Advanced Security Research Tool

Google Dorks
Explorer

Discover vulnerabilities, exposed data, and security misconfigurations with advanced search queries and automated reconnaissance

Created byxFraylinxFraylin
Credits toExploitDB

Enter single or multiple domains separated by commas • Supports wildcards and subdomains

PHP Parameter Endpoints
1
PHP Parameter Endpoints

Discover PHP endpoints with parameters

site:{domain} ext:php inurl:?
API Surface Mapping
1
API Surface Mapping

Map API endpoints and versions

site:{domain} inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
Sensitive File Discovery
1
Sensitive File Discovery

Find configuration and sensitive files

site:"{domain}" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json
Critical URL Tokens
1
Critical URL Tokens

Locate important URL patterns

inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php site:{domain}
Error Pages & Traces
1
Error Pages & Traces

Find error pages and stack traces

inurl:"error" | intitle:"exception" | intitle:"failure" | intitle:"server at" | inurl:exception | "database error" | "SQL syntax" | "undefined index" | "unhandled exception" | "stack trace" site:{domain}
XSS Parameters
1
XSS Parameters

Identify potential XSS vectors

inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:{domain}
Redirect Parameters
1
Redirect Parameters

Find redirect parameter vulnerabilities

inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:{domain}
SQL Injection Parameters
1
SQL Injection Parameters

Common SQLi parameter patterns

inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:{domain}
SSRF Parameters
1
SSRF Parameters

Server-Side Request Forgery vectors

inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:{domain}
File Inclusion Candidates
1
File Inclusion Candidates

Local and remote file inclusion

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:{domain}
Command Execution
1
Command Execution

Remote command execution parameters

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:{domain}
File Upload Discovery
1
File Upload Discovery

Find file upload functionality

site:{domain} intext:"choose file" | intext:"select file" | intext:"upload PDF"
API Documentation
1
API Documentation

API docs and Swagger endpoints

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer | inurl:redoc | inurl:openapi | intitle:"Swagger UI" site:"{domain}"
Authentication Endpoints
1
Authentication Endpoints

Login and authentication pages

inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:{domain}
Test & Staging Sites
1
Test & Staging Sites

Development and testing environments

inurl:test | inurl:env | inurl:dev | inurl:staging | inurl:sandbox | inurl:debug | inurl:temp | inurl:internal | inurl:demo site:{domain}
Confidential Documents
1
Confidential Documents

Sensitive document discovery

site:{domain} ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx intext:"confidential" | intext:"Not for Public Release" | intext:"internal use only" | intext:"do not distribute"
Personal Data Parameters
1
Personal Data Parameters

URLs containing personal information

inurl:email= | inurl:phone= | inurl:name= | inurl:user= inurl:& site:{domain}
AEM Content Paths
1
AEM Content Paths

Adobe Experience Manager paths

inurl:/content/usergenerated | inurl:/content/dam | inurl:/jcr:content | inurl:/libs/granite | inurl:/etc/clientlibs | inurl:/content/geometrixx | inurl:/bin/wcm | inurl:/crx/de site:{domain}
Vulnerability Reports
1
Vulnerability Reports

Public vulnerability disclosures

site:openbugbounty.org inurl:reports intext:"{domain}"
Community Mentions
1
Community Mentions

Google Groups discussions

site:groups.google.com "{domain}"
Code Snippet Sites
4
Code Snippet Sites

Paste sites and code repositories

site:pastebin.com "{domain}"
site:jsfiddle.net "{domain}"
site:codebeautify.org "{domain}"
site:codepen.io "{domain}"
Cloud Storage Buckets
12
Cloud Storage Buckets

Cloud storage and bucket discovery

site:s3.amazonaws.com "{domain}"
site:blob.core.windows.net "{domain}"
site:googleapis.com "{domain}"
site:drive.google.com "{domain}"
site:dev.azure.com "{domain}"
site:onedrive.live.com "{domain}"
site:digitaloceanspaces.com "{domain}"
site:sharepoint.com "{domain}"
site:s3-external-1.amazonaws.com "{domain}"
site:s3.dualstack.us-east-1.amazonaws.com "{domain}"
site:dropbox.com/s "{domain}"
site:docs.google.com inurl:"/d/" "{domain}"
Package Repositories
1
Package Repositories

Artifactory and package repos

site:jfrog.io "{domain}"
Firebase References
1
Firebase References

Firebase database references

site:firebaseio.com "{domain}"
Bug Bounty Programs
7
Bug Bounty Programs

Bug bounty and disclosure programs

intext:"submit your vulnerability" intitle:"bug bounty"
intitle:"security.txt" inurl:.well-known
site:hackerone.com "{domain}"
site:bugcrowd.com "{domain}"
site:intigriti.com "{domain}"
site:yeswehack.com "{domain}"
"responsible disclosure" site:{domain}
Exposed Credentials
7
Exposed Credentials

Exposed passwords and secrets

filetype:sql "password" site:{domain}
filetype:env "DB_PASSWORD" site:{domain}
site:github.com "{domain}" "API_KEY"
site:github.com "{domain}" "SECRET_KEY"
site:github.com "{domain}" "access_token"
filetype:log "password" site:{domain}
ext:pwd site:{domain}
Configuration Secrets
6
Configuration Secrets

Configuration files with secrets

inurl:config filetype:xml site:{domain}
filetype:yml "database" "password" site:{domain}
ext:properties "password" site:{domain}
ext:ini "password" site:{domain}
ext:conf "password" site:{domain}
ext:cnf "password" site:{domain}
Backup Archives
9
Backup Archives

Backup files and archives

intitle:"index of" "backup" site:{domain}
filetype:bak site:{domain}
filetype:old site:{domain}
filetype:backup site:{domain}
ext:sql site:{domain}
ext:dump site:{domain}
ext:tar.gz site:{domain}
ext:zip site:{domain}
inurl:"backup" site:{domain}
Sensitive Documents
7
Sensitive Documents

Publicly indexed sensitive docs

intitle:"index of" "nda.pdf" site:{domain}
filetype:pdf "confidential" site:{domain}
filetype:pdf "internal use only" site:{domain}
ext:doc "confidential" site:{domain}
ext:docx "confidential" site:{domain}
filetype:xls "confidential" site:{domain}
filetype:xlsx "confidential" site:{domain}
GitHub Leaks
8
GitHub Leaks

GitHub repository leaks

site:github.com "{domain}" "password"
site:github.com "{domain}" "api_key"
site:github.com "{domain}" "secret"
site:github.com "{domain}" "aws_access_key_id"
site:github.com "{domain}" "connectionString"
site:github.com "{domain}" "private_key"
site:github.com "{domain}" "token"
site:github.com "{domain}" "credentials"
Happy hunting! Remember to hack responsibly.

Important Disclaimer

⚠️ For educational and authorized security research only.