Google Dork Programs

FastGoogleDorksScan
DorkList on Github
dorks
Katana-ds (dork scanner for Python
Find Bug Bounties
Dorks by thomasdesr
Dorks-Eye
Shodan+Google
Dorkify
Strategic Dorking
Strategic Dorking 2

Pagodo

Google Dorks Sites

Exploit DB
Hackers-Arise  
Cylab.be

Basic Google Dorks

Find sensitive information within PDFs:_
filetype:pdf intext:PersonsName
Find sensitive information within TXT files:
filetype:txt intext:password
Find sensitive information within XLSX:
filetype:xlsx intext:YourText
Find sensitive information within RTF:
filetype:rtf intext:db_password
Find super-sensitive info:
filetype:txt intext:email AND "SSN"

Find db_login and db_password fields hidden in XML files:

filetype:xml intext:db_login filetype:xml intext:database_password

Find stuff in Open Office documents: filetype:odt intext:db_password

SMTP

https://www.exploit-db.com/ghdb/5505

env.bak

intitle:"index of" "env.bak"

Great stuff:

ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml)

(intext:confidential salary | intext:"budget approved")

inurl:confidential  

Find a product key:
“Windows XP Professional” 94FBR

Find web .config files:
filetype:config inurl:web.config inurl:ftp  

More good stuff:

intext:"index of /" Nina Simone

Find music
intitle:”index.of” “parent directory” “size” “last modified” “description” I Put A Spell On You

Find movies
(mp4|mp3|avi|flac|aac|ape|ogg) -inurl:

(jsp|php|html|aspx|htm|cf|shtml|lyrics-realm|mp3-collection) -site:.info Bill Gates intitle:”index.of” “parent directory” “size” “last modified” “description” Microsoft

(pdf|txt|epub|doc|docx) -inurl:

(jsp|php|html|aspx|htm|cf|shtml|ebooks|ebook) -site:.info

parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Google Dorks for Trello

inurl:https://trello.com AND [intext:@gmail.com]

inurl:https://trello.com AND [intext:@gmail.com] AND [intext:pw]

mailto:intext:@gmail.com) AND intext:password

site:trello.com intext:@gmail.com

site:trello.com intext:accesskey

site:trello.com intext:sql intext:sa

site:trello.com intext:postgresql intext:root

site:trello.com intext:BEGIN RSA PRIVATE KEY

Excellent Trello dork:

site:trello.com intext:cpanel AND intext:password

site:developers.trello.com -site:help.trello.com

site:trello.com password

Google Dorks for WordPress Sites

inurl:/wp-content/uploads/ ext:txt "db_user" AND "db_password"

"DB_PASSWORD" filetype:env

inurl:/wp-content/uploads/ ext:txt "cpanel" AND "password"

inurl:/idx_config/ ext:txt "password" inurl:/idx_config/

ext:txt "db_password". inurl:/file-manager/log.txt (/wp-content/uploads/file-manager/log.txt) /fgallery/config. /assets/downloads/wp-config.dev.php.txt..

Google Dorks from null byte:

allintext:password filetype:log after:2018 filetype:env "DB_PASSWORD" after:2018

Find FTPs:

filetype:url +inurl:"ftp://" +inurl:";@". inurl:config.php dbuname dbpass

Find MySQL Credentials:

inurl:org AND filetype:sql AND intext:password

filetype:sql password

Helpful Links for Google Dorks:

FreeCodeCamp

EasyHackWeb

Sundowndev

Techworm

Strings to Search with Google Dorks

"Dbtype" and "mysqli" and "password" are found in Joomla configuration files (like "db_password", "db_name" for WordPress). smtp-username ftpPasswordLabel         End

Google Dorks for Twitter

Find Twitter user's "I live here" city:
@username live

Find Twitter user's contact info:
@username call me

More dorks

From [OffensiveSecurity]

Google Dorks for WordPress

Updraftplus

inurl:wp-content/plugins/updraftplus

BackupBuddy

index of /wp-content/uploads/backupbuddy

BackWPup

intitle:index.of "backwpup"
inurl:wp-content/uploads/backwpup
/wp-content/uploads/backwpup-restore

Make something out of this:

Index of /wp-content/uploads/backwpup-restore
Name Last modified Size Description Parent Directory
restore.dat 2021-08-05
uploads

And this:

[INFO] BackWPup job: dunlapbackup
[INFO] Logfile is: backwpup_log_29f4d7_2021-11-21_03-00-12.html
[INFO] Backup file is: backwpup_YQU7JV7401_1956f801_2021-11-21_03-00-12.tar.gz
[21-Nov-2021 03:00:48] Added XML export "Dunlap_Institute.wordpress.2021-11-21.xml" with 11.41 MB to backup file list.
[21-Nov-2021 03:00:48] Added plugin list file "Dunlap-Institute.pluginlist.2021-11-21.txt" with 6.48 KB to backup file list.
[21-Nov-2021 03:00:18] Added database dump "dunlap.sql" with 67.45 MB to backup file list
[21-Nov-2021 03:01:07] WARNING: File "/web/httpd/html/wp-config.php~" is not readable!
[INFO] Backup file is: backwpup_LQU7JV6B01_1956f801_2021-12-20_03-00-30.tar.gz

inurl:'log' AND intext:'[INFO] Backup file is: backwpup'

Detectify

Dorks for Backups

inurl:"?db_backup" | inurl:"dbbackup" -site:github.com "sql.gz" | "sql.tgz" | "sql.tar" | "sql.7z"

\