Advanced Google Dorking Details: What Google Allows You To Search
1. Important Defensive Scope
Google dorking should be treated as an authorized visibility review. Keep every query scoped to assets you own or have permission to test, usually by starting with site:your-domain.example. Search engines can support information-discovery testing, but OWASP frames this as reconnaissance for information leakage inside an authorized testing process.
site:your-domain.example2. Core Google Search Operators
Google documents exact phrase search, site:, exclusion with -, before:, after:, and filetype:. Operators should not have a space between the operator and the search term.
2.1 site:
Basic domain review
site:your-domain.examplePurpose: Defensive Use.
Subdomain review
site:docs.your-domain.examplePurpose: Defensive Use.
Folder/path review
site:your-domain.example/help/Purpose: Defensive Use.
Defensive Use: Hub owners can check whether old help pages, public files, outdated guides, or registration pages are still visible in Google.
2.2 Quotation Marks
Exact phrase search
site:your-domain.example "registration instructions"Purpose: Defensive Use.
site:your-domain.example "user guide"site:your-domain.example "terms of service"site:your-domain.example "privacy policy"site:your-domain.example "archived documentation"
2.3 -
Exclude a word
site:your-domain.example registration -eventPurpose: Defensive Use.
Exclude a subdomain
site:your-domain.example -site:blog.your-domain.examplePurpose: Defensive Use.
Exclude a phrase
site:your-domain.example "user guide" -"version 2026"Purpose: Defensive Use.
2.4 filetype:
site:your-domain.example filetype:pdfsite:your-domain.example filetype:docsite:your-domain.example filetype:docxsite:your-domain.example filetype:xlssite:your-domain.example filetype:xlsxsite:your-domain.example filetype:pptsite:your-domain.example filetype:pptxsite:your-domain.example filetype:zip
3. URL, Title, And Body Search Operators
Use title, URL, and body operators to narrow where a term appears. Their behavior can change, so treat them as research helpers, not perfect controls.
3.1 intitle:
site:your-domain.example intitle:loginPurpose: Defensive Use.
site:your-domain.example intitle:helpsite:your-domain.example intitle:archivesite:your-domain.example intitle:registrationsite:your-domain.example intitle:documentation
3.2 allintitle:
site:your-domain.example allintitle:user guidePurpose: Defensive Use.
3.3 inurl:
site:your-domain.example inurl:archivePurpose: Defensive Use.
site:your-domain.example inurl:oldsite:your-domain.example inurl:docssite:your-domain.example inurl:uploadssite:your-domain.example inurl:downloadsite:your-domain.example inurl:resources
3.4 allinurl:
site:your-domain.example allinurl:old documentationPurpose: Defensive Use.
3.5 intext:
site:your-domain.example intext:"registration instructions"Purpose: Defensive Use.
site:your-domain.example intext:"support contact"site:your-domain.example intext:"updated policy"site:your-domain.example intext:"legacy"site:your-domain.example intext:"deprecated"
3.6 allintext:
site:your-domain.example allintext:legacy documentation archivePurpose: Defensive Use.
4. Boolean And Grouping Operators
Use OR, parentheses, explicit AND, and sometimes the pipe character to make complex searches readable.
4.1 OR
site:your-domain.example (registration OR signup)Purpose: Defensive Use.
4.2 Parentheses
site:your-domain.example (guide OR manual) filetype:pdfPurpose: Defensive Use.
4.3 AND
site:your-domain.example registration AND policyPurpose: Defensive Use.
4.4 |
site:your-domain.example registration | signupPurpose: Defensive Use.
5. Date-Based Search
Use before: and after: around migrations, policy changes, redesigns, incidents, or deployments.
5.1 before:
site:your-domain.example before:2024-01-01Purpose: Defensive Use.
5.2 after:
site:your-domain.example after:2025-01-01Purpose: Defensive Use.
5.3 Date range
site:your-domain.example after:2024-01-01 before:2025-01-01Purpose: Defensive Use.
6. Wildcards And Approximate Matching
The asterisk can act as a placeholder for unknown words inside phrases.
6.1 *
site:your-domain.example "registration * guide"Purpose: Defensive Use.
6.2 Exact phrase plus wildcard
site:your-domain.example "version * release notes"Purpose: Defensive Use.
7. Numeric Ranges
Number ranges use two periods, such as 2020..2023.
Version or year range
site:your-domain.example "version" 2020..2023Purpose: Defensive Use.
Release note range
site:your-domain.example "release notes" 2022..2024Purpose: Defensive Use.
