DorkFinder

DorkFinder

Explore security exposures with categorized Google Dorks. Discover real-world examples for bug bounty, OSINT, and ethical hacking.

Filter by Category

Find Publicly Exposed Jenkins Instances
Unauthenticated Access
intitle:"Dashboard [Jenkins]"

Identifies Jenkins servers that may be publicly accessible, potentially exposing CI/CD pipelines.

Monitoring & Analytics
Version Control & Development
Search for SQL Dump Files
Sensitive Data Exposure
filetype:sql sql dump

Locates SQL dump files that might have been unintentionally exposed, containing sensitive data.

Database & Data Storage
File & Directory Exposure
Discover Vulnerable Wordpress Uploads Directories
Directory Listing
inurl:/wp-content/uploads/ "index of"

Finds Wordpress sites with directory listing enabled for uploads, potentially exposing sensitive files.

Content Management Systems (CMS)
File & Directory Exposure
Apache Struts DevMode Enabled
Remote Code Execution
inurl:struts/webconsole.html OR inurl:action:devmode

Identifies Apache Struts instances with developer mode enabled, which can lead to RCE.

Web Application Security
Exposed PHP Info Pages
Information Disclosure
ext:php intitle:phpinfo "published by the PHP Group"

Finds publicly accessible phpinfo() pages, revealing server configuration details.

Information Disclosure
Find Specific Outdated Software Versions (e.g., old Apache)
Outdated Software
intitle:"index of" "server at" "Apache/2.2.3"

Search for servers running a specific, potentially outdated and vulnerable, version of Apache.

Information Disclosure
Infrastructure & Network
GitHub Dorks for API Keys and Secrets
Credential Exposure
site:github.com "public_key" OR "private_key" OR "api_key"

Searches GitHub repositories for accidentally committed API keys or sensitive credentials.

Version Control & Development
File & Directory Exposure
Bug Bounty Recon for Subdomains
Asset Discovery
site:*.example.com -www.example.com

Helps in discovering subdomains of a target domain (replace example.com with target).

Infrastructure & Network
Information Disclosure
Web Application Security
Exposed .env Configuration Files
Credential Exposure
inurl:.env -intext:env "DB_PASSWORD" ext:env

Finds publicly accessible .env files which often contain sensitive credentials.

File & Directory Exposure
Information Disclosure
Web Application Security
Find Swagger/OpenAPI Definitions for API Mapping
API Endpoint Discovery
inurl:/swagger/index.html OR inurl:/api-docs OR intitle:"Swagger UI"

Discovers Swagger UI or OpenAPI definition files, which map out API endpoints.

Information Disclosure
Web Application Security
GitLab CI/CD Variables Exposure
Credential Exposure
inurl:gitlab.com intext:"CI_JOB_TOKEN" OR intext:"CI_REGISTRY_PASSWORD"

Searches for GitLab CI/CD variables that might be exposed in public projects or logs.

Version Control & Development
File & Directory Exposure
Web Application Security
Exposed Kubernetes Dashboards (Unauthenticated)
Unauthenticated Access
intitle:"Kubernetes Dashboard" -intitle:"Login"

Finds Kubernetes dashboards that might be accessible without authentication.

Cloud & Container Services
Monitoring & Analytics
Authentication & Access Control
AI Model Configuration Files Exposure
Credential Exposure
filetype:yaml "model_name" "api_key" "openai"

Looks for exposed configuration files related to AI/LLM models, potentially containing API keys.

File & Directory Exposure
Information Disclosure
Web Application Security
Frontend Source Maps Exposure
Source Code Disclosure
filetype:map inurl:js "webpackChunk"

Finds JavaScript source maps which can expose original source code of frontend applications.

Information Disclosure
Version Control & Development
Web Application Security
SQL Injection Points in URL Parameters
SQL Injection
inurl:".php?id=" OR inurl:".asp?id=" OR inurl:".jsp?id="

Basic dork to find potential SQL injection points in URL parameters. Use with caution and ethically.

Web Application Security
Exposed .git Folders
Source Code Disclosure
inurl:/.git "Index of /.git"

Finds exposed .git directories, potentially allowing attackers to download the entire source code.

Version Control & Development
File & Directory Exposure
Find Login Portals
Information Gathering
intitle:"login" | intitle:"signin" | inurl:login | inurl:signin

General dork to find login pages of various web applications.

Authentication & Access Control
Exposed Admin Panels
Potential Unauthorized Access
intitle:"admin" inurl:admin

Searches for web pages with "admin" in the title and URL, often leading to administrative interfaces.

Authentication & Access Control
Find Backup Files
Sensitive Data Exposure
filetype:bak | filetype:backup | filetype:old | filetype:zip | filetype:rar "backup"

Locates various types of backup files which might contain sensitive information or old code versions.

File & Directory Exposure
Backup & Disaster Recovery
Search for Configuration Files
Configuration File Exposure
filetype:config | filetype:cfg | filetype:conf | filetype:ini | filetype:yml | filetype:yaml

Finds common configuration file types which might expose server settings, credentials, or API keys.

File & Directory Exposure
Information Disclosure
Exposed Log Files
Information Disclosure
filetype:log "Error" | "Warning" | "Exception"

Searches for log files containing error messages, warnings, or exceptions, which can reveal system paths, vulnerabilities, or user data.

File & Directory Exposure
Information Disclosure
Find Publicly Accessible S3 Buckets
Public Cloud Storage Exposure
site:s3.amazonaws.com "index of" OR "bucket name"

Identifies publicly listed Amazon S3 buckets, potentially exposing stored files.

Cloud & Container Services
File & Directory Exposure
Exposed API Documentation (Postman, etc.)
API Endpoint Discovery
inurl:/postman/collections/ OR intitle:"Postman API Documentation"

Finds Postman collections or other API documentation that might be publicly exposed.

Information Disclosure
Web Application Security
Testing & Development Tools
Find Trello Boards
Information Disclosure
site:trello.com "Project Name" confidential | internal

Searches for Trello boards, potentially exposing project plans, tasks, or sensitive information if not properly secured.

Third-Party Integrations
Information Disclosure
Enterprise & Business Applications
WordPress Debug Log Exposure
Sensitive Data Exposure
inurl:wp-content/debug.log

Finds exposed WordPress debug logs, which can contain sensitive information like database errors or plugin issues.

Content Management Systems (CMS)
File & Directory Exposure
Jira Instances Exposure
Information Disclosure
intitle:"System Dashboard - JIRA" OR inurl:/secure/Dashboard.jspa

Locates Jira instances, which if misconfigured, can expose project details, issues, and user information.

Third-Party Integrations
Monitoring & Analytics
Enterprise & Business Applications
Exposed FTP Servers with Directory Listing
Directory Listing
intitle:"index of /" "ftp"

Finds FTP servers that allow directory listing, potentially exposing files and directories.

Infrastructure & Network
File & Directory Exposure
Find Files Containing Passwords
Credential Exposure
filetype:txt | filetype:csv | filetype:doc "password" | "credentials"

Searches for plain text files or documents that might contain the word "password" or "credentials".

File & Directory Exposure
Information Disclosure
Web Application Security
Network Device Login Pages
Device Access
intitle:"Login" "Router" | "Firewall" | "Switch"

Identifies login pages for network devices like routers, firewalls, or switches.

Infrastructure & Network
IoT & Embedded Systems
Authentication & Access Control
Exposed CCTV Camera Feeds
Unauthenticated Access
inurl:view/view.shtml OR intitle:"Live View / - AXIS"

Finds publicly accessible live CCTV camera feeds.

IoT & Embedded Systems
Monitoring & Analytics
Find Google Calendar Events
Information Disclosure
site:calendar.google.com inurl:event?eid=

Identifies public Google Calendar events. Be cautious, as many are intentionally public.

Third-Party Integrations
Information Disclosure
Exposed SSH Private Keys
Credential Exposure
filetype:pem "PRIVATE KEY"

Searches for files with the .pem extension containing "PRIVATE KEY", potentially exposing SSH private keys.

File & Directory Exposure
Authentication & Access Control
Web Application Security
Find phpMyAdmin Installations
Potential Database Exposure
intitle:"phpMyAdmin" "Server:"

Locates phpMyAdmin installations, which are web-based database administration tools.

Database & Data Storage
Web Application Security
Authentication & Access Control
Magento Configuration Files
Credential Exposure
inurl:/app/etc/local.xml filetype:xml

Finds Magento local.xml configuration files, which can contain database credentials.

Content Management Systems (CMS)
File & Directory Exposure
Web Application Security
Find .SWF Files (Flash) with Decompilable Code
Potential Source Code Disclosure
filetype:swf inurl:flash

Locates SWF (Flash) files. While Flash is deprecated, old files might still exist and could potentially be decompiled to reveal source code or logic.

Web Application Security
Information Disclosure
Exposed Zoom Meeting Links/Info
Information Disclosure
site:zoom.us inurl:/j/ intext:"Meeting ID"

Finds Zoom meeting links or pages mentioning Meeting IDs. Many are public, but some might be unintentionally exposed.

Third-Party Integrations
Email & Communication
Find SharePoint Sites
Information Disclosure
inurl:"_layouts/15/start.aspx" OR intitle:"SharePoint Home"

Identifies Microsoft SharePoint sites. Misconfigurations could lead to data exposure.

Enterprise & Business Applications
Information Disclosure
Third-Party Integrations
Exposed Jenkins Script Console
Remote Code Execution
inurl:/script OR inurl:/scriptApproval OR intitle:"Script Console"

Finds Jenkins script consoles, which can allow arbitrary code execution if unprotected.

Version Control & Development
Web Application Security
Drupal User Login/Registration Pages
Information Gathering
inurl:/user/login OR inurl:/user/register site:example.com

Finds login or registration pages for Drupal sites (replace example.com).

Content Management Systems (CMS)
Authentication & Access Control
Exposed RabbitMQ Management Consoles
Unauthenticated Access
intitle:"RabbitMQ Management" "Overview"

Finds RabbitMQ management consoles, which could be exposed without authentication.

Infrastructure & Network
Monitoring & Analytics
Authentication & Access Control
Open Elasticsearch Instances
Sensitive Data Exposure
port:9200 "You Know, for Search"

Identifies open Elasticsearch instances, potentially exposing large amounts of data.

Database & Data Storage
Infrastructure & Network
Exposed MongoDB Instances
Sensitive Data Exposure
port:27017 "MongoDB Server Information" OR " ड्राइवर के लिए सहायता और उपकरण"

Locates MongoDB instances that might be publicly accessible without proper authentication.

Database & Data Storage
Infrastructure & Network
Find Webcams (various types)
Unauthenticated Access
intitle:"webcamXP 5" | intitle:"Live View / - AXIS" | inurl:view/view.shtml

A combination dork for finding various types of unsecured webcams.

IoT & Embedded Systems
Monitoring & Analytics
Cisco VPN Login Portals
Information Gathering
inurl:/+CSCOE+/logon.html

Identifies Cisco VPN login portals.

Infrastructure & Network
Authentication & Access Control
Exposed .DS_Store Files (macOS)
Information Disclosure
intext:"Directory Services Store File" ext:DS_Store

Finds .DS_Store files. These macOS files can sometimes reveal directory structures or filenames.

File & Directory Exposure
Information Disclosure
Server Status Pages (Apache, Nginx)
Information Disclosure
inurl:/server-status intitle:"Apache Status" OR intitle:"nginx status"

Finds Apache or Nginx server status pages, which can reveal server information, traffic, and worker status.

Infrastructure & Network
Monitoring & Analytics
Information Disclosure
Find Adminer Database Management Tools
Potential Database Exposure
intitle:"Adminer" "Username" "Password" "Database"

Locates Adminer, a web-based database management tool. Exposed instances can be risky.

Database & Data Storage
Web Application Security
Authentication & Access Control
Exposed SVN Repositories
Source Code Disclosure
inurl:/.svn/ "Index of /.svn/"

Finds exposed Subversion (SVN) directories, potentially allowing access to source code.

Version Control & Development
File & Directory Exposure
Find Publicly Accessible Google Docs/Sheets/Slides
Sensitive Data Exposure
site:docs.google.com "public" "confidential" OR "internal"

Searches for Google Workspace documents marked as public but containing keywords like "confidential" or "internal".

Third-Party Integrations
File & Directory Exposure
Information Disclosure
Look for API keys in Pastebin
Credential Exposure
site:pastebin.com "API_KEY" OR "SECRET_KEY"

Searches Pastebin for accidentally leaked API keys or secret keys.

Information Disclosure
File & Directory Exposure
Web Application Security
Using the 'allintext' Search Operator
Search Operator Guide
allintext:"keyword"

Searches for occurrences of all the keywords given. This operator ensures that all specified terms appear somewhere in the text of the page.

Web Application Security
Information Disclosure
Using the 'intext' Search Operator
Search Operator Guide
intext:"keyword"

Searches for occurrences of specified keywords within the body text of web pages.

Web Application Security
Information Disclosure
Using the 'inurl' Search Operator
Search Operator Guide
inurl:"keyword"

Searches for a URL matching one of the keywords. This helps find pages with specific terms in their web address.

Web Application Security
Information Disclosure
Infrastructure & Network
Using the 'allinurl' Search Operator
Search Operator Guide
allinurl:"keyword"

Searches for a URL matching all the keywords in the query. This is more restrictive than 'inurl'.

Web Application Security
Information Disclosure
Infrastructure & Network
Using the 'intitle' Search Operator
Search Operator Guide
intitle:"keyword"

Searches for occurrences of specified keywords within the title of a web page.

Web Application Security
Information Disclosure
Using the 'allintitle' Search Operator
Search Operator Guide
allintitle:"keyword"

Searches for occurrences of keywords all at a time in the page title. Ensures all specified keywords are in the title.

Web Application Security
Information Disclosure
Using the 'site' Search Operator
Search Operator Guide
site:"www.example.com"

Specifically searches that particular site and lists all the results for that site. Restricts results to a specific domain or subdomain.

Web Application Security
Information Disclosure
Using the 'filetype' Search Operator
Search Operator Guide
filetype:"pdf"

Searches for a particular filetype mentioned in the query. For example, PDF, DOC, TXT, etc.

File & Directory Exposure
Information Disclosure
Using the 'link' Search Operator
Search Operator Guide
link:"www.example.com"

Searches for pages that link to a specified URL. For example, using 'link:www.example.com' will find pages linking to that specific domain.

Web Application Security
Information Disclosure
Using the 'numrange' Search Operator
Search Operator Guide
numrange:321-325

Used to locate specific numbers or a range of numbers in your searches. Can be useful for finding version numbers, product IDs, etc.

Information Disclosure
Find Publicly Exposed .RDP Files
Configuration File Exposure
filetype:rdp intext:"full address:s:"

Locates Remote Desktop Protocol (.rdp) files that may be publicly exposed, potentially revealing connection details to remote servers.

File & Directory Exposure
Infrastructure & Network
Search for Atlassian Confluence Public Spaces
Information Disclosure
site:confluence.*.*/display/PUBLIC/*

Finds public spaces in Atlassian Confluence instances, which might unintentionally expose internal documentation or sensitive information.

Third-Party Integrations
Information Disclosure
Enterprise & Business Applications
Exposed Jenkins Credentials Files
Credential Exposure
intitle:"Index of" credentials.xml jenkins

Looks for exposed `credentials.xml` files from Jenkins, which store encrypted credentials but can still pose a risk if accessible.

Version Control & Development
File & Directory Exposure
Web Application Security
Public Google Cloud Storage Buckets Listing
Public Cloud Storage Exposure
site:storage.googleapis.com intitle:"index of"

Identifies publicly listable Google Cloud Storage buckets, potentially exposing stored files.

Cloud & Container Services
File & Directory Exposure
WordPress User Enumeration via Author Archives
Information Disclosure
inurl:/author/ site:example.com

Helps enumerate WordPress usernames by looking for author archive pages (replace example.com).

