Scribd
Upload
595 views2 pages

Google Dorking For Penetration Testing and Reconnaissance

Google Dorking is a technique used in penetration testing to find sensitive information online, including files, admin panels, and breach data. The document provides various example dorks for searching specific file types, breach information, admin panels, and employee details, along with tools like LinkedIn and Hunter.io for gathering publicly available data. It emphasizes the importance of legality and ethical considerations when using this information for testing purposes.

Uploaded by

mmuzamilmahmoodahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
595 views2 pages

Google Dorking For Penetration Testing and Reconnaissance

Google Dorking is a technique used in penetration testing to find sensitive information online, including files, admin panels, and breach data. The document provides various example dorks for searching specific file types, breach information, admin panels, and employee details, along with tools like LinkedIn and Hunter.io for gathering publicly available data. It emphasizes the importance of legality and ethical considerations when using this information for testing purposes.

Uploaded by

mmuzamilmahmoodahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Google Dorking for Penetration Testing and Reconnaissance

Google Dorking (Google Hacking) is a powerful technique for finding information on the web
that is not meant to be easily accessible. These can include files, admin panels, breach data,
and more. Below are some Google dorks and methods you can use to find specific types of
information.

1. Google Dork to Search for Any File Type

To search for specific file types (e.g., .pdf, .doc, .xls, etc.), you can use the filetype:
operator.

Example Dorks:

●​ filetype:pdf "sensitive information"


●​ filetype:xls "confidential"
●​ filetype:doc "internal use only"

You can further refine this with site-specific searches:

●​ site:example.com filetype:pdf "confidential"

2. Google Dork for Searching Breach Information

If you are looking for breached credentials or sensitive information that might have been
leaked, you can use keywords combined with breach-related terms.

Example Dorks:

●​ intitle:"index of" "passwords.txt"


●​ filetype:txt "email password" site:.edu
●​ inurl:"/wp-content/uploads/" "user credentials"
●​ intitle:"index of" "credentials"

You can also search for files hosted in public repositories or directories:

●​ intitle:"index of" "database backup"


●​ filetype:sql "dump"

Important Note: Searching for and using leaked credentials is illegal unless you have
explicit permission from the organization for penetration testing.

3. Google Dork to Search for Admin Panels

Admin panels are often the gateway for controlling a web application. They are frequently
misconfigured or poorly secured.

Example Dorks:
●​ inurl:admin/login.php
●​ inurl:admin/dashboard
●​ inurl:admin/index.php
●​ intitle:"admin panel" site:example.com
●​ intitle:"Admin Login" inurl:admin
●​ inurl:wp-admin (for WordPress admin panels)

You can refine these to target specific sites or applications:

●​ site:example.com intitle:"admin login"

4. Google Dork to Check Employee Details

Searching for employee details often involves scouring documents, directories, or HR


listings.

Example Dorks:

●​ intext:"employee directory" site:.gov


●​ intext:"contact list" filetype:xls
●​ inurl:"staff directory" site:.edu
●​ filetype:xls "employee contact"
●​ filetype:pdf "staff email"

5. Websites to Check Employee Details and Company Emails

While it's not ethical to use such websites for malicious purposes, here are some tools and
platforms that collect publicly available data for legal intelligence purposes:

●​ LinkedIn: You can find employee details by searching the company on LinkedIn and
filtering by employee roles.
●​ Hunter.io: Hunter.io allows you to search for domain-specific email addresses of
employees.
●​ Clearbit: Another tool to collect business contact information and personal email
addresses.
●​ RocketReach: Allows you to find employee emails, phone numbers, and LinkedIn
profiles.

These tools are often used for sales and marketing purposes but could be useful in recon
during red team operations or OSINT gathering.

Example Query to Find Employee Contact Info on Hunter.io:

1.​ Visit https://hunter.io


2.​ Enter the company's domain, e.g., example.com.
3.​ Hunter.io will list publicly available emails associated with the domain.

You might also like