Google Dorks: The Definitive Guide with Examples (2026)
Learn what Google Dorks are and how to use advanced search operators for OSINT: find documents, subdomains, exposed credentials and more â step by step and legally.
Google Dorks are one of the most powerful and accessible OSINT techniques: using advanced search operators you can find documents, subdomains, login panels, emails and exposed files that normal searches never show. In this guide you'll learn the key operators, practical examples and how to apply them legally.
What are Google Dorks?
A Google Dork (also called Google hacking) is a query that combines advanced search operators to filter Google's results with surgical precision. Instead of searching for loose words, you tell the engine exactly where and what kind of content to find.
It's a fundamental technique in any open-source intelligence (OSINT) investigation, security audit or bug-bounty workflow, because it surfaces public information that is indexed but hidden in plain sight.
Essential search operators
| Operator | What it does | Example |
|---|---|---|
site: |
Limits the search to a domain | site:example.com |
inurl: |
Text in the URL | inurl:admin |
intitle: |
Text in the page title | intitle:"index of" |
intext: |
Text in the body | intext:"password" |
filetype: |
File type | filetype:pdf |
cache: |
Google's cached version | cache:example.com |
- |
Excludes a term | osint -site:youtube.com |
"..." |
Exact match | "confidential report" |
* |
Wildcard | site:example.com inurl:*login* |
OR / ` |
` | Alternatives |
Practical Google Dork examples
Find public documents
site:example.com filetype:pdf
site:example.com (filetype:xlsx OR filetype:docx OR filetype:csv)
Discover login panels and directories
site:example.com inurl:(login OR admin OR dashboard)
intitle:"index of" "backup"
Search for emails or contact info
site:example.com intext:"@example.com"
"@example.com" -site:example.com
Track mentions in forums, pastes and networks
"theusername" (site:reddit.com OR site:pastebin.com OR site:github.com)
How to automate Google Dorks
Building every combination by hand is slow. With a dork generator you can enter a target (a domain, email, username or full name) and instantly get dozens of ready-to-run queries grouped by category: social networks, documents, credentials, subdomains and images.
đ§©Dorks GeneratorGenerate custom Google Dork queries to investigate emails, domains, usernames, or names.Open âIt's the fastest way to cover every variant without forgetting an operator.
Best practices and legal aspects
Google Dorks only access public content already indexed by Google â they don't "hack" anything. Even so:
- Don't access systems, panels or files that are clearly not public.
- Never use found credentials or bypass authentication.
- Use the technique for legitimate purposes: authorized audits, bug bounty, research or protecting your own exposure.
- Comply with GDPR and applicable law.
A great defensive exercise is to dork yourself or your company to discover what information is exposed and lock it down before someone else finds it.
Conclusion
Google Dorks turn the world's most-used search engine into a precision investigation tool. By mastering a dozen operators you can find documents, subdomains and exposed data in seconds.
Try the Dorks Generator for free and instantly generate optimized queries for any domain, email or username.
Tools for your investigation
Finds social media profiles for a specific username across hundreds of platforms.
OpenAnalyzes an email to verify its existence, reputation, and online presence.
OpenSearch for leaks of an email, domain, URL, IP, or phone across pastes, leaks, forums, and the darknet with Intelligence X.
OpenTake your investigations to the next level
Upgrade to OSINT UI PRO and unlock advanced searches, bulk analysis and every professional tool in the OSINT ecosystem.