Content Management Systems (CMS)
Information Disclosure
Find LogMeIn Hamachi VPN Gateways
Device Access
intitle:"LogMeIn Hamachi" inurl:gateway.exe

Locates LogMeIn Hamachi VPN gateway login pages.

Infrastructure & Network
Authentication & Access Control
Exposed Jupyter Notebooks
Source Code Disclosure
filetype:ipynb "index of" OR intitle:"Jupyter Notebook"

Finds publicly accessible Jupyter Notebook files (.ipynb), which might contain code, data, and potentially sensitive information.

Version Control & Development
File & Directory Exposure
Information Disclosure
Web Application Security
Search for Grafana Dashboards (Unauthenticated)
Unauthenticated Access
intitle:"Grafana" inurl:"dashboard" -"Login"

Finds Grafana dashboards that might be accessible without authentication, exposing monitoring data.

Monitoring & Analytics
Authentication & Access Control
Find Slack Invite Links
Information Disclosure
site:hooks.slack.com/workflows/ OR site:join.slack.com

Searches for publicly accessible Slack invitation links or webhook URLs.

Third-Party Integrations
Email & Communication
Information Disclosure
Exposed .htpasswd Files
Credential Exposure
inurl:.htpasswd "Index of" OR filetype:htpasswd

Locates .htpasswd files, which are used for basic authentication on Apache web servers. If exposed, they can be cracked.

File & Directory Exposure
Authentication & Access Control
Web Application Security
Find Cisco WebEx Meeting Recordings
Sensitive Data Exposure
site:*.webex.com inurl:precording OR inurl:play_recording

Searches for publicly accessible Cisco WebEx meeting recordings.

Third-Party Integrations
Email & Communication
Media & Content Delivery
Publicly Exposed Azure Blobs
Public Cloud Storage Exposure
site:blob.core.windows.net "CONTAINER_NAME" intitle:"index of"

Finds publicly listable Azure Blob Storage containers. Replace CONTAINER_NAME or use keywords.

Cloud & Container Services
File & Directory Exposure
Exposed phpPgAdmin Installations
Potential Database Exposure
intitle:"phpPgAdmin" "Login"

Locates phpPgAdmin (PostgreSQL web admin tool) installations.

Database & Data Storage
Web Application Security
Authentication & Access Control
Sitecore Admin Login
Information Gathering
inurl:/sitecore/login

Finds login pages for Sitecore CMS.

Content Management Systems (CMS)
Authentication & Access Control
Find Publicly Exposed .pem certificate files
Information Disclosure
filetype:pem intext:"BEGIN CERTIFICATE"

Locates .pem files containing public certificates. While not private keys, can reveal infrastructure details.

File & Directory Exposure
Information Disclosure
Web Application Security
Search for Jenkins User Content
File & Directory Exposure
inurl:/userContent/

Identifies Jenkins instances with accessible userContent directories, which might contain build artifacts or other files.

Version Control & Development
File & Directory Exposure
Exposed Visual SourceSafe Databases
Source Code Disclosure
filetype:scc "SourceSafe" OR "VSSVER.SCC"

Finds files related to Microsoft Visual SourceSafe, an older version control system. Exposure could leak source code.

Version Control & Development
File & Directory Exposure
Joomla Configuration Files
Credential Exposure
filetype:php intext:"JConfig" "public \$user"

Searches for Joomla configuration.php files, which contain database credentials and other sensitive settings.

Content Management Systems (CMS)
File & Directory Exposure
Web Application Security
Exposed ColdFusion Administrator Panels
Information Gathering
inurl:/CFIDE/administrator/index.cfm

Finds Adobe ColdFusion administrator login panels.

Web Application Security
Authentication & Access Control
Finding .NET Web.config Files
Credential Exposure
filetype:config inurl:web.config

Searches for exposed web.config files used in .NET applications, which can contain connection strings and other sensitive data.

File & Directory Exposure
Web Application Security
Information Disclosure
Exposed Tomcat Web Application Manager
Potential Unauthorized Access
intitle:"Tomcat Web Application Manager" inurl:/manager/html

Finds Apache Tomcat Web Application Manager interfaces. Default credentials are a common risk.

Web Application Security
Authentication & Access Control
Publicly Accessible Zabbix Monitoring
Information Gathering
intitle:"Zabbix" intext:"frontend php"

Identifies Zabbix monitoring system frontends.

Monitoring & Analytics
Files Containing "AWS_ACCESS_KEY_ID"
Credential Exposure
intext:"AWS_ACCESS_KEY_ID" -git -gitlab -github

Searches for AWS access key IDs in various files, excluding common code repositories.

Cloud & Container Services
File & Directory Exposure
Information Disclosure
Web Application Security
Exposed VNC Servers
Unauthenticated Access
intitle:"VNC viewer for Java" port:5800

Finds VNC servers accessible via a Java viewer, often on port 5800.

Infrastructure & Network
IoT & Embedded Systems
Authentication & Access Control
Google Forms with File Upload Enabled
Potential Misconfiguration
site:docs.google.com/forms inurl:viewform intext:"File upload"

Finds Google Forms that allow file uploads, which could be misused or reveal unintended information.

Third-Party Integrations
File & Directory Exposure
Business Logic
Exposed ProFTPD Server Info
Information Disclosure
intitle:"ProFTPD server information"

Finds ProFTPD server information pages, revealing version and other details.

