Contact us
google-dorks-mini
Blog

Finding vulnerabilities with Google Dorks

There are simple ways to uncover files that weren’t effectively protected. We’ll focus on Google search operators that can be used to get...
25 September 2016
Cybersecurity testing
Web app testing
  • Home
  • Blog
  • Finding vulnerabilities with Google Dorks
Article by a1qa
a1qa

For any company data confidentiality is a matter of high importance. Leak of clients’ usernames and passwords or loss of system files may result in great financial expenses and destroy the reputation of the most trustworthy organization. The article is by Vadim Kulish, a security testing engineer.

Considering all potential risks, companies spend big money to embed the latest security technologies to prevent unauthorized access to the valuable data.

But have you ever given a thought that besides sophisticated hacking attacks, there are simple ways to uncover the files that weren’t effectively protected. Using advanced search techniques, sometimes referred to as Google dorking search, one can discover exposed information on public websites. In this article, we’ll focus on Google search operators that can be used to get more specific search results or to detect sensitive information for sensitive files and data leakage risks.

Let’s start from the beginning.

One can hardly imagine Internet surfing without search systems as Google, Bing and others alike. Search engines index vast amount of web pages to make them available for surfing. These solutions provide advanced search capabilities that go far beyond simple keyword queries.

Google search operators

When you search in Google, you can include search operators in the entry field to narrow or broaden your search. These commands are widely used in cybersecurity practices and educational tutorials to identify publicly exposed content and potential security weaknesses. The most commonly used of them are the following:

* site: returns results from certain sites or domains

E.g.: If you enter site:example.com you’ll get all info in Google related to the example.com website.

* filetype: searches for exact file type

E.g.: The entry filetype:php site:example.com will provide you with the list of php-files from the website example.com.

* inurl: searches for specific text in the indexed URL

E.g.: The entry site:example.com inurl:admin will search for the administration panel on the website. This search technique is based on specific keywords for dorks used in Google dorking.

* intitle: searches for query terms in the page’s title

E.g.: The entry example.com intitle:”Index of” will return documents from the website example.com that mention the word “index of” in their titles.

* cache: searches in Google cache

E.g.: cache:example.com will show Google’s cached version of the page instead of the current one.

Unfortunately, web crawlers are not able to determine the type and degree of information confidentiality. Therefore, they equally treat blog articles, which are published for wide audience, and database backup copy stored in the web server root directory and not intended for third parties view.

Thanks to this feature and using the search operators, hackers manage to detect vulnerabilities of web resources, information leaks (backup copies and text of the web applications errors), hidden resources, such as opened administration panel without authentication and authorization mechanisms embedded.

Types of information that can be detected by search engines and may be potentially interesting to hackers include the following:

* Third-level domains of the explored resource

Third-level domains can be found using the keyword “site:”. For example, the query site:. * example.com will return all domains of the third level of the website example.com. Such requests enable to detect hidden management resources, release management systems, as well as other applications with the web interface, including interfaces of various online devices dork target.

* Hidden files on a web server

When searching, you may happen to view various parts of the web application. To find them, use the query filetype:php site:example.com. It will return previously unavailable functionality in the application, as well as other information about the app.

* Backup copies

Backup copies may be found with the filetype: keyword. Usually backup copies are stored using the following file extensions: bak, tar.gz, sql. For instance: site:. * example.com filetype:sql. Backup copies often contain logins and passwords of the admin interfaces, as well as user data and source code of your website, which are valuable secrets.

* Errors of the web application

The text of the error may contain various data about the app’s system components (web server, database, web application platform). This information is always very interesting to hackers because it allows to find out more about the target system and to enhance the attack. For instance: site: example.com “warning” “error”.

* Login and password

Web application cracking may reveal a lot of users’ sensitive data. The request filetype:txt “login” “password” will allow you to find files with usernames and passwords. Likewise, you can check whether your email or any account has been hacked using queries for email such as filetype:txt “user_name_or_email”.

The combinations of keywords and search strings used to detect confidential information are commonly named Google Dorks and are often perceived as a “google secret” by those unfamiliar with advanced search techniques.

Google has collected them in the public Google Hacking Database. Now any company representative, whether CEO, a developer or a webmaster, may learn about what type of sensitive data was detected with this or that query. All dorks are broken down by categories to make the search more comfortable, including exposed files, credentials, location-related data, and connected systems.

Google Dorks leaving mark in the history of hacking

Finally, learn about the cases of how Google Dorks helped the attackers to get access to sensitive but poorly protected information that clearly demonstrate the practical advantage of this technique for uncovering exposed data:

#1. Leakage of confidential documents on the bank’s website

During the official bank site security analysis, a large number of pdf-documents was detected. All documents were found with a query “site:bank-site filetype:pdf“. Interestingly, it turned out that the contents of documents represented plans of the bank branch premises across the country. For sure, that information would be very interesting to bank robbers.

#2. Cardholders’ data search

Very often breaking into online stores, attackers gain access to users’ payment data. To make this info public, violators use public services that are indexed by Google. Sample query: “Card Number” “Expiration Date” “Card Type” filetype:txt.

With all this in mind, we recommend that you check the security of your website to prevent dubious activities related to your resource.

But we advise you to look beyond the basic checks and use this information as a practical guide for understanding potential risks. Address security testing specialists to conduct comprehensive analysis of your software product. After all, it’s better and cheaper to prevent data loss than repair the damage incurred.

More Posts

30 January 2026,
by a1qa
5 min read
Strategic QA: The foundation of digital transformation
Digital transformation moves fast. Discover how modern QA helps you deliver change at speed by identifying high-stakes risks before they impact your reputation or your bottom line.
Cybersecurity testing
Functional testing
Performance testing
Quality assurance
Usability testing
31 December 2025,
by a1qa
5 min read
OWASP Top 10:2025: what changed and how QA helps reduce risk
As AI speeds up development and attackers exploit business logic, the latest OWASP Top 10 exposes why traditional security checks fall short and how QA must evolve to protect modern web applications.
Cybersecurity testing
25 June 2025,
by a1qa
5 min read
Microservices testing: strategies for resilience, speed, and precision
Learn how a thoughtful QA strategy can keep distributed systems running like clockwork.
Cybersecurity testing
Performance testing
Test automation
14 April 2025,
by a1qa
5 min read
Cybersecurity: Top 5 questions to ask a QA vendor
What information to request from QA providers to get confident in the complete security of your software and protect end-user sensitive data? Read about that in the article.
Cybersecurity testing
2 December 2024,
by a1qa
6 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
Migration testing
QA in Fintech
black-friday
5 November 2024,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
QA for retail software
29 August 2024,
by a1qa
4 min read
QA to address key pain points in retail 
Explore how QA helps address the main challenges that retailers face when developing software.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
QA to ensure smooth migration to the cloud
15 August 2024,
by a1qa
3 min read
QA to ensure smooth migration to the cloud
Learn how effectively migrate to the cloud by implementing QA activities.
Cloud-based testing
Cybersecurity testing
Functional testing
Migration testing
Performance testing
Quality assurance
Test automation
QA for fintech
7 May 2024,
by a1qa
5 min read
Navigating the fintech frontier in 2024: QA’s role in delivering high-quality financial software 
Unveil the future of fintech innovations and learn to refine their quality with the help of software testing.
Blockchain app testing
Cybersecurity testing
QA in Fintech
Quality assurance

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
This file is too large
Up to 5 attachments. File must be less than 5 MB.
Allowed types: jpg, jpeg, png, svg, pptx, pdf, doc, docx, ppt, odt
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.