Google Dork: go further in the search

Disclamer In this article, we are not going to make you a hacker, the goal is rather to control the hidden information that anyone could see by typing some targeted queries in Google. This way they can discover information leaks, vulnerabilities in your website.

What is Google Dork?

A Google Dork query, sometimes called simply dork, is a search string that uses advanced search operators to find information that is not readily available on a website.

In other words, we can use Google Dorks to discover hidden information buried on websites. Since Google has a search algorithm and indexes most websites, it can be useful for a hacker to find vulnerabilities on a target.

The basic syntax for advanced operators in Google is as follows:


For example, this syntax operator_name:keyword can be typed as filetype:xls intext:username in the standard search field, which results in a list of Excel files containing the term “Username”.

Simple syntax of Google Dorks

Site function: allows you to search for a specific website only. Example: housing (the keyword housing is searched on the pages of the indicated domain)

Allintitle” and “intitle” function: the title of the page contains the specified search term. Allintitle for an exact search. Example: allintitle:housing 

inurl” function: limits the results to those where the specified search keyword is contained in the URLs. Example: inurl:housing 

filetype” function: search for a specified file type. Example: filetype:pdf, also works with office documents such as (doc, docx, xls, xls, ppt, pptx). Example: filetype:pdf housing

intext” function: search for a site with a text containing the keyword or query

Other functions that are more related to the field of referencing

inanchor” function, but related, info and link functions are obsolete

Additional tips, remember to use inverted commas when you have several keywords, and the – to remove words that would interfere with your search. Example: filetype:pdf “housing in Versailles” -Paris

Finding sub-domain names

We are able to find the sub-domain of a target site using a simple Dork. We use the “site” function with -www, example: -www

What data can we find using Google Dorks?

  • Administrator login pages
  • User names and passwords
  • Confidential documents
  • Government/military data
  • Email lists, phone
  • Bank account details

There are over 6500 orders in this page