Skip to content

Next edition July 6th, 2026

Offensive security

Google Dorking

Google dorking (also called Google hacking) is the use of advanced search operators such as site:, inurl:, intitle:, and filetype: to find information that is exposed on the public web but not easy to discover through normal searching. Security researchers use it to surface exposed files, login pages, and vulnerability disclosure policies.

Author
parth-narula
Reading time
3 min read
Last updated

Google dorking turns an ordinary search engine into a reconnaissance tool. By combining advanced operators, a researcher can ask Google very precise questions and surface pages, files, and policies that are public but effectively hidden in the noise of normal search results. It is one of the most accessible techniques in offensive security, requiring nothing but a browser and a good understanding of operators.

Why It Matters

Search engines crawl and index far more than people realize: forgotten subdomains, exposed configuration files, log files, backups, login portals, and documentation. All of this is part of an organization's attack surface, and much of it was never meant to be found. Google dorking is how researchers (and attackers) surface it quickly, as a core part of passive reconnaissance that never touches the target's own servers.

For defenders, the same technique is essential: dorking your own organization is one of the fastest ways to find exposed assets before an attacker does.

Common Operators

Operators combine, which is where their power comes from. site:example.com inurl:login finds login pages on one domain; filetype:env can surface exposed environment files across the web.

Practical Examples for Recon

recon-dorks.txt
Text
# Find disclosure policies (low-competition programs)
site:com inurl:responsible-disclosure
inurl:.well-known/security.txt "contact"
site:io "report a vulnerability"

# Expand the attack surface
site:*.example.com -www
filetype:swagger OR inurl:swagger site:example.com

# Surface exposed files (test only what you are authorized to)
site:example.com ext:log OR ext:bak OR ext:sql

A security.txt file or a responsible-disclosure page often points to a Vulnerability Disclosure Program with very few competing hunters, which is exactly the kind of target a beginner wants.

How It Fits Into a Recon Workflow

Dorking is a passive technique, so it is usually one of the first steps, surfacing leads that you then verify and explore with the rest of your toolkit.

Querying public data is legal; acting on what you find may not be. Finding an exposed admin panel does not authorize you to log into it.

The Google Hacking Database catalogs thousands of proven dorks for learning. To see how dorking fits into finding and scoring a first target, read how to choose your first bug bounty target.

In the Bootcamp

How We Teach Google Dorking

In our Cybersecurity Bootcamp, you won't just learn about Google Dorking in theory. You'll practice with real tools in hands-on labs, guided by industry professionals who use these concepts daily.

Covered in:

Module 10: Penetration Testing and Ethical Hacking

Related topics you'll master:MetasploitNmapBurp SuitePrivilege Escalation
See How We Teach This

360+ hours of expert-led training • CompTIA Security+ included