9 Google Dorks you NEED to know about! 🧵
Google knows everything about your target. Google Dorking is using the search engine to find juicy stuff!
Here are some quick examples to show you the POWER of dorks 👇
Google knows everything about your target. Google Dorking is using the search engine to find juicy stuff!
Here are some quick examples to show you the POWER of dorks 👇
[1️⃣] Recon through copyright
A lot of targets have a copyright string they include on every site they manage. Let's find new assets by seeing if Google knows of any more pages that have that copyright!
A lot of targets have a copyright string they include on every site they manage. Let's find new assets by seeing if Google knows of any more pages that have that copyright!
![[1️⃣] Recon through copyright
A lot of targets have a copyright string they include on every site t...](https://pbs.twimg.com/media/FhmwGAUXgAEaCII.png)
[2️⃣] Login pages
Let's say you've found some credentials for your target, but you don't know where to use them. Fret no more! This Google dork will help you find all login pages on your target's domain!
Let's say you've found some credentials for your target, but you don't know where to use them. Fret no more! This Google dork will help you find all login pages on your target's domain!
![[2️⃣] Login pages
Let's say you've found some credentials for your target, but you don't know where...](https://pbs.twimg.com/media/FhmwTyIXwAEJkgv.png)
[3️⃣] Excel sheets
Google dorks can help you find files with juicy stuff. Try looking for Excel sheets, Powerpoint presentations and more. You're almost guaranteed to find some credentials lying around!
Google dorks can help you find files with juicy stuff. Try looking for Excel sheets, Powerpoint presentations and more. You're almost guaranteed to find some credentials lying around!
![[3️⃣] Excel sheets
Google dorks can help you find files with juicy stuff. Try looking for Excel she...](https://pbs.twimg.com/media/FhmwbjpWIAAoZ3r.png)
[4️⃣] Exposed git repositories
Having the source code makes hacking so much more fun, right?
This dork tries to find accessible git directories for you, time to download and enjoy that sweet source!
Having the source code makes hacking so much more fun, right?
This dork tries to find accessible git directories for you, time to download and enjoy that sweet source!
![[4️⃣] Exposed git repositories
Having the source code makes hacking so much more fun, right?
This...](https://pbs.twimg.com/media/FhmwjeGWQAAfkTD.png)
[5️⃣] Backups
This is a very simple one, but try to look for backup files (with for example the .bak extension). However, remember that in bug bounty, creativity gets rewarded, so come up with your own dorks for looking for backups!
This is a very simple one, but try to look for backup files (with for example the .bak extension). However, remember that in bug bounty, creativity gets rewarded, so come up with your own dorks for looking for backups!
![[5️⃣] Backups
This is a very simple one, but try to look for backup files (with for example the .ba...](https://pbs.twimg.com/media/FhmwqzuXoAEWfg-.png)
[6️⃣] Finding s3 buckets
S3 buckets are used to store files by companies. They can be misconfigured allowing attackers to potentially gain access to sensitive files. This dork can help you find s3 buckets.
⚠ Only attack buckets you KNOW belong to your target ⚠
S3 buckets are used to store files by companies. They can be misconfigured allowing attackers to potentially gain access to sensitive files. This dork can help you find s3 buckets.
⚠ Only attack buckets you KNOW belong to your target ⚠
![[6️⃣] Finding s3 buckets
S3 buckets are used to store files by companies. They can be misconfigured...](https://pbs.twimg.com/media/Fhmw12_WIAUIxuR.png)
[7️⃣] CVEs
Another powerful way to use Google dorks is to find a CVE and use dorks to find vulnerable endpoints on your target.
The example below uses this trick to find instances of a CMS with CVE-2019-9647
Another powerful way to use Google dorks is to find a CVE and use dorks to find vulnerable endpoints on your target.
The example below uses this trick to find instances of a CMS with CVE-2019-9647
![[7️⃣] CVEs
Another powerful way to use Google dorks is to find a CVE and use dorks to find vulnerab...](https://pbs.twimg.com/media/Fhmw9Y-WIAALsnU.png)
[8️⃣] Error messages
Finding an error message on a website can be a great indication that there's some vulnerability hiding somewhere. Google Dorking can be used to find specific error messages
Finding an error message on a website can be a great indication that there's some vulnerability hiding somewhere. Google Dorking can be used to find specific error messages
![[8️⃣] Error messages
Finding an error message on a website can be a great indication that there's s...](https://pbs.twimg.com/media/FhmxWYCWYAMBAq2.png)
[9️⃣] Sensitive data
Google dorks can also often be used to find files that potentially contain sensitive data. Check out this example looking for directory listings containing .htaccess files
Google dorks can also often be used to find files that potentially contain sensitive data. Check out this example looking for directory listings containing .htaccess files
![[9️⃣] Sensitive data
Google dorks can also often be used to find files that potentially contain sen...](https://pbs.twimg.com/media/FhmxewXXoAc5O5R.png)
That's all for this thread! 🧵
How do you use Google dorks while hunting for bugs? Let us know in the comments! 🔥
And if you want more of these threads, be sure to leave a like 💜
How do you use Google dorks while hunting for bugs? Let us know in the comments! 🔥
And if you want more of these threads, be sure to leave a like 💜
Loading suggestions...