Google Dorks

Google Dorks to find Juicy Content

inurl:example.com intitle:"index of" inurl:example.com intitle:"index of /" "*key.pem" inurl:example.com ext:log inurl:example.com intitle:"index of" ext:sql|xls|xml|json|csv inurl:example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git inurl:example.com intitle:"index of" "config.db" inurl:example.com allintext:"API_SECRET*" ext:env | ext:yml inurl:example.com intext:admin ext:sql inurl:admin inurl:example.com allintext:username,password filetype:log site:example.com "-----BEGIN RSA PRIVATE KEY-----" inurl:id_rsa site:*.gov.* "responsible disclosure"

Refrence

Other than Google, Try these dorks on various Search Engines such as Duck Duck Go, Bing etc.

Reports (Hackerone)

Resolved

• Securing "Reset password" pages from bots

• Private Grab Messages on Android App can be accessed and cached by Search Engines

Informative

• Information disclosure through search engines (password reset token)

N/A

• Research papers on yelp are getting indexed by google bots.

Author

• Keshav Malik

• Naveen Prakaasham

• @klaus

• Fani Malik