Google Dorks for OSINT

Updated: 19 June 2025

In the world of Open-Source Intelligence (OSINT), Google Dorks are a powerful but often underestimated weapon. With just a few well-structured search operators, investigators can uncover publicly available information that’s hidden in plain sight—files, login portals, emails, documents, and even vulnerable servers.

Let’s break down what Google Dorks are, how they work, and how they were used in a real-world investigation that exposed millions of sensitive records. We will also give you copy-paste-ready search strings to supercharge your investigations.

Google Dorks are advanced search queries that use special operators to uncover information hidden in plain sight—things like login portals, public documents, email addresses, and even exposed databases.

Some common operators:

site: – limit search to a specific domain

filetype: – find specific file formats

inurl: – search keywords in URLs

intitle: – search within page titles

intext: – search within body text

These help you dig deep into the indexed corners of the internet that most people never see.

Dow Jones Data Leak via Exposed AWS Bucket

In 2017, security researcher Chris Vickery used OSINT methods (including Google Dorking) to discover an unsecured Amazon S3 bucket that belonged to Dow Jones & Co. Inside? Sensitive data tied to over 2 million individuals, including subscribers and people on government watchlists.

How? By using Google Dorks like:

intitle:"index of" "s3.amazonaws.com"

This search string helped reveal open, publicly indexed cloud storage on Amazon’s servers—storage that should have been locked down.

You can find the full story HERE.

Common Google Dork Syntax (with Examples)

1. Discover Login Portals

inurl:login site:example.com

• Finds login pages on a specific domain.

intitle:"index of" admin

• Reveals directory listings related to admin portals.

2. Locate Sensitive File Types

filetype:pdf site:gov.uk "confidential"

• Searches for PDFs containing the word "confidential" on UK government domains.

filetype:xls inurl:"email.xls"

• Hunts down Excel files that may contain email lists.

3. Find Publicly Available Docs

inurl:/docs/ filetype:pdf

• Locates PDF documents inside “/docs” directories.

intitle:"index of" "financial statements"

• Accesses directories listing financial reports.

4. Identify Vulnerable Webcams or Admin Panels

inurl:"viewerframe?mode=" intitle:"Live View / - AXIS"

• Lists unsecured Axis webcams.

intitle:"phpMyAdmin" "Welcome to phpMyAdmin ***"

• Exposes open phpMyAdmin dashboards.

5. Harvest Email Addresses

site:linkedin.com "@gmail.com"

• Finds public Gmail addresses on LinkedIn profiles.

intext:@example.com

• Scrapes email addresses on public pages.

6. Search for Exposed Cameras

inurl:"/view.shtml" OR inurl:"/video.cgi"

• Finds public IP cameras and CCTV streams.

Real-World OSINT Use Cases

Some Things To Note

Using Google Dorks is not illegal—you’re just searching publicly indexed content. However:

• Do not attempt to log in, alter, or exploit findings.

• Respect robots.txt and terms of service.

• Always operate within the legal boundaries of OSINT.

Bonus: Copy-Paste Cheat Sheet

inurl:.env DB_PASSWORD 

• Search for exposed environment config files

inurl:wp-login.php 

• WordPress login page

inurl:owa site:edu 

• Outlook webmail login

filetype:pdf "confidential" site:.mil 

• Public documents with sensitive keywords

intitle:"index of" "parent directory" site:gov 

• Directory listings

filetype:xls intext:@gmail.com

• Email list leaks

Conclusion

Google Dorking isn’t just for hackers—it’s a valuable tool for OSINT researchers, journalists, and cyber analysts. By learning how to craft precise queries, you can transform Google into a powerful reconnaissance engine.

Start simple, stay legal, and always document your queries. The web is an open book—if you know how to read between the lines.