高级 Google Dorking 说明:Google 允许搜索什么
1. 重要的防御范围
Google dorking 应作为授权的可见性审查使用。每个查询都应限制在你拥有或被允许测试的资产内,通常从 site:your-domain.example 开始。搜索引擎可用于信息发现测试,但 OWASP 将其视为授权流程中的信息泄漏侦察。
site:your-domain.example
2. 核心 Google 搜索运算符
Google 记录了精确短语、 site: 、 - 排除、 before: 、 after: 和 filetype: 等用法。运算符和搜索词之间不要加空格。
2.1 site:
Basic domain review
site:your-domain.example 目的: 防御用途.
Subdomain review
site:docs.your-domain.example 目的: 防御用途.
Folder/path review
site:your-domain.example/help/ 目的: 防御用途.
防御用途: Hub 所有者可以检查旧帮助页、公开文件、过期指南或注册页面是否仍在 Google 中可见。
2.2 Quotation Marks
Exact phrase search
site:your-domain.example "registration instructions" 目的: 防御用途.
-
site:your-domain.example "user guide" -
site:your-domain.example "terms of service" -
site:your-domain.example "privacy policy" -
site:your-domain.example "archived documentation"
2.3 -
Exclude a word
site:your-domain.example registration -event 目的: 防御用途.
Exclude a subdomain
site:your-domain.example -site:blog.your-domain.example 目的: 防御用途.
Exclude a phrase
site:your-domain.example "user guide" -"version 2026" 目的: 防御用途.
2.4 filetype:
-
site:your-domain.example filetype:pdf -
site:your-domain.example filetype:doc -
site:your-domain.example filetype:docx -
site:your-domain.example filetype:xls -
site:your-domain.example filetype:xlsx -
site:your-domain.example filetype:ppt -
site:your-domain.example filetype:pptx -
site:your-domain.example filetype:zip
3. URL、标题和正文搜索运算符
使用标题、URL 和正文运算符来限定词语出现的位置。它们的行为可能变化,所以应把它们作为研究辅助,而不是绝对控制。
3.1 intitle:
site:your-domain.example intitle:login 目的: 防御用途.
-
site:your-domain.example intitle:help -
site:your-domain.example intitle:archive -
site:your-domain.example intitle:registration -
site:your-domain.example intitle:documentation
3.2 allintitle:
site:your-domain.example allintitle:user guide 目的: 防御用途.
3.3 inurl:
site:your-domain.example inurl:archive 目的: 防御用途.
-
site:your-domain.example inurl:old -
site:your-domain.example inurl:docs -
site:your-domain.example inurl:uploads -
site:your-domain.example inurl:download -
site:your-domain.example inurl:resources
3.4 allinurl:
site:your-domain.example allinurl:old documentation 目的: 防御用途.
3.5 intext:
site:your-domain.example intext:"registration instructions" 目的: 防御用途.
-
site:your-domain.example intext:"support contact" -
site:your-domain.example intext:"updated policy" -
site:your-domain.example intext:"legacy" -
site:your-domain.example intext:"deprecated"
3.6 allintext:
site:your-domain.example allintext:legacy documentation archive 目的: 防御用途.
4. 布尔和分组运算符
使用 OR 、括号、明确的 AND ,有时也使用竖线符号,让复杂查询更容易阅读。
4.1 OR
site:your-domain.example (registration OR signup) 目的: 防御用途.
4.2 Parentheses
site:your-domain.example (guide OR manual) filetype:pdf 目的: 防御用途.
4.3 AND
site:your-domain.example registration AND policy 目的: 防御用途.
4.4 |
site:your-domain.example registration | signup 目的: 防御用途.
5. 基于日期的搜索
在迁移、政策变更、重新设计、事件或部署前后使用 before: 和 after:。
5.1 before:
site:your-domain.example before:2024-01-01 目的: 防御用途.
5.2 after:
site:your-domain.example after:2025-01-01 目的: 防御用途.
5.3 Date range
site:your-domain.example after:2024-01-01 before:2025-01-01 目的: 防御用途.
6. 通配符和近似匹配
星号可以作为短语中未知词语的占位符。
6.1 *
site:your-domain.example "registration * guide" 目的: 防御用途.
6.2 Exact phrase plus wildcard
site:your-domain.example "version * release notes" 目的: 防御用途.
7. 数字范围
数字范围使用两个点,例如 2020..2023。
Version or year range
site:your-domain.example "version" 2020..2023 目的: 防御用途.
Release note range
site:your-domain.example "release notes" 2022..2024 目的: 防御用途.
8. 语言、地区和最近更新过滤器
高级搜索可按语言、地区、最后更新时间、站点/域名、词语出现位置、文件类型和使用权过滤。
| 示例 | 目的 |
|---|---|
| Language filter | Review translated pages. |
| Region filter | Review country or market visibility. |
| Last update filter | Review recently updated results. |
9. 搜索结果类型过滤器
结果类型过滤器可帮助检查公开资源、公告、媒体、支持内容和论坛内容。
| 示例 | 目的 |
|---|---|
| Web | General indexed pages. |
| Images | Screenshots, diagrams, logos, and public images. |
| News | Announcements and public updates. |
| Videos | Tutorials and embedded media pages. |
| Forums | Community and support discussions. |
10. 防御审查的高级组合示例
| 目标 | 安全查询模式 |
|---|---|
| 10.1 Public documentation review | site:your-domain.example (guide OR manual OR documentation) |
| 10.2 Indexed PDF review | site:your-domain.example filetype:pdf |
| 10.3 Old PDF review | site:your-domain.example filetype:pdf (old OR archive OR legacy) |
| 10.4 Upload path review | site:your-domain.example inurl:uploads |
| 10.5 Download path review | site:your-domain.example inurl:download |
| 10.6 Registration content review | site:your-domain.example (registration OR signup OR onboarding) |
| 10.7 Policy review | site:your-domain.example ("privacy policy" OR "terms of service" OR "acceptable use") |
| 10.8 Retired content review | site:your-domain.example (deprecated OR retired OR legacy OR archived) |
| 10.9 Public spreadsheet review | site:your-domain.example (filetype:xls OR filetype:xlsx) |
| 10.10 Recent content review | site:your-domain.example after:2026-01-01 |
| 10.11 Older-than-baseline review | site:your-domain.example before:2023-01-01 |
| 10.12 Current docs excluding old sections | site:your-domain.example documentation -archive -legacy -deprecated |
11. 不太可靠或已变化的运算符
一些旧运算符不可靠、已弃用或已改变。不要依赖 cache: ;请改用 Search Console URL Inspection、日志、CMS 历史或获准的归档工具。
-
related:your-domain.example -
inanchor:"your brand name" -
site:your-domain.example registration AROUND(5) guide
12. 防御审查中 Google 可能揭示的内容
对于自己的域名,Google dorking 可以揭示已索引页面、文档、旧资料、下载、上传、过期页面、需要 noindex 的页面、需要认证的页面、过期政策以及暴露过多文字的摘要。
- Indexed public pages
- Indexed documents
- PDFs, spreadsheets, and presentations
- Old documentation
- Public download pages
- Public upload folders
- Retired or archived pages
- Public help-center content
- Public registration instructions
- Public media files
- Stale pages after migrations
- Pages that should have noindex
- Pages that should require authentication
- Outdated branding, policies, or procedures
- Search snippets exposing more text than expected
13. 安全运算符速查表
| 目标 | 安全查询模式 |
|---|---|
| See indexed pages | site:your-domain.example |
| Find PDFs | site:your-domain.example filetype:pdf |
| Find documents | site:your-domain.example (filetype:doc OR filetype:docx) |
| Find spreadsheets | site:your-domain.example (filetype:xls OR filetype:xlsx) |
| Find presentations | site:your-domain.example (filetype:ppt OR filetype:pptx) |
| Find old content | site:your-domain.example (old OR archive OR legacy) |
| Find content in URLs | site:your-domain.example inurl:archive |
| Find content in titles | site:your-domain.example intitle:documentation |
| Find exact text | site:your-domain.example "registration instructions" |
| Exclude sections | site:your-domain.example -site:blog.your-domain.example |
| Search after date | site:your-domain.example after:2025-01-01 |
| Search before date | site:your-domain.example before:2024-01-01 |
| Search date range | site:your-domain.example after:2024-01-01 before:2025-01-01 |
| Find alternatives | site:your-domain.example (guide OR manual OR documentation) |
14. 如何解释结果
搜索结果只是起点,并不是被入侵的证明。请按发布意图和敏感度分类每个结果。
| 示例 | 处理方式 |
|---|---|
| Intended public content | Public documentation, marketing pages, public policies, event pages, and help articles. |
| Unclear content | Old PDFs, duplicate documents, unlisted downloads, old screenshots, and legacy instructions. |
| Potentially sensitive content | Internal procedures, operational notes, logs, exports, backups, configuration references, or private data. |
15. 防御审查流程
在部署、迁移、备份恢复、文档变更和服务器迁移后执行审查。记录 URL、查询、内容类型、风险、负责人、处理措施、修复日期和验证结果。
- 先用
site:your-domain.example做宽泛检查。 - 检查文件类型:PDF、DOCX、XLSX 和 PPTX。
- 检查旧内容标记:old、archive、legacy 和 deprecated。
- 检查路径:uploads、downloads、docs 和 archive。
- 使用
before:和after:检查时间范围。 - 记录发现、负责人、处理措施、日期和验证结果。
16. 修复原则
先修复源头。如果原始 URL 仍然提供内容,删除搜索结果并不能保护内容。
- Put private content behind authentication.
- Remove sensitive files from public web roots.
- Disable directory listing.
- Use noindex for pages that should be reachable but not indexed.
- Do not use robots.txt as access control.
- Remove old exports, backups, and temporary files.
- Review search results after major deployments.
- Monitor logs for old or unusual paths.
- Request search engine removal only after the source is fixed.
Google 区分阻止索引和控制访问。对于私有内容,应根据情况使用正确删除、密码保护或 noindex。
来源
本文基于 Group-IB、Imperva、CybelAngel、Google Search 帮助、Google Advanced Search 和 OWASP 信息泄漏测试指南中的防御性建议。