创建: 2026/07/02 19:41:27 America/Chicago
作者: admin
修改: 2026/07/03 16:24:56 America/Chicago
作者: admin

高级 Google Dorking 说明:Google 允许搜索什么

1. 重要的防御范围

Google dorking 应作为授权的可见性审查使用。每个查询都应限制在你拥有或被允许测试的资产内,通常从 site:your-domain.example 开始。搜索引擎可用于信息发现测试,但 OWASP 将其视为授权流程中的信息泄漏侦察。

 site:your-domain.example 

2. 核心 Google 搜索运算符

Google 记录了精确短语、 site:- 排除、 before:after:filetype: 等用法。运算符和搜索词之间不要加空格。

2.1 site:

Basic domain review
 site:your-domain.example 

目的: 防御用途.

Subdomain review
 site:docs.your-domain.example 

目的: 防御用途.

Folder/path review
 site:your-domain.example/help/ 

目的: 防御用途.

防御用途: Hub 所有者可以检查旧帮助页、公开文件、过期指南或注册页面是否仍在 Google 中可见。

2.2 Quotation Marks

Exact phrase search
 site:your-domain.example "registration instructions" 

目的: 防御用途.

  • site:your-domain.example "user guide"
  • site:your-domain.example "terms of service"
  • site:your-domain.example "privacy policy"
  • site:your-domain.example "archived documentation"

2.3 -

Exclude a word
 site:your-domain.example registration -event 

目的: 防御用途.

Exclude a subdomain
 site:your-domain.example -site:blog.your-domain.example 

目的: 防御用途.

Exclude a phrase
 site:your-domain.example "user guide" -"version 2026" 

目的: 防御用途.

2.4 filetype:

  • site:your-domain.example filetype:pdf
  • site:your-domain.example filetype:doc
  • site:your-domain.example filetype:docx
  • site:your-domain.example filetype:xls
  • site:your-domain.example filetype:xlsx
  • site:your-domain.example filetype:ppt
  • site:your-domain.example filetype:pptx
  • site:your-domain.example filetype:zip

3. URL、标题和正文搜索运算符

使用标题、URL 和正文运算符来限定词语出现的位置。它们的行为可能变化,所以应把它们作为研究辅助,而不是绝对控制。

3.1 intitle:
 site:your-domain.example intitle:login 

目的: 防御用途.

  • site:your-domain.example intitle:help
  • site:your-domain.example intitle:archive
  • site:your-domain.example intitle:registration
  • site:your-domain.example intitle:documentation
3.2 allintitle:
 site:your-domain.example allintitle:user guide 

目的: 防御用途.

3.3 inurl:
 site:your-domain.example inurl:archive 

目的: 防御用途.

  • site:your-domain.example inurl:old
  • site:your-domain.example inurl:docs
  • site:your-domain.example inurl:uploads
  • site:your-domain.example inurl:download
  • site:your-domain.example inurl:resources
3.4 allinurl:
 site:your-domain.example allinurl:old documentation 

目的: 防御用途.

3.5 intext:
 site:your-domain.example intext:"registration instructions" 

目的: 防御用途.

  • site:your-domain.example intext:"support contact"
  • site:your-domain.example intext:"updated policy"
  • site:your-domain.example intext:"legacy"
  • site:your-domain.example intext:"deprecated"
3.6 allintext:
 site:your-domain.example allintext:legacy documentation archive 

目的: 防御用途.

4. 布尔和分组运算符

使用 OR 、括号、明确的 AND ,有时也使用竖线符号,让复杂查询更容易阅读。

4.1 OR
 site:your-domain.example (registration OR signup) 

目的: 防御用途.

4.2 Parentheses
 site:your-domain.example (guide OR manual) filetype:pdf 

目的: 防御用途.

4.3 AND
 site:your-domain.example registration AND policy 

目的: 防御用途.

4.4 |
 site:your-domain.example registration | signup 

目的: 防御用途.

在迁移、政策变更、重新设计、事件或部署前后使用 before:after:

5.1 before:
 site:your-domain.example before:2024-01-01 

目的: 防御用途.

5.2 after:
 site:your-domain.example after:2025-01-01 

目的: 防御用途.

5.3 Date range
 site:your-domain.example after:2024-01-01 before:2025-01-01 

目的: 防御用途.

6. 通配符和近似匹配

星号可以作为短语中未知词语的占位符。

6.1 *
 site:your-domain.example "registration * guide" 

目的: 防御用途.

6.2 Exact phrase plus wildcard
 site:your-domain.example "version * release notes" 

目的: 防御用途.

7. 数字范围

数字范围使用两个点,例如 2020..2023

Version or year range
 site:your-domain.example "version" 2020..2023 

目的: 防御用途.

Release note range
 site:your-domain.example "release notes" 2022..2024 

目的: 防御用途.

8. 语言、地区和最近更新过滤器

高级搜索可按语言、地区、最后更新时间、站点/域名、词语出现位置、文件类型和使用权过滤。

示例目的
Language filterReview translated pages.
Region filterReview country or market visibility.
Last update filterReview recently updated results.

9. 搜索结果类型过滤器

结果类型过滤器可帮助检查公开资源、公告、媒体、支持内容和论坛内容。

示例目的
WebGeneral indexed pages.
ImagesScreenshots, diagrams, logos, and public images.
NewsAnnouncements and public updates.
VideosTutorials and embedded media pages.
ForumsCommunity and support discussions.

10. 防御审查的高级组合示例

目标安全查询模式
10.1 Public documentation review site:your-domain.example (guide OR manual OR documentation)
10.2 Indexed PDF review site:your-domain.example filetype:pdf
10.3 Old PDF review site:your-domain.example filetype:pdf (old OR archive OR legacy)
10.4 Upload path review site:your-domain.example inurl:uploads
10.5 Download path review site:your-domain.example inurl:download
10.6 Registration content review site:your-domain.example (registration OR signup OR onboarding)
10.7 Policy review site:your-domain.example ("privacy policy" OR "terms of service" OR "acceptable use")
10.8 Retired content review site:your-domain.example (deprecated OR retired OR legacy OR archived)
10.9 Public spreadsheet review site:your-domain.example (filetype:xls OR filetype:xlsx)
10.10 Recent content review site:your-domain.example after:2026-01-01
10.11 Older-than-baseline review site:your-domain.example before:2023-01-01
10.12 Current docs excluding old sections site:your-domain.example documentation -archive -legacy -deprecated

11. 不太可靠或已变化的运算符

一些旧运算符不可靠、已弃用或已改变。不要依赖 cache: ;请改用 Search Console URL Inspection、日志、CMS 历史或获准的归档工具。

  • related:your-domain.example
  • inanchor:"your brand name"
  • site:your-domain.example registration AROUND(5) guide

12. 防御审查中 Google 可能揭示的内容

对于自己的域名,Google dorking 可以揭示已索引页面、文档、旧资料、下载、上传、过期页面、需要 noindex 的页面、需要认证的页面、过期政策以及暴露过多文字的摘要。

  1. Indexed public pages
  2. Indexed documents
  3. PDFs, spreadsheets, and presentations
  4. Old documentation
  5. Public download pages
  6. Public upload folders
  7. Retired or archived pages
  8. Public help-center content
  9. Public registration instructions
  10. Public media files
  11. Stale pages after migrations
  12. Pages that should have noindex
  13. Pages that should require authentication
  14. Outdated branding, policies, or procedures
  15. Search snippets exposing more text than expected

13. 安全运算符速查表

目标安全查询模式
See indexed pages site:your-domain.example
Find PDFs site:your-domain.example filetype:pdf
Find documents site:your-domain.example (filetype:doc OR filetype:docx)
Find spreadsheets site:your-domain.example (filetype:xls OR filetype:xlsx)
Find presentations site:your-domain.example (filetype:ppt OR filetype:pptx)
Find old content site:your-domain.example (old OR archive OR legacy)
Find content in URLs site:your-domain.example inurl:archive
Find content in titles site:your-domain.example intitle:documentation
Find exact text site:your-domain.example "registration instructions"
Exclude sections site:your-domain.example -site:blog.your-domain.example
Search after date site:your-domain.example after:2025-01-01
Search before date site:your-domain.example before:2024-01-01
Search date range site:your-domain.example after:2024-01-01 before:2025-01-01
Find alternatives site:your-domain.example (guide OR manual OR documentation)

14. 如何解释结果

搜索结果只是起点,并不是被入侵的证明。请按发布意图和敏感度分类每个结果。

示例处理方式
Intended public contentPublic documentation, marketing pages, public policies, event pages, and help articles.
Unclear contentOld PDFs, duplicate documents, unlisted downloads, old screenshots, and legacy instructions.
Potentially sensitive contentInternal procedures, operational notes, logs, exports, backups, configuration references, or private data.

15. 防御审查流程

在部署、迁移、备份恢复、文档变更和服务器迁移后执行审查。记录 URL、查询、内容类型、风险、负责人、处理措施、修复日期和验证结果。

  1. 先用 site:your-domain.example 做宽泛检查。
  2. 检查文件类型:PDF、DOCX、XLSX 和 PPTX。
  3. 检查旧内容标记:old、archive、legacy 和 deprecated。
  4. 检查路径:uploads、downloads、docs 和 archive。
  5. 使用 before:after: 检查时间范围。
  6. 记录发现、负责人、处理措施、日期和验证结果。

16. 修复原则

先修复源头。如果原始 URL 仍然提供内容,删除搜索结果并不能保护内容。

  1. Put private content behind authentication.
  2. Remove sensitive files from public web roots.
  3. Disable directory listing.
  4. Use noindex for pages that should be reachable but not indexed.
  5. Do not use robots.txt as access control.
  6. Remove old exports, backups, and temporary files.
  7. Review search results after major deployments.
  8. Monitor logs for old or unusual paths.
  9. Request search engine removal only after the source is fixed.

Google 区分阻止索引和控制访问。对于私有内容,应根据情况使用正确删除、密码保护或 noindex

来源

本文基于 Group-IB、Imperva、CybelAngel、Google Search 帮助、Google Advanced Search 和 OWASP 信息泄漏测试指南中的防御性建议。

父页面