In this short article, I will list the top favorite Google dorks I have been using on web penetration testing and they got me some awesome results and juicy endpoints.
Google Dorks are very useful in the recon phase. Not only they are good in recon, but they can also retrieve some endpoint that has sensitive information and other vulnerabilities.
The following are my favorite Google Dorks, and they are simple and good for beginners
1) Test for open redirect: This query can be used to find endpoints or subdomains that have a redirection.
site:*site.com inurl: redirect
Note: you can replace the keyword “redirect” with (target, https=, url=, etc..). Afterward, you can take the result of this query and try to change the redirection point to any site as PoC.
2)Directory Listing: Using these queries, you will be able to search and find the source code of the web app.
Index: Index of /wp-admin
intext: “Index of /admin”
3)Error logs: This could retrieve useful information
intext: error filetype: log
It allows you to find error logs that have some quite useful details and can also be reported solely.
For more Dorks, you can find an amazing list on GitHub here: https://gist.github.com/stevenswafford/393c6ec7b5375d5e8cdc