Infrastructure & Network
Information Disclosure
Publicly Accessible Drupal Update Status
Information Disclosure
inurl:update.php intitle:"Update manager" Drupal

Finds Drupal update manager pages, which can reveal module versions and update status.

Content Management Systems (CMS)
Information Disclosure
Search for Microsoft Exchange Outlook Web App (OWA)
Information Gathering
inurl:/owa/auth/logon.aspx

Identifies Microsoft Exchange OWA login pages.

Email & Communication
Authentication & Access Control
Exposed Palo Alto Network Device Logins
Device Access
intitle:"GlobalProtect Portal" "Palo Alto Networks"

Locates login portals for Palo Alto Networks devices (e.g., GlobalProtect).

Infrastructure & Network
Authentication & Access Control
Finding TR-069 CPE WAN Management Protocol devices
Device Access
inurl:tr069 intext:"TR-069"

Attempts to find devices (like routers) exposing TR-069 management interfaces.

IoT & Embedded Systems
Infrastructure & Network
Exposed Cisco Unity Connection Admin
Device Access
intitle:"Cisco Unity Connection Administration" inurl:/cuadmin/

Finds admin login pages for Cisco Unity Connection (voicemail and messaging).

Telecommunications
Authentication & Access Control
Publicly Listed Files on Dropbox
Sensitive Data Exposure
site:dropbox.com/sh/ "shared link" -inurl:images

Searches for publicly shared Dropbox links, excluding common image shares.

Third-Party Integrations
File & Directory Exposure
Cloud & Container Services
SonicWall Scrutinizer Login
Information Gathering
intitle:"Scrutinizer Login" "SonicWall"

Finds login pages for SonicWall Scrutinizer network traffic analysis tool.

Monitoring & Analytics
Authentication & Access Control
Exposed F5 BIG-IP Login Pages
Device Access
intitle:"BIG-IP" "logon" OR inurl:/my.logon.php3

Identifies F5 BIG-IP load balancer login pages.

Infrastructure & Network
Authentication & Access Control
WordPress XML-RPC Interface
Potential Attack Vector
inurl:xmlrpc.php "XML-RPC server accepts POST requests only"

Finds WordPress sites with XML-RPC enabled, which can be a vector for brute-force or DDoS attacks.

Content Management Systems (CMS)
Web Application Security
Exposed Laravel Telescope Debug Dashboards
Information Disclosure
inurl:/telescope intitle:"Telescope"

Finds Laravel Telescope debug dashboards if left publicly accessible.

Web Application Security
Monitoring & Analytics
Version Control & Development
Public Jenkins API Endpoints
API Endpoint Discovery
inurl:/api/json?pretty=true intitle:Jenkins

Locates Jenkins instances exposing their JSON API, which can reveal job names, build status, and other information.

Version Control & Development
Information Disclosure
Web Application Security
Exposed .bash_history files
Credential Exposure
filetype:bash_history "HISTFILESIZE="

Finds publicly accessible bash history files, which can contain sensitive commands and credentials.

File & Directory Exposure
Information Disclosure
Version Control & Development
Web Application Security
Drupal Backup and Migrate Files
Sensitive Data Exposure
inurl:"/backup_migrate/export/" filetype:mysql OR filetype:sql

Searches for backup files created by the Drupal Backup and Migrate module.

Content Management Systems (CMS)
File & Directory Exposure
Database & Data Storage
Backup & Disaster Recovery
Microsoft Remote Desktop Web Access
Information Gathering
inurl:/RDWeb/Pages/en-US/login.aspx

Finds login pages for Microsoft Remote Desktop Web Access.

Infrastructure & Network
Authentication & Access Control
Unprotected Spring Boot Actuator Endpoints
Information Disclosure
inurl:/actuator/health OR inurl:/actuator/env OR inurl:/actuator/mappings

Finds Spring Boot applications exposing sensitive Actuator endpoints like /env, /health, /mappings.

Web Application Security
Information Disclosure
Monitoring & Analytics
phpLiteAdmin Installations
Potential Database Exposure
intitle:"phpLiteAdmin" "Username" "Password"

Locates phpLiteAdmin, a web-based SQLite database administration tool.

Database & Data Storage
Authentication & Access Control
Exposed pgAdmin Login Portals
Information Gathering
intitle:"pgAdmin" "Login to pgAdmin"

Finds login portals for pgAdmin, a PostgreSQL administration and development platform.

Database & Data Storage
Authentication & Access Control
Publicly Exposed Server-Side Include (SSI) Error Messages
Information Disclosure
intext:"[an error occurred while processing this directive]"

Finds pages revealing errors from Server-Side Includes, which might indicate misconfigurations or injection points.

Web Application Security
Information Disclosure
Files Containing "BEGIN RSA PRIVATE KEY"
Credential Exposure
intext:"BEGIN RSA PRIVATE KEY" filetype:key OR filetype:pem

Searches for files containing RSA private key markers.

Information Disclosure
File & Directory Exposure
Authentication & Access Control
Web Application Security
Kibana Dashboards (Unauthenticated)
Unauthenticated Access
inurl:/app/kibana intitle:Kibana -login

Finds Kibana dashboards that might be accessible without authentication, exposing log data and visualizations.

Monitoring & Analytics
Database & Data Storage
Authentication & Access Control
Exposed Fortinet SSL VPN Portals
Device Access
inurl:/remote/login intitle:"FortiToken" OR intitle:"FortiGate"

Identifies Fortinet SSL VPN login portals.

