You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories )
Notifications You must be signed in to change notification settings
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go to fileWelcome to GDorks, your gateway to the hidden wonders of the internet! 🚀 Give us a ⭐️ if you find this project helpful!
Dive into the world of Google dorks with over 320+ categories and a whopping 3M+ dorks waiting to be uncovered!
- Dorks(1M)/ - README.md - Split #1.txt - Split #2.txt - Split #3.txt - . - More-Dorks/ - README.md - 7k.txt - best2.txt - Amazon10k.txt - Gaming.txt - Shoping.txt - . - SQLi/ - README.md - Sqli.txt - Sqli2.txt - . - XSS/ - README.md - XSS.txt - . - LFI/ - README.md - LFI.txt - . - WordPress/ - README.md - 17k.txt - wp(30K).txt - . - Joomla/ - README.md - Joomla.txt - Joomla2.txt - . - Laravel/ - README.md - 1.txt - . - CCTV/ - README.md - cctv.txt - . - Netflix/ - 48.txt - . - dorks.txt,dorks.json,dorks2.txt,dorks3.txt,dorks-2023.txt,dork.
Google dorks are specially crafted search queries that use a combination of advanced search operators to fine-tune your Google searches. By employing these dorks, you can focus on specific search results, unveiling hidden gems that ordinary searches might miss.
git clone https://github.com/ishanoshada/GDorks.git
Discover live camera feeds from all over the globe! Marvel at breathtaking scenery, bustling streets, and serene sunsets. Be a virtual traveler with these dorks:
inurl:/view.shtml intitle:"Live View / - AXIS" inurl:/control/userimage.html intitle:"Toshiba Network Camera" user login intitle:"i-Catcher Console - Web Monitor" .
SQL Injection is a type of security vulnerability that allows attackers to manipulate a web application's database by injecting malicious SQL code into input fields or parameters. This can lead to unauthorized access, data leakage, or even complete control of the database.
inurl:"product.php?pid=" inurl:"category.php?id=" inurl:"news.php?id=" inurl:"gallery.php?id=" inurl:"article.php?id=" inurl:"profile.php?id=" inurl:"product-list.php?id=" inurl:"product-detail.php?id markdown-heading" dir="auto">🥷 Category: Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to session hijacking, cookie theft, or the execution of arbitrary code in the context of the victim's browser.
inurl:"search.php?q=" inurl:"results.php?q=" inurl:"gallery.php?name=" inurl:"blog.php?title=" inurl:"category.php?name=" inurl:"faq.php?question=" inurl:"feedback.php?comment markdown-heading" dir="auto">🛡️ Category: Vulnerable Servers - Uncovering Weaknesses
Unearth vulnerable servers, weak points, and potential security risks. Help make the web safer by reporting any vulnerabilities you discover. Protect and educate!
intitle:"Test Page for the Apache Web Server on Fedora Core" intitle:"Index of" "CentOS" "Test Page" intitle:"Test Page for the Nginx HTTP Server" .
🔒 Category: Sensitive Directories - Beware of Hidden Paths
Explore hidden directories, secret realms, and confidential data that accidentally made its way into public view. Tread carefully!
intitle:"Index of /admin" intitle:"Index of /backup" intitle:"Index of /config" .
💽 Category: Database Files - Unveiling Sensitive Data
Stumble upon database files that might contain sensitive information. Handle with care and utmost respect for privacy.
filetype:sql intext:username password filetype:sql "insert into" (pass|passwd|password) .
🚪 Category: Login Pages - Enter the Gateway
Discover login portals, access points, and entryways into secured systems. Respect the sanctity of access controls and never trespass!
intitle:"Login" inurl:/login intitle:"Login" inurl:/signin .
📡 Category: Network Devices - Journey through Networking World
Navigate through network devices, routers, and access points. Find and secure, but never intrude!
intitle:"RouterOS" inurl:/winbox intitle:"Ubiquiti" intext:"airOS" .
🎥 Category: CCTV Systems - Peering through Surveillance
Explore CCTV systems, camera setups, and surveillance feeds. Respect privacy and avoid unethical use!
intitle:"DVR Login" inurl:/login.htm .
🔐 Category: Apache Tomcat - Unveil Tomcat Servers
Discover Apache Tomcat servers and applications. Handle with care and report any vulnerabilities responsibly!
intitle:"Apache Tomcat" intext:"Apache Tomcat" .
🛑 Category: Error Messages - Understanding Errors
Analyze various error messages to understand web server behavior and potential weaknesses. Report responsibly!
intext:"Error 404: Not Found" .
🗃️ Category: Git Repository Files - Exploring Repositories
Stumble upon Git repositories, codebases, and version control systems. Respect intellectual property and never exploit!
filetype:gitweb inurl:git .
⚙️ Category: Configuration Files - Delving into Settings
Uncover configuration files and system settings. Treat them with utmost care and privacy!
filetype:conf inurl:web.config .
💡 Category: PHP Info Files - PHP Insights
Discover PHP information files. Handle this knowledge responsibly!
filetype:php inurl:info .
📜 Category: Wordpress Sites - Enter the World of WordPress
Explore WordPress sites and blogs. Respect intellectual property and refrain from unauthorized access!
inurl:/wp-admin .
📁 Category: Open Directory Listings - Directory Treasure Hunt
Embark on a quest to find open directories with valuable content. Treat what you find with respect and privacy!
intitle:"Index of /" + "backup" .
🌟 Category: Google Drive Links - Drive to the Clouds
Unlock direct links to Google Drive files. Respect the owner's privacy and intellectual property!
inurl:"/uc?id markdown-heading" dir="auto">📜 Category: Wordpress Configuration Files - WordPress Secrets
Stumble upon WordPress configuration files. Handle them responsibly and respect privacy!
filetype:txt inurl:wp-config .
🔐 Category: AWS Access Keys - AWS Wonderworld
Find AWS access keys, but be cautious! Report responsibly and never exploit!
filetype:pem intext:PRIVATE KEY .
🗃️ Category: Configuration Files - Hunting Configuration
Discover various configuration files. Handle with care, and never misuse!
filetype:env intext:AWS_SECRET_ACCESS_KEY .
⚡ Additional Google Dork Syntax Examples (Continued)
- Finding URLs with a Specific Keyword:
- inurl:"keyword" - Searches for URLs containing the specified keyword.
- Excluding Specific Terms:
- -term - Excludes results containing the specified term.
- Searching for Pages with a Specific Title:
- intitle:"your search term" - Searches for pages with the specified term in the title.
- Looking for Pages with a Specific Extension:
- ext:php - Limits results to files with a PHP extension.
- ext:html - Limits results to HTML files.
- Finding Social Media Profiles:
- site:facebook.com "John Doe" - Searches for Facebook profiles with the name "John Doe".
- Locating Login Pages:
- intitle:"Login" inurl:/login - Finds login pages.
- Exploring Subdomains:
- site:*.example.com - Searches for subdomains of "example.com".
- Finding Vulnerable Webcams:
- intitle:"Live View / - AXIS" - Searches for AXIS webcams.
- Discovering Exposed Git Repositories:
- intitle:index.of.git - Searches for exposed Git repositories.
- Uncovering Open Directories:
- intitle:"Index of /" - Searches for open directories.
- Identifying Exposed Elasticsearch Instances:
- intitle:"Kibana" intext:"You know, for search" - Searches for publicly accessible Elasticsearch instances.
- Hunting for Configuration Files:
- filetype:env intext:AWS_SECRET_ACCESS_KEY - Searches for AWS secret access keys in configuration files.
- Revealing WordPress Configuration Files:
- filetype:txt inurl:wp-config - Searches for WordPress configuration files.
- Finding AWS Access Keys:
- filetype:pem intext:PRIVATE KEY - Searches for AWS private keys.
- Finding Vulnerable PHP Scripts:
- intitle:"PHP Shell" - Searches for pages with PHP shells.
- Locating Exposed Admin Panels:
- intitle:"Admin Login" - Searches for pages with "Admin Login" in the title.
- Discovering Network Devices with Default Credentials:
- intitle:"Router Login" | intext:"default username" - Searches for router login pages with default usernames.
- Exploring Database Backup Files:
- ext:sql intext:"-- MySQL dump" - Searches for MySQL database dump files.
- Identifying Exposed MongoDB Instances:
- intitle:"MongoDB Shell" - Searches for MongoDB admin consoles.
- Hunting for Backup Files:
- intitle:"Index of /backup" - Searches for directories with "backup" in the name.
- Uncovering Exposed Jenkins Instances:
- intitle:"Dashboard [Jenkins]" - Searches for Jenkins dashboard pages.
- Finding Apache Struts Vulnerabilities:
- intitle:"Welcome to the Apache Struts" intext:"showcase" - Searches for Apache Struts showcase applications.
- Discovering Exposed WordPress Theme Files:
- inurl:/wp-content/themes/ intitle:"Index of" - Searches for directories with WordPress theme files.
- Locating Exposed GitLab Repositories:
- intitle:"index of /" inurl:".gitlab.yml" - Searches for GitLab configuration files.
- Hunting for Exposed Jupyter Notebooks:
- intitle:"Jupyter Notebook" -"Sign Up" -"Log In" - Searches for public Jupyter notebooks.
- Finding Misconfigured Jenkins Instances:
- intitle:"Dashboard [Jenkins]" inurl:/job/ - Searches for Jenkins jobs.
- Exploring Exposed Grafana Dashboards:
- intitle:"Grafana" - Searches for Grafana dashboard pages.
