Google dorks are advanced search queries that find sensitive files and pages indexed by search engines. Attackers use these before even touching a target.
# Find exposed files on a target domain: site:acmetech.corp filetype:pdf site:acmetech.corp filetype:xlsx site:acmetech.corp filetype:sql site:acmetech.corp filetype:env site:acmetech.corp filetype:config # Find login pages: site:acmetech.corp inurl:login site:acmetech.corp inurl:admin site:acmetech.corp inurl:portal # Find exposed credentials or config: site:github.com "acmetech" password site:github.com "acmetech" secret_key site:pastebin.com "acmetech.corp" # Find internal documentation: site:acmetech.corp inurl:docs site:acmetech.corp "internal use only" site:acmetech.corp "confidential" # Find cameras and devices: intitle:"webcam" site:acmetech.corp inurl:"/viewer/live/index.html" # Find exposed databases: inurl:phpmyadmin site:acmetech.corp inurl:adminer.php site:acmetech.corp
Practice on your own domain or use exploit-db.com/google-hacking-database for 4000+ real dork examples.