Google Dorks Cheat Sheet 2024: How to Hack Using Google

Google Dorks Cheat Sheet

Google dorks can help you uncover leaked passwords and sensitive data, let you view neighborhoods from unsecured cameras, access files not meant for you, and more. They’re challenging to master because:

  1. Valid dorks change often;
  2. Misuse can lead to serious legal repercussions;
  3. The dangers of accidentally inappropriate Google dorking discourage explorers from achieving mastery.

This downloadable cheat sheet will cover Google dorking commands and operators, search parameters, their combinations, questionable dorks, and how to prevent others from Google dorking your online resources. But Google can trace your dorks back to you, so take care in handling the clickable examples in this Google dorking cheat sheet.

Google Dorks Cheat Sheet Search

Search our Google dorks cheat sheet to find the right cheat for the term you're looking for. Simply enter the term in the search bar and you'll receive the matching cheats available.

What Is a Google Dork?

A “Google dork” is an advanced Google search technique. “Google dorking” (aka “Google hacking”) is the activity of performing advanced searches on Google. You can combine different Google dorks to comb data otherwise inaccessible to ordinary users of Google search.

On a browser, if you make too many Google searches in a short time, Google requires that you unscramble garbled letters in an image called a captcha before you can proceed. Captcha completion can frustrate end users like you, but Google servers must nip denial-of-service cyberattacks in the bud.

Unlike most cheat sheets, we cannot guarantee that the commands below will remain unchanged in perpetuity. Google updates its dorks continually, so deprecated techniques don’t appear here, even if you can find them elsewhere on the Internet.

Before You Begin Google Dorking

Google dorking is not a playground where you can flood commands to your heart’s content:

  • Google limits your Google search rate from a single device.
  • It may ban your IP if you issue too many queries.
  • Abuse of dorks may have legal repercussions.

No, you’re not immune even if you’re working from a virtual machine toying with sqlmap.

If you know you can’t resist having fun with it (and you will), you could work from Pagodo, which automates Google searching for potentially vulnerable web pages and applications on the Internet. It also lets you automate the rate at which your device issues Google dorks.

Regardless of how you use Google dorks, respect Google’s Terms of Service. Be careful.

Examples of Creepy Dorks

These dorks reveal vulnerabilities in websites, and their contents may be newsworthy depending on the zeitgeist.

For details on how the following commands work, refer to Text dorks, Google Dorks Operators, and Scope-Restricting Dorks.

ExamplesDescription
inurl:"view.shtml" "Network Camera", "Camera Live Image", inurl:"guestimage.html", intitle:"webcamXP 5’"Get web applications showing live webcam (online camera) footage.
"Not for Public Release" + "Confidential" ext:pdf | ext:doc | ext:xlsxGet links to documents meant to be classified. Some come from governmental websites.
site:.hk & inurl:wp-loginGet login pages of WordPress sites ending in the notoriously unsafe domain “.hk”
”index of” inurl:ftp secretGet FTP servers you want to access containing the keyword “secret”
Critical dorks performed on .env files yielding results such as:
filetype:env [and a sensitive parameter] - Google Search - Google Search results on .env files containing a sensitive parameter.
Popular web development frameworks use .env files to declare general variables and configurations for local and online dev environments, often including passwords.
The dork used to produce the screenshot exposes database passwords. Hence it’s vital to keep .env files from being publicly accessible.
(If you’ve read this cheat sheet in its entirety, you will be able to guess the dork used here.)

This often-updated exploit database contains other Google dorks that expose sensitive information. Proceed with caution.

Google Dorks Search Parameters

A search parameter in a Google dork is the text string payload affixed to or used with the Google dorking command or operator. Without a suitable search parameter, Google treats the dork keyword as an ordinary query keyword at best and returns zero results at worst.

For example, in the search site:www.stationx.net, the domain “www.stationx.net” is the parameter. In (psychology OR computer science) AND design, the three subjects of psychology, computer science, and design are the parameters. In 16 F to C (converting a temperature from degrees Fahrenheit to Celsius), 16 is the parameter.