Country-Specific Google Dork Lists
Country Most Used Dork List Security Level (%) United States "inurl:/view.shtml" "intitle:"Live View / - AXIS"" 85 India "inurl:"product.php?pid="" "inurl:"category.php?id="" 70 United Kingdom "inurl:"search.php?q="" "inurl:"results.php?q="" 80 Australia "intitle:"Test Page for the Apache Web Server on Fedora Core"" 75 Canada "intitle:"Test Page for the Nginx HTTP Server"" 80 Germany "intitle:"Index of /admin"" "intitle:"Index of /config"" 85 France "filetype:sql intext:username password" "intext:"Error 404: Not Found"" 75 Brazil "inurl:"/uc?id="" "filetype:env intext:AWS_SECRET_ACCESS_KEY" 70 Japan "intext:"Error 404: Not Found"" "inurl:/wp-admin" 80 South Africa "filetype:php inurl:info" "filetype:pem intext:PRIVATE KEY" 75 Russia "intitle:"index of" "backup"" "filetype:xls inurl:admin" 70 China "inurl:"/web-console/ServerInfo.jsp"" "intext:password filetype:log" 85 Mexico "intext:"Index of /backup"" "filetype:log inurl:web.config" 75 Spain "intitle:"index of" "passwords.txt"" "filetype:txt inurl:config" 80 Italy "intitle:"Index of /config"" "filetype:xml inurl:admin" 80 Argentina "inurl:"/wp-admin" intitle:"login"" "intext:"Index of /wp-content/uploads"" 75 Nigeria "intitle:"index of" "database.sql"" "filetype:ini inurl:admin" 70 Saudi Arabia "inurl:/console/CrystalReportsWebFormViewer.aspx" "filetype:sql intext:username password" 85 Netherlands "inurl:/console/login/LoginForm.jsp" "filetype:log inurl:admin" 80 Indonesia "inurl:/cgi-bin/printer/printer.cgi" "filetype:reg inurl:web.config" 75 Turkey "intitle:"index of" "config.txt"" "filetype:xml inurl:admin" 80 South Korea "inurl:/servlet/Main" "filetype:sql intext:username password" 80 Thailand "intitle:"index of" "config.xml"" "filetype:log inurl:web.config" 75 Egypt "inurl:/console/login/LoginForm.jsp" "filetype:txt inurl:admin" 70 Singapore "intext:"index of" "database.sql"" "filetype:ini inurl:admin" 80 Malaysia "intitle:"index of" "config.xml"" "filetype:log inurl:web.config" 75 Philippines "inurl:/console/CrystalReportsWebFormViewer.aspx" "filetype:sql intext:username password" 75 Vietnam "inurl:/console/login/LoginForm.jsp" "filetype:log inurl:admin" 75 Bangladesh "intext:"index of" "config.txt"" "filetype:xml inurl:admin" 70 Sri Lanka "inurl:/console/CrystalReportsWebFormViewer.aspx" "filetype:sql intext:username password" 70 Israel "intitle:"Index of /admin"" "filetype:xls inurl:admin" 80 Pakistan "intitle:"index of" "passwords.txt"" "filetype:txt inurl:config" 70 Iran "inurl:/cgi-bin/printer/printer.cgi" "filetype:reg inurl:web.config" 75 Iraq "intitle:"index of" "config.txt"" "filetype:xml inurl:admin" 70 Afghanistan "inurl:/servlet/Main" "filetype:sql intext:username password" 75 Kazakhstan "intitle:"index of" "config.xml"" "filetype:log inurl:web.config" 75
Contribute and Discover
Join the quest to build a comprehensive and responsible Google dork list. Contribute ethically and explore the internet responsibly with GDorks!
Show Your Support
Give us a ⭐️ if GDorks has been your guide in the vast online landscape!
Disclaimer
This list is for educational purposes only. Use Google dorks responsibly, respect privacy, intellectual property, and abide by all laws and regulations. Let's make the internet safer and more secure together!
Repository Views
Star History
Frequently Asked Questions (FAQ)
## Frequently Asked Questions (FAQ) ### What are Google Dorks? Google dorks are specialized search queries that use advanced search operators to refine Google searches. They help users find specific information that might be overlooked in regular searches. ### Can I Use GDorks for Malicious Activities? No, GDorks is intended for educational purposes only. Any unauthorized or malicious use is strictly prohibited. Use GDorks responsibly, respecting privacy and legal boundaries. ### How Often is GDorks Updated? The repository is periodically updated to include new dorks and improve existing ones. You can contribute to the project by submitting your dorks or enhancements. ### I Found a Security Vulnerability. What Should I Do? If you discover a security vulnerability, please report it responsibly to the website owner or administrator. Do not exploit or disclose vulnerabilities publicly.
For more questions, check our full FAQ section.
Note: This list is for educational purposes only. Always use Google dorks responsibly and never engage in any unauthorized or unethical activities. Respect privacy, intellectual property, and abide by all applicable laws and regulations. Let's make the internet a safer and more secure place! Happy dorking!