Top 35 Google Dorks List in 2024

5 min read
Last updated: Feb 25, 2024

google-dork-list

How to Use Google Dorks?

To use a Google Dork, you simply type in a Dork into the search box on Google and press “Enter”. Here are some of the best Google Dork queries that you can use to search for information on Google.

Top 35 Google Dorks List:

  1. Finding exposed directories:
intitle:"Index of" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) -inurl:(listen77|mp3raid|mp3toss|mp3drug|index_of|wallywashis)
  1. Discovering open webcams:
inurl:"viewerframe?mode=motion"
  1. Finding email lists:
filetype:txt @gmail.com OR @yahoo.com OR @hotmail.com OR @aol.com
  1. Uncovering vulnerable web servers:
intitle:"Welcome to Windows 2000 Internet Services"
  1. Discovering exposed CCTV cameras:
inurl:ViewerFrame?Mode=Motion
  1. Finding SQL injection vulnerabilities:
inurl:index.php?id=
  1. Uncovering sensitive information in files:
intitle:"Index of" password.txt
  1. Discovering login pages:
inurl:admin/login
  1. Finding exposed databases:
intext:"phpMyAdmin" "running on" inurl:"main.php"
  1. Discovering vulnerable WordPress sites:
inurl:/wp-content/plugins/revslider/
  1. Finding open FTP servers:
intitle:"index of" inurl:ftp
  1. Discovering exposed configuration files:
intitle:"index of" config.yml
  1. Finding open Git repositories:
intitle:index of .git
  1. Discovering vulnerable Joomla installations:
inurl:/index.php?option=com_joomla
  1. Finding sensitive files:
intitle:"index of" password OR passcode OR passphrase OR keyfile
  1. Discovering exposed MongoDB instances:
intitle:"mongodb status" intext:"topologyVersion"
  1. Finding open network devices:
intitle:"open network devices"
  1. Discovering exposed subdomains:
site:\*.example.com -www
  1. Finding vulnerable Apache Tomcat installations:
intitle:"Apache Tomcat" intext:"If you're seeing this, you've successfully installed Tomcat"
  1. Discovering exposed GitLab repositories:
intitle:"GitLab"
  1. Finding exposed server directories:
intitle:"index of" /admin
  1. Discovering sensitive Google Drive files:
site:drive.google.com confidential
  1. Finding exposed Jenkins instances:
intitle:"Dashboard [Jenkins]"
  1. Discovering exposed AWS S3 buckets:
site:s3.amazonaws.com
  1. Finding vulnerable Magento installations:
inurl:/index.php/admin
  1. Discovering exposed log files:
intitle:"index of" error.log
  1. Finding open Elasticsearch instances:
intitle:"Kibana" intext:"Welcome to Elastic"
  1. Discovering exposed API keys:
filetype:env intext:API_KEY
  1. Finding exposed phpMyAdmin installations:
inurl:"phpmyadmin/index.php"
  1. Discovering vulnerable OpenCart installations:
inurl:/admin/config.php
  1. Finding exposed sensitive documents:
filetype:pdf "Confidential"
  1. Discovering exposed network devices:
intitle:"Device name" inurl:home.htm
  1. Finding open RDP (Remote Desktop Protocol) servers:
intitle:"Remote Desktop Web Connection"
  1. Discovering exposed Firebase databases:
intitle:"Firebase Console - Projects"
  1. Finding vulnerable Drupal installations:
inurl:"/user/login" "Powered by Drupal"

A Google Dork is a search query that looks for specific information on Google’s search engine. Google Dorks are developed and published by hackers and are often used in “Google Hacking”.

Google Dorks are extremely powerful. They allow you to search for a wide variety of information on the internet and can be used to find information that you didn’t even know existed.

Because of the power of Google Dorks, they are often used by hackers to find information about their victims or to find information that can be used to exploit vulnerabilities in websites and web applications.

Google Search Engine is designed to crawl anything over the internet and this helps us to find images, text, videos, news and plethora of information sources. With it’s tremendous capability to crawl, it indexes data along the way, which also includes sensitive information like email addresses, login credentials, sensitive files, website vulnerabilities, and even financial information. In many cases, We as a user won’t be even aware of it.

Google Dork is a search query that we give to Google to look for more granular information and retrieve relevant information quickly. For example, try to search for your name and verify results with a search query [inurl:your-name]. Analyse the difference. You just have told google to go for a deeper search and it did that beautifully.

Google search service is never intended to gain unauthorised access of data but nothing can be done if we ourselves kept data in the open and do not follow proper security mechanisms.

Essentially emails, username, passwords, financial data and etc. shouldn’t be available in public until and unless it’s meant to be. Example, our details with the bank are never expected to be available in a google search. But our social media details are available in public because we ourselves allowed it.

Ending Note

Google Search is very useful as well as equally harmful at the same time. Because it indexes everything available over the web.

You need to follow proper security mechanisms and prevent systems to expose sensitive data. Follow OWASP, it provides standard awareness document for developers and web application security.

Scraper API provides a proxy service designed for web scraping. With over 20 million residential IPs across 12 countries, as well as software that can handle JavaScript rendering and solving CAPTCHAs, you can quickly complete large scraping jobs without ever having to worry about being blocked by any servers.

Note: By no means Box Piper supports hacking. This article is written to provide relevant information only. Always adhering to Data Privacy and Security.

Any thoughts, let's discuss on twitter

Sharing this article is a great way to educate others like you just did.



If you’ve enjoyed this issue, do consider subscribing to my newsletter.


Subscribe to get more such interesting content !

Tech, Product, Money, Books, Life. Discover stuff, be inspired, and get ahead. Box Piper is on Twitter and Discord. Let's Connect!!

To read more such interesting topics, let's go Home

More Products from the maker of Box Piper:

Follow GitPiper Instagram account. GitPiper is the worlds biggest repository of programming and technology resources. There is nothing you can't find on GitPiper.

Follow SharkTankSeason.com. Dive into the riveting world of Shark Tank Seasons. Explore episodes, pitches, products, investment details, companies, seasons and stories of entrepreneurs seeking investment deals from sharks. Get inspired today!.


Scraper API

More Blogs from the house of Box Piper: