└── Dorking Cheat 1.md


/Dorking Cheat 1.md:
--------------------------------------------------------------------------------
 1 | 🕵️‍♂️ Google Dorks Cheat Sheet for Hidden Paths & Exposed Files
 2 | 
 3 | | **Google Dork** | **What It Finds / Does** |
 4 | |------------------|--------------------------|
 5 | | `inurl:web.config` | Finds exposed ASP.NET configuration files. May contain DB connection strings, secrets. |
 6 | | `intitle:"index of" "web.config"` | Searches for open directory listings containing `web.config`. |
 7 | | `inurl:.htaccess` | Finds exposed `.htaccess` files used by Apache (can reveal rules, paths, restrictions). |
 8 | | `inurl:.htpasswd` | Looks for Apache password files (used with `.htaccess`). May reveal hashed passwords. |
 9 | | `inurl:.env` | Exposes `.env` files—used in Laravel, Node.js, etc. Often includes API keys, DB creds. |
10 | | `ext:bak OR ext:old OR ext:backup inurl:admin` | Finds backup/old files in admin directories (may contain original code/configs). |
11 | | `intitle:"index of" ".git"` | Shows exposed `.git` repositories—can leak full project source code. |
12 | | `intitle:"index of" ".svn"` | Finds exposed Subversion (SVN) version control directories. |
13 | | `filetype:sql "insert into" OR "create table"` | Searches for SQL database dumps, usually from MySQL or PostgreSQL. |
14 | | `filetype:json "mongo" OR "password"` | Finds JSON files with MongoDB configs or other sensitive credentials. |
15 | | `intitle:"index of" "error_log"` | Finds open error log files (can contain paths, errors, user info). |
16 | | `intitle:"phpinfo()" "PHP Version"` | Locates PHP info pages — these expose server config, installed extensions. |
17 | | `intitle:"index of" (config|backup|admin|database)` | Finds open directories with config/backup/admin/database files. |
18 | | `inurl:wp-content/debug.log` | Finds exposed debug logs in WordPress installs — may include stack traces, errors. |
19 | 
20 | 
21 | 📌 Notes:
22 | - You can combine dorks with `site:example.com` to limit results to a specific domain.
23 | - Add `-github.com -stackoverflow.com` to reduce noise.
24 | - These are useful for **bug bounty**, **pentesting**, or **security audits** (with permission!).
25 | 
26 | #sudo
27 | 


--------------------------------------------------------------------------------