बनाया गया: 2026/07/02 19:41:27 America/Chicago
द्वारा: admin
बदला गया: 2026/07/03 16:24:56 America/Chicago
द्वारा: admin

उन्नत Google Dorking विवरण: Google क्या खोजने देता है

1. महत्वपूर्ण रक्षात्मक सीमा

Google dorking को authorized visibility review की तरह इस्तेमाल करें। हर query को उन्हीं assets तक सीमित रखें जिन्हें आप own करते हैं या test करने की अनुमति रखते हैं, आम तौर पर site:your-domain.example से शुरू करके। Search engines information-discovery testing में मदद करते हैं, लेकिन OWASP इसे authorized process में information leakage reconnaissance मानता है।

 site:your-domain.example 

2. मुख्य Google Search Operators

Google exact phrase, site:, - exclusion, before:, after:, और filetype: document करता है। operator और term के बीच space नहीं होना चाहिए।

2.1 site:

Basic domain review
 site:your-domain.example 

Purpose: Defensive Use.

Subdomain review
 site:docs.your-domain.example 

Purpose: Defensive Use.

Folder/path review
 site:your-domain.example/help/ 

Purpose: Defensive Use.

Defensive Use: Hub owners देख सकते हैं कि old help pages, public files, outdated guides या registration pages अभी भी Google में visible हैं या नहीं।

2.2 Quotation Marks

Exact phrase search
 site:your-domain.example "registration instructions" 

Purpose: Defensive Use.

  • site:your-domain.example "user guide"
  • site:your-domain.example "terms of service"
  • site:your-domain.example "privacy policy"
  • site:your-domain.example "archived documentation"

2.3 -

Exclude a word
 site:your-domain.example registration -event 

Purpose: Defensive Use.

Exclude a subdomain
 site:your-domain.example -site:blog.your-domain.example 

Purpose: Defensive Use.

Exclude a phrase
 site:your-domain.example "user guide" -"version 2026" 

Purpose: Defensive Use.

2.4 filetype:

  • site:your-domain.example filetype:pdf
  • site:your-domain.example filetype:doc
  • site:your-domain.example filetype:docx
  • site:your-domain.example filetype:xls
  • site:your-domain.example filetype:xlsx
  • site:your-domain.example filetype:ppt
  • site:your-domain.example filetype:pptx
  • site:your-domain.example filetype:zip

3. URL, Title और Body Search Operators

Title, URL और body operators से यह सीमित करें कि term कहाँ दिखाई देता है। उनका behavior बदल सकता है, इसलिए उन्हें research helper मानें, perfect control नहीं।

3.1 intitle:
 site:your-domain.example intitle:login 

Purpose: Defensive Use.

  • site:your-domain.example intitle:help
  • site:your-domain.example intitle:archive
  • site:your-domain.example intitle:registration
  • site:your-domain.example intitle:documentation
3.2 allintitle:
 site:your-domain.example allintitle:user guide 

Purpose: Defensive Use.

3.3 inurl:
 site:your-domain.example inurl:archive 

Purpose: Defensive Use.

  • site:your-domain.example inurl:old
  • site:your-domain.example inurl:docs
  • site:your-domain.example inurl:uploads
  • site:your-domain.example inurl:download
  • site:your-domain.example inurl:resources
3.4 allinurl:
 site:your-domain.example allinurl:old documentation 

Purpose: Defensive Use.

3.5 intext:
 site:your-domain.example intext:"registration instructions" 

Purpose: Defensive Use.

  • site:your-domain.example intext:"support contact"
  • site:your-domain.example intext:"updated policy"
  • site:your-domain.example intext:"legacy"
  • site:your-domain.example intext:"deprecated"
3.6 allintext:
 site:your-domain.example allintext:legacy documentation archive 

Purpose: Defensive Use.

4. Boolean और Grouping Operators

OR, parentheses, explicit AND, और कभी pipe character से complex searches readable बनती हैं।

4.1 OR
 site:your-domain.example (registration OR signup) 

Purpose: Defensive Use.

4.2 Parentheses
 site:your-domain.example (guide OR manual) filetype:pdf 

Purpose: Defensive Use.

4.3 AND
 site:your-domain.example registration AND policy 

Purpose: Defensive Use.

4.4 |
 site:your-domain.example registration | signup 

Purpose: Defensive Use.

Migrations, policy changes, redesigns, incidents या deployments के आसपास before: और after: इस्तेमाल करें।

5.1 before:
 site:your-domain.example before:2024-01-01 

Purpose: Defensive Use.

5.2 after:
 site:your-domain.example after:2025-01-01 

Purpose: Defensive Use.

5.3 Date range
 site:your-domain.example after:2024-01-01 before:2025-01-01 

Purpose: Defensive Use.

6. Wildcards और Approximate Matching

Asterisk phrases के अंदर unknown words का placeholder बन सकता है।

6.1 *
 site:your-domain.example "registration * guide" 

Purpose: Defensive Use.

6.2 Exact phrase plus wildcard
 site:your-domain.example "version * release notes" 

Purpose: Defensive Use.

7. Numeric Ranges

Numeric ranges दो periods इस्तेमाल करते हैं, जैसे 2020..2023

Version or year range
 site:your-domain.example "version" 2020..2023 

Purpose: Defensive Use.

Release note range
 site:your-domain.example "release notes" 2022..2024 

Purpose: Defensive Use.

8. Language, Region और Last-Update Filters

Advanced Search language, region, last update, site/domain, terms location, file type, और usage rights से filter करता है।

ExamplePurpose
Language filterReview translated pages.
Region filterReview country or market visibility.
Last update filterReview recently updated results.

9. Search Result Type Filters

Result filters public assets, announcements, media, support content और forums review करने में मदद करते हैं।

ExamplePurpose
WebGeneral indexed pages.
ImagesScreenshots, diagrams, logos, and public images.
NewsAnnouncements and public updates.
VideosTutorials and embedded media pages.
ForumsCommunity and support discussions.

10. Defensive Reviews के Advanced Combination Examples

GoalSafe Query Pattern
10.1 Public documentation review site:your-domain.example (guide OR manual OR documentation)
10.2 Indexed PDF review site:your-domain.example filetype:pdf
10.3 Old PDF review site:your-domain.example filetype:pdf (old OR archive OR legacy)
10.4 Upload path review site:your-domain.example inurl:uploads
10.5 Download path review site:your-domain.example inurl:download
10.6 Registration content review site:your-domain.example (registration OR signup OR onboarding)
10.7 Policy review site:your-domain.example ("privacy policy" OR "terms of service" OR "acceptable use")
10.8 Retired content review site:your-domain.example (deprecated OR retired OR legacy OR archived)
10.9 Public spreadsheet review site:your-domain.example (filetype:xls OR filetype:xlsx)
10.10 Recent content review site:your-domain.example after:2026-01-01
10.11 Older-than-baseline review site:your-domain.example before:2023-01-01
10.12 Current docs excluding old sections site:your-domain.example documentation -archive -legacy -deprecated

11. कम भरोसेमंद या बदले हुए Operators

कुछ पुराने operators unreliable, deprecated या changed हैं। cache: पर depend न करें; Search Console URL Inspection, logs, CMS history या approved archives इस्तेमाल करें।

  • related:your-domain.example
  • inanchor:"your brand name"
  • site:your-domain.example registration AROUND(5) guide

12. Defensive Review में Google क्या दिखा सकता है

अपने domain के लिए Google dorking indexed pages, documents, old docs, downloads, uploads, stale pages, noindex/authentication वाले pages, outdated policies और बहुत text दिखाने वाले snippets reveal कर सकता है।

  1. Indexed public pages
  2. Indexed documents
  3. PDFs, spreadsheets, and presentations
  4. Old documentation
  5. Public download pages
  6. Public upload folders
  7. Retired or archived pages
  8. Public help-center content
  9. Public registration instructions
  10. Public media files
  11. Stale pages after migrations
  12. Pages that should have noindex
  13. Pages that should require authentication
  14. Outdated branding, policies, or procedures
  15. Search snippets exposing more text than expected

13. Safe Operator Cheat Sheet

GoalSafe Query Pattern
See indexed pages site:your-domain.example
Find PDFs site:your-domain.example filetype:pdf
Find documents site:your-domain.example (filetype:doc OR filetype:docx)
Find spreadsheets site:your-domain.example (filetype:xls OR filetype:xlsx)
Find presentations site:your-domain.example (filetype:ppt OR filetype:pptx)
Find old content site:your-domain.example (old OR archive OR legacy)
Find content in URLs site:your-domain.example inurl:archive
Find content in titles site:your-domain.example intitle:documentation
Find exact text site:your-domain.example "registration instructions"
Exclude sections site:your-domain.example -site:blog.your-domain.example
Search after date site:your-domain.example after:2025-01-01
Search before date site:your-domain.example before:2024-01-01
Search date range site:your-domain.example after:2024-01-01 before:2025-01-01
Find alternatives site:your-domain.example (guide OR manual OR documentation)

14. Results को कैसे समझें

Result starting point है, compromise का proof नहीं। हर result को intent और sensitivity के हिसाब से classify करें।

ExampleAction
Intended public contentPublic documentation, marketing pages, public policies, event pages, and help articles.
Unclear contentOld PDFs, duplicate documents, unlisted downloads, old screenshots, and legacy instructions.
Potentially sensitive contentInternal procedures, operational notes, logs, exports, backups, configuration references, or private data.

15. Defensive Review Process

Deployments, migrations, backup restores, documentation changes और server moves के बाद reviews चलाएँ। URL, query, content type, risk, owner, action, remediation date और verification result record करें।

  1. site:your-domain.example से broad review शुरू करें।
  2. File types check करें: PDF, DOCX, XLSX और PPTX।
  3. Legacy indicators check करें: old, archive, legacy और deprecated।
  4. Paths check करें: uploads, downloads, docs और archive।
  5. before: और after: से time ranges check करें।
  6. Findings, owners, actions, dates और verification document करें।

16. Remediation Principles

पहले source fix करें। Search-result removal content को protect नहीं करता अगर original URL अभी भी serve कर रहा है।

  1. Put private content behind authentication.
  2. Remove sensitive files from public web roots.
  3. Disable directory listing.
  4. Use noindex for pages that should be reachable but not indexed.
  5. Do not use robots.txt as access control.
  6. Remove old exports, backups, and temporary files.
  7. Review search results after major deployments.
  8. Monitor logs for old or unusual paths.
  9. Request search engine removal only after the source is fixed.

Google indexing block करने और access control में फर्क करता है। Private content के लिए proper removal, password protection या noindex इस्तेमाल करें।

Sources

यह article Group-IB, Imperva, CybelAngel, Google Search help, Google Advanced Search और OWASP information-leakage testing guidance पर आधारित है।

मूल पृष्ठ