds configuration files with admin credentials.
site:example.com "ftp://" intext:"@"Locates plaintext FTP credentials.
site:example.com intitle:"Sign In" | intitle:"Login"Lists general login portals.
site:example.com inurl:/auth | inurl:/secureFinds authentication pages.
site:example.com inurl:/portal/loginSearches for employee or customer portals.
site:example.com inurl:"/admin/" filetype:phpLocates PHP-based admin panels.
site:example.com intitle:"Customer Login"Detects exposed customer login pages.
site:example.com "Fatal error" "on line"Finds error messages revealing source code details.
site:example.com inurl:/debug modeSearches for debug pages left enabled.
site:example.com inurl:/staging | inurl:/testFinds test and staging environments.
site:example.com inurl:/api/docsChecks for exposed API documentation.
site:example.com inurl:"/forgot-password" | "reset your password"Finds password reset forms that might be abused.
site:example.com filetype:log "error.log"Finds log files with possible sensitive data.
site:example.com ext:conf "smtp.gmail.com"Finds SMTP configuration files.
site:example.com filetype:csv "email,password"Detects exposed CSV files with login credentials.
site:example.com filetype:xlsx "username password"Finds Excel spreadsheets with user credentials.
site:example.com intext:"confidential" | intext:"classified"Searches for confidential documents.
site:example.com inurl:/wp-content/plugins/ intitle:"index of"Finds outdated WordPress plugins.
site:example.com "X-Powered-By: PHP/5.3"Detects sites running old PHP versions.
site:example.com inurl:/cgi-bin/ intitle:index.ofFinds CGI scripts that may be vulnerable.
site:example.com "Server: nginx/1.12"Searches for outdated Nginx versions.
site:example.com intitle:"OpenVPN Admin"Detects exposed OpenVPN administration panels.