# Google Dorks

#### Google Dorks to find Juicy Content

`inurl:example.com intitle:"index of"`\
`inurl:example.com intitle:"index of /" "*key.pem"`\
`inurl:example.com ext:log`\
`inurl:example.com intitle:"index of" ext:sql|xls|xml|json|csv`\
`inurl:example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git`\
`inurl:example.com intitle:"index of" "config.db"`\
`inurl:example.com allintext:"API_SECRET*" ext:env | ext:yml`\
`inurl:example.com intext:admin ext:sql inurl:admin`\
`inurl:example.com allintext:username,password filetype:log`\
`site:example.com "-----BEGIN RSA PRIVATE KEY-----" inurl:id_rsa`\
`site:*.gov.* "responsible disclosure"`<br>

![t](https://miro.medium.com/max/550/1*N9W6DfGA6wxgKTiywV9aUA.png)<br>

[Refrence](https://blog.usejournal.com/how-recon-helped-samsung-protect-their-production-repositories-of-samsungtv-ecommerce-estores-4c51d6ec4fdd)

**Other than Google, Try these dorks on various Search Engines such as Duck Duck Go, Bing etc.**

### Reports (Hackerone)

#### Resolved

* [Securing "Reset password" pages from bots](https://hackerone.com/reports/43807)
* [Private Grab Messages on Android App can be accessed and cached by Search Engines](https://hackerone.com/reports/221558)

#### Informative

* [Information disclosure through search engines (password reset token)](https://hackerone.com/reports/322988)

#### N/A

* [Research papers on yelp are getting indexed by google bots.](https://hackerone.com/reports/207435)

Author

* [Keshav Malik](https://github.com/KathanP19/HowToHunt/blob/master/Sensitive_Info_Leaks/twitter.com/g0t_rOoT_/README.md)<br>
* [Naveen Prakaasham](https://github.com/KathanP19/HowToHunt/blob/master/Sensitive_Info_Leaks/twitter.com/NPrakaasham/README.md)<br>
* [@klaus](https://twitter.com/klaus_dev)
* [Fani Malik](https://twitter.com/fanimalikhack)