Skip to content
Unlimited Free Scans
NEW: automatically exploit Confluence OGNL injection with Sniper

Google Hacking

Uses advanced search operators (Google Dorks) to find juicy information about target websites.

  Publicly exposed documents
  Directory listing vulnerabilities
  Configuration files exposed
  Database files exposed
  Log files exposed
  Backup and old files
  Login pages
  SQL errors
  PHP errors / warnings
  phpinfo()
  Search Pastebin.com / pasting sites
  Search Github.com and Gitlab.com
  Search Stackoverflow.com
  Signup pages
Free Scan

Need to see the full results?

Unlock the full power and feature of our Google Hacking! Compare pricing plans and discover more tools and features.

Sign up

Sample Report

Here is a Google Hacking sample report:

  • Fast information gathering
  • Fully passive scan, non-instrusive
  • Leverage the power of Google search engine

Download Sample Report

Sample report

Google Hacking - Use Cases

Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Target Reconnaissance

Google Hacking is a powerful reconnaissance method since it basically searches all information indexed by Google about the target websites/domains.

Completely Passive

This scan does not interact in any way with the target website. All the information is obtained directly from Google, without sending any packet to the target.

Advanced Search Operators

The Google Hacking tool uses a combination of advanced Google search operators (Google Dorks) in order to discover potential vulnerabilities and misconfigurations indexed by Google.

Technical Details


About

Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Very often you will find sensitive information or data that is not supposed to be public.

Google has a set of advanced search operators which can be used to find interesting information about a target website or domain.
Our tool aggregates a couple of useful search expressions (Google dorks) that you can use to extract 'juicy' data from Google. More Google dorks can be found here.

Note: Your browser must allow popups.


Parameters

Parameter Description
Target website/domain As the name says, this is your target website or domain for which you are querying Google. When you specify a domain name (ex. adobe.com), Google will return results for all subdomains of adobe.com like repo.adobe.com, get.adobe.com, rmsdemo.adobe.com, etc.


How it works

The Google Hacking tool uses your browser to make requests to Google using specific search expressions (Google dorks) that can find interesting information about the target.