Search parameters include web domains, file extensions, numbers, and character strings with or without quotes.

Google Dorking Commands

As Google’s internal documentation on dorks frequently changes, the following is not an exhaustive list but a list of commands known to return meaningful results. Some of the given commands may be obsolete because they return similar results as a dork-free search. Deprecated commands don’t appear below.

Scope-Restricting Dorks

These help specify your target range of websites or data types. For example, in hunting for e-books, the Google dork “filetype:pdf” is indispensable.

If a command listed below ends with a symbol, include no space between the command and the parameter. The correct way to use each command is in the “Example usage” column. Otherwise, Google will treat the command as an ordinary search keyword rather than a dork.

CommandDescriptionExample usage
site:Restrict search to a particular website, top-level domain, or subdomain.
Additional query items are optional.
site:google.com,
site:maps.google.com,
site:.org tax return
filetype:, ext:Restrict the returned web addresses to the designated file type.

Unlike most other dorks, this requires additional keywords in the search bar or will return no results.

Here is Google’s official list of common file types it can search.

Google also supports the file extensions db, log, and html.

Nonetheless, searches on mp3 and mp4 with and without additional search terms have yielded no results.
filetype:pdf car design, ext:log username

Compare with filetype:pdf, ext:txt, etc.filetype.pdf - Google Search - "Your search - filetype.pdf - did not match any results."

ext:txt - Google Search - About 5,420,000 results (0.21 seconds)
@Restrict search to a particular social platform.
It supports popular platforms such as Facebook, Twitter, YouTube, and Reddit.
A downside is it’s not as precise as the “site:” dork.
@twitter pentest, @youtube google dorking
define:Return definitions of a word or phraseCompare define:privacy and a plain search on privacy.
stocks:Check the financial activity of a particular stockstocks:META (Meta),
stocks:gm (General Motors),
stocks:pfizer
movie:Return information about any movie with the given titleCompare movie:"phantom of the opera" and "phantom of the opera".
source:Find reports from a Google News source.source:cnn

Informational Dorks

These dorks appear to work best if used as standalone commands, i.e., without additional query items.

CommandDescriptionExample usage
$Search for prices in USD ($). This also works for Euro (€), but not GBP (£) or Yen (¥).ipad $329, iphone €239
cache:Get Google’s last saved version of a particular website. A website snapshot like this is called “cache”.cache:news.yahoo.com
link:Find pages linking to the given domainlink:www.stationx.net
related:Return websites related to the given websiterelated:harvard.edu, related:bbc.co.uk
map:Get a map of the given locationmap:"new york"
weather:Get the weather of the given locationweather:london
Usable but possibly deprecated commands
location:Find information about a location.

Results may be inconsistent.

Google now treats “loc” (formerly an abbreviation of “location”) as a search term instead of a dork.
location:NY crime compared with NY crime.
info:, id:Return pages that convey information about the given website.

Finding queries that gave different results with and without the “info:” / “id:” command was difficult.

This command could still help you find the canonical, indexed version of a URL.

Google now treats “id” (possibly shorthand for “info”) as a search term instead of a dork.
"babylon bee" vs info:"babylon bee": a politically conservative satire website in the US
"babylon bee" - Google Search - About 545,000 results (0.43 seconds)

info:"babylon bee" - Google Search - About 236 results (0.41 seconds)

Here’s how id:"babylon bee" treats “id” as a search parameter (bold text) in some results:
An entry in [id:"babylon bee" - Google Search] - Example of Google Search treating "id" as another query keyword - Example of Google Search treating "id" as another query keyword

An entry in [id:"babylon bee" - Google Search] - Example of Google Search treating "id" as another query keyword

Google Dork Generator

Say goodbye to the hassle of trying to remember the exact syntax for your Google Dorks! With our Google Dork Generator, you can simply say what you need to do, and we will generate the Google Dork for you.

Text Dorks

These are helpful if you want to look for web pages containing certain text strings or follow particular patterns. For example, those familiar with the URLs of webcam apps, for example, use Google dorks similar to the first entry in this table to find camera footage to watch.

CommandDescriptionExample usage
intitle:, allintitle:Look for pages with titles containing the search terms.

