# Dorks

Here is a list of most used dorks by me

### Usernames & Passwords <a href="#ca07" id="ca07"></a>

```bash
site:example.com intext:"username" intext:"password" -git
site:example.com filetype:txt OR filetype:log "username" OR "password"
site:example.com inurl:admin OR inurl:login OR inurl:portal
site:pastebin.com "password" OR "login" OR "credentials"
```

### Hardcoded Credentials in Configuration Files <a href="#a768" id="a768"></a>

```shellscript
site:example.com filetype:env "DB_PASSWORD=" OR "DB_USER="
site:example.com filetype:json "AWS_ACCESS_KEY_ID=" OR "AWS_SECRET_ACCESS_KEY="
site:example.com filetype:config "password=" OR "apikey="
```

### Exposed SSH Keys & Private Keys <a href="#d2d8" id="d2d8"></a>

```shellscript
site:example.com filetype:pem OR filetype:key "BEGIN RSA PRIVATE KEY"
site:example.com "BEGIN OPENSSH PRIVATE KEY"
```

### Leaked Internal Documents <a href="#id-45d4" id="id-45d4"></a>

```shellscript
site:example.com filetype:pdf OR filetype:doc OR filetype:xls "confidential" OR "internal use only"
site:example.com filetype:xls OR filetype:csv "employee salary" OR "payroll"
site:example.com filetype:docx "restricted" OR "not for public release"
```

### Exposed Source Code Containing Secrets <a href="#id-27c7" id="id-27c7"></a>

```shellscript
site:example.com filetype:php OR filetype:js OR filetype:env "DB_PASSWORD="
site:example.com intitle:"index of" "config.php"
site:github.com "password" OR "api_key" OR "secret_key"
```

### Banking & Credit Card Data <a href="#id-2741" id="id-2741"></a>

```shellscript
site:example.com intext:"credit card number" OR "CVV" OR "Visa" OR "MasterCard"
site:example.com intext:"bank account number" OR "routing number"
site:example.com filetype:xls OR filetype:csv "financial report"
```

### Sensitive Logs & Backup Files <a href="#id-05e6" id="id-05e6"></a>

```shellscript
site:example.com filetype:log OR filetype:txt "error log" OR "debug log"
site:example.com intitle:"index of" "backup"
site:example.com filetype:sql "database dump" OR "backup"
```

### Cloud & API Keys Exposure <a href="#b575" id="b575"></a>

```shellscript
site:example.com filetype:json "google_api_key=" OR "firebase_api_key="
site:github.com "api_key" OR "access_token" OR "client_secret"
```

### Open Directory Listings <a href="#id-585d" id="id-585d"></a>

```shellscript
site:example.com intitle:"index of" "parent directory"
site:example.com intitle:"index of" "private" OR "confidential"
site:example.com intitle:"index of" "backup" OR "database"
```

### Exposed Admin Panels & Dashboards <a href="#id-2634" id="id-2634"></a>

```shellscript
site:example.com inurl:admin OR inurl:dashboard OR inurl:secure
site:example.com "admin panel" OR "restricted access"
```

### Sensitive Emails & Contact Information <a href="#id-4b4f" id="id-4b4f"></a>

```shellscript
site:example.com intext:"internal use only" OR "do not distribute"
site:example.com intext:"classified" OR "sensitive information"
site:example.com "employee email" OR "staff contact"
```

### Exposed `.git` Repositories <a href="#cdfa" id="cdfa"></a>

```shellscript
inurl:"/.git" example.com -github
```

### Backup Files <a href="#f7dc" id="f7dc"></a>

```shellscript
site:example.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
```

### Exposed Documents <a href="#id-2ed6" id="id-2ed6"></a>

```shellscript
site:example.com ext:doc | ext:docx | ext:pdf | ext:xls | ext:xlsx | ext:csv | ext:sql | ext:txt | ext:conf | ext:key | ext:crt | ext:pfx | ext:py | ext:html | ext:sh
```

### Confidential or Internal-Use Documents <a href="#fb72" id="fb72"></a>

```shellscript
inurl:example.com "not for distribution" | confidential | "employee only" | proprietary | "top secret" | internal | private filetype:xls OR filetype:csv OR filetype:pdf
```

### Configuration Files <a href="#id-61e1" id="id-61e1"></a>

```shellscript
site:example.com ext:xml | ext:conf | ext:ini | ext:cfg | ext:env | ext:rdp | ext:reg
```

### &#x20;Database Files <a href="#id-04dc" id="id-04dc"></a>

```shellscript
site:example.com ext:sql | ext:mdb | ext:dbf
```

### Other Sensitive Stuff <a href="#id-614c" id="id-614c"></a>

```shellscript
site:example.com intitle:"index of" | ext:log | ext:swf | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini

```

### SQL Errors <a href="#d3fb" id="d3fb"></a>

```shellscript
site:example.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()"
```

### Finding Login Panels <a href="#id-2465" id="id-2465"></a>

```shellscript
site:target.com intext:"login" | intitle:"login" | inurl:"login" | intext:"username" | intitle:"username" | inurl:"username" | intext:"password" | intitle:"password" | inurl:"password"
```

### Finding API docs <a href="#id-24ee" id="id-24ee"></a>

```shellscript
inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"target.com"
```

### Finding API Endpoints <a href="#b343" id="b343"></a>

```shellscript
 site:target.com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
```

### Third party dorking

```shellscript
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://justpaste.it | site:http://pastebin.com | site:http://jsfiddle.net | site:http://trello.com | site:*.atlassian.net | site:bitbucket.org "target.com"
```

### Google slides

```shellscript
site:*.target.com intext:"docs.google.com/presentation/d"
```

### Google docs

```shellscript
site:*.target.com intext:"docs.google.com/document/"
```

### Google Spreadsheets

```shellscript
site:*.target.com intext:"docs.google.com/spreadsheets"
```

### Google Drive

```shellscript
site:*.target.com intext:"drive.google.com/drive/"
```