My Top fav Google Dorks for web security testing

NoorHomaid
2 min readJul 9, 2023

--

Hello folks
In this short article, I will list the top favorite Google dorks I have been using on web penetration testing and they got me some awesome results and juicy endpoints.

Introduction

Google Dorks are very useful in the recon phase. Not only they are good in recon, but they can also retrieve some endpoint that has sensitive information and other vulnerabilities.

The following are my favorite Google Dorks, and they are simple and good for beginners

1) Test for open redirect: This query can be used to find endpoints or subdomains that have a redirection.

site:*site.com inurl: redirect

Note: you can replace the keyword “redirect” with (target, https=, url=, etc..). Afterward, you can take the result of this query and try to change the redirection point to any site as PoC.

2)Directory Listing: Using these queries, you will be able to search and find the source code of the web app.
Index: Index of /wp-admin
intext: “Index of /admin”

The result of the query I have used recently on a real target and I was able to view source codes of the web app.

3)Error logs: This could retrieve useful information
intext: error filetype: log
It allows you to find error logs that have some quite useful details and can also be reported solely.

For more Dorks, you can find an amazing list on GitHub here: https://gist.github.com/stevenswafford/393c6ec7b5375d5e8cdc

Happy hacking!

--

--