Infrastructure & Network
Authentication & Access Control
Exposed WebDAV Directories
Directory Listing
intitle:"Index of" "WebDAV" OR intext:"WebDAV Server"

Finds WebDAV enabled directories that might be publicly listable or accessible.

File & Directory Exposure
Infrastructure & Network
Oracle WebLogic Server Admin Console
Information Gathering
inurl:/console/login/LoginForm.jsp intitle:"Oracle WebLogic Server Administration Console"

Finds login pages for Oracle WebLogic Server Administration Console.

Web Application Security
Authentication & Access Control
GitHub Personal Access Tokens in Code
Credential Exposure
site:github.com "ghp_" OR "gho_" OR "ghu_" OR "ghs_" OR "ghr_"

Searches GitHub for patterns matching personal access tokens, which are often accidentally committed.

Version Control & Development
Information Disclosure
File & Directory Exposure
Web Application Security
Find Exposed Mobile Device Management (MDM) Portals
Unauthenticated Access
intitle:"Mobile Device Management" OR inurl:/mdm/ enroll

Locates MDM enrollment or login pages, which if unsecured could lead to device compromise.

Mobile & IoT
Authentication & Access Control
Search for Android Debug Bridge (ADB) Open Ports
Remote Access
port:5555 "Android Debug Bridge"

Identifies devices with ADB open on port 5555, potentially allowing unauthorized access.

Mobile & IoT
Infrastructure & Network
Exposed MQTT Brokers for IoT Communication
Unauthenticated Access
port:1883 "MQTT" OR port:8883 "MQTT"

Finds MQTT brokers, often used in IoT, which might be unsecured and expose sensitive data streams.

Mobile & IoT
IoT & Embedded Systems
Infrastructure & Network
Find Default Credentials for IP Cameras
Default Credentials
inurl:indexFrame.shtml "Network Camera" intitle:"Live View"

Locates common IP camera interfaces that might still use default credentials.

IoT & Embedded Systems
Authentication & Access Control
Exposed CoAP (Constrained Application Protocol) Resources
Information Disclosure
inurl:/.well-known/core "CoAP"

Discovers CoAP resources, often used in IoT, which may list accessible endpoints.

IoT & Embedded Systems
Information Disclosure
Stripe API Keys in Public Code Repositories
Credential Exposure
site:github.com "sk_live_"

Searches GitHub for Stripe live secret API keys (sk_live_) inadvertently committed.

Financial & Payment Systems
Third-Party Integrations
Version Control & Development
Web Application Security
Exposed PayPal IPN Listener Scripts
Misconfiguration
inurl:ipn_listener.php "PayPal IPN"

Finds PayPal Instant Payment Notification (IPN) listener scripts, which if misconfigured, could be exploited.

Financial & Payment Systems
Third-Party Integrations
Web Application Security
Find Publicly Accessible QuickBooks Company Files
Sensitive Data Exposure
filetype:qbw OR filetype:qbb "QuickBooks"

Locates QuickBooks company files (.qbw) or backup files (.qbb) that may be exposed.

Financial & Payment Systems
File & Directory Exposure
Database & Data Storage
Search for Exposed Financial Reports or Statements
Sensitive Data Exposure
filetype:pdf "confidential financial report" OR "internal budget"

Attempts to find PDF documents containing sensitive financial keywords.

Financial & Payment Systems
Information Disclosure
File & Directory Exposure
vBulletin Admin Control Panel Login
Information Gathering
inurl:/admincp/ intitle:"vBulletin Login"

Finds vBulletin forum administration login pages.

Social Media & Forums
Content Management Systems (CMS)
Authentication & Access Control
phpBB Admin Control Panel Login
Information Gathering
inurl:/adm/index.php intitle:"Administration Control Panel" phpBB

Finds phpBB forum administration login pages.

Social Media & Forums
Content Management Systems (CMS)
Authentication & Access Control
Exposed Discord Invite Links on Websites
Information Disclosure
site:discord.gg intext:"Join us on Discord"

Finds Discord server invite links publicly posted on websites.

Social Media & Forums
Third-Party Integrations
Information Disclosure
Search for Public User Profiles with Specific Keywords
Information Gathering
site:linkedin.com/in/ "security researcher" "example.com"

Example dork to find LinkedIn profiles of 'security researchers' associated with 'example.com'. Useful for OSINT.

Social Media & Forums
Information Disclosure
Web Application Security
Moodle LMS Login Pages
Information Gathering
intitle:"Moodle" inurl:/login/index.php

Locates Moodle Learning Management System login pages.

Education & Learning Management
Content Management Systems (CMS)
Authentication & Access Control
Exposed Blackboard Learn Course Content
Information Disclosure
inurl:/courses/ OR inurl:/webapps/blackboard/content/listContent.jsp

Finds Blackboard Learn course content directories or pages that might be publicly accessible.

Education & Learning Management
File & Directory Exposure
Information Disclosure
Publicly Accessible Student Information System (SIS) Portals
Information Gathering
intitle:"Student Information System" OR intitle:"Parent Portal" login

Identifies login portals for Student Information Systems or parent portals.

Education & Learning Management
Authentication & Access Control
Search for Syllabi or Course Outlines (PDF)
Information Disclosure
filetype:pdf "course syllabus" OR "course outline" site:.edu

Finds PDF syllabi or course outlines, often hosted on educational institution domains.

