Google Dorks List and Updated Database for Advisories and Vulnerabilities in 2021

9 min read
Last updated: Apr 8, 2021

google-dork-list

How to Use Google Dorks?

To use a Google Dork, you simply type in a Dork into the search box on Google and press “Enter”. Here are some of the best Google Dork queries that you can use to search for information on Google.

Google Dork Queries Examples:

  • site:.edu “phone number”– This Dork searches for websites on .edu domains that contain the words “phone number”. student “phone number” – This Dork searches for websites on .edu domains that contain the words “student” and “phone number”.
  • inurl:edu “login” – This Dork searches for websites on .edu domains that contain the words “login”. This Dork searches for school websites that contain student login information.
  • “powered by vbulletin” site:.edu – This Dork searches for websites on .edu domains that contain the words “powered by vbulletin”. This Dork searches for school websites that are running on the vbulletin forum software.
  • “powered by vbulletin” site:.gov – This Dork searches for websites on .gov domains that contain the words “powered by vbulletin”. This Dork searches for governmental websites that are running on the vbulletin forum software.
  • “powered by vbulletin” site:.mil – This Dork searches for websites on .mil domains that contain the words “powered by vbulletin”. This Dork searches for military websites that are running on the vbulletin forum software.
  • “powered by vbulletin” inurl:.edu – This Dork searches for websites on .edu domains that contain the words “powered by vbulletin”. This Dork searches for school websites that are running on the vbulletin forum software.
  • “powered by vbulletin” inurl:.mil – This Dork searches for websites on .mil domains that contain the words “powered by vbulletin”. This Dork searches for military websites that are running on the vbulletin forum software.
  • inurl:.com “powered by vbulletin” – This Dork searches for websites on .com domains that contain the words “powered by vbulletin”. This Dork searches for websites that are running on the vbulletin forum software.
  • inurl:.edu “register forum” – This Dork searches for websites on .edu domains that contain the words “register forum”. This Dork searches for school websites that allow you to register for a forum.
  • inurl:.gov “register forum” – This Dork searches for websites on .gov domains that contain the words “register forum”. This Dork searches for governmental websites that allow you to register for a forum.

Scraper API provides a proxy service designed for web scraping. With over 20 million residential IPs across 12 countries, as well as software that can handle JavaScript rendering and solving CAPTCHAs, you can quickly complete large scraping jobs without ever having to worry about being blocked by any servers.

Google Dorks Updated Database for for Advisories and Vulnerabilities:

