OSINT — Google Dorks¶
Coming soon
This service is in development. Release — Q3 2026.
What this is¶
Google Dorking (a.k.a. "Google Hacking") is the technique of using Google's advanced search operators to find information that the owner of a public resource never intended to publish but which is technically accessible through the index.
Examples of what a single well-crafted search query can reveal:
- PDF documents labeled "confidential" on your domain.
.envfiles with environment variables that someone forgot to remove from a public folder.- Open directory listings (
index of) with config files. - Admin panels that got indexed by search engines.
- Public S3 buckets containing your brand.
- SQL dumps on third-party sites.
- WordPress configs with database passwords.
- Trello boards and Notion pages left public.
The canonical database of dangerous dorks — the Google Hacking Database (GHDB) — contains 7000+ verified patterns that attackers actively use.
Why this matters¶
Most "shadow IT" leaks happen because:
- Someone left
.envin the webroot, forgetting to move it to a secrets manager. - Someone made a Trello board or Google Doc public with credentials.
- A backup script wrote
dump.sqlinto the/public/folder. - A developer tested via ngrok and forgot to shut it down.
Admins don't see this — these files aren't in production monitoring. But Google finds them. And so do attackers.
The OSINT scanner automatically runs your domain / brand through a dork catalog and reports what appears in search.
What we check¶
The platform uses dork categories it runs for each of your DataSources:
| Category | What we look for |
|---|---|
| Sensitive files | .env, .sql, .log, .bak, .config files on your domain |
| Document leaks | PDF, DOCX, XLSX containing confidential, internal |
| Exposed services | Open admin panels, phpMyAdmin, wp-admin |
| Cloud storage | Public S3 buckets, Google Cloud Storage with your brand |
| Code leaks | Pastebin, GitHub Gist with your keywords |
| Trello / Notion | Boards and docs left public |
| Dev tools | Active ngrok tunnels, local services with your domain |
One DataSource produces ~50-80 search queries. An organization with 5 DataSources — about 250-400 queries per full scan.
Severity¶
| Severity | Case |
|---|---|
| Critical | Found .env, .sql, wp-config.php, private key in public |
| High | Open admin panel, phpMyAdmin, S3 listing exposed |
| Medium | "Confidential/internal" labeled document in search |
| Low | Trello / Notion / Google Docs with your name in public |
What you see in the dashboard¶
A finding includes:
- Which dork triggered (e.g.:
site:yourcompany.com filetype:env). - Result URL.
- Snippet from Google.
- Finding category.
- Severity and recommended action: remove from public, add to robots.txt, set noindex, or make private.
Self-healing for findings¶
As soon as a result drops from Google's index (i.e., the owner fixed the issue), the Finding moves to resolved automatically after 7 days. The platform tracks leak remediation on its own.
How to connect (planned)¶
- Settings → Detection Sources → OSINT.
- The platform automatically generates the necessary search API keys.
- The first scan starts in the background.
About cost
Scanning uses Google Custom Search API — 100 free requests/day, then ~$5 per 1000 requests. For an average org — about $5/month. For enterprise with 50+ DataSources — $20-50/month. The platform itself doesn't charge extra for OSINT scans.
Scan schedule¶
- Daily — for active DataSources.
- Weekly — for an extended scan with all dorks.
Roadmap¶
- Q3 2026: MVP with Google Custom Search.
- Q4 2026: Categorization + ML severity tuning.
- 2027: Bing fallback, Common Crawl integration.
FAQ¶
Won't the GitHub scanner find the same things? ~30% overlap. OSINT covers what isn't on GitHub — Trello, Notion, third-party sites, static files on your own domain, exposed buckets.
Does Google know we're monitoring? Google logs API requests. This is not stealth monitoring — Google knows which dorks you run. Usually that's fine: security teams obviously run these queries. If you need more discretion — a Bing fallback is on the roadmap.
How much does scanning cost? ~$5/month for an average org. This isn't a platform fee, it's Google Custom Search API quota.