Google Dorking: Advanced Search Techniques for OSINT Investigators

What Is Google Dorking?

Google Dorking (also called Google Hacking) refers to the use of advanced search operators in Google — or other search engines — to find information that standard searches would miss. It's one of the most accessible and powerful OSINT techniques available, requiring no special tools or technical expertise beyond knowing the right syntax.

Despite the dramatic name, Google Dorking is completely legal when used to find publicly accessible information. The same queries can also be used by security professionals to discover unintentionally exposed data within their own organizations.

Core Google Search Operators

Operator	Function	Example
`site:`	Limit results to a specific domain	`site:linkedin.com "John Smith" "New York"`
`filetype:`	Search for specific file types	`filetype:pdf "annual report" site:example.com`
`intitle:`	Page title contains keyword	`intitle:"index of" passwords`
`inurl:`	URL contains keyword	`inurl:admin login`
`intext:`	Page body contains keyword	`intext:"confidential" filetype:xls`
`cache:`	Google's cached version of a page	`cache:example.com`
`link:`	Pages that link to a URL	`link:example.com`

Practical OSINT Use Cases

Finding a Person's Online Presence

Combine site: operators across multiple platforms to build a picture of someone's public digital footprint:

site:linkedin.com "FirstName LastName" "Company Name"
site:twitter.com "FirstName LastName"
"firstname.lastname" site:github.com

Finding Publicly Exposed Documents

Organizations sometimes accidentally expose sensitive documents. This technique is used by security auditors to discover their own exposure:

site:example.com filetype:pdf
site:example.com filetype:xlsx OR filetype:csv

Locating Cached or Deleted Content

When a page has been taken down, Google's cache or the Wayback Machine (archive.org) may still hold a copy. Use cache:url or visit archive.org directly with the target URL.

Combining Operators for Powerful Queries

The real power of dorking comes from combining operators. For example:

site:pastebin.com "john@example.com" — looks for an email in Pastebin dumps
intitle:"login" inurl:"admin" site:targetdomain.com — finds admin login pages
"phone" OR "email" "John Doe" site:yellowpages.com — searches directories

Responsible Use of Google Dorking

Do not use dork queries to access systems you are not authorized to access. Finding an exposed admin panel does not give you permission to enter it.
If conducting security research on your own organization, document your authorization in writing.
Be aware that some aggressive automated dorking may trigger Google's bot detection and temporarily block your IP.

Going Beyond Google

Similar advanced search syntax is available in other search engines. Bing supports many of the same operators, and DuckDuckGo offers site: and filetype: filtering. For indexed device and infrastructure searches, Shodan and Censys offer their own powerful query languages specifically designed for internet-facing assets.