Learning about Google dorks is fundamental to a practical understanding of cyber security, especially penetration testing and ethical hacking. Ingeniously constructed Google queries can uncover leaked passwords and sensitive data, let you view neighborhoods from unsecured cameras, access files not meant for you, and more.
Google dorks are challenging to master for three non-technical reasons:
- Valid dorks change often;
- Misuse can lead to serious legal repercussions;
- The dangers of accidentally inappropriate Google dorking discourage explorers from achieving mastery.
This Google dorks cheat sheet will cover the dorking commands and operators, search parameters, their combinations, questionable dorks, and how to prevent others from Google dorking your online resources.
Google traces every search back to the device issuing it, so take care in handling the clickable examples in this Google dorking cheat sheet, which you may download here.
When you’re ready, let’s dive in.
What Is a Google Dork?
A “Google dork” is an advanced Google search technique. “Google dorking” (aka “Google hacking”) is the activity of performing advanced searches on Google. You can combine different Google dorks to comb data otherwise inaccessible to ordinary users of Google search.
On a browser, if you make too many Google searches in a short time, Google requires that you unscramble garbled letters in an image called a captcha before you can proceed. Captcha completion can frustrate end users like you, but Google servers must nip denial-of-service cyberattacks in the bud.
Unlike most cheat sheets, we cannot guarantee that the commands below will remain unchanged in perpetuity. Google updates its dorks continually, so deprecated techniques don’t appear here, even if you can find them elsewhere on the Internet.
Before You Begin Google Dorking
Google dorking is not a playground where you can flood commands to your heart’s content:
- Google limits your Google search rate from a single device.
- It may ban your IP if you issue too many queries.
- Abuse of dorks may have legal repercussions.
No, you’re not immune even if you’re working from a virtual machine toying with sqlmap.
If you know you can’t resist having fun with it (and you will), you could work from Pagodo, which automates Google searching for potentially vulnerable web pages and applications on the Internet. It also lets you automate the rate at which your device issues Google dorks.
Regardless of how you use Google dorks, respect Google’s Terms of Service. Be careful.
Examples of Creepy Dorks
These dorks reveal vulnerabilities in websites, and their contents may be newsworthy depending on the zeitgeist.
For details on how the following commands work, refer to Text dorks, Google Dorks Operators, and Scope-Restricting Dorks.
|inurl:”view.shtml” “Network Camera”,“Camera Live Image”, inurl:”guestimage.html”,intitle:”webcamXP 5’”||Get web applications showing live webcam (online camera) footage.|
|“Not for Public Release” + “Confidential” ext:pdf | ext:doc | ext:xlsx||Get links to documents meant to be classified. Some come from governmental websites.|
|site:.hk & inurl:wp-login||Get login pages of WordPress sites ending in the notoriously unsafe domain “.hk”|
|”index of” inurl:ftp secret||Get FTP servers you want to access containing the keyword “secret”|
|Critical dorks performed on .env files yielding results such as:||Popular web development frameworks use .env files to declare general variables and configurations for local and online dev environments, often including passwords.|
The dork used to produce the screenshot exposes database passwords. Hence it’s vital to keep .env files from being publicly accessible.
(If you’ve read this cheat sheet in its entirety, you will be able to guess the dork used here.)
This often-updated exploit database contains other Google dorks that expose sensitive information. Proceed with caution.
Google Dorks Search Parameters
A search parameter in a Google dork is the text string payload affixed to or used with the Google dorking command or operator. Without a suitable search parameter, Google treats the dork keyword as an ordinary query keyword at best and returns zero results at worst.
For example, in the search site:stationx.net, the domain “stationx.net” is the parameter. In (psychology OR computer science) AND design, the three subjects of psychology, computer science, and design are the parameters. In 16 F to C (converting a temperature from degrees Fahrenheit to Celsius), 16 is the parameter.
Search parameters include web domains, file extensions, numbers, and character strings with or without quotes.
Google Dorking Commands
As Google’s internal documentation on dorks frequently changes, the following is not an exhaustive list but a list of commands known to return meaningful results. Some of the given commands may be obsolete because they return similar results as a dork-free search. Deprecated commands don’t appear below.
These help specify your target range of websites or data types. For example, in hunting for e-books, the Google dork “filetype:pdf” is indispensable.
If a command listed below ends with a symbol, include no space between the command and the parameter. The correct way to use each command is in the “Example usage” column. Otherwise, Google will treat the command as an ordinary search keyword rather than a dork.
|Restrict search to a particular website, top-level domain, or subdomain.|
Additional query items are optional.
|site:google.com,site:maps.google.com, site:.org tax return|
|Restrict the returned web addresses to the designated file type.|
Unlike most other dorks, this requires additional keywords in the search bar or will return no results.
Here is Google’s official list of common file types it can search.
Google also supports the file extensions db, log, html, mpeg, mov, and flv.
Nonetheless, searches on mp3 and mp4 with and without additional search terms have yielded no results.
|filetype:pdf car design,ext:log username|
Compare withfiletype:pdf, ext:txt, etc.
|Restrict search to a particular social platform.|
It supports popular platforms such as Facebook, Twitter, YouTube, and Reddit.
