Browse Definitions :

Google dork query

What is a Google dork query?

A Google dork query, sometimes just referred to as a dork, is a search string or custom query that uses advanced search operators to find information not readily available on a website.

Google dorking, also known as Google hacking, can return information difficult to locate through simple search queries. This includes information not intended for public viewing, but that is inadequately protected and can, therefore, be "dorked" by a hacker.

How Google dorking works

Google dorking is a passive attack or hacking method involving the use of a custom query. Hackers use Google to identify websites with security vulnerabilities and/or sensitive information the attacker can use, usually for some malicious purpose.

Around since 2002, dorking usually involves using a search engine as a hacking tool. Google's tremendous web crawling capabilities facilitate dorking. With a Google dork, attackers can access a lot of information they wouldn't be able to get with simple queries. This information includes the following:

  • usernames and passwords
  • email address lists
  • sensitive documents
  • personally identifiable information
  • personally identifiable financial information
  • website vulnerabilities

More often than not, this information is used for many types of illegal activities, including cybercrime, cyberterrorism, industrial espionage, identity theft and cyberstalking. Hackers may also sell this data to other criminals on the dark web for large sums of money

In August 2014, the United States Department of Homeland Security, Federal Bureau of Investigation and National Counterterrorism Center issued a bulletin, warning agencies to guard against Google dorking on their sites. Among the intrusion prevention measures proposed was to conduct Google dorking expeditions using likely attack parameters to discover what type of information an intruder could access.

Network security involves nine key features.

Metadata and Google dork queries

Multiple parameters can be used in a Google dork query to search for files or information on a website or domain. For the website,, this string returns PDF documents with "sensitive but unclassified" anywhere in the text:

"sensitive but unclassified" filetype:pdf

A hacker that gets access to internal documents on a website can potentially also get additional sensitive information. For example, Document metadata often contains more information than the author may be aware of, such as name, revision history, deletions, dates, etc.

An intruder knowledgeable about Google dorking and armed with hacking tools can access sensitive information from metadata fairly easily. That's why it's a good practice to remove all metadata from documents before publishing them on a website. Document sanitization can also ensure that only authorized users can access the intended information.

Common Google dork operators

A search parameter in a Google dork is applied to a search on the search engine. Google has its own query language built in, and hackers use these queries to find sensitive files, track people and discover web vulnerabilities a simple search does not reveal.

Here are some popular search parameters often used in Google dorks.

Operator Function Example


Returns the cached version of a website


Returns a list of all indexed URLs from a website or domain


Returns various kinds of files, depending on the file extension provided



Searches for a specific term in the URL



Returns results whose URL contains all the specified characters



Locates webpages that contain certain characters or strings inside their text

intext:"Google Dork Query"


Searches for an exact anchor text used on any links

inanchor:"cyber attacks"


Shows all sites that contain either or both specified words in the query

hacking | Google dork


Concatenates words to detect pages using more than one specific key

hacking + Google dork


Used to avoid displaying results containing certain words

hacking - dork

Examples of Google dorks

Here are some ways attackers use Google dorks to extract sensitive information from websites via Google.

1. To extract log files

Many kinds of error logs, access logs and application log types are available in the public Hypertext Transfer Protocol (HTTP) space of websites. Attackers can use a Google dork to find these files and any information the site may contain about its PHP version, content management system paths, admin credentials, user credentials, etc.

Example search query

allintext:password filetype:log after:2010

To prevent hackers from using such dorks to access important logs, website owners and admins must properly configure the robots.txt file.

Hackers can use a Google dork to find error and access logs, as well as application logs publicly available in website HTTP spaces.

2. To open and exploit FTP servers

Google indexes both HTTP-based and open File Transfer Protocol servers, which enables attackers to explore public FTP servers. Weak access permissions on FTP servers can result in sensitive information getting published unintentionally.

Example search query

intitle: "index of" inurl:ftp

3. To find SSH private keys and decrypt information

Secure Shell private keys decrypt information exchanged in the SSH protocol. These keys should not be shared with anyone -- hence the term private. However, a hacker may use a Google dork to find and exploit the SSH private keys indexed by Google to decrypt and read sensitive information an authorized user would want to protect.

Example search query

intitle:index.of id_rsa

4. To find HTTP websites

Attackers can use a Google dork to discover websites or forums using the less secure HTTP protocol.

Example search query

intitle:"index of" inurl:http after:2015

They can also search for websites or specific educational or governmental organizations with the .edu or .gov domain extensions using this query:


5. To hack into online cameras

Public closed-circuit television cameras are usually plugged in to the internet and are, therefore, a common target of hackers and cybercriminals. With Google dorking, hackers can fetch live camera webpages unrestricted by IP. Sometimes, they may also be able to control the admin panel remotely and even reconfigure the cameras.

Example search query

inurl:top.htm inurl:currenttime

Zoombombing has also become prevalent in the post-COVID-19 world. This is when a hacker disrupts a Zoom meeting using a Google dork query, like the following: and intext:scheduled for

How to prevent Google dork queries

When sensitive information must be protected, it's crucial to prevent dorking. These steps can help:

  1. Implement IP-based restrictions and password authentication to protect private areas.
  2. Encrypt all sensitive information, like user IDs, passwords, email addresses, phone numbers, etc.
  3. Run vulnerability scans to find and disable Google dorks.
  4. Run regular dork queries to discover loopholes and sensitive information before attacks occur.
  5. Request the removal of sensitive content using Google Search Console.
  6. Hide and block sensitive content using the robots.txt file, located in the root-level website directory.

See also: Boolean, search engine results page and organic search results.

This was last updated in September 2022

Continue Reading About Google dork query

  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...