inurl:"/wp-content/plugins/super-forms/"
inurl:uno.php
inurl:"/console/login/LoginForm.jsp"
"machform" inurl:"view.php"
intext:"Incom CMS 2.0"
inurl:/pro_users/login
inurl:/wp-content/themes/altair/
inurl:/cgi-bin/manlist?section
"Powered by vBulletin(R) Version 5.6.3"
intitle:"Please Login" "Use FTM Push"
inurl:opac_css
intitle:"Powered by Pro Chat Rooms"
inurl:"woocommerce-exporter"
Server: Mida eFramework
intitle:"Sphider Admin Login"
inurl:/wp-content/plugins/wp-file-manager/readme.txt
intext:"Published with Textpattern CMS"
intext:"Powered by Piwigo"
intext:"Powered by Typesetter"
inurl:"images/lists?cid=13"
inurl:device ext:rsp
inurl:"/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php" - Wordpress File Manager
inurl: login.rsp
inurl:''com_gmapfp''
inurl:wp-content/plugins/wpdiscuz
inurl:wp-content/plugins/easy-media-gallery-pro
inurl:"/vam/index_vam_op.php"
inurl:wp-content/plugins/my-calendar
intitle:ePMP 1000 intext:Log In -site:*.com -site:com.*
inurl:wp-content/plugins/redirection
inurl:wp-content/plugins/updraftplus
Index of : wp-content/plugins/wpmudev-updates/
inurl:wp-content/plugins/sfwd-lms
inurl:wp-content/plugins/email-subscribers
inurl:wp-content/plugins/arforms
inurl:wp-content/plugins/safe-svg
inurl:wp-content/plugins/iwp-client
inurl:wp-content/plugins/async-javascript
inurl:wp-content/plugins/lifterlms
inurl:wp-content/plugins/idx-broker-platinum
inurl:wp-content/plugins/all-in-one-wp-migration
inurl:wp-content/plugins/wpjobboard
inurl:wp-content/plugins/sendpress
inurl:wp-content/plugins/wd-google-maps
inurl:wp-content/plugins/knight-lab-timelinejs
inurl:wp-content/themes/corona
inurl:wp-content/plugins/angwp
inurl:wp-content/plugins/angwp
inurl:wp-content/plugins/wise-chat
allintext: wp-content/themes/injob
inurl:wp-content/plugins/gravityforms
inurl:wp-content/plugins/knight-lab-timelinejs
inurl:/wp-content/plugins/angwp
inurl:/wp-content/themes/realestate-7
inurl:wp-content/plugins/kingcomposer
allintext:wp-content/plugins/angwp
inurl:wp-content/plugins/form-maker
inurl:wp-content/plugins/newsletter
inurl:wp-content/plugins/wp-live-chat-support
allintext:wp-content/plugins/acf-to-rest-api
inurl:wp-content/themes/sparky
inurl:wp-content/plugins/wp-jobsearch
inurl:wp-content/themes/careerfy
inurl:wp-content/plugins/security-malware-firewall
inurl:wp-content/plugins/payment-form-for-paypal-pro
inurl:wp-content/plugins/testimonials-widget
inurl:wp-content/themes/careerup
inurl:wp-content/themes/nexos
inurl:wp-content/plugins/wpforms-lite
intitle:"IceWarp WebClient"
inurl:wp-content/plugins/coming-soon
inurl:wp-content/plugins/gift
inurl:wp-content/plugins/form-maker
inurl:wp-content/themes/traveler
intext:piwik "Sign in"
intext:Powered by 2Moons 2009-2013
intext:"Centreon 2005-2019"
inurl:wp-content/themes/citybook
inurl:wp-content/themes/traveler
inurl:wp-content/plugins/wpDiscuz
inurl:wp-content/plugins/YITH-WooCommerce-Ajax-Product-Filter
inurl:wp-content/plugins/wp-pro-quiz
inurl:/webmail intext:Tecnologia fornecida por IceWarp Server
inurl:wp-content/plugins/ar-contactus
intext:Basato su Comunicazioni Integrate IceWarp
intext:Basato su IceWarp Server
inurl:wp-content/plugins/testimonial-rotator
intitle:qdPM 9.1. Copyright (c) 2020 qdpm.net
intext:"TopManage (R) 2002 - 2020"
inurl:wp-content/plugins/kingcomposer
inurl:wp-content/themes/newspaper
intext:powered by JoomSport - sport WordPress plugin
inurl:wp-content/plugins/elementor
"powered by Typo3"
"index of" "plugins/wp-rocket"
inurl:wp-content/plugins/brizy
index of /wp-content/uploads/backupbuddy
inurl:"wp-contentpluginsphoto-gallery"
inurl:wp-content/plugins/sportspress
inurl:wp-content/plugins/simple-file-list
inurl:/wp-content/plugins/wp-ecommerce-shop-styling/
inurl:wp-content/plugins/wp-jobsearch
inurl:wp-content/plugins/ajax-load-more/lang/
inurl:wp-content/plugins/final-tiles-grid-gallery-lite
inurl:wp-content/plugins/woocommerce
inurl:wp-content/plugins/yop-poll
inurl:wp-content/plugins/final-tiles-grid-gallery-lite
inurl:wp-content/plugins/adrotate
inurl:wp-content/plugins/mappress-google-maps-for-wordpress
inurl:wp-content/plugins/bbPress
inurl:wp-content/plugins/gtranslate
inurl:wp-content/plugins/grand-media
inurl:wp-content/plugins/iframe
inurl:wp-content/plugins/woo-order-export-lite
inurl:wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7
inurl:"wp-content/plugins/siteorigin-panels"
inurl:wp-content/plugins/official-mailerlite-sign-up-forms
inurl:"wp-content/plugins/form-maker"
intitle:"Index of" intitle:"UserPro" -uploads
inurl:"index.php?option=com_ccnewsletter" inurl:sbid

A Google Dork is a search query that looks for specific information on Google’s search engine. Google Dorks are developed and published by hackers and are often used in “Google Hacking”.

Google Dorks are extremely powerful. They allow you to search for a wide variety of information on the internet and can be used to find information that you didn’t even know existed.

Because of the power of Google Dorks, they are often used by hackers to find information about their victims or to find information that can be used to exploit vulnerabilities in websites and web applications.

