What is a Google dork query and how to protect yourself? (2023)


  • Rahul Awati
  • Ivy Wigmore

What is a Google dork query?

A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.

Google dorking, also known as Google hacking, can return information difficult to locate through simple search queries. This includes information not intended for public viewing, but that is inadequately protected and can, therefore, be "dorked" by a hacker.

How Google dorking works

Google dorking is a passive attack or hacking method involving the use of a custom query. Hackers use Google to identify websites with security vulnerabilities and/or sensitive information the attacker can use, usually for some malicious purpose.

Around since 2002, dorking usually involves using a search engine as a hacking tool. Google's tremendous web crawling capabilities facilitate dorking. With a Google dork, attackers can access a lot of information they wouldn't be able to get with simple queries. This information includes the following:

  • usernames and passwords
  • email address lists
  • sensitive documents
  • personally identifiable information
  • personally identifiable financial information
  • website vulnerabilities

More often than not, this information is used for many types of illegal activities, including cybercrime, cyberterrorism, industrial espionage, identity theft and cyberstalking. Hackers may also sell this data to other criminals on the dark web for large sums of money

(Video) Find Vulnerable Services & Hidden Info Using Google Dorks [Tutorial]

In August 2014, the United States Department of Homeland Security, Federal Bureau of Investigation and National Counterterrorism Center issued a bulletin, warning agencies to guard against Google dorking on their sites. Among the intrusion prevention measures proposed was to conduct Google dorking expeditions using likely attack parameters to discover what type of information an intruder could access.

What is a Google dork query and how to protect yourself? (1)

Metadata and Google dork queries

Multiple parameters can be used in a Google dork query to search for files or information on a website or domain. For the website, https://www.governmentwebsite.gov, this string returns PDF documents with "sensitive but unclassified" anywhere in the text:

"sensitive but unclassified" filetype:pdf site:governmentwebsite.gov

A hacker that gets access to internal documents on a website can potentially also get additional sensitive information. For example, document metadata often contains more information than the author may be aware of, such as name, revision history, deletions, dates, etc.

An intruder knowledgeable about Google dorking and armed with hacking tools can access sensitive information from metadata fairly easily. That's why it's a good practice to remove all metadata from documents before publishing them on a website. Document sanitization can also ensure that only authorized users can access the intended information.

Common Google dork operators

A search parameter in a Google dork is applied to a search on the search engine. Google has its own query language built in, and hackers use these queries to find sensitive files, track people and discover web vulnerabilities a simple search does not reveal.

Here are some popular search parameters often used in Google dorks.

Operator Function Example


Returns the cached version of a website



Returns a list of all indexed URLs from a website or domain



Returns various kinds of files, depending on the file extension provided



Searches for a specific term in the URL



Returns results whose URL contains all the specified characters



Locates webpages that contain certain characters or strings inside their text

intext:"Google Dork Query"


Searches for an exact anchor text used on any links

inanchor:"cyber attacks"


Shows all sites that contain either or both specified words in the query

hacking | Google dork


Concatenates words to detect pages using more than one specific key

hacking + Google dork


Used to avoid displaying results containing certain words

hacking - dork

Examples of Google dorks

Here are some ways attackers use Google dorks to extract sensitive information from websites via Google.

(Video) Google Dorking Tutorial | What Is Google Dorks And How To Use It? | Ethical Hacking | Simplilearn

1. To extract log files

Many kinds of error logs, access logs and application log types are available in the public Hypertext Transfer Protocol (HTTP) space of websites. Attackers can use a Google dork to find these files and any information the site may contain about its PHP version, content management system paths, admin credentials, user credentials, etc.

Example search query

allintext:password filetype:log after:2010

To prevent hackers from using such dorks to access important logs, website owners and admins must properly configure the robots.txt file.

What is a Google dork query and how to protect yourself? (2)

2. To open and exploit FTP servers

Google indexes both HTTP-based and open File Transfer Protocol servers, which enables attackers to explore public FTP servers. Weak access permissions on FTP servers can result in sensitive information getting published unintentionally.

