# Google Hacking made easy
https://pentest-tools.com/information-gathering/google-hacking#
# Search for documents on popular clouds
site:drive.google.com <searchterm>
site:dl.dropbox.com <searchterm>
site:s3.amazonaws.com <searchterm>
site:onedrive.live.com <searchterm>
site:cryptome.org <searchterm>
# Admins credentials
intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin"| intext:"root"| intext:"administrator"& intext:"password"| intext:"root"| intext:"admin"| intext:"administrator"# Look for domains indexed by others website
site:bgp.he.net inurl:ndd
site:dnslookup.fr inurl:ndd
# Get information on the internal organization
sites:cadres.apec.fr direction <SOCIETE>
# Financial reports"périmètre de consolisation"|"rapport de référence"|"rapport annuel" filetype:pdf
# When you use the Google Dork: site:*.example.com, NEVER forget to check
site:*.*.example.com
site:*.*.*.example.com
# Google Funny dorks
site:http://trello.com site:*/boards
site:http://trello.com password + admin OR username
# Recon to find sensivite data
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://justpaste.it | site:http://pastebin.com | site:http://jsfiddle.net | site:http://trello.com "$TARGET"# Piwik Anonymous Access
inurl:token_auth inurl:anonymous
Automated Dorks Tools
# GoogD0rker (https://github.com/ZephrFish/GoogD0rker/)
./googD0rker-txt.py -d example.com
# Goohak (https://github.com/1N3/Goohak/# Just run it on a target domain
./goohak domain.com
Pagodo
# Tool to gather dorks information and find potential vulnerable web pages# The first part is the scrapper which will get dorks and save them
python3 ghdb_scraper.py -j -s
# And then the tool to leverage data and try to find vulnerable pages# -d option can be used to target a domain
python3 pagodo.py -d example.com -g dorks.txt -l 50 -s -e 35.0 -j 1.1