Education & Learning Management
Information Disclosure
File & Directory Exposure
Open Access Academic Research Papers
Information Disclosure
filetype:pdf "research paper" "university" "creative commons"

Locates academic research papers, often in PDF format, that are marked for open access or hosted by universities.

Education & Learning Management
Information Disclosure
File & Directory Exposure
Find Patient Portal Login Pages
Information Gathering
intitle:"Patient Portal" login OR inurl:/patientportal/

Identifies login pages for patient portals of healthcare providers.

Healthcare & Medical
Authentication & Access Control
Search for Exposed DICOM Medical Images
Sensitive Data Exposure
intitle:"index of" "dicom" OR inurl:/dicomweb/

Looks for directories or web interfaces exposing DICOM (medical imaging) files. Highly sensitive.

Healthcare & Medical
File & Directory Exposure
Information Disclosure
Exposed Medical Device Management Interfaces
Device Access
intitle:"Medical Device Management" OR inurl:/device/status

Attempts to find web interfaces for managing medical devices.

Healthcare & Medical
IoT & Embedded Systems
Authentication & Access Control
Telemedicine Platform Login Pages
Information Gathering
intitle:"Telehealth Login" OR intitle:"Virtual Visit" OR inurl:/telemedicine/

Finds login pages for telemedicine or virtual health platforms.

Healthcare & Medical
Authentication & Access Control
HL7 FHIR Server Endpoints
API Endpoint Discovery
inurl:/FHIR/ OR inurl:/fhir/Patient intitle:"FHIR Server"

Locates HL7 FHIR (Fast Healthcare Interoperability Resources) server endpoints, potentially exposing patient data APIs.

Healthcare & Medical
Information Disclosure
Web Application Security
Search for Publicly Available Health Records or Studies (Caution)
Sensitive Data Exposure
filetype:csv "patient_id" "diagnosis" OR filetype:xls "medical_history"

Highly sensitive search for spreadsheets that might contain anonymized or (more dangerously) identifiable patient data. Use with extreme caution and ethical considerations.

Healthcare & Medical
Database & Data Storage
Information Disclosure
File & Directory Exposure
Find .gov Site Login Pages
Information Gathering
site:.gov intitle:Login OR inurl:login.aspx

General dork to find login pages on .gov domains.

Government & Public Sector
Authentication & Access Control
Search for Publicly Accessible Government Forms
Information Disclosure
site:.gov filetype:pdf "application form" OR "registration form"

Locates PDF application or registration forms on government websites.

Government & Public Sector
File & Directory Exposure
Information Disclosure
Exposed Government Meeting Minutes or Agendas
Information Disclosure
site:.gov filetype:pdf "meeting minutes" OR "agenda" "confidential"

Finds PDF documents related to government meetings, potentially marked confidential but still public.

Government & Public Sector
File & Directory Exposure
Information Disclosure
Open City or Municipal GIS Data Portals
Information Disclosure
intitle:"GIS Portal" OR inurl:/gis/data/ city OR county

Finds Geographic Information System (GIS) data portals for cities or counties.

Government & Public Sector
Database & Data Storage
Information Disclosure
Search for Government Employee Directories
Information Disclosure
site:.gov "employee directory" OR "staff directory"

Identifies publicly accessible employee or staff directories on government websites.

Government & Public Sector
Information Disclosure
Web Application Security
Salesforce Login Portals (Custom Domains)
Information Gathering
inurl:force.com login OR intitle:"Salesforce" "Login"

Finds Salesforce login pages, including those on custom domains.

Enterprise & Business Applications
Third-Party Integrations
Authentication & Access Control
Exposed SAP NetWeaver Portal Login
Information Gathering
inurl:/irj/portal intitle:"SAP NetWeaver Portal"

Locates login pages for SAP NetWeaver Portals.

Enterprise & Business Applications
Authentication & Access Control
HubSpot Login or Tracking Code Detection
Information Gathering
inurl:app.hubspot.com/login OR intext:"hs-script-loader.js"

Finds HubSpot login pages or sites using HubSpot tracking scripts.

Enterprise & Business Applications
Third-Party Integrations
Authentication & Access Control
Monitoring & Analytics
Exposed Wowza Streaming Engine Manager
Information Gathering
intitle:"Wowza Streaming Engine Manager" inurl:/enginemanager/

Finds login pages for Wowza Streaming Engine Manager.

Media & Content Delivery
Authentication & Access Control
Publicly Accessible FFmpeg Command Logs
Information Disclosure
filetype:log intext:ffmpeg intext:input intext:output

Searches for log files containing FFmpeg commands, which might reveal media processing workflows or file paths.

Media & Content Delivery
File & Directory Exposure
Information Disclosure
Finding Open RTSP Video Streams
Unauthenticated Access
inurl:rtsp://

Looks for URLs using the RTSP protocol, often used for streaming video from IP cameras or media servers.

Media & Content Delivery
IoT & Embedded Systems
Infrastructure & Network
Exposed JW Player Configuration Files or Setup
Information Disclosure
intext:"jwplayer.setup" filetype:js OR intext:"new JWPlayer"

Finds JavaScript files or pages setting up JW Player, potentially revealing configurations or media sources.

Media & Content Delivery
Information Disclosure
Web Application Security
Exposed Burp Suite Reports
Sensitive Data Exposure
filetype:html intitle:"Burp Suite Professional Report" "Generated by"

Finds publicly accessible Burp Suite scan reports in HTML format.

