Hacking zone : Google Dork

What is Google Dork?

Techtarget says “A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person.

Google dorks put corporate information at risk because they unwittingly create back doors that allow an attacker to enter a network without permission and/or gain access to unauthorized information. To locate sensitive information, attackers use advanced search strings called Google dork queries.”

Basically, it is a complex Google search string created using combination of advanced google search operators like site:, filetype:, inurl:, intitle:, intext:, etc. and possible vulnerable terms which when entered in Google search bar may list the sites with those vulnerabilities.

Doing Google Dorks queries, we put Google itself as a tool to find vulnerabilities, sensitive information of websites from what we call Google Hacking Database (GHDB).

Can Reveal

Don’t underestimate the power of Google search. It has most powerful web crawlers in the world, it provides lots of smart search operators and options to filter out only needed information. That’s what make Google Dorks powerful. If used correctly, it can help in finding :-

Footholds -Queries that can help a hacker gain a foothold into a web serverWeb Server Detection – These links demonstrate Google’s awesome ability to profile web servers.Files containing usernames – These files contain usernames, but no passwords… Still, google finding usernames on a web site.Sensitive Directories – Google’s collection of web sites sharing sensitive directories. The files contained in here will vary from sensitive to uber-secret!Vulnerable Files – HUNDREDS of vulnerable files that Google can find on websitesFiles containing passwords – PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!Vulnerable Servers – These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the “Vulnerable Files” section.Sensitive Online Shopping Info – Examples of queries that can reveal online shopping info like customer data, suppliers, orders, credit card numbers, credit card info, etc.Error Messages – Really retarded error messages that say WAY too much!Files containing juicy info – No usernames or passwords, but interesting stuff none the less.Network or vulnerability data – These pages contain such things as firewall logs, honeypot logs, network information, IDS logs… all sorts of fun stuff!Pages containing login portals – These are login pages for various services. Consider them the front door of a website’s more sensitive functions.Various Online Devices – This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.Advisories and Vulnerabilities – These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.

Google Dorks Ultimate Search Queries

So, here I am sharing the list of 4500+ Google Dorks you can use for hacking purposes – finding vulnerabilities, sensitive information in websites or servers.

inurl:/general.php?*id=*
inurl:/careers-detail.asp?id=
inurl:/WhatNew.asp?page=&id=
inurl:/gallery.asp?cid=
inurl:/publications.asp?type=
inurl:/mpfn=pdview&id=
inurl:/reservations.php?id=
inurl:/list_blogs.php?sort_mode=
inurl:/eventdetails.php?*=
inurl:/commodities.php?*id=
inurl:/recipe-view.php?id=
inurl:product.php?mid=
inurl:view_ad.php?id=
inurl:/imprimir.php?id=
inurl:/prodotti.php?id=
inurl:index.cgi?aktion=shopview
inurl:/default.php?id=
inurl:/default.php?portalID=
inurl:/*.php?id=
inurl:/articles.php?id=
inurl:/os_view_full.php?
inurl:/Content.asp?id=
inurl:/CollectionContent.asp?id=
intitle:”Novell Web Services” “GroupWise” -inurl:”doc/11924″ -.mil -.edu -.gov -filetype:pdf
intitle:”Novell Web Services” intext:”Select a service and a language.”
intitle:”oMail-admin Administration – Login” -inurl:omnis.ch
intitle:”OnLine Recruitment Program – Login”
intitle:”Philex 0.2*” -s?ri?t -site:freelists.org
intitle:”PHP Advanced Transfer” inurl:”login.php”
intitle:”php icalendar administration” -site:sourceforge.net
intitle:”php icalendar administration” -site:sourceforge.net
intitle:”phpPgAdmin – Login” Language
intitle:”PHProjekt – login” login password
intitle:”please login” “your password is *”
intitle:”Remote Desktop Web Connection” inurl:tsweb
intitle:”SFXAdmin – sfx_global” | intitle:”SFXAdmin – sfx_local” | intitle:”SFXAdmin – sfx_test”
intitle:”SHOUTcast Administrator” inurl:admin.cgi
intitle:”site administration: please log in” “site designed by emarketsouth”
intitle:”Supero Doctor III” -inurl:supermicro
intitle:”SuSE Linux Openexchange Server” “Please activate Javas?ri?t!”
intitle:”teamspeak server-administration
intitle:”Tomcat Server Administration”
intitle:”TOPdesk ApplicationServer”
intitle:”TUTOS Login”
intitle:”TWIG Login”
intitle:”vhost” intext:”vHost . 2000-2004″
intitle:”Virtual Server Administration System”
intitle:”VisNetic WebMail” inurl:”/mail/”
intitle:”VitalQIP IP Management System”
intitle:”VMware Management Interface:” inurl:”vmware/en/”
intitle:”VNC viewer for Java”
intitle:”web-cyradm”|”by Luc de Louw” “This is only for authorized users” -tar.gz -site:web-cyradm.org
intitle:”WebLogic Server” intitle:”Console Login” inurl:console
intitle:”Welcome Site/User Administrator” “Please select the language” -demos
intitle:”Welcome to Mailtraq WebMail”
intitle:”welcome to netware *” -site:novell.com
intitle:”WorldClient” intext:”? (2003|2004) Alt-N Technologies.”
intitle:”xams 0.0.0..15 – Login”
intitle:”XcAuctionLite” | “DRIVEN BY XCENT” Lite inurl:admin
intitle:”XMail Web Administration Interface” intext:Login intext:password
intitle:”Zope Help System” inurl:HelpSys
intitle:”ZyXEL Prestige Router” “Enter password”
intitle:”inc. vpn 3000 concentrator”
intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) -trackercam.com
intitle:asterisk.management.portal web-access
intitle:endymion.sak?.mail.login.page | inurl:sake.servlet
intitle:Group-Office “Enter your username and password to login”
intitle:ilohamail “
/modules/vwar/admin/admin.php?vwar_root=
/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/tools/send_reminders.php?includedir= allinurl:day.php?date=
/skin/zero_vote/error.php?dir=
/modules/TotalCalendar/about.php?inc_dir=
/login.php?dir=
/tags.php?BBCodeFile=
index.php?pageurl=
/templates/headline_temp.php?nst_inc=
/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=
/modules/agendax/addevent.inc.php?agendax_path=
/include/main.php?config[search_disp]=true&include_dir=
/contrib/yabbse/poc.php?poc_root_path=
/phpopenchat/contrib/yabbse/poc.php?sourcedir=
/photoalb/lib/static/header.php?set_menu=
/squito/photolist.inc.php?photoroot=
/bz/squito/photolist.inc.php?photoroot=
/ppa/inc/functions.inc.php?config[ppa_root_path]=
/spid/lang/lang.php?lang_path=
/classes.php?LOCAL_PATH=
al_initialize.php?alpath=
/modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=
/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=
/extensions/moblog/moblog_lib.php?basedir=
/app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=
components/com_performs/performs.php?mosConfig_absolute_path=
modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=
/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=
inc/cmses/aedating4CMS.php?dir[inc]=
bp_ncom.php?bnrep=
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
/jscript.php?my_ms[root]=
/popup_window.php?site_isp_root=
/yabbse/Sources/Packages.php?sourcedir=
/include/main.php?config[search_disp]=true&include_dir=
/include/main.php?config[search_disp]=true&include_dir=
/includes/functions_portal.php?phpbb_root_path=
pagina.php?ir=
home.php?qry=
index2.php?choix=
page.php?addr=
index1.php?dir=
principal.php?pr=
press.php?seite=
standard.php?seccion=
page.php?goto=
head.php?cmd=
home.php?sec=
home.php?category=
standard.php?cmd=
mod*.php?thispage=
*.php?secc=
base.php?to=
index3.php?chapter=
start.php?seccion=
base.php?middlePart=
view.php?choix=
template.php?panel=
base.php?panel=
template.php?mod=
path.php?menue=
info.php?j=
blank.php?pref=
sub*.php?channel=
padrao.php?secc=
standard.php?in=
general.php?cmd=
pagina.php?panel=
*inc*.php?inc=
template.php?where=
general.php?id=
path.php?channel=
standard.php?pref=
template.php?play=
gallery.php?seccion=
layout.php?my=
page.php?tipo=
sitio.php?rub=
pagina.php?u=
file.php?ir=
*inc*.php?sivu=
padrao.php?seite=
press.php?i=
path.php?start=
mod*.php?tipo=
page.php?chapter=
home.php?recipe=
gallery.php?ref=
pagina.php?section=
home.php?menu=
default.php?basepath=
index2.php?open=
blank.php?pname=
sub*.php?modo=
index2.php?goto=
path.php?subject=
inurl:skin=
inurl:static=
inurl:str=
inurl:strona=
inurl:sub=
inurl:tresc=
inurl:url=
inurl:user=
inurl:ajax.php?page=