The dork “intitle:” applies to its search parameter only, while “allintitle:” applies to the entire query string.
intitle:toy story, intitle:"toy story", allintitle:"toy story", allintitle:toy story

Compare the above with the number of search results of toy story and "toy story".
inurl:Find links containing the character string.inurl:login.php
allinurl:Find links containing all words following the colon (:).

Equivalent to applying “inurl:” to discrete search strings.
Compare allinurl: healthy eating vs inurl:healthy inurl:eating:
allinurl: healthy eating - Google Search - About 972,000 results (0.53 seconds)

inurl:healthy inurl:eating - Google Search - About 971,000 results (0.49 seconds)
Usable but possibly deprecated commands
intext:, allintext:Find websites containing the payload.

The dork “intext:” applies to its search parameter only, while “allintext:” applies to the entire query string.

The websites displayed in the results appear similar to a search without either command.
Compare intext:"Index of /" +.htaccess, allintext:"Index of /" +.htaccess, and "Index of /" +.htaccess.

Look at intext:"Index of /" +.htaccess -intitle:"Index of /" (exclude titles containing the search query) too.

Google Dorks Operators

Unlike certain Google Dorking commands, you may include spaces between Google dorking operators and your query items. You may combine as many different operators and commands as are necessary.

Search

These refine the search and constrain the results to follow the rules of logic. Most of the following are logical operators.

CommandDescriptionExample usage
" "Return exact matches of a query string enclosed in the double quotes.
Note that these are straight and not curly “” quotation marks. The curly quotes may or may not return similar results as straight quotes.
Single quotes don’t work.
"Google dorking commands".
Compare 'movie review' and "movie review":
'movie review' - Google Search. - Single quotes enclosing the phrase 'movie review'. About 5,700,000,000 results (0.78 seconds)

"movie review" - Google Search - Double quotes enclosing the phrase "movie review". About 63,900,000 results (0.89 seconds)
OR, |Return sites containing either query item joined by OR or the pipe character |.
This is an inclusive OR.
Amazon OR Google yields the same number of results as Amazon | Google.
Amazon OR Google - Google Search - About 25,270,000,000 results (0.58 seconds)

Amazon | Google - Google Search - About 25,270,000,000 results (0.42 seconds)
( )Group multiple Google dork operators as a logical statement(black OR white) hat hacker
-Hyphen; exclude search results containing the word or phrase after the hyphen.Amazon -reviews, "sql injection" -"penetration testing"
*Wildcard or glob pattern as a placeholder for query item"type * error" returns pages on Type I and II errors in statistics.
Compare this with the search “type i OR ii error” which doesn’t use this wildcard:
"type * error" - Google Search - About 4,130,000,000 results (0.70 seconds)

type i OR ii error - Google Search - About 3,450,000,000 results (0.62 seconds)
#..#Search a numerical range specified by the two endpoints # inclusive2006..2008 finds all pages that include 2006, 2007, or 2008 in them.
AROUND(N)Match pages containing the search terms separated by at most N other wordsread AROUND(2) book, read AROUND(3) book
Usable but possibly deprecated commands
AND, &, +Concatenation; return sites containing both query items joined by AND, the ampersand symbol & or the plus sign +.
Google seems to assume you’re using this dork whenever you have multiple search items in one query.
This is because the websites in the dorked search results are similar to queries without these dorks. Curiously, the estimated number of search results differs.
Amazon AND Google, Amazon & Google, Amazon + Google

Compare with Amazon Google (no quotes):
Amazon AND Google - Google Search - About 4,730,000,000 results (0.42 seconds)


Amazon & Google - Google Search - About 4,040,000,000 results (0.44 seconds)

Amazon + Google - Google Search - About 5,040,000,000 results (0.68 seconds)

Amazon Google - Google Search - About 4,280,000,000 results (0.63 seconds)
_Wildcard symbol for Google Autocomplete.
Google appears to treat this symbol literally if it’s inside double quotes.
Suppose you can’t recall the name of the late singer Michael Jackson:
Michael _ singer, "Michael _" singer. Michael _ singer - Google Search - About 342,000,000 results (0.62 seconds)

