> ## Documentation Index
> Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Google Hacking

> Find exposed data and security issues using Google dorks

## Overview

The Google Hacking tool uses advanced search operators (Google dorks) to discover exposed sensitive information, misconfigurations, and security issues indexed by search engines.

Google Hacking is a **discovery tool**: it helps you find publicly indexed information but does not test for vulnerabilities. Since searches are performed directly in your browser, this tool does not add data to your [Attack Surface](/capabilities/attack-surface) or generate [findings](/core/findings/findings).

<Note>
  This tool uses your browser to make requests to Google. Your browser must allow popups for the search results to open.
</Note>

## How it works

Unlike other tools on the platform, Google Hacking doesn't run a scan on our servers. Instead:

1. Enter your target domain
2. Click on a search category
3. A new browser window opens with the Google search results
4. Review the indexed content Google has found

This approach means you're searching Google directly from your browser, giving you real-time results.

## Parameters

| Parameter | Description                                                                                                                    |
| --------- | ------------------------------------------------------------------------------------------------------------------------------ |
| Target    | Domain name to search for (e.g., `example.com`). When you specify a domain, Google returns results for all subdomains as well. |

## Search categories

The tool provides pre-built search queries organized into categories:

### Files and directories

| Category                              | What it finds                                          |
| ------------------------------------- | ------------------------------------------------------ |
| **Publicly exposed documents**        | Word documents, presentations, spreadsheets, CSV files |
| **Directory listing vulnerabilities** | Open directory indexes (`index of`)                    |
| **Configuration files exposed**       | XML, CONF, INI, ENV, YML, JSON, and other config files |
| **Database files exposed**            | SQL dumps, MDB, DBF files                              |
| **Log files exposed**                 | Log files that may contain sensitive data              |
| **Backup and old files**              | Files with .bak, .old, .backup extensions              |

### Authentication pages

| Category         | What it finds                                         |
| ---------------- | ----------------------------------------------------- |
| **Login pages**  | Admin panels, sign-in forms, authentication endpoints |
| **Signup pages** | Registration forms                                    |

### Errors and debug info

| Category                  | What it finds                                     |
| ------------------------- | ------------------------------------------------- |
| **SQL errors**            | Database error messages that may reveal structure |
| **PHP errors / warnings** | PHP parse errors and warnings                     |
| **phpinfo()**             | Exposed PHP configuration pages                   |

### External sources

| Category                                  | What it finds                             |
| ----------------------------------------- | ----------------------------------------- |
| **Search Pastebin.com and pasting sites** | Target mentions on paste sites            |
| **Search Github.com and Gitlab.com**      | Target references in code repositories    |
| **Search Stackoverflow\.com**             | Developer questions mentioning the target |
| **Search in Wayback Machine**             | Historical snapshots of the target        |

### Discovery

| Category                   | What it finds                          |
| -------------------------- | -------------------------------------- |
| **Find Subdomains**        | Subdomains indexed by Google           |
| **Find Sub-Subdomains**    | Second-level subdomains                |
| **Show only IP addresses** | IP-based results (opens multiple tabs) |

<Tip>
  Run these searches regularly to detect accidentally exposed files before attackers do. New exposures often happen after deployments.
</Tip>

## Follow-up actions

After discovering exposed information:

1. **Check external sources**: Don't just search your own site, check paste sites and code repositories where developers might have accidentally shared credentials
2. **Use Wayback Machine**: Historical snapshots can reveal previously exposed content
3. **Fingerprint technologies**: Use the [Website Recon](/tools/website-recon) tool on discovered URLs
4. **Discover hidden files**: Use the [URL Fuzzer](/tools/url-fuzzer) to find files not indexed by Google
5. **Enumerate subdomains**: Use the [Subdomain Finder](/tools/subdomain-finder) for active subdomain enumeration
