Reconnaissance | T1595
🔍 Google Dorking Techniques
🧠 Description
Google Dorking uses advanced search operators to find sensitive information, exposed files, vulnerable pages, and other OSINT data through search engines.
🔤 Basic Operators
# Site-specific search site:target.com # Exact match "exact phrase" # File type search filetype:pdf filetype:xlsx filetype:sql # Integeritle intitle:"admin panel" allintitle:"index of" # Inurl search inurl:admin inurl:login inurl:config
📂 Sensitive Files
# Config files filetype:ini "password" filetype:env filetype:conf filetype:cfg # Database files filetype:sql "INSERT INTO" filetype:db filetype:mdb # Log files filetype:log intitle:"access.log" # Backup files filetype:bak filetype:backup filetype:old # Key files filetype:key filetype:pem filetype:ppk
📁 Directory Enumeration
# Directory listing intitle:"Index of" "admin" intitle:"Index of" "backup" intitle:"Index of" "config" # Hidden pages site:target.com inurl:hidden site:target.com inurl:dev # Admin panels site:target.com inurl:admin site:target.com inurl:administrator site:target.com inurl:phpmyadmin
⚠️ Vulnerability Patterns
# SQL Injection inurl:".php?id=" site:target.com # LFI/RFI patterns inurl:".php?page=" "etc/passwd" inurl:".php?file=" # XSS patterns inurl:".php?q=" # Misconfigurations site:target.com "debug=true" site:target.com "error in" # WordPress site:target.com "wp-content" site:target.com "wp-admin"
🛠️ Dorking Tools
# recon-ng module recon-ng [recon-ng] > modules search google [recon-ng] > load google_site_web # GoohQ python3 goohq.py -d target.com # SiteKeeper sitekeeper.py target.com # dorking with Google Search API # Use rapidapi or custom scraper