Google will search for interesting information and potential vulnerabilities in this domain.

Sample domain: att.com


About this tool

Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.

Google has a set of advanced search operators which can be used to find interesting information about a target website or domain. Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.

Note: Your browser must allow popups


Parameters

  • Target website / domain: as the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like: repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.

How it works

This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.

Google Hacking - Sample Report
×