OSINT Reference | codeworld

Search operators

Google, Bing, and DuckDuckGo dorks — operators, syntax, and compound dorks

site:

GoogleBingDuckDuckGo

site:linkedin.com "John Smith" "Redstone Arsenal"

Restrict results to specific domain. Combine with quotes for precision.

"exact phrase"

GoogleBingDuckDuckGo

"operational security" "Huntsville" filetype:pdf

Force exact phrase match. Enclose in double quotes.

filetype:

GoogleBing

site:army.mil filetype:pdf "TSCM" 2023

Filter by file extension: pdf, docx, xlsx, pptx, csv, sql, log, txt, conf

inurl:

GoogleBing

inurl:admin inurl:login site:gov

URL must contain string. Useful for finding login pages, admin panels, exposed directories.

intitle:

GoogleBingDuckDuckGo

intitle:"index of" "parent directory" "passwords"

Page title must contain string. Classic for open directory indexing.

intext:

Google

intext:"api_key" site:github.com

Page body must contain string. Complements intitle.

cache:

Google

cache:targetsite.com/page

Show Google's cached copy. Useful when target has removed content.

related:

Google

related:palantir.com

Show sites Google considers related/similar. Maps competitive landscape.

link:

Bing

link:targetsite.com

Find pages linking to URL. (Deprecated in Google — use for Bing)

OR / |

GoogleBing

"John Smith" (FBI OR "Federal Bureau") site:linkedin.com

Boolean OR — either term must appear. Must be uppercase.

- (exclude)

GoogleBingDuckDuckGo

"John Smith" Alabama -baseball

Exclude pages containing term. Reduces false positives.

* (wildcard)

Google

"worked at * from 2018"

Wildcard within quoted phrase. Fills in unknown words.

before:/after:

Google

site:twitter.com "John Smith" before:2020-01-01

Date range filtering. Useful for historical OSINT.

numrange:

Google

SSN numrange:555-00-0000-555-99-9999

Search for numbers in range. Rarely needed but occasionally useful for document hunting.

Open dir dork

GoogleBing

intitle:"index of" "parent directory" site:targetdomain.com

Classic open directory listing. Finds exposed file servers. Add filename terms to narrow.

Login page dork

GoogleBing

inurl:login OR inurl:signin OR inurl:admin site:targetdomain.com

Find authentication endpoints. Pair with exposed credential searches.

Config file dork

GoogleBing

filetype:env OR filetype:conf "DB_PASSWORD" site:github.com

Exposed configuration files. Commonly contain credentials, API keys, database strings.

Camera dork

Google

intitle:"webcamXP" OR inurl:"/view/view.shtml" OR intitle:"Live View / - AXIS"

Exposed IP cameras. Cross-reference with Shodan for confirmation.

Document metadata dork