8. Language, Region, And Last-Update Filters
Advanced Search filters by language, region, last update, site/domain, terms appearing, file type, and usage rights.
| Example | Purpose |
|---|---|
| Language filter | Review translated pages. |
| Region filter | Review country or market visibility. |
| Last update filter | Review recently updated results. |
9. Search Result Type Filters
Result filters help review public assets, announcements, media, support content, and forum content.
| Example | Purpose |
|---|---|
| Web | General indexed pages. |
| Images | Screenshots, diagrams, logos, and public images. |
| News | Announcements and public updates. |
| Videos | Tutorials and embedded media pages. |
| Forums | Community and support discussions. |
10. Advanced Combination Examples For Defensive Reviews
| Goal | Safe Query Pattern |
|---|---|
| 10.1 Public documentation review | site:your-domain.example (guide OR manual OR documentation) |
| 10.2 Indexed PDF review | site:your-domain.example filetype:pdf |
| 10.3 Old PDF review | site:your-domain.example filetype:pdf (old OR archive OR legacy) |
| 10.4 Upload path review | site:your-domain.example inurl:uploads |
| 10.5 Download path review | site:your-domain.example inurl:download |
| 10.6 Registration content review | site:your-domain.example (registration OR signup OR onboarding) |
| 10.7 Policy review | site:your-domain.example ("privacy policy" OR "terms of service" OR "acceptable use") |
| 10.8 Retired content review | site:your-domain.example (deprecated OR retired OR legacy OR archived) |
| 10.9 Public spreadsheet review | site:your-domain.example (filetype:xls OR filetype:xlsx) |
| 10.10 Recent content review | site:your-domain.example after:2026-01-01 |
| 10.11 Older-than-baseline review | site:your-domain.example before:2023-01-01 |
| 10.12 Current docs excluding old sections | site:your-domain.example documentation -archive -legacy -deprecated |
11. Less Reliable Or Changed Operators
Some older operators are unreliable, deprecated, or changed. Do not rely on cache:; use Search Console URL Inspection, logs, CMS history, or approved archives instead.
related:your-domain.exampleinanchor:"your brand name"site:your-domain.example registration AROUND(5) guide
12. What Google Can Reveal During A Defensive Review
For your own domain, Google dorking can reveal indexed pages, documents, old docs, downloads, uploads, stale pages, pages needing noindex, pages needing authentication, outdated policies, and snippets that expose too much text.
- Indexed public pages
- Indexed documents
- PDFs, spreadsheets, and presentations
- Old documentation
- Public download pages
- Public upload folders
- Retired or archived pages
- Public help-center content
- Public registration instructions
- Public media files
- Stale pages after migrations
- Pages that should have noindex
- Pages that should require authentication
- Outdated branding, policies, or procedures
- Search snippets exposing more text than expected
13. Safe Operator Cheat Sheet
| Goal | Safe Query Pattern |
|---|---|
| See indexed pages | site:your-domain.example |
| Find PDFs | site:your-domain.example filetype:pdf |
| Find documents | site:your-domain.example (filetype:doc OR filetype:docx) |
| Find spreadsheets | site:your-domain.example (filetype:xls OR filetype:xlsx) |
| Find presentations | site:your-domain.example (filetype:ppt OR filetype:pptx) |
| Find old content | site:your-domain.example (old OR archive OR legacy) |
| Find content in URLs | site:your-domain.example inurl:archive |
| Find content in titles | site:your-domain.example intitle:documentation |
| Find exact text | site:your-domain.example "registration instructions" |
| Exclude sections | site:your-domain.example -site:blog.your-domain.example |
| Search after date | site:your-domain.example after:2025-01-01 |
| Search before date | site:your-domain.example before:2024-01-01 |
| Search date range | site:your-domain.example after:2024-01-01 before:2025-01-01 |
| Find alternatives | site:your-domain.example (guide OR manual OR documentation) |
14. How To Interpret Results
A result is a starting point, not proof of compromise. Classify each result by intent and sensitivity.
| Example | Action |
|---|---|
| Intended public content | Public documentation, marketing pages, public policies, event pages, and help articles. |
| Unclear content | Old PDFs, duplicate documents, unlisted downloads, old screenshots, and legacy instructions. |
| Potentially sensitive content | Internal procedures, operational notes, logs, exports, backups, configuration references, or private data. |
15. Defensive Review Process
Run reviews after deployments, migrations, backup restores, documentation changes, and server moves. Record URL, query, content type, risk, owner, action, remediation date, and verification result.
- Start broad with
site:your-domain.example. - Check file types: PDF, DOCX, XLSX, and PPTX.
- Check legacy indicators: old, archive, legacy, and deprecated.
- Check paths: uploads, downloads, docs, and archive.
- Check time ranges with
before:andafter:. - Document findings, owners, actions, dates, and verification.
16. Remediation Principles
Fix the source first. Search-result removal does not protect content if the original URL still serves it.
- Put private content behind authentication.
- Remove sensitive files from public web roots.
- Disable directory listing.
- Use noindex for pages that should be reachable but not indexed.
- Do not use robots.txt as access control.
- Remove old exports, backups, and temporary files.
- Review search results after major deployments.
- Monitor logs for old or unusual paths.
- Request search engine removal only after the source is fixed.
Google distinguishes between blocking indexing and controlling access. For private content, use proper removal, password protection, or noindex depending on the situation.
Sources
This article is based on defensive guidance from Group-IB, Imperva, CybelAngel, Google Search help, Google Advanced Search, and OWASP information-leakage testing guidance.