Overview
The Google Hacking tool uses advanced search operators (Google dorks) to discover exposed sensitive information, misconfigurations, and security issues indexed by search engines.
Google Hacking is a discovery tool: it helps you find publicly indexed information but does not test for vulnerabilities. Since searches are performed directly in your browser, this tool does not add data to your Attack Surface or generate findings.
This tool uses your browser to make requests to Google. Your browser must allow popups for the search results to open.
How it works
Unlike other tools on the platform, Google Hacking doesn’t run a scan on our servers. Instead:
- Enter your target domain
- Click on a search category
- A new browser window opens with the Google search results
- Review the indexed content Google has found
This approach means you’re searching Google directly from your browser, giving you real-time results.
Parameters
| Parameter | Description |
|---|
| Target | Domain name to search for (e.g., example.com). When you specify a domain, Google returns results for all subdomains as well. |
Search categories
The tool provides pre-built search queries organized into categories:
Files and directories
| Category | What it finds |
|---|
| Publicly exposed documents | Word documents, presentations, spreadsheets, CSV files |
| Directory listing vulnerabilities | Open directory indexes (index of) |
| Configuration files exposed | XML, CONF, INI, ENV, YML, JSON, and other config files |
| Database files exposed | SQL dumps, MDB, DBF files |
| Log files exposed | Log files that may contain sensitive data |
| Backup and old files | Files with .bak, .old, .backup extensions |
Authentication pages
| Category | What it finds |
|---|
| Login pages | Admin panels, sign-in forms, authentication endpoints |
| Signup pages | Registration forms |
Errors and debug info
| Category | What it finds |
|---|
| SQL errors | Database error messages that may reveal structure |
| PHP errors / warnings | PHP parse errors and warnings |
| phpinfo() | Exposed PHP configuration pages |
External sources
| Category | What it finds |
|---|
| Search Pastebin.com and pasting sites | Target mentions on paste sites |
| Search Github.com and Gitlab.com | Target references in code repositories |
| Search Stackoverflow.com | Developer questions mentioning the target |
| Search in Wayback Machine | Historical snapshots of the target |
Discovery
| Category | What it finds |
|---|
| Find Subdomains | Subdomains indexed by Google |
| Find Sub-Subdomains | Second-level subdomains |
| Show only IP addresses | IP-based results (opens multiple tabs) |
Run these searches regularly to detect accidentally exposed files before attackers do. New exposures often happen after deployments.
Follow-up actions
After discovering exposed information:
- Check external sources: Don’t just search your own site, check paste sites and code repositories where developers might have accidentally shared credentials
- Use Wayback Machine: Historical snapshots can reveal previously exposed content
- Fingerprint technologies: Use the Website Recon tool on discovered URLs
- Discover hidden files: Use the URL Fuzzer to find files not indexed by Google
- Enumerate subdomains: Use the Subdomain Finder for active subdomain enumeration
