Talk With an Expert

Google Dorking/Hacking and Defense Cheat Sheet

Google Dorking/Hacking and Defense Cheat Sheet (PDF, 0.15MB)Published: 15 Feb, 2021
Created by:
SANS Institute
SANS Institute

What is Google Dorking/Hacking?

Google Dorking, sometimes called Google Hacking, is the practice of using advanced Google search operators to uncover information that isn’t easily found with a basic search. It’s also a powerful form of Open Source Intelligence (OSINT), since it focuses on gathering publicly available data from across the web. By crafting precise queries, users can reveal hidden details such as exposed files, login pages, or system configurations that were never meant to be indexed.

Despite the name, there’s nothing inherently illegal about Google Dorking. The technique is widely used by cybersecurity professionals, penetration testers, and researchers to identify vulnerabilities in their own systems before attackers can exploit them.

How Does Google Dorking Work?

At its core, Google Dorking is about refining searches with special operators that tell Google exactly what to look for. When paired with keywords or phrases, these operators can zero in on files of a certain type, content within a specific website, or even text that appears in a page title or URL.

Because Google’s crawlers index nearly everything they can access, all of that information becomes searchable to anyone who knows how to ask for it. That means misconfigured servers, forgotten documents, and outdated portals may show up in results. While this can expose sensitive data, the act of performing these searches is fully legal—it’s simply a way of shining light on what’s already public.

This document aims to be a quick reference outlining all Google operators, their meaning, and examples of their usage.

Use this sheet as a handy reference that outlines the various Google searches that you can perform. It is meant to support you throughout the Google Hacking and Defense course and can be used as a quick reference guide and refresher on all Google advanced operators used in this course. The student could also use this sheet as guidance in building innovative operator combinations and new search techniques.

Author

SANS Institute
SANS Institute

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place.

Read more about SANS Institute