Useful Google Dorks for Bug Bounty
Usage Note
Use these with site:target.com and optionally exclude cache.
1. Discovering Exposed Files
intitle:"index of" site:target.comfiletype:log inurl:log site:target.comfiletype:sql inurl:sql site:target.comfiletype:env inurl:.env site:target.com
2. Finding Sensitive Directories
inurl:/phpinfo.php site:target.cominurl:/admin site:target.cominurl:/backup site:target.cominurl:wp- site:target.com
3. Exposed Configuration Files
filetype:config inurl:config site:target.comfiletype:ini inurl:wp-config.php site:target.comfiletype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords
intext:"password" filetype:log site:target.comintext:"username" filetype:log site:target.comfiletype:sql "password" site:target.com
5. Finding Database Files
filetype:sql inurl:db site:target.comfiletype:sql inurl:dump site:target.comfiletype:bak inurl:db site:target.com
6. Exposed Git Repositories
inurl:".git" site:target.cominurl:"/.git/config" site:target.comintitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails
intext:"email" site:target.cominurl:"contact" intext:"@target.com" -www.target.comfiletype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers
intitle:"Apache2 Ubuntu Default Page: It works" site:target.comintitle:"Index of /" "Apache Server" site:target.comintitle:"Welcome to nginx" site:target.com
9. Finding API Keys
filetype:env "DB_PASSWORD" site:target.comintext:"api_key" filetype:env site:target.comintext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files
filetype:bak inurl:backup site:target.comfiletype:zip inurl:backup site:target.comfiletype:tgz inurl:backup site:target.com
Replace target.com with your target domain.
Cache
Shows cached version of a website
cache:example.com
After
Shows results after a specific year (use with site)
after:2019 site:example.comafter:2016 site:example.com
Allintext
Search for specific text in page content
allintext:admin
Allinurl
Search for keywords in URL
allinurl:"password"
Anchor Text
Search for specific anchor text
"Some_Text" filetype:php
Filetype / Ext
Search for specific file types
"python" ext:pdffiletype:pdf "python"
Allinurl (again usage)
allinurl:"login"