"Michael _" singer - Google Search - About 33,700 results (0.35 seconds)
Compare with Michael singer, "Michael *" singer.
Michael singer - Google Search - About 476,000,000 results (0.55 seconds)

"Michael *" singer - Google Search - About 228,000,000 results (0.70 seconds)
Only "Michael *" singer has a direct entry about Michael Jackson on the first page of the search results:
"Michael *" singer - Google Search - result: "Biography for Kids: Michael Jackson - Ducksters" Occupation: Singer; Born August 29, 1958 in Gary, Indiana; Died: June 25, 2009 in Los Angeles

Math

The following are mathematical operations that you can perform on Google.

OperatorsDescriptionExample usageResult
+Addition3 + 2023
-Subtraction3 - 20-17
*Multiplication3 * 2060
/Division3 / 200.15
% ofPercentage33% of 4006.6
X^Y, X**YRaise X to the power of Y.
Both operators ^ and ** perform the same operation.
3^2, 3**23^2 = 93**2 = 9
in, toConvert a quantity from a given unit to another. Translate words into another language.6 ft 2 inches in cm,140 lbs in kg,100 USD to bitcoin,8 am London time to California time,thank you in spanish6 ft 2 inches = 187.96 cm,140 lbs = 63.5029 kg,100 USD =
100 USD = 0.000052 bitcoin (BTC) on 11 Oct 2022, 1:05pm UTC - Google Search

8:00am Tuesday in London, UK is 12:00am Tuesday in California, USA - Google Search

"thank you" in English = "gracias" in Spanish - Google Search
sqrtSquare rootsqrt(3)1.73205080757
iImaginary number.
Use it with other mathematical operations to see it in action.
i^2-1
N choose RFind how many combinations are possible from N items taken R at a time, where N and R are integers.
(Combinatorics)
6 choose 415
sin, cos, tanTrigonometric functions. You may specify the formula using symbols and natural language.sin(pi/6), sin 30 degreessin(pi/6) = 0.5, sin 30 degrees = 0.5
timerTimertimer for 20 minutesGoogle Timer for 20 minutes: 20m00s. It counts down upon page load. - Google Search
[This has no specific operator]Generate a random number.
Find more on the drop-down dialog box labeled “Tools” on the results page.
flip a coin, roll a dice, show random number from 10 to 40Flip a coin - with drop-down dialog box labeled "Tools" on the results page - Google Search

Roll a dice - Google Search
Show random number from 10 to 40 (Google displays 28 here) - Google Search
[graph] EXPRESSION [from A to B]Graph a mathematical EXPRESSION with variables x and y on an (optional) numerical range from A to B.
The “graph” keyword is only necessary if Google doesn’t understand your query.
sin(x)/x, graph log(x)
sqrt(x^2+y^2) from -20 to 20
Graph of y=sin(x)/x looks like a peak at x=0 and decreasing ripples towards both horizontal infinities. [sin(x)/x - Google Search]

Graph of y=log(x) looks like a curved arm reaching from bottom left to top right. [graph log(x) - Google Search]

Graph of z=sqrt(x^2+y^2) looks like a paper cone with the tip at (x,y)=(0,0). [sqrt(x^2+y^2) from -20 to 20 - Google Search]

Google also supports other scientific calculator operations on its calculator. This website features additional examples of mathematical operations you can perform on Google.

Examples of Complex Google Dorks

You can combine Google dorking commands and operations for specific results.

CommandDescription
inurl:zoom.us/j intext:scheduledGet links to publicly shared Zoom meetings you may want to access.
"index of" "database.sql.zip"Get unsecured SQL dumps.
Data from improperly configured SQL servers will show up on this page.
filetype:yaml inurl:cassandraGet YAML configuration files specific to Apache Cassandra databases
@youtube trending shortsFind short clips trending on YouTube
@reddit memes -darkFind memes on Reddit that are not dark
site:cdn.cloudflare.net filetype:pdfFind PDFs on the *.cdn.cloudflare.net domain
secret in spanish inurl:dictTranslate the word “secret” to Spanish and limit results to URLs containing “dict”
filetype:doc site:www.stationx.net nathanStationX with the .doc extension. This looks for legacy Microsoft Word files containing the keyword “nathan” (founder’s name).
Extension

How to Prevent Google Dorks

With great power comes great responsibility, and even if you use Google Dorks with the utmost care, other entities may not. Here are some suggestions to avoid becoming the next victim of unwanted Google Dorking.

