Advanced Google Dork Cheat Sheet
In this article, I have explained a few google dork queries which will help you to perform specific searches and ignore unwanted search results. You can use these queries for information gathering, footprinting, and finding any file types easily over google. In the end, I have also tried to explain the Shodan tool which can be used to gather deep information about particular IP, device, or organization.
Exposed FTP Servers: By performing a google search using the below query will display the FTP (file transfer protocol) servers of the websites. You can use this query and combine it with other queries to find exposed FTP servers of the particular website. You will be able to access files and folders of the websites which are having weak security.
intitle:”index of” inurl:ftp
Email Lists: Most of the spammers or people who want to do email marketing use this google query which displays the various lists of email addresses.
Live Cameras: You can use any of the following queries to access insecure cameras over the internet. It will not ask you to enter credentials to access these cameras.
inurl:”view.shtml” “Network Camera”
“Camera Live Image” inurl:”guestimage.html”
Passwords: If you want to search for sensitive files which contain password information of multiple users which are publicly exposed then you can try to perform any of the search queries on google.
“admin_password” ext:txt | ext:log | ext:cfg
filetype:log intext:password after:2016 intext:@gmail.com | @yahoo.com | @hotmail.com
Login Portals: Most of the site owners don’t want their admin pages to be revealed publicly as hackers may try to crack their credentials using brute-forcing methods. But below queries will display the login pages of the various sites including admin pages too. You can combine any of the queries with tags which I have explained in this article to find the admin URL for the target site.
intitle:’olt web management interface’
intitle:”WEB SERVICE” “wan” “lan” “alarm”
Sensitive Directories: If you want to search for sensitive directories or files like .env which contains information related to databases and credentials then you can search for any of the queries mentioned below. To find more sensitive directories/files, you can search for these queries on google's hacking database which I have explained at the end of the article.
intitle:Index of “/venv”
intitle:Index of “.env”
Online Devices: To find various types of devices which are not secured and accessible over the internet you can use the following query.
File Types: If you want to download a specific file type over the internet and get so many search results but it didn’t help as most of the websites don’t upload the file and just to gain traffic they create a page with a download option then you can use the below query and replace pdf with the filetype which you are looking for.
Subdomains: Whenever we perform a google search and it displays search results for other sites too and you are bored of this then you can use the below query to display search results for the particular site only. Just replace medium.com with the site which you are searching for.
Site Titles: To find a specific keyword in the website title, you can use the following query. To find a page with a specific title on a particular website then you can combine this query with the site tag which I have explained above.
Site Juicy Information: To gather juicy information about websites which should not be accessible or searchable over the internet, you can use any of the below queries.
intitle: “index of” intext: human resources
Shodan.io: By using this tool you can gather very sensitive information about multiple organizations, IPs as well as devices. This is one of the most used footprinting tools which are used by hackers to gather information about organizations, their exposed IPs, and open ports.
Also refer: Google Hacking Database to find more google dork queries.
I hope you like this article, for more articles you can follow my profile.
Video Tutorial on YouTube