Basic Operators
TEXT
site:target.com # Only results from domain
inurl:admin # URL contains "admin"
intitle:login # Page title contains "login"
filetype:pdf # Specific file type
intext:password # Page content contains "password"Finding Sensitive Files
TEXT
# Configuration files
site:target.com ext:xml | ext:conf | ext:cnf | ext:cfg
# Backup files
site:target.com ext:bak | ext:backup | ext:old
# Log files
site:target.com ext:log
# Database files
site:target.com ext:sql | ext:db | ext:sqlite
# Environment files
site:target.com inurl:.env | .env.localFinding Exposed Data
TEXT
# Password files
site:target.com intext:"password" filetype:txt
# API keys
site:target.com intext:"api_key" | intext:"apikey"
# AWS keys
site:target.com intext:"AKIA"
# Private keys
site:target.com intext:"BEGIN RSA PRIVATE KEY"Finding Admin Panels
TEXT
site:target.com inurl:admin
site:target.com inurl:login | inurl:signin
site:target.com intitle:"admin panel"
site:target.com inurl:dashboard
site:target.com inurl:wp-admin
site:target.com inurl:administratorFinding Vulnerabilities
TEXT
# Directory listing
site:target.com intitle:"Index of /"
# Error messages
site:target.com intext:"Warning: mysql"
site:target.com intext:"SQL syntax"
site:target.com intext:"Fatal error"
# phpinfo
site:target.com inurl:phpinfo.php
site:target.com intitle:"phpinfo()"Finding Subdomains
TEXT
site:*.target.com -www
site:*.*.target.comGitHub Dorking
TEXT
# Search GitHub for secrets
"target.com" password
"target.com" api_key
"target.com" secret
org:targetorg passwordUseful Tools
BASH
# Automate dorking
googler "site:target.com filetype:pdf"
# GitHub dorks
gitrob -threads 10 target-org
truffleHog https://github.com/target/repoCombined Dorks
TEXT
# Sensitive directories
site:target.com inurl:"/admin/" | inurl:"/backup/" | inurl:"/config/"
# Exposed credentials
site:target.com allintext:username password filetype:log
# Open redirects
site:target.com inurl:redirect | inurl:url= | inurl:next=