Example search query

intitle: "index of" inurl:ftp

3. To find SSH private keys and decrypt information

Secure Shell private keys decrypt information exchanged in the SSH protocol. These keys should not be shared with anyone -- hence the term private. However, a hacker may use a Google dork to find and exploit the SSH private keys indexed by Google to decrypt and read sensitive information an authorized user would want to protect.

(Video) HakByte: How to find anything on the internet with Google Dorks

Example search query

intitle:index.of id_rsa -id_rsa.pub

4. To find HTTP websites

Attackers can use a Google dork to discover websites or forums using the less secure HTTP protocol.

Example search query

intitle:"index of" inurl:http after:2015

They can also search for websites or specific educational or governmental organizations with the .edu or .gov domain extensions using this query:


(Video) Google Dorks For Penetration Testing

5. To hack into online cameras

Public closed-circuit television cameras are usually plugged in to the internet and are, therefore, a common target of hackers and cybercriminals. With Google dorking, hackers can fetch live camera webpages unrestricted by IP. Sometimes, they may also be able to control the admin panel remotely and even reconfigure the cameras.

Example search query

inurl:top.htm inurl:currenttime

Zoombombing has also become prevalent in the post-COVID-19 world. This is when a hacker disrupts a Zoom meeting using a Google dork query, like the following:

inurl:zoom.us/j and intext:scheduled for

How to prevent Google dork queries

When sensitive information must be protected, it's crucial to prevent dorking. These steps can help:

  1. Implement IP-based restrictions and password authentication to protect private areas.
  2. Encrypt all sensitive information, like user IDs, passwords, email addresses, phone numbers, etc.
  3. Run vulnerability scans to find and disable Google dorks.
  4. Run regular dork queries to discover loopholes and sensitive information before attacks occur.
  5. Request the removal of sensitive content using Google Search Console.
  6. Hide and block sensitive content using the robots.txt file, located in the root-level website directory.

See also: Boolean, search engine results page and organic search results.

(Video) Google Dorking Tutorial | What is Google Dorks & How to Use It? | Mini Course

This was last updated in September 2022

Continue Reading About Google dork query

  • How cyber warfare laws limit risk on a digital battleground
  • MVSP: Will Google's security baseline work?
  • 13 common types of cyber attacks and how to prevent them
  • DOJ report warns of escalating cybercrime, 'blended' threats

Related Terms

FIDO (Fast Identity Online)
FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication. Seecompletedefinition
PCI DSS merchant levels
Payment Card Industry Data Security Standard (PCI DSS) merchant levels rank merchants based on their number of transactions per ... Seecompletedefinition
role-based access control (RBAC)
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an ... Seecompletedefinition


1. Find SQL Injection Vulnerable Website Using Google | Google Dork Method
(Technical XE)
2. How To Track Anyone's Mobile Phone Location + How To Protect Yourself!
3. Google HACKING (use google search to HACK!)
4. How to use Google Dorks for finding SQL injection Vulnerability | Google dorks Sql Injection
5. Google Dorking or Hacking Credit Cards SSN and Passwords with Google
(Programming w/ Professor Sluiter)
6. How to Protect Yourself Online Digital Safety Tools & Strategies Against Abuse
(Best VPN Providers and Web Hosting)
Top Articles
Latest Posts
Article information

Author: Errol Quitzon

Last Updated: 09/06/2023

Views: 6237

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Errol Quitzon

Birthday: 1993-04-02

Address: 70604 Haley Lane, Port Weldonside, TN 99233-0942

Phone: +9665282866296

Job: Product Retail Agent

Hobby: Computer programming, Horseback riding, Hooping, Dance, Ice skating, Backpacking, Rafting

Introduction: My name is Errol Quitzon, I am a fair, cute, fancy, clean, attractive, sparkling, kind person who loves writing and wants to share my knowledge and understanding with you.