Lists/Google | Loading last commit info... | |
LICENSE | ||
README.md |
Megacollections:
Lists:
-
Short lists:
-
Big Data:
-
General:
- hackersonlineclub.com/google-hacking
- www.boxpiper.com/posts/google-dork-list
- github.com/Proviesec/google-dorks
- github.com/aleedhillon/7000-Google-Dork-List
- github.com/readloud/Google-Hacking-Database-GHDB
- github.com/Ishanoshada/GDorks
- github.com/Machinh/Google-Dorking
- github.com/BullsEye0/google_dork_list
- github.com/opsdisk/pagodo
- github.com/thomasdesr/Google-dorks
- github.com/arimogi/Google-Dorks
- github.com/Veradun/My-Dorks
- github.com/0xAbbarhSF/Info-Sec-Dork-List
-
SQLi:
- gbhackers.com/latest-google-sql-dorks
- github.com/JacobRiggs/Google-Dorks-SQLi
- github.com/rootac355/SQL-injection-dorks-list
- github.com/NoThrowForwardIt/SQLi-Dork-Repository
- github.com/ShivamRai2003/SQL-Injection-Google-Dork-List
- github.com/0xZipp0/SQL-injection-dorks-list
- github.com/abhishek1924/SQL-Dorks
-
Bug Bounty:
-
Cheatsheets:
- gist.github.com/sundowndev
- github.com/chr3st5an/Google-Dorking
- www.tutorialsfreak.com/ethical-hacking-tutorial/google-dorking-cheat-sheet
- ahrefs.com/blog/google-advanced-search-operators
Articles:
- securitytrails.com/blog/google-hacking-techniques
- moz.com/blog/mastering-google-search-operators-in-67-steps
Yahoo
Cheatsheets:
Yandex
Articles:
Baidu
Articles:
Cheatsheet based on the official source:
Operator ""
According to Google's translation: "Contains the following complete keywords". According to personal limited research it can return results which include only a subset of the specified strings. The spaces between strings can be replaced with anything. The sequence is not always preserved.
Try googling baiding "aaa bbb ccc" or smth similar. The operator might work better for Chinese queries.
Operator |
Logical OR. Eg (foo | bar).
Operator -
Used for exclusion. Eg -site:www.dont-open-me-i-might-be-dangerous.com to exclude from results.
Operator ()
Used for grouping.
Operator site:
It has the same purpose as in most other engines. The official page does not include a space between this operator and searched str, though it seems to work fine with space(s). The * seems to produce slightly different results. Subdomains are also returned if no * is provided.
Operator title:
It is like intitle in Google. The official page does include a space between operator and the searched title. It also places the title between round brackets. It seems to work fine without space(s) and without braces.
Operator inurl:
The official page includes a space between operator and the searched url. It also places the url between round brackets. It seems to work fine without space(s) and without braces.
Operator filetype:
Searches for the specified file extensions. Currently supported: pdf, doc, xls, ppt, rtf, all. Others seem to be unreliable. There must be no space between operator and extension.
Bing
Cheatsheets:
- support.microsoft.com/en-us/topic/advanced-search-keywords-ea595928-5d63-4a0b-9c6b-0b769865e78a
- support.microsoft.com/en-us/topic/advanced-search-options-b92e25f1-0085-4271-bdf9-14aaea720930
Articles:
DuckDuckGo
Cheatsheet:
Operator filetype:
The official site states that it supports only these extensions: pdf, doc(x), xls(x), ppt(x), html.
The personal research has shown that it can also return results for other file types (eg txt, zip).
It looks like if it does not find anything relevant, it tries to return smth similar. For instance if you are looking for txt, the engine might send you some json results.
Brave
Cheatsheet:
General info:
- There seems to be no () grouping operator, so AND/OR must be used to mimic it.
- Combinations of single queries might return different results than single queries.
Example:
'site:sub.2ndld.tld ext:txt OR site:sub.2ndld.tld filetype:txt'
compound query may return more results than 2 separate:
'site:sub.2ndld.tld ext:txt', 'site:sub.2ndld.tld filetype:txt' - Apparently the engine supports inurl: operator to some degree. But there is no info about it in the official docs.
Operator site:
Searches in subdomains even if only 2nd level domain and TLD are provided.
The space between colon and host name plays a role:
- site:news.google.com would return results, which have the "news" subdomain.
- site: news.google.com would not just return different subdomains but also different hosts.
The * wildcard is supported:
- site: *.google.com would return results with different subdomins. Note that there must be a space between colon and star, otherwise, if there is no space, the * itself would be considered a subdomain, hence there will be no results.
- site: *.google.com/a* would return somewhat different results than the one from above. It looks like the * in the path is supported to some extent but it seems unreliable.
Operator filetype:
Returns results based on content rather than file extension.
If it does not find anything relevant it might suggest you smth similar:
site:2ndld.tld filetype:pps => Showing results for site:2ndld.tld filetype:ppt
Operator ext:
Returns results based on extension rather than file content.
If it does not find anything relevant it might suggest you smth similar:
site:2ndld.tld ext:xlsm => Showing results for site:2ndld.tld ext:xlsx
It looks like it not only tries to find a similar extension, but also uses the operator itself to find "similar" results:
site:2ndld.tld ext:action => Showing results for site:2ndld.tld extraction
Operator intitle:
Put compound strings into quotes for better results (eg intitle:"some good title" instead of intitle:some good title).
Ecosia
Cheatsheet:
General info:
- The same query might return different results: The sequence and amount of results can be different. It seems to depend on how many were found, if there are only few, then results shall be the same.
- It looks like the inurl: operator is not supported. There is a chance though that it has some unusual name.
Operator site:
Does not accept * wildcard (neither in subdomains nor in path). Searches in subdomains: Eg site:google.com would return www.google.com, support.google.com, etc.
Operator filetype:
Returns results for at least some extensions (eg pdf, txt, zip). It either does not recognize or blocks requests for some extensions (eg csv).
Operator intitle:
Put compound strings into quotes for better results (eg intitle:"some good title" instead of intitle:some good title). Seems to search for related strings (eg can add/replace delimeters). Sometimes returns unrelated results.
Licence
MIT ©️