Testing & Development Tools
Information Disclosure
File & Directory Exposure
Publicly Accessible Nessus Scan Reports
Sensitive Data Exposure
filetype:nessus "policyName" OR filetype:html intitle:"Nessus Scan Report"

Searches for Nessus vulnerability scan reports in .nessus or HTML format.

Testing & Development Tools
Information Disclosure
File & Directory Exposure
Exposed Selenium Test Scripts or Logs
Information Disclosure
filetype:log intext:"Starting ChromeDriver" OR filetype:java intext:"WebDriver driver = new"

Finds Selenium test scripts or logs which might contain test data, credentials, or internal application details.

Testing & Development Tools
Version Control & Development
Information Disclosure
File & Directory Exposure
Postman Collection Files on GitHub
API Endpoint Discovery
site:github.com filetype:json "Postman Collection" "info.schema"

Searches GitHub for Postman collection JSON files, which describe API requests and can reveal endpoints.

Testing & Development Tools
Information Disclosure
Version Control & Development
Exposed Veeam Backup & Replication Console
Information Gathering
intitle:"Veeam Backup & Replication Console" login

Finds login pages for Veeam Backup & Replication consoles.

Backup & Disaster Recovery
Authentication & Access Control
Publicly Accessible Rsync Server Listings
Directory Listing
intitle:"Index of /" "rsync"

Identifies rsync server directories that might be listable, potentially exposing backup data.

Backup & Disaster Recovery
File & Directory Exposure
Infrastructure & Network
Search for Disaster Recovery Plans (DRP)
Sensitive Data Exposure
filetype:pdf OR filetype:docx "Disaster Recovery Plan" "confidential"

Attempts to find Disaster Recovery Plan documents, which might be marked confidential but exposed.

Backup & Disaster Recovery
Information Disclosure
File & Directory Exposure
Exposed Bacula Web Management Interface
Information Gathering
intitle:"Bacula-Web" "Login" OR inurl:/bacula-web/

Locates Bacula (network backup solution) web management interface login pages.

Backup & Disaster Recovery
Authentication & Access Control
Asterisk Manager Interface (AMI) Exposure
Unauthenticated Access
port:5038 "Asterisk Call Manager" OR intext:"Asterisk Manager Interface"

Finds exposed Asterisk Manager Interfaces, potentially allowing control over VoIP systems.

Telecommunications
Infrastructure & Network
IoT & Embedded Systems
Exposed FreePBX Administration Login
Information Gathering
intitle:"FreePBX Administration" "Please login"

Identifies login pages for FreePBX, a web-based GUI for Asterisk.

Telecommunications
Authentication & Access Control
Open SIP Ports (VoIP Signaling)
Open Ports and Services
port:5060 "SIP/2.0" OR port:5061 "SIP/2.0"

Searches for open SIP ports (5060/5061), which are used for VoIP signaling and could be targeted.

Telecommunications
Infrastructure & Network
Exposed SMS Gateway APIs or Interfaces
API Endpoint Discovery
inurl:/sendsms OR intitle:"SMS Gateway" "API Key"

Finds SMS gateway interfaces or documentation that might reveal API keys or allow message sending.

Telecommunications
Information Disclosure
Third-Party Integrations
Search for Network Diagrams or Infrastructure Documents
Information Disclosure
filetype:vsd OR filetype:pdf "network diagram" "internal"

Attempts to find network diagrams (Visio or PDF) or infrastructure documents marked as internal.

Telecommunications
Infrastructure & Network
Information Disclosure
File & Directory Exposure
SQL Database Error Messages in URLs
SQL Injection
inurl:".php?id=" "Warning: mysql_fetch_array()" OR "You have an error in your SQL syntax"

Looks for common SQL error messages directly visible in URLs or page content, indicating potential SQL injection.

Database & Data Storage
Web Application Security
Microsoft SQL Server Reporting Services
Information Disclosure
intitle:"SQL Server Reporting Services" inurl:/reports/

Finds Microsoft SQL Server Reporting Services instances, which might be misconfigured for public access.

Database & Data Storage
Monitoring & Analytics
Enterprise & Business Applications
Exposed Oracle Database Connection Strings
Credential Exposure
filetype:config intext:tnsnames.ora OR intext:"oracle.jdbc.driver.OracleDriver"

Searches configuration files for Oracle TNSnames entries or JDBC driver strings, potentially revealing connection details.

Database & Data Storage
File & Directory Exposure
Web Application Security
PostgreSQL Backup Files
Sensitive Data Exposure
filetype:backup OR filetype:dump intext:pg_dumpall OR intext:"PostgreSQL database dump"

Locates PostgreSQL backup files created with pg_dump or pg_dumpall.

Database & Data Storage
File & Directory Exposure
Backup & Disaster Recovery
SQL Injection via Login Forms
SQL Injection
intitle:login "username" "password" inurl:.php "admin"

Targets login forms (especially PHP-based admin logins) for potential SQL injection. Add typical SQLi payloads to search terms.

Database & Data Storage
Web Application Security
Authentication & Access Control
SQL Traces or Profiler Files
Information Disclosure
filetype:trc intext:"SQL Server Profiler" OR filetype:sqlplan

Finds SQL Server trace files (.trc) or execution plan files (.sqlplan) that might have been exposed.

Database & Data Storage
File & Directory Exposure
Information Disclosure