📝 Opérateurs de base

site:

site:example.com
site:*.example.com
site:example.com -www

filetype: / ext:

filetype:pdf
filetype:xls
filetype:doc
filetype:ppt
filetype:sql
filetype:log
filetype:bak
filetype:old
ext:php
ext:asp
ext:jsp

intitle:

intitle:"index of"
intitle:"admin panel"
intitle:"login"
intitle:"dashboard"
intitle:"phpMyAdmin"
intitle:"configuration"

inurl:

inurl:admin
inurl:login
inurl:config
inurl:backup
inurl:test
inurl:dev
inurl:staging

intext:

intext:"password"
intext:"username"
intext:"error"
intext:"warning"
intext:"mysql_connect"

allintitle:

allintitle:admin panel login
allintitle:index of private

allinurl:

allinurl:admin login panel

allintext:

allintext:username password email

---

🔍 Recherche de fichiers sensibles

Fichiers de configuration

filetype:env "DB_PASSWORD"
filetype:conf "password"
filetype:config "database"
filetype:ini "password"
filetype:cfg "password"
filetype:xml "password"
filetype:properties "password"

Fichiers de sauvegarde

filetype:bak
filetype:old
filetype:backup
filetype:tmp
site:example.com filetype:sql
site:example.com ext:sql

Logs d'erreur

filetype:log
filetype:err
"error log" filetype:txt
"access denied" filetype:log
intitle:"index of" "error.log"

Fichiers de dump

filetype:sql "INSERT INTO"
filetype:sql "CREATE TABLE"
filetype:dump
intitle:"index of" "database.sql"

---

🔐 Panels d'administration

Panels génériques

intitle:"Admin Panel"
intitle:"Administration"
intitle:"Admin Login"
intitle:"Control Panel"
intitle:"Dashboard"
inurl:admin
inurl:administrator
inurl:wp-admin

Applications spécifiques

intitle:"phpMyAdmin"
intitle:"Adminer"
intitle:"cPanel"
intitle:"Webmin"
intitle:"DirectAdmin"
intitle:"Plesk"
intitle:"Roundcube"
intitle:"SquirrelMail"

Pages de login

inurl:login.php
inurl:signin.php
inurl:auth.php
inurl:admin.php
intitle:"User Login"
intitle:"Please login"
intitle:"Sign in"

---

🌐 Découverte de sous-domaines

Wildcards

site:*.example.com
site:*.*.example.com

Sous-domaines communs

site:admin.example.com
site:test.example.com
site:dev.example.com
site:staging.example.com
site:beta.example.com
site:mail.example.com
site:ftp.example.com
site:api.example.com

Combinaisons

site:example.com inurl:admin
site:example.com intitle:test
site:example.com intitle:dev

---

📁 Directory listing

Index of

intitle:"index of"
intitle:"index of" "parent directory"
intitle:"index of /" +passwd
intitle:"index of /" +password.txt
intitle:"index of /admin"
intitle:"index of /backup"
intitle:"index of /mail"
intitle:"index of /config"

Répertoires sensibles

intitle:"index of" "/.ssh"
intitle:"index of" "/password"
intitle:"index of" "/backup"
intitle:"index of" "/config"
intitle:"index of" "/database"
intitle:"index of" "/uploads"

---

💻 Technologies spécifiques

PHP

filetype:php "mysql_connect"
filetype:php "mysql_query"
inurl:config.php
"PHP Warning" filetype:txt
"PHP Error" filetype:log

ASP.NET

filetype:aspx
"Server Error" "ASP.NET"
ext:config "connectionString"

JavaScript

filetype:js "password"
filetype:js "api_key"
filetype:js "secret"

Python

filetype:py "password"
filetype:py "SECRET_KEY"

---

🔑 Informations sensibles

Mots de passe

filetype:txt "password"
filetype:xls "password"
"username" "password" filetype:xls
"login" "password" filetype:xls
intitle:"passwords" filetype:txt

Clés API

"api_key" filetype:json
"secret_key" filetype:env
"aws_access_key_id"
"mongodb://"
"mysql://"

Emails

"@gmail.com" filetype:xls
"@company.com" filetype:txt
filetype:xls "email"