A downside is it’s not as precise as the “site:” dork.
|@twitter pentest,@youtube google dorking|
|Restrict image search results to those of the specified dimensions||You can use these images as desktop wallpapers or video thumbnails: imagesize:1920×1080|
|Return definitions of a word or phrase||Compare define:privacy and a plain search on privacy.|
|Check the financial activity of a particular stock||stocks:TWTR (Twitter), stocks:gm (General Motors), stocks:pfizer|
|Return information about any movie with the given title||Compare movie:”phantom of the opera” and “phantom of the opera”.|
|Find reports from a Google News source.||source:npr|
These dorks appear to work best if used as standalone commands, i.e., without additional query items.
|Search for prices in USD ($). This also works for Euro (€), but not GBP (£) or Yen (¥).||ipad $329,iphone €239|
|Get Google’s last saved version of a particular website. A website snapshot like this is called “cache”.||cache:news.yahoo.com|
|Find pages linking to the given domain||link:stationx.net|
|Return websites related to the given website||related:harvard.edu, related:bbc.co.uk|
|Gets a map of the given location||map:”new york”|
|Gets the weather of the given location||weather:london|
|Usable but possibly deprecated commands|
|Find information about a location.|
Results may be inconsistent.
|location:NY crime,loc:NY crime|
|Return pages that convey information about the given website.|
Finding queries that gave different results with and without the “info:” / “id:” command was difficult.
This command could still help you find the canonical, indexed version of a URL.
|“babylon bee” vs info:”babylon bee”: a politically conservative satire website in the US|
Also, id:”babylon bee” treats “id” as a search parameter (bold text) in some results:
Google Dork Generator
Say goodbye to the hassle of trying to remember the exact syntax for your Google Dorks! With our Google Dork Generator, you can simply say what you need to do, and we will generate the Google Dork for you.
These are helpful if you want to look for web pages containing certain text strings or follow particular patterns. For example, those familiar with the URLs of webcam apps, for example, use Google dorks similar to the first entry in this table to find camera footage to watch.
|Look for pages with titles containing the search terms.|
The dork “intitle:” applies to its search parameter only, while “allintitle:” applies to the entire query string.
|intitle:toy story, intitle:”toy story”Compare the above with the number of search results of toy story and “toy story”.|
allintitle:”toy story”.Compare with intitle:”toy story” — both have the same number of search results.
|Finds links containing the character string.||inurl:login.php|
|Finds links containing all words following the colon (:).|
Equivalent to applying “inurl:” to discrete search strings.
|Compare allinurl: healthy eating vs inurl:healthy inurl:eating:|
|Usable but possibly deprecated commands|
|Finds websites containing the payload.|
The dork “intext:” applies to its search parameter only, while “allintext:” applies to the entire query string.
The websites displayed in the results appear similar to a search without either command.
|Compare intext:”Index of /” +.htaccess, allintext:”Index of /” +.htaccess, and “Index of /” +.htaccess.|
Google Dorks Operators
Unlike certain Google Dorking commands, you may include spaces between Google dorking operators and your query items. You may combine as many different operators and commands as are necessary.
These refine the search and constrain the results to follow the rules of logic. Most of the following are logical operators.
|Return exact matches of a query string enclosed in the double quotes.|
Note that these are straight and not curly “” quotation marks. The curly quotes may or may not return similar results as straight quotes.
Single quotes don’t work.
|“Google dorking commands”.|
Compare ‘movie review’ and “movie review”:
|Return sites containing either query item joined by OR or the pipe character |.|
This is an inclusive OR.
|Amazon OR Google yields the same number of results as Amazon | Google.|
|Groups multiple Google dork operators as a logical statement||(black OR white) hat hacker|
|Hyphen; excludes search results containing the word or phrase after the hyphen.||Amazon -reviews, “sql injection” -“penetration testing”|
|Wildcard or glob pattern as a placeholder for query item||“type * error” returns pages on Type I and II errors in statistics.|
Compare this with the search “type i OR ii error” which doesn’t use this wildcard:
|Search a numerical range specified by the two endpoints # inclusive||2006..2008 finds all pages that include 2006, 2007, or 2008 in them.|
|Match pages containing the search terms separated by at most N other words||read AROUND(2) book, read AROUND(3) book|
|Usable but possibly deprecated commands|
|Concatenation; return sites containing both query items joined by AND, the ampersand symbol & or the plus sign +.|
Google seems to assume you’re using this dork whenever you have multiple search items in one query.
This is because the websites in the dorked search results are similar to queries without these dorks. Curiously, the estimated number of search results differs.
|Amazon AND Google, Amazon & Google, Amazon + Google.Compare withAmazon Google (no quotes):|
|Wildcard symbol for Google Autocomplete.|
Google appears to treat this symbol literally if it’s inside double quotes.
|Suppose you can’t recall the name of the late singer Michael Jackson:Michael _ singer, “Michael _” singer.|
Compare with Michael singer, “Michael *” singer.
