top of page
  • Writer's pictureotw

OSINT: Google Hacking and Dorks to Find Key Information

Updated: Dec 28, 2022

As all of us know, Google operates the most widely used Internet search engine on the planet. Google crawls nearly every web page, of every website, and builds a massive database of all the information it gathers. Most people then use Google's database to search by keywords for articles relevant to the subject of their inquiry. Google then retrieves the most relevant websites based upon its algorithm (the PageRank algorithm, named for Larry Page, one of Google’s founders) which prioritizes the articles.

What few know is that Google has particular keywords and operators that can assist you in extracting precise information from this extraordinary database. As a hacker, that Google database may yield information about potential targets that could prove invaluable, including passwords.

Let's take a look at a few of those keywords and what they do.

Google Hacking Keywords

Please note that Google's keywords require a colon(:) between the keyword and the search terms, such as intitle:hackers-arise.

Although far from an exhaustive list, here are some of the more widely used Google keywords;

If you use the site keyword, Google restricts your search to the site or domain you specify.

Google Hacking Examples

Let's look at some examples of how we can use Google hacking to find relevant web sites and files.

As you know, many firms store important financial and other information in Excel files. We could use a simple Google hack that looks for the Excel filetype, “.xls” or “.xlsx”.


We can get a bit more selective and combine Google keywords to look for Excel files in government websites (by using the keyword site with the top level domain .gov) that have the word "contact" in their URL. This yields web pages that have contact lists from government agencies, a possible treasure trove for social engineering.


If I were looking for an Excel file with email addresses, I might use the following:

filetype:xls inurl:email.xls

Many PHP applications are vulnerable to SQL injection and other attacks. We can look for these types of web applications with:


Some other Google hacks that might yield interesting results include:

intitle:"site administration:please log in"

If I were pursuing a social engineering attack and I want to gather useful information on my target, I might use:

intitle:"curriculum vitae" filetype:doc

Effectively finding unsecured web cams is one of the more fun aspects of Google hacks. The following list shows some of these effective hacks for finding vulnerable web cams:

These Google dorks are innumerable and some people such as Johnny Long, specialize in developing effective Google dorks. Johnny Long is famous for developing effective Google dorks and has written a couple of good books on the subject. Another good source for Google dorks is the Exploit Database at If we go there and click on the GHDB tab to the left of the screen, we can find the latest Google dorks.

When we click on the GHDB tab, it opens:

Here we can find thousands of Google dorks. Some are more effective than others. We can be very specific about the kind of dorks we are seeking. For instance, if we were targeting WordPress websites, we could enter the keyword “wordpress" in the search window, and this site would display all the Google dorks relevant to WordPress built websites (WordPress is the world's most popular content management system for building websites). Among the many Google dorks we find here is a more complex one that combines several phrases:

filetype:sqlintext:password | pass | passwdintext:usernameintext:INSERT INTO `users` VALUES

When we use this dork, we find several web sites. When we click on one, we find the following:

As you can see, we were able to find a SQL script that inserted users and passwords into a database. As we can scan through this script, we find numerous username and password pairs. These should make hacking these accounts pretty simple!

Google Hacking Summary

Google hacking is a key skill that every hacker should be aware of and master. In many cases, it can yield information on our target that may save us hours or even days in exploiting the target.

As we continue to expand on information gathering techniques, keep in mind that you are unlikely to use all of these techniques on one project. Each project is unique, and you will need to customize your information gathering techniques to the target. It is also important to note here that we are using publicly available information that does not require we "touch" the domain or website of the potential target and, thereby, trigger some alert by an Intrusion Detection System (IDS) or other security devices as we are gathering information on the target.


Recent Posts

See All


Jan 03, 2023

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on ,, and you can also , whatsap…


Hey everyone , I don’t really know much about this hacking things but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker @ gmail, com]..tell him you are from me or text him or whatsapp +1 8 1 3 4 2 1 1 3 2 6…. You can thank me later.


very helpful.

bottom of page