Google Search Engine is designed to crawl anything over the internet and this helps us to find images, text, videos, news and plethora of information sources. With it’s tremendous capability to crawl, it indexes data along the way, which also includes sensitive information like email addresses, login credentials, sensitive files, website vulnerabilities, and even financial information. In many cases, We as a user won’t be even aware of it.

Google Dork is a search query that we give to Google to look for more granular information and retrieve relevant information quickly. For example, try to search for your name and verify results with a search query [inurl:your-name]. Analyse the difference. You just have told google to go for a deeper search and it did that beautifully.

Search Operators :

  • cache:

    • [cache:www.google.com web] will show the cached content with the word “web” highlighted. This functionality is also accessible by clicking on the “Cached” link on Google’s main results page. The query [cache:] will show the version of the web page that Google has in its cache. For instance, [cache:www.google.com] will show Google’s cache of the Google homepage.
  • link:

    • [link:www.google.com] will list webpages that have links pointing to the Google homepage.
  • related:

    • [related:www.google.com] will list web pages that are similar to the Google homepage.
  • info:

    • [info:www.google.com] will show information about the Google homepage.
  • define:

    • The query [define:] will provide a definition of the words you enter after it, gathered from various online sources. The definition will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them). Eg: [define:google]
  • stocks:

    • If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker symbols, and will link to a page showing stock information for those symbols. For instance, [stocks: intc yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.)
  • site:

    • If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For instance, [help site:www.google.com] will find pages about help within www.google.com. [help site:com] will find pages about help within .com urls. Note there can be no space between the “site:” and the domain.
  • allintitle:

    • If you start a query with [allintitle:], Google will restrict the results to those with all of the query words in the title. For instance, [allintitle: google search] will return only documents that have both “google” and “search” in the title.
  • intitle:

    • If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title. For instance, [intitle:google search] will return documents that mention the word “google” in their title, and mention the word “search” anywhere in the document (title or no). Putting [intitle:] in front of every word in your query is equivalent to putting [allintitle:] at the front of your query: [intitle:google intitle:search] is the same as [allintitle: google search].
  • allinurl:

    • If you start a query with [allinurl:], Google will restrict the results to those with all of the query words in the url. For instance, [allinurl: google search] will return only documents that have both “google” and “search” in the url. Note that [allinurl:] works on words, not url components. In particular, it ignores punctuation. Thus, [allinurl: foo/bar] will restrict the results to page with the words “foo” and “bar” in the url, but won’t require that they be separated by a slash within that url, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints.
  • inurl:

    • If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the url. For instance, [inurl:google search] will return documents that mention the word “google” in their url, and mention the word “search” anywhere in the document (url or no). Putting “inurl:” in front of every word in your query is equivalent to putting “allinurl:” at the front of your query: [inurl:google inurl:search] is the same as [allinurl: google search].

Google search service is never intended to gain unauthorised access of data but nothing can be done if we ourselves kept data in the open and do not follow proper security mechanisms.

Essentially emails, username, passwords, financial data and etc. shouldn’t be available in public until and unless it’s meant to be. Example, our details with the bank are never expected to be available in a google search. But our social media details are available in public because we ourselves allowed it.

Ending Note

Google Search is very useful as well as equally harmful at the same time. Because it indexes everything available over the web.

You need to follow proper security mechanisms and prevent systems to expose sensitive data. Follow OWASP, it provides standard awareness document for developers and web application security.

Scraper API provides a proxy service designed for web scraping. With over 20 million residential IPs across 12 countries, as well as software that can handle JavaScript rendering and solving CAPTCHAs, you can quickly complete large scraping jobs without ever having to worry about being blocked by any servers.

Note: By no means Box Piper supports hacking. This article is written to provide relevant information only. Always adhering to Data Privacy and Security.

Any thoughts, let's discuss on twitter

Sharing this article is a great way to educate others like you just did.



If you’ve enjoyed this issue, do consider subscribing to my newsletter.


Subscribe to get more such interesting content !


Feel free to send honest and blunt feedback on how helpful this was to you or any suggestions/improvements.

Support my work and buy me a Coffee. It'll mean the world to me. 😇










To read more such interesting topics, let's go Home


Tech, Product, Money, Books, Life. Discover stuff, be inspired, and get ahead.
Box Piper on Twitter

More Blogs from the house of Box Piper: