Authorized search-engine reconnaissance

Dork Explorer

Phase 2 turns Dork Explorer into a stronger recon workbench with richer query briefings, a more flexible builder, and a reporting studio that converts saved checks into a client-ready review snapshot.

Educational and authorized use only. Use these workflows only on assets you own or are explicitly permitted to assess.
Library Size 30
Categories 18
High Risk Queries 22
Visible Results 30

What this section does

Browse the dork library by keyword, category, and risk level, then move the useful queries into your workspace instead of losing them after one click.

How to use it

Choose an engine, optionally add your target domain, and then launch, copy, or save dorks. Domain scoping prepends site:yourdomain.com to the visible query.

What visitors get

Visitors get reusable search patterns, attack context, defensive guidance, workspace saving, and a smoother path into exposure reviews, document hunts, secret discovery, and portal checks.

30 results shown.

Exposed Backup Directories high

Backups & Archives

intitle:"index of" backup
Briefing
Impact

Backup directories often contain full copies of sensitive systems.

Attack Scenario

An attacker downloads historical backups for offline analysis.

Defensive Guidance

Disable directory listing and secure backup locations.

Exposed Email Configuration critical

Secrets & Tokens

"SMTP_PASSWORD" | "MAIL_PASSWORD"
Briefing
Impact

Email credentials can be abused for phishing or spam campaigns.

Attack Scenario

An attacker uses leaked SMTP credentials to send malicious emails.

Defensive Guidance

Rotate mail credentials and secure configuration files.

Exposed VPN Configuration Files high

Network Security

filetype:ovpn
Briefing
Impact

VPN configuration files may enable unauthorized network access.

Attack Scenario

An attacker imports VPN configs to attempt network connections.

Defensive Guidance

Protect VPN configs and revoke exposed credentials.

Exposed .gitignore Files low

Source Code Management

filetype:gitignore
Briefing
Impact

.gitignore files reveal ignored files and project structure.

Attack Scenario

An attacker uses ignored paths to infer sensitive files.

Defensive Guidance

Avoid exposing repository metadata publicly.

Exposed Kubernetes Dashboards critical

Cloud & Containers

intitle:"Kubernetes Dashboard"
Briefing
Impact

Kubernetes dashboards allow full cluster visibility and control.

Attack Scenario

An attacker gains access to workloads and secrets via the dashboard.

Defensive Guidance

Disable public dashboards and enforce RBAC and authentication.

Exposed Monitoring Endpoints medium

Monitoring & Observability

inurl:metrics | inurl:prometheus
Briefing
Impact

Monitoring endpoints may expose system metrics and internal architecture.

Attack Scenario

An attacker analyzes metrics to understand system capacity and weak points.

Defensive Guidance

Protect monitoring endpoints with authentication and network controls.

Exposed CI/CD Configuration Files high

DevOps

filetype:yml ".gitlab-ci" | filetype:yaml "pipeline"
Briefing
Impact

CI/CD configs reveal build steps, secrets usage, and deployment logic.

Attack Scenario

An attacker abuses CI/CD knowledge to target build pipelines.

Defensive Guidance

Restrict access to CI/CD configuration files and audit pipelines.

Hardcoded Credentials in Code critical

Secrets & Tokens

"username" "password" filetype:js
Briefing
Impact

Hardcoded credentials enable direct system compromise.

Attack Scenario

An attacker extracts credentials from client-side or server-side code.

Defensive Guidance

Remove credentials from code and use secure secret management.

Exposed Cloud Configuration Files high

Cloud Misconfiguration

filetype:yml | filetype:yaml "aws"
Briefing
Impact

Cloud configuration files may contain infrastructure details or credentials.

Attack Scenario

An attacker uses exposed configs to map or access cloud resources.

Defensive Guidance

Keep infrastructure-as-code files private and rotate exposed secrets.

Exposed API Documentation medium

APIs

inurl:swagger | inurl:api-docs | inurl:openapi
Briefing
Impact

Public API documentation may expose endpoints, parameters, and internal logic.

Attack Scenario

An attacker studies API documentation to craft targeted requests.

Defensive Guidance

Restrict API documentation to authenticated users and non-production environments.

Grafana Dashboards high

DevOps

intitle:"Grafana"
Briefing
Impact

Grafana exposure reveals metrics and systems.

Attack Scenario

An attacker monitors infrastructure.

Defensive Guidance

Secure dashboards behind authentication.

Kibana Dashboards high

DevOps

intitle:"Kibana"
Briefing
Impact

Kibana may expose logs and sensitive data.

Attack Scenario

An attacker views sensitive logs.

Defensive Guidance

Restrict Kibana access.

Jenkins Dashboards critical

DevOps

intitle:"Dashboard [Jenkins]"
Briefing
Impact

Jenkins exposure allows CI/CD compromise.

Attack Scenario

An attacker abuses Jenkins pipelines.

Defensive Guidance

Secure Jenkins with auth and network controls.

phpMyAdmin Interfaces critical

Databases

inurl:phpmyadmin
Briefing
Impact

Database management panels allow direct DB access.

Attack Scenario

An attacker targets exposed DB admin panels.

Defensive Guidance

Restrict access and enforce authentication.

Internal Documents medium

Documents

filetype:pdf | filetype:docx | filetype:xlsx
Briefing
Impact

Documents may contain sensitive internal data.

Attack Scenario

An attacker downloads internal documents.

Defensive Guidance

Restrict document access and sanitize content.

Robots.txt Discovery low

Reconnaissance

filetype:txt robots
Briefing
Impact

Robots.txt may reveal sensitive paths.

Attack Scenario

An attacker inspects disallowed paths.

Defensive Guidance

Avoid listing sensitive directories.

Staging & Test Environments high

Staging, Dev & Test Environments

inurl:staging | inurl:test
Briefing
Impact

Staging environments often lack proper security.

Attack Scenario

An attacker targets weaker non-prod systems.

Defensive Guidance

Secure non-production environments.

Debug Pages high

Staging, Dev & Test Environments

inurl:/debug intitle:"Debug"
Briefing
Impact

Debug pages expose stack traces and internals.

Attack Scenario

An attacker uses debug output to understand the app.

Defensive Guidance

Disable debug endpoints in production.

Source Code Disclosure medium

Source Code

filetype:php | filetype:js
Briefing
Impact

Source code reveals business logic and vulnerabilities.

Attack Scenario

An attacker analyzes exposed code.

Defensive Guidance

Remove source files from public directories.

API Key Exposure critical

Secrets & Tokens

"api_key" | "apikey"
Briefing
Impact

Leaked API keys enable unauthorized service access.

Attack Scenario

An attacker abuses exposed API keys.

Defensive Guidance

Rotate keys and enforce usage restrictions.

Password Disclosure critical

Information Disclosure

"password"
Briefing
Impact

Plaintext passwords may be exposed in files or pages.

Attack Scenario

An attacker finds leaked credentials.

Defensive Guidance

Remove secrets from content and rotate credentials.

Log File Disclosure medium

Information Disclosure

filetype:log
Briefing
Impact

Logs reveal errors, paths, and sensitive operations.

Attack Scenario

An attacker analyzes logs to identify weaknesses.

Defensive Guidance

Restrict log access and sanitize sensitive data.

Configuration Files high

Sensitive Configuration Files

filetype:conf | filetype:cfg | filetype:ini
Briefing
Impact

Configuration files expose system internals.

Attack Scenario

An attacker reads configuration files to map infrastructure.

Defensive Guidance

Secure configuration files and restrict access.

Environment Files critical

Sensitive Configuration Files

filetype:env
Briefing
Impact

Environment files may contain secrets and credentials.

Attack Scenario

An attacker extracts secrets from exposed env files.

Defensive Guidance

Block access and rotate exposed credentials.

Database Dump Files critical

Databases

ext:sql | ext:dump
Briefing
Impact

Database dumps expose credentials and sensitive records.

Attack Scenario

An attacker exfiltrates database dumps.

Defensive Guidance

Restrict exports and secure database backups.

Backup Archives Exposure high

Backups & Archives

ext:zip | ext:bak | ext:old | ext:tar
Briefing
Impact

Backup archives may contain source code or sensitive data.

Attack Scenario

An attacker downloads and extracts backup archives.

Defensive Guidance

Keep backups outside web root and restrict access.

Login Page Enumeration medium

Authentication & Access Control

intitle:"login"
Briefing
Impact

Login pages reveal authentication surfaces.

Attack Scenario

An attacker targets exposed login pages for credential stuffing.

Defensive Guidance

Use MFA, rate limiting, CAPTCHA, and monitoring.

Admin Panel Discovery high

Authentication & Access Control

inurl:admin
Briefing
Impact

Exposed admin panels increase brute-force and credential abuse risk.

Attack Scenario

An attacker locates admin endpoints and attempts unauthorized access.

Defensive Guidance

Restrict admin URLs, apply MFA, and enforce IP allowlisting.

Parent Directory Listings high

Directories

intitle:"parent directory"
Briefing
Impact

Parent directory access exposes internal file structures.

Attack Scenario

An attacker navigates directory hierarchies to locate sensitive files.

Defensive Guidance

Disable directory indexing and restrict filesystem exposure.

Open Directory Listing high

Directories

intitle:"index of"
Briefing
Impact

Open directories may expose sensitive files, backups, or internal resources.

Attack Scenario

An attacker browses open directories to download sensitive or forgotten files.

Defensive Guidance

Disable directory listing and restrict access using proper server configuration.