One aspect of good web programming is returning easy-to-use errors. If your application detects no coding errors, the webserver returns the error details in the browser. In some cases, the error details contain user names, passwords, and database-specific data that you do not want visitors to see. Most users bounce off a serving website, but not Google. Googlebot is just a crawler to scan the web for content, index it, and then present the results to search engines. If your web server returns coding error errors, Google indexes the content of these errors, which could mean that confidential login information is indexed. The result is that your web server provides search content that can be used to hack your website.

 Google Dorking refers to the process of using common error phrases that relate to a specific response code generated by a programming language. For example, your PHP application might have the wrong database username and password stored in your backend code. PHP returns a database-specific login error that should be handled when encoding an application. "Handling" an error refers to catching it and sending a user-friendly response to the browser. If you don't handle the error, the database login credentials are returned to the browser. When Googlebot visits your pages, it sees the PHP errors and indexes the content. This content is available to anyone who knows what PHP phrases to search for.

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
allintitle Searches for occurrences of keywords all at a time. allintitle:"keyword"
site Specifically searches that particular site and lists all the results for that site. site:"www.google.com"
filetype Searches for a particular filetype mentioned in the query. filetype:"pdf"
link Searches for external links to pages. link:"keyword"
numrange Used to locate specific numbers in your searches. numrange:321-325
before/after Used to search within a particular date range. filetype:pdf & (before:2000-01-01 after:2001-01-01)
allinanchor (and also inanchor) This shows sites which have the keyterms in links pointing to them, in order of the most links. inanchor:rat
allinpostauthor (and also inpostauthor) Exclusive to blog search, this one picks out blog posts that are written by specific individuals. allinpostauthor:"keyword"
related List web pages that are “similar” to a specified web page. related:www.google.com
cache Shows the version of the web page that Google has in its cache. cache:www.google.com

Examples

intext:"index of /"
Nina Simone intitle:”index.of” “parent directory” “size” “last modified” “description” I Put A Spell On You (mp4|mp3|avi|flac|aac|ape|ogg) -inurl:(jsp|php|html|aspx|htm|cf|shtml|lyrics-realm|mp3-collection) -site:.info
Bill Gates intitle:”index.of” “parent directory” “size” “last modified” “description” Microsoft (pdf|txt|epub|doc|docx) -inurl:(jsp|php|html|aspx|htm|cf|shtml|ebooks|ebook) -site:.info
parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
filetype:config inurl:web.config inurl:ftp
“Windows XP Professional” 94FBR
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential

Operators

Search Term

This operator searches for the exact phrase within speech marks only. This is ideal when the phrase you are using to search is ambiguous and could be easily confused with something else, or when you’re not quite getting relevant enough results back. For example:

"Tinned Sandwiches"

OR

This self explanatory operator searches for a given search term OR an equivalent term.

site:facebook.com | site:twitter.com

AND

site:facebook.com & site:twitter.com

Operators combinaison

(site:facebook.com | site:twitter.com) & intext:"login"
(site:facebook.com | site:twitter.com) (intext:"login")

Include results

This will order results by the number of occurrence of the keyword.

-site:facebook.com +site:facebook.*

Exclude results

site:facebook.* -site:facebook.com

Synonyms

Adding a tilde to a search word tells Google that you want it to bring back synonyms for the term as well. For example, entering “~set” will bring back results that include words like “configure”, “collection” and “change” which are all synonyms of “set”. Fun fact: “set” has the most definitions of any word in the dictionary.

~set

Glob pattern (*)

Putting an asterisk in a search tells Google ‘I don’t know what goes here’. Basically, it’s really good for finding half remembered song lyrics or names of things.

site:*.com
view raw GoogleDorking.md hosted with ❤ by GitHub