Scribd
Upload
62 views6 pages

10 Google Dorks For Sensitive Data

The document provides a list of 10 Google Dorks that can be used to discover sensitive data on various cloud platforms, including Google Docs, OneDrive, Dropbox, and more. Each entry includes a specific search query format to uncover exposed documents, internal communications, and other private information. The author encourages ethical hacking practices while exploring these vulnerabilities.

Uploaded by

aaa47b14e7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views6 pages

10 Google Dorks For Sensitive Data

The document provides a list of 10 Google Dorks that can be used to discover sensitive data on various cloud platforms, including Google Docs, OneDrive, Dropbox, and more. Each entry includes a specific search query format to uncover exposed documents, internal communications, and other private information. The author encourages ethical hacking practices while exploring these vulnerabilities.

Uploaded by

aaa47b14e7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

10 Google Dorks for Sensitive

Data
Discover Exposed Documents on Cloud
Platforms with Google Dorks for Cybersecurity
Mike Takahashi

1. Google Docs
Unearth sensitive data just by swapping example.com with your
target:

site:docs.google.com inurl:"/d/" "example.com"

2. OneDrive
Microsoft’s cloud storage solution for files and photos. Score big by
:
finding internal presentations and private photos that were
accidentally made public:

site:onedrive.live.com "example.com"

3. Dropbox
Reveal Dropbox links containing source code, proprietary
information, and even customer data:

site:dropbox.com/s "example.com"
:
4. Box
Discover sensitive files like internal reports and client contracts by
searching for Box-hosted files:

site:box.com/s "example.com"

5. Azure DevOps
Microsoft’s suite of developer services, including repos and
pipelines. Uncover critical information like API keys, authentication
tokens, and unsecured repositories by dorking Azure DevOps:

site:dev.azure.com "example.com"
:
6. SharePoint
Microsoft’s web-based collaboration platform. Find treasure troves
of internal communications, project plans, and employee records, all
available to the public eye:

site:http://sharepoint.com "example.com"
:
7. DigitalOcean Spaces
Object storage for developers to store and serve large amounts of
data. Unearth juicy files like database backups, configuration files,
and logs stored on DigitalOcean Spaces:

site:digitaloceanspaces.com "example.com"

8. Firebase
Google’s mobile and web app development platform. Reveal app
secrets, user data, and even private API endpoints by searching
Firebase-hosted files:

site:firebaseio.com "example"

Example HackerOne Report: https://hackerone.com/reports/1065134

9. JFrog
A platform for managing and distributing software artifacts. Jump on
JFrog to discover exposed artifacts, builds, and release packages
that could lead to serious security risks:

site:jfrog.io "example"

Example HackerOne Report: https://hackerone.com/reports/911606


:
10. Lesser-known Amazon S3 subdomains

Gain access to sensitive files like customer data and even full server
backups by exploring these lesser-known S3 subdomains:

site:http://s3-external-1.amazonaws.com "example.com"
site:http://s3.dualstack.us-east-1.amazonaws.com "example.com"

Follow me on Twitter for daily hacking tips:

https://twitter.com/TakSec

Happy hunting!


:

You might also like