Skip to content

OSINT — Google Dorks

Coming soon

This service is in development. Release — Q3 2026.

What this is

Google Dorking (a.k.a. "Google Hacking") is the technique of using Google's advanced search operators to find information that the owner of a public resource never intended to publish but which is technically accessible through the index.

Examples of what a single well-crafted search query can reveal:

  • PDF documents labeled "confidential" on your domain.
  • .env files with environment variables that someone forgot to remove from a public folder.
  • Open directory listings (index of) with config files.
  • Admin panels that got indexed by search engines.
  • Public S3 buckets containing your brand.
  • SQL dumps on third-party sites.
  • WordPress configs with database passwords.
  • Trello boards and Notion pages left public.

The canonical database of dangerous dorks — the Google Hacking Database (GHDB) — contains 7000+ verified patterns that attackers actively use.

Why this matters

Most "shadow IT" leaks happen because:

  1. Someone left .env in the webroot, forgetting to move it to a secrets manager.
  2. Someone made a Trello board or Google Doc public with credentials.
  3. A backup script wrote dump.sql into the /public/ folder.
  4. A developer tested via ngrok and forgot to shut it down.

Admins don't see this — these files aren't in production monitoring. But Google finds them. And so do attackers.

The OSINT scanner automatically runs your domain / brand through a dork catalog and reports what appears in search.

What we check

The platform uses dork categories it runs for each of your DataSources:

Category What we look for
Sensitive files .env, .sql, .log, .bak, .config files on your domain
Document leaks PDF, DOCX, XLSX containing confidential, internal
Exposed services Open admin panels, phpMyAdmin, wp-admin
Cloud storage Public S3 buckets, Google Cloud Storage with your brand
Code leaks Pastebin, GitHub Gist with your keywords
Trello / Notion Boards and docs left public
Dev tools Active ngrok tunnels, local services with your domain

One DataSource produces ~50-80 search queries. An organization with 5 DataSources — about 250-400 queries per full scan.

Severity

Severity Case
Critical Found .env, .sql, wp-config.php, private key in public
High Open admin panel, phpMyAdmin, S3 listing exposed
Medium "Confidential/internal" labeled document in search
Low Trello / Notion / Google Docs with your name in public

What you see in the dashboard

A finding includes:

  • Which dork triggered (e.g.: site:yourcompany.com filetype:env).
  • Result URL.
  • Snippet from Google.
  • Finding category.
  • Severity and recommended action: remove from public, add to robots.txt, set noindex, or make private.

Self-healing for findings

As soon as a result drops from Google's index (i.e., the owner fixed the issue), the Finding moves to resolved automatically after 7 days. The platform tracks leak remediation on its own.

How to connect (planned)

  1. Settings → Detection Sources → OSINT.
  2. The platform automatically generates the necessary search API keys.
  3. The first scan starts in the background.

About cost

Scanning uses Google Custom Search API — 100 free requests/day, then ~$5 per 1000 requests. For an average org — about $5/month. For enterprise with 50+ DataSources — $20-50/month. The platform itself doesn't charge extra for OSINT scans.

Scan schedule

  • Daily — for active DataSources.
  • Weekly — for an extended scan with all dorks.

Roadmap

  • Q3 2026: MVP with Google Custom Search.
  • Q4 2026: Categorization + ML severity tuning.
  • 2027: Bing fallback, Common Crawl integration.

FAQ

Won't the GitHub scanner find the same things? ~30% overlap. OSINT covers what isn't on GitHub — Trello, Notion, third-party sites, static files on your own domain, exposed buckets.

Does Google know we're monitoring? Google logs API requests. This is not stealth monitoring — Google knows which dorks you run. Usually that's fine: security teams obviously run these queries. If you need more discretion — a Bing fallback is on the roadmap.

How much does scanning cost? ~$5/month for an average org. This isn't a platform fee, it's Google Custom Search API quota.