top of page

G00gle Dorks | Vulnerable Services

Google serves some 80 percent of all search queries on the Internet, making it by far the most popular search engine. Its popularity is due not only to excellent search effectiveness, but also extensive querying capabilities. However, we should also remember that the Internet is a highly dynamic medium, so the results presented by Google are not always up-to-date – some search results might be stale, while other relevant resources might not yet have been visited by Googlebot (the automatic script that browses and indexes Web resources for Google).

Google Dorks is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites.

You can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data).

Here you have some example:

intitle:"index of" inurl:ftp

allintext:username filetype:log

intitle:"webcamXP 5"

db_password filetype:env

intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"

intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:pdf

Others examples:

Google queries for locating various Web servers:

"Apache/* Server at" intitle:index.of == any version of Apache

"Microsoft-IIS/* Server at" intitle:index.of == any version of Microsoft Internet Information Services

"Oracle HTTP Server/* Server at" intitle:index.of == any version of Oracle HTTP Server

"IBM _ HTTP _ Server/* * Server at" intitle:index.of == any version of IBM HTTP Server

"Netscape/* Server at" intitle:index.of == any version of Netscape Server

"Red Hat Secure/*" intitle:index.of == any version of the Red Hat Secure server

"HP Apache-based Web Server/*" intitle:index.of == any version of the HP server

Queries for discovering standard post-installation Web server pages:

intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!" == Apache SSL/TLS

intitle:"Test Page for the Apache Web Server on Red HatLinux" == Apache on Red Hat

intitle:"Test Page for the Apache Http Server on Fedora Core" == Apache on Fedora

intitle:"Welcome to Your New Home Page!" Debian == Apache on Debian

Searching for personal data and confidential documents:

filetype:xls inurl:"email.xls" email.xls == files, potentially containing contact information

"phone * * *" "address *" "e-mail" intitle: "curriculum vitae" == CVs

"not for distribution" confidential == documents containing the confidential clause

intitle:index.of mystuff.xml == Trillian IM contacts list

filetype:QDF QDF == database files for the Quicken financial application

intitle:index.of finances.xls == finances.xls files, potentially containing information on bank accounts

Queries for locating network devices:

"Copyright (c) Tektronix, Inc." "printer status" == PhaserLink printers

inurl:"printer/main.html" intext:"settings" == Brother HL printers

intitle:"Dell Laser Printer" ews == Dell printers with EWS technology

intext:centreware inurl:status == Xerox Phaser 4500/6250/8200/8400 printers

inurl:hp/device/this.LCDispatcher == HP printers

intitle:liveapplet inurl:LvAppl == Canon Webview webcams

intitle:"EvoCam" inurl:"webcam.html" == Evocam webcams

inurl:"ViewerFrame?Mode=" == Panasonic Network Camera webcams

intitle:"my webcamXP server!" inurl:":8080" == webcams accessible via WebcamXP Server

allintitle:Brains, Corp. camera == webcams accessible via mmEye

intitle:"active webcam page" == USB webcams

⚠️ This post is for educational and testing purposes only ⚠️

933 views0 comments

Recent Posts

See All

Cyrillic Alphabet

Exploring the Cyrillic Alphabet: A Beginner's Guide Have you ever come across the Cyrillic alphabet and wondered what it's all about? Maybe you've seen it on Russian websites, or perhaps you've notice

MacOS | Recording a Packet Trace

A packet trace is a record of traffic traveling across the network. It’s useful for investigating complex network problems related to both correctness and performance. Once you start a packet trace on

DNS Guard

Absolutely everything is connected to the internet these days, from TV to smart light bulbs, from mobile devices to smart cars. Given those ads and ad trackers are everywhere on the Internet, a browse


bottom of page