loading
Loading content
loading
Also known as Google hacking
Google dorking turns a search engine into a reconnaissance tool by combining advanced operators to find content owners never meant to expose. Operators like site: scope results to one domain, filetype: filters by extension, inurl: and intitle: match URL or page patterns, and quoted strings pin exact phrases. Stacked together, they pull back admin panels, backup files, directory listings, and documents that drifted into the search index.
The technique matters because indexing happens whether or not a team intends it. A misconfigured server, a leaked config file, or a forgotten staging login can sit in search results long after the owner forgot the asset existed. An attacker spends no traffic against the target and still maps usernames, software versions, and exposed endpoints straight from cached pages.
Dorking is a quiet form of OSINT: it queries a third party rather than the target itself, so it leaves no footprint on the victim's logs. It pairs naturally with content discovery, where you probe the live site directly, and with secrets scanning when dorks surface keys or credentials in indexed files.
In a Trickest workflow, you script dork queries across a target's domains, parse the results, and route interesting hits into the rest of the recon pipeline for validation.
Related terms