—Contain Sensitive Data———–
filetype:bak createobject sa
filetype:bak inurl:”htaccess|passwd|shadow|htusers”
filetype:cfg mrtg “target
filetype:cfm “cfapplication name” password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings “User ID”
filetype:dat “password.dat”
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:”serv-u.ini”
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log “See `ipsec –copyright”
filetype:log inurl:”password.log”
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql “insert into” (pass|passwd|password)
filetype:sql (“values * MD5” | “values * password” | “values * encrypt”)
filetype:sql +”IDENTIFIED BY” -cvs
filetype:sql password
filetype:url +inurl:”ftp://” +inurl:”;@”
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:”enable password 7″
intext:”enable secret 5 $”
intext:”EZGuestbook”
intext:”Web Wiz Journal”
intitle:”index of” intext:connect.inc
intitle:”index of” intext:globals.inc
intitle:”Index of” passwords modified
intitle:”Index of” sc_serv.conf sc_serv content
intitle:”phpinfo()” +”mysql.default_password” +”Zend s?ri?ting Language Engine”
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of intext:”secring.skr”|”secring.pgp”|”secring.bak”
intitle:rapidshare intext:login
inurl:”calendars?ri?t/users.txt”
inurl:”editor/list.asp” | inurl:”database_editor.asp” | inurl:”login.asa” “are set”
inurl:”GRC.DAT” intext:”password”
inurl:”Sites.dat”+”PASS=”
inurl:”slapd.conf” intext:”credentials” -manpage -“Manual Page” -man: -sample
inurl:”slapd.conf” intext:”rootpw” -manpage -“Manual Page” -man: -sample
inurl:”wvdial.conf” intext:”password”
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
filetype:bkf bkf
filetype:blt “buddylist”
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To”
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -“cvs log”
filetype:fp7 fp7
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
intext:”Session Start * * * *:*:* *” filetype:log
intext:”Tobias Oetiker” “traffic analysis”
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intitle:”Athens Authentication Point”
intitle:”b2evo > Login form” “Login form. You must log in! You will have to accept cookies in order to log in” -demo -site:b2evolution.net
intitle:”Cisco CallManager User Options Log On” “Please enter your User ID and Password in the spaces provided below and click the Log On button to co
intitle:”ColdFusion Administrator Login”
intitle:”communigate pro * *” intitle:”entrance”
intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5″ -mambo
intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5″ -mambo
intitle:”Dell Remote Access Controller”
”This is a Shareaza Node”
”This report was generated by WebLog”
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
(intitle:”PRTG Traffic Grapher” inurl:”allsensors”)|(intitle:”PRTG Traffic Grapher – Monitoring Results”)
(intitle:WebStatistica inurl:main.php) | (intitle:”WebSTATISTICA server”) -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
(inurl:”robot.txt” | inurl:”robots.txt” ) intext:disallow filetype:txt
+”:8080″ +”:3128″ +”:80″ filetype:txt
+”HSTSNR” -“netop.com”
-site:php.net -“The PHP Group” inurl:source inurl:url ext

For educational purposes