Numéros de téléphone

filetype:xls "phone"
filetype:csv "telephone"

---

🌍 Recherches par pays/langue

Sites par pays

site:.fr
site:.de
site:.uk
site:.cn
site:.ru
site:.in

Sites gouvernementaux

site:.gov
site:.mil
site:.edu

---

📄 Documents spécifiques

PDF sensibles

filetype:pdf "confidential"
filetype:pdf "internal use"
filetype:pdf "not for distribution"
filetype:pdf site:example.com

Présentations

filetype:ppt "confidential"
filetype:pptx "internal"

Tableurs

filetype:xls "password"
filetype:xlsx "employee"
filetype:csv "username"

---

🔧 Applications web communes

WordPress

inurl:wp-admin
inurl:wp-login
inurl:wp-config.php
"wp-config.php" backup
intitle:"WordPress"

Joomla

inurl:administrator/index.php
"joomla" intitle:"Administration"

Drupal

inurl:user/login
"drupal" intitle:"User account"

Magento

inurl:admin/index/index
"magento" intitle:"Admin"

---

🎯 Recherches OSINT

Réseaux sociaux

site:facebook.com "company name"
site:linkedin.com "company name"
site:twitter.com "company name"
site:instagram.com "company name"

Profils employés

site:linkedin.com "works at company"
site:linkedin.com intitle:"company name"

Code repositories

site:github.com "company name"
site:github.com "password"
site:pastebin.com "company name"

---

⚠️ Vulnérabilités communes

SQL Injection

inurl:index.php?id=
inurl:page.php?id=
inurl:product.php?id=
"mysql_fetch_array()" "error"
"Warning: mysql_"

Directory traversal

inurl:../
inurl:..%2F
"directory traversal"

LFI/RFI

inurl:include.php?file=
inurl:page.php?file=
"Warning: include("

Erreurs communes

"Fatal error" "Call to undefined function"
"Warning: Cannot modify header"
"mysql_connect()" "Access denied"
"ORA-00921: unexpected end of SQL command"

---

🎲 Combinaisons avancées

Operateurs logiques

site:example.com AND filetype:pdf
site:example.com OR site:test.com
site:example.com -www
"admin panel" -demo -example

Wildcards et plages

site:*.example.com
"admin" site:*.com

Recherches temporelles

site:example.com after:2020
site:example.com before:2023

---

🛡️ Contournement et évasion

Éviter la détection

Utiliser des VPN/proxies
Varier les requêtes
Ajouter du délai entre les requêtes
Utiliser différents user-agents

Operateurs alternatifs

cache:example.com
related:example.com
info:example.com

---

📋 Dorks par secteur

Éducation

site:edu filetype:xls "student"
site:edu "grade" filetype:xls
site:edu intitle:"student information"

Gouvernement

site:gov filetype:pdf "classified"
site:gov "employee" filetype:xls
site:mil "personnel" filetype:pdf

Santé

"patient" filetype:xls
"medical record" filetype:pdf
intitle:"patient information"

Finance

"account number" filetype:xls
"credit card" filetype:xls
"bank account" filetype:csv

---

🔍 Outils et automation

Google Hacking Database

• exploit-db.com/google-hacking-database
• Dorks pré-construits par catégorie

Outils automatisés

# GooFuzz
goofuzz -t example.com

# Pagodo
pagodo -d example.com -g dorks.txt

# GoogD0rker
python3 GoogD0rker.py -d example.com

Extensions navigateur

• Google Dorking extension
• DorkSearch
• OSINT Browser Extension

---

💡 Tips et bonnes pratiques

Stratégie progressive

1. Commencer large avec site:target.com
2. Affiner avec filetype: et intitle:
3. Combiner plusieurs opérateurs
4. Vérifier les résultats manuellement

Éthique et légal

• Respecter les robots.txt
• Ne pas surcharger les serveurs
• Signaler les vulnérabilités de manière responsable
• Respecter les lois locales sur la cybersécurité

Limitations

• Google limite les résultats à ~1000 par recherche
• Certains résultats peuvent être filtrés
• Les résultats changent constamment
• Utiliser d'autres moteurs (Bing, DuckDuckGo) pour comparaison