Only “Michael *” singer has a direct entry about Michael Jackson on the first page of the search results:
The following are mathematical operations that you can perform on Google.
|+||Addition||3 + 20||23|
|–||Subtraction||3 – 20||-17|
|*||Multiplication||3 * 20||60|
|/||Division||3 / 20||0.15|
|% of||Percentage||33% of 400||6.6|
|X^Y, X**Y||Raise X to the power of Y.|
Both operators ^ and ** perform the same operation.
|3^2,3**2||3^2 = 93**2 = 9|
|in, to||Convert a quantity from a given unit to another. Translate words into another language.||6 ft 2 inches in cm,140 lbs in kg,100 USD to bitcoin,8 am London time to California time,thank you in spanish||6 ft 2 inches = 187.96 cm,140 lbs = 63.5029 kg,100 USD =|
Use it with other mathematical operations to see it in action.
|N choose R||Find how many combinations are possible from N items taken R at a time, where N and R are integers.|
|6 choose 4||15|
|sin, cos, tan||Trigonometric functions. You may specify the formula using symbols and natural language.||sin(pi/6),sin 30 degrees||sin(pi/6) = 0.5,sin 30 degrees = 0.5|
|timer||Timer||timer for 20 minutes|
|[This has no specific operator]||Generate a random number.|
Find more on the drop-down dialog box labeled “Tools” on the results page.
|flip a coin,roll a dice,show random number from 10 to 40|
|[graph] EXPRESSION [from A to B]||Graph a mathematical EXPRESSION with variables x and y on an (optional) numerical range from A to B.|
The “graph” keyword is only necessary if Google doesn’t understand your query.
|sin(x)/xgraph log(x)sqrt(x^2+y^2) from -20 to 20|
Google also supports other scientific calculator operations on its calculator. This website features additional examples of mathematical operations you can perform on Google.
Examples of Complex Google Dorks
You can combine Google dorking commands and operations for specific results.
|Get links to publicly shared Zoom meetings you may want to access.|
|Get unsecured SQL dumps.|
Data from improperly configured SQL servers will show up on this page.
|Get YAML configuration files specific to Apache Cassandra databases|
|Find memes trending on Twitter|
|Find memes on Reddit that are not dark|
|Find PDFs on the twitter.com domain|
|Find cloud images of dimensions 1920 pixels by 1080 pixels|
|Translate the word “secret” to Spanish and limit results to URLs containing “dict”|
|Find information on “PhD” and “math” that link to the University of Oxford’s official website. Compare with ox.ac.uk PhD math:|
|Rumble video pages end in “.html”. This looks for Rumble video URLs containing the keyword “james”.|
How to Prevent Google Dorks
With great power comes great responsibility, and even if you use Google Dorks with the utmost care, other entities may not. Here are some suggestions to avoid becoming the next victim of unwanted Google Dorking.
- Implement IP-based restrictions and password authentication to protect private areas. Securing your login portals discourages unauthorized access.
- Encrypt all sensitive information, like usernames, passwords, email addresses, phone numbers, and physical addresses. This way, in the event of data leakage, the original data remains unexposed.
- Run vulnerability scans to find and disable Google dorks. Examples of vulnerability scanners are Nessus and Qualys.
- Run regular dork queries on your website to discover loopholes and sensitive information before attacks occur. Sqlmap is a helpful tool.
- If you find sensitive content exposed on your website and you’ve exhausted all other means of removing it (such as changing your passwords or renaming your login pages), request its removal through Google Search Console.
- Be judicious in the use of
robots.txt. Read the warning below.
A Word of Caution
Other websites mentioning Google Dorks typically recommend using robots.txt to conceal sensitive content or to stop Google from indexing specific parts of your website. On your website server, you can find
robots.txt in the root-level directory, such as
What seems like a simple, good-faith solution to eliminate complex reconnaissance via Google Dorks is, to an intelligent hacker, a treasure trove and a cash cow. Instead of backing off, they’ll attack your website by targeting the items listed in
Hence, it’s best to adopt this measure cautiously. The most prudent use of
robots.txt is instructing Google to exclude one’s entire website, as follows:
Such a robots.txt file compels visitors looking for information to use the search function inside the website. A well-built internal search function may have safeguards against Google dorking, SQL injection, and other hacking techniques. These safeguards protect the website better than allowing external search engines such as Google to index the website.
Ethical and legal considerations abound when using Google dorks. They are such powerful tools for uncovering data and locating vulnerabilities that your intention and frequency in using them are paramount to your Google dorking experience. Google dorking is an invaluable tool for practical cyber security research when used responsibly.
We hope this Google dorking cheat sheet is helpful to you. You can read our full guide on Google dorking specific websites here. Remember: with great power comes great responsibility. More important than enjoying Google dorking, stay safe.
I had no idea this was called “dorking” — I took a class on how to do advanced google searching 15 or 20 years ago and learned most of these. I develop websites so I’m going to play with some of the advanced methods to make sure I’m not leaving any doors open.
Google dorking was an unusually rewarding experience for me because I found something shocking whilst working on the companion article to this one: How to Google Dork a Specific Website for Hacking