Generate advanced Google search operators (Dorks) for passive OSINT reconnaissance on a target domain. No direct requests to the target — results are sourced entirely from Google's public index.
Leave empty to generate generic dorks (TARGET_DOMAIN placeholder).
Sensitive Files
.env files
Environment config leaks
site:TARGET_DOMAIN ext:env
.log files
Server & app log files
site:TARGET_DOMAIN ext:log
.conf files
Configuration files
site:TARGET_DOMAIN ext:conf
.sql dumps
Database dump files
site:TARGET_DOMAIN ext:sql
.backup files
Backup archives
site:TARGET_DOMAIN ext:backup OR ext:bak
.key / .pem
Private keys & certs
site:TARGET_DOMAIN ext:key OR ext:pem
Public Documents
PDF files
PDFs with potential metadata
site:TARGET_DOMAIN ext:pdf
Word docs
Microsoft Word documents
site:TARGET_DOMAIN ext:doc OR ext:docx
Excel sheets
Spreadsheets with data
site:TARGET_DOMAIN ext:xls OR ext:xlsx
Presentations
PowerPoint / slide decks
site:TARGET_DOMAIN ext:ppt OR ext:pptx
Text files
Plain text & readme files
site:TARGET_DOMAIN ext:txt OR ext:md
XML / JSON data
Data export / API response files
site:TARGET_DOMAIN ext:xml OR ext:json
Open Directories
Index of /
Open directory listings
site:TARGET_DOMAIN intitle:"index of"
Index of /backup
Open backup directories
site:TARGET_DOMAIN intitle:"index of" backup
Index of /uploads
Open upload directories
site:TARGET_DOMAIN intitle:"index of" uploads
Index of /admin
Open admin directories
site:TARGET_DOMAIN intitle:"index of" admin
Apache listing
Apache server directory listing
site:TARGET_DOMAIN intitle:"index of" "apache"
FTP indexes
FTP-style directory listings
site:TARGET_DOMAIN intitle:"index of" "ftp"
Login & Admin Panels
Admin panels
Generic admin panel URLs
site:TARGET_DOMAIN inurl:admin
Login pages
Login form pages
site:TARGET_DOMAIN inurl:login
WordPress admin
WP admin login page
site:TARGET_DOMAIN inurl:wp-admin
Dashboard
Dashboard & control panels
site:TARGET_DOMAIN inurl:dashboard
cPanel / WHM
Hosting control panel URLs
site:TARGET_DOMAIN inurl:cpanel OR inurl:whm
phpMyAdmin
DB management interfaces
site:TARGET_DOMAIN inurl:phpmyadmin
Server Errors
PHP errors
PHP parse & fatal errors
site:TARGET_DOMAIN "PHP Parse error" OR "PHP Fatal error"
SQL errors
SQL syntax error strings
site:TARGET_DOMAIN "SQL syntax" OR "mysql_fetch"
500 errors
Internal server error pages
site:TARGET_DOMAIN "Internal Server Error"
Django debug
Django debug mode pages
site:TARGET_DOMAIN "Django" "Traceback"
Stack traces
Exception stack trace leaks
site:TARGET_DOMAIN "Exception" "stack trace"
database errors
DB connection error strings
site:TARGET_DOMAIN "database error" OR "DB Error"
Subdomains & Recon
All subdomains
All indexed subdomains
site:*.TARGET_DOMAIN -www
Dev / staging
Development & staging envs
site:TARGET_DOMAIN inurl:dev OR inurl:staging OR inurl:test
API endpoints
Public API endpoint paths
site:TARGET_DOMAIN inurl:api
Pastebin mentions
Domain referenced on Pastebin
site:pastebin.com "TARGET_DOMAIN"
GitHub mentions
Domain referenced on GitHub
site:github.com "TARGET_DOMAIN"
Exposed ports
Shodan-style port references
site:TARGET_DOMAIN inurl:8080 OR inurl:8443 OR inurl:3000
Passive OSINT only. This tool generates Google search URLs — no requests are made directly to the target. Results depend entirely on what Google has indexed. Always ensure you have authorization before using reconnaissance data offensively.
What is the Google Advanced Search Operators (Dorking)?
Google Dorking is the technique of using advanced search operators to find information that is publicly indexed but not easily discoverable through normal browsing. It is a cornerstone of passive OSINT reconnaissance.
How it Works under the hood
Each dork combines standard Google operators: site: (restrict to domain), ext: (filter by file type), intitle: (match page title), inurl: (match URL path). These are concatenated into a Google Search URL and opened in a new tab — zero traffic is sent to your target.
SysAdmin & Security Use Cases
»Finding accidentally exposed .env or .sql files on a target domain.
»Discovering open directory listings that reveal server structure.
»Locating admin panels and login pages for a security audit scope.
»Identifying verbose error pages that leak stack traces or DB info.
»Mapping indexed subdomains and dev/staging environments.