  • Implement IP-based restrictions and password authentication to protect private areas. Securing your login portals discourages unauthorized access.
  • Encrypt all sensitive information, like usernames, passwords, email addresses, phone numbers, and physical addresses. This way, in the event of data leakage, the original data remains unexposed.
  • Run vulnerability scans to find and disable Google dorks. Examples of vulnerability scanners are nmap, Nessus, and Qualys.
  • Run regular dork queries on your website to discover loopholes and sensitive information before attacks occur. Sqlmap is a helpful tool.
  • If you find sensitive content exposed on your website and you’ve exhausted all other means of removing it (such as changing your passwords or renaming your login pages), request its removal through Google Search Console.
  • Be judicious in the use of robots.txt. Read the warning below.

A Word of Caution

Other websites mentioning Google Dorks typically recommend using robots.txt to conceal sensitive content or to stop Google from indexing specific parts of your website. On your website server, you can find robots.txt in the root-level directory, such as /public_html.

What seems like a simple, good-faith solution to eliminate complex reconnaissance via Google Dorks is, to an intelligent hacker, a treasure trove and a cash cow. Instead of backing off, they’ll attack your website by targeting the items listed in robots.txt.

Hence, it’s best to adopt this measure cautiously. The most prudent use of robots.txt is instructing Google to exclude one’s entire website, as follows:

User-agent: * 
Disallow: /

Such a robots.txt file compels visitors looking for information to use the search function inside the website. A well-built internal search function may have safeguards against Google dorking, SQL injection, and other hacking techniques. These safeguards protect the website better than allowing external search engines such as Google to index the website.

Conclusion

Ethical and legal considerations abound when using Google dorks. They are such powerful tools for uncovering data and locating vulnerabilities that your intention and frequency in using them are paramount to your Google dorking experience. Google dorking is an invaluable tool for practical cyber security research when used responsibly.

We hope this cheat sheet is helpful to you as a penetration tester, ethical hacker, or someone interested in the security position of your enterprise. You can read our full guide on Google dorking specific websites here. If you’re interested in learning more, our courses below cover Google dorking commands:

Remember: with great power comes great responsibility. More important than enjoying Google dorking, stay safe.

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Cassandra Lee

    Cassandra is a writer, artist, musician, and technologist who makes connections across disciplines: cyber security, writing/journalism, art/design, music, mathematics, technology, education, psychology, and more. She's been a vocal advocate for girls and women in STEM since the 2010s, having written for Huffington Post, International Mathematical Olympiad 2016, and Ada Lovelace Day, and she's honored to join StationX. You can find Cassandra on LinkedIn and Linktree.

  • Valerie says:

    I had no idea this was called “dorking” — I took a class on how to do advanced google searching 15 or 20 years ago and learned most of these. I develop websites so I’m going to play with some of the advanced methods to make sure I’m not leaving any doors open.

  • Muhammad Bahram says:

    Enter only his cameras

  • Sickness555 says:

    I’m new to all this but I was learning things on my vacation. I love to see the real potential for docking

  • Right says:

    Password

  • Bank says:

    Banking

  • Tope thapaa says:

    Please give me job im white Hecker

  • jRoss says:

    I think it is awesome that you are female in this male dominated field. Your content is easy to follow, too. I would suggest adding a few video examples of you using the syntax for visual and audio learners. Good job and good luck in your career!

  • Katie Lovaas says:

    Social

  • >

    StationX Accelerator Pro

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Pro Program. Stay tuned for more!

    StationX Accelerator Premium

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Premium Program. Stay tuned for more!

    StationX Master's Program

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Master’s Program. Stay tuned for more!