This articlemay incorporate text from alarge language model. It may includehallucinated information,copyright violations, claims notverified in cited sources,original research, orfictitious references. Any such material should beremoved, and content with anunencyclopedic tone should be rewritten.(October 2025) (Learn how and when to remove this message)

Google hacking, also namedGoogle dorking,^[1][2] is a hacker technique that uses Google Search and otherGoogle applications to find security holes in theconfiguration and computer code thatwebsites are using.

Google hacking involves using operators in the Googlesearch engine to locate specific sections of text on websites that are evidence of vulnerabilities, for example specific versions of vulnerableWeb applications. A search query withintitle:admbook intitle:Fversion filetype:php would locate PHP web pages with the strings "admbook" and "Fversion" in their titles, indicating that the PHP based guestbook Admbook is used, an application with a knowncode injection vulnerability. It is normal fordefault installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final", which can be used to search for websites running vulnerable versions.

Devices connected to the Internet can be found. A search string such asinurl:"Mode=" will find public web cameras.

The concept of "Google hacking" dates back to August 2002, when Chris Sullo included the "nikto_google.plugin" in the 1.20 release of theNikto vulnerability scanner.^[3] In December 2002 Johnny Long began to collect Google search queries that uncoveredvulnerable systems and/orsensitive information disclosures – labeling them googleDorks.^[4]

The list of Google Dorks grew into a large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004.^[5][6]

Concepts explored in Google hacking have been extended to othersearch engines, such asBing^[7] andShodan.^[8] Automated attack tools^[9] use custom search dictionaries to findvulnerable systems andsensitive information disclosures in public systems that have been indexed by search engines.^[10] 

Robots.txt is a well known file forsearch engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints (hackers can still search robots.txt for endpoints) which prevents Google bots from crawling sensitive endpoints such as admin panels.

• "Google Hacking: .pdf Document",boris-koch.de (printable, .pdf)
• "Google Help: Cheat Sheet",Google (printable)
• Google Hacking for Penetration - Using Google as a Security Testing Tool, Introduction by Johnny Long
• Search Engine- Google Dorking Search Engine, for newbies.

• Computer security procedures
• Google Search

• Webarchive template wayback links
• Articles with short description
• Short description matches Wikidata
• Articles containing suspected AI-generated texts from October 2025
• Use American English from September 2023
• All Wikipedia articles written in American English
• Use mdy dates from February 2023