Intelligence Dorks
Advanced query capabilities across multiple intelligence platforms (Google, Shodan, GitHub, etc).
Searching with Google. Target domain will be automatically formatted for this engine's syntax.
Exposed Environment Files (.env)
ext:env | inurl:/.env | inurl:/.env.example | inurl:/.env.localGit Config Exposure
inurl:/.git/config | intitle:"Index of /.git"Docker Compose Exposure
inurl:docker-compose.yml | inurl:docker-compose.yamlKubeconfig Exposure
inurl:/.kube/config | inurl:config.json | inurl:admin.confNPM Registry Log (Auth Token)
inurl:.npmrc | intext:"_authToken"Backup Files (Large Archives)
ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup | ext:zip | ext:tar.gz | ext:rar | ext:sql.gzSwagger UI Docs
inurl:/swagger-ui.html | inurl:/api-docs | inurl:/v2/api-docsGraphQL Introspection
inurl:/graphql | inurl:/graphiql | intext:"GraphQL Playground"Apache Server Status
inurl:/server-status | intext:"Apache Status"Spring Boot Actuators
inurl:/actuator/health | inurl:/actuator/env | inurl:/actuator/metricsLaravel Debug Mode
intext:"Whoops! There was an error." intext:"Laravel"Django Debug/Settings
intext:"DisallowedHost" | intext:"DEBUG = True"Rails Web Console
intext:"Rails.application.config.web_console.whitelisted_ips"PHP Info Page
ext:php intitle:phpinfo "PHP Version"S3 Bucket Direct Access
site:s3.amazonaws.com | site:storage.googleapis.com | site:blob.core.windows.netPublicly Exposed Documents
ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csvDirectory Listing
intitle:index.ofConfiguration Files
ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:iniDatabase Files
ext:sql | ext:dbf | ext:mdb | ext:sqliteLog Files
ext:logSubdomain Takeover - Pantheon
site:pantheonsite.io "404 Error"Subdomain Takeover - Tumblr
site:tumblr.com "Whatever you were looking for doesn't currently exist at this address"Subdomain Takeover - Cargo
site:cargocollective.com "404 Not Found"Subdomain Takeover - StatusPage
site:statuspage.io "Better Status Communication"Subdomain Takeover - UserVoice
site:uservoice.com "This UserVoice subdomain is currently available!"Subdomain Takeover - Surge.sh
site:surge.sh "project not found"Subdomain Takeover - Ghost
site:ghost.io "The thing you were looking for is no longer here"Subdomain Takeover - Bitbucket
site:bitbucket.io "Repository not found"