Google dorks are a fantastic way to to quickly filter search results and find an absolute treasure trove of information online. By simply using a few special operators we can dig deeper into Google search results to find the information we are looking for. In part 1, we will focus on the basic searches and the information they provide. For part 2, we will delve in to the more advanced operators to explore how we can link them together to create extremely powerful search queries.
So let’s get started with some incredibly simple Google dorks and use them individually to understand how they work. Then we can begin linking them together. I will do my best to make a number of examples for different scenarios, but you can always get in touch if you need help with specific dorks for your use case.
The ‘site’ operator
This is by far the fastest way to limit search results to a specific website and can actually be useful when a website search box isn’t giving you the information you need. It’s really simple to use, if you wanted just facebook information, you would use:
The ‘filetype’ operator
Filetype is incredibly useful if you are looking for specific document types, whether they be PDF, Word (doc, docx), CSV’s or spreadsheets, you can restrict your search to many file types. With enough time and the correct search parameters you will be somewhat shocked at what is available online. For example, the below search returns some interesting results
filetype:pdf AND "manifesto"
So ‘filetype’ can be really beneficial when searching for documents and spreadsheets. You can easily combine operators into one search, I will give some other examples as we move through this post.
The ‘Intitle’ and ‘allintitle’ operators
The ‘intitle’ and ‘allintitle’ operators provide us an opportunity to further narrow our results with the ability to restrict our search for words contained in a page title.
Now these operators can get a little confusing on which one to use, so to give a rough example, ‘intitle’ will return results where any of the words exist, whereas ‘allintitle’ will search for every keyword used and return those results.
Where it starts to get confusing is with the use of speech marks, like the example below. This essentially produces the same result as the similar ‘allintitle’ version. So if your intention is to wrap your query in speech marks, you shouldn’t need to worry about using either for basic searches.
intitle:"non profit scam"
The ‘Inurl’ operator
‘Inurl:’ is another extremely useful operator when needing to look for specific keywords within the website address itself. These operators become particularly useful when quickly wanting to search for all blogs on OSINT for example.
inurl:blog AND "OSINT"
The ‘Intext’ operator
Intext is another useful operator allowing you to search for words in the content of pages. This could prove incredibly useful when searching for sensitive documents on specific topics, for example
intext:"classified" OR "internal use only" OR "confidential" filetype:pdf
As you should hopefully be able to see, with a few extra search operators we can start to find the information we are looking for much faster. But now lets start to drill down further with some other operators we can use and then combine them all to start our OSINT journey together.
Putting it all together
Now, lets try to use some operators to find some more interesting information to see what’s truly available to be found online. Pastebins, for example, can be an absolute treasure trove of information and with the right search queries, you can find so data to start any investigation.
It really is surprising that a simple Google dork can yield such information, the simplest of searches provide a real insight into what is actually available on the internet with the right search query, including email addresses and passwords.
In future posts, we will take a look at advanced google dork techniques to yield more information from the web. In the meantime, have a play with some of these search queries in Google and you will see what we mean.
inurl:pastebin.com ("pass" OR "password")
Will give you:
inurl:pastebin.com ("@gmail.com" OR "@hotmail.com" OR "@yahoo.com") *also works with company emails*
Will give you:
Will give you:
inurl:pastebin.com ("leaked" OR "leak" OR "dump" OR "database")
Will give you:
The usual disclaimer applies, this is purely for educational and research purposes.
In the next article, we will explore how we can use the remaining operators to do more advanced searches and then begin to explore how to put everything together.