Google Dorks! Finding Hidden Sites & Files in Google Search Results!

While most of us would consider ourselves pretty good Googlers these days, truth is, there is so much more to Google searching than meets the eye.

Entering Google Dorking Commands also known as Google hacking is about searching Google in a way that filters and brings all sorts or OSINT and InfoSec goodies floating to the top.

Let me start by saying the title might be a little off, as the files are not technically hidden as much as they are obscure.

While most of us would consider ourselves pretty good Googlers these days, the truth is, there is so much more to Google searching than meets the eye.

Introducing Google Dorking

Yes, I said it Google Dorking and it’s not what you might think. Sounds dirty, right? It’s not just me. LOL

Entering Google Dorking Commands also known as Google hacking is about searching Google in a way that filters and brings all sorts or OSINT and InfoSec goodies floating to the top.

Think Before You Dork!!!

Although the information my be available on Google, it does not mean you can use that information to try and hack or gain unauthorized access to a system or individual computer.

Hacking is illegal, don’t do it, don’t talk about it.

With that being said, please be careful, be responsible and please enjoy these Google Dorking Examples for educational purposes.

What Kinds of Trouble You Can Find by Goolge Dorking?

Using the Google Dorks commands on this page I was able to find this open camera in down town Tehran, Iran. This all started in May of 2021. See screenshots below.

Again, be careful what you Dork and where you go. A visit to this camera got me a reverse probe XSS attack from Iranian Intelligence. That was fun!

Google Dorks for user names and password in log files

Below are popular Google Dorks I’ve collected but there may be more out there so my advice is to never stop looking.

You can also find more Dorks on popular hacking website like the Google Hacking Database (GHD).

allintext:username filetype:log

Open FTP Servers

intitle:"index of" inurl:ftp

Open Web Cams

Intitle:"webcamXP 5"

inurl:view/index.shtml 

Database Passwords

db_password filetype:env

Git-hub Resources

filetype:inc php -site:github.com -site:sourceforge.net

PHP Variables

filetype:php "Notice: Undefined variable: data in" -forum

Server Configuration Files

intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"

Nessus Scan Reports

intitle:"report" ("qualys"|"acunetix"|"nessus"|"netsparker"|"nmap") filetype:pdf

Networking Excel Xls Files

ext:xls netoworking

FrontPage Servers w/ Admin Info

"#-Frontpage-" inurl:administrators.pwd

Unprotected Cameras

inurl:view/index.shtml

Hidden Login Pages

Username password site:com filetype:txt DomainName.com

Domains and Subdomains

site:*.site.com -www
site:*.*.site.com -www
site:*.*.*.site.com -www

Google Dorking Video by Null Byte

Hope this helps somebody!
~Cyber Abyss

Author: Rick Cable / AKA Cyber Abyss

A 16 year US Navy Veteran with 25+ years experience in various IT Roles in the US Navy, Startups and Healthcare. Founder of FinditClassifieds.com in 1997 to present and co-founder of Sports Card Collector Software startup, LK2 Software 1999-2002. For last 7 years working as a full-stack developer supporting multiple agile teams and products in a large healthcare organization. Part-time Cyber Researcher, Aspiring Hacker, Lock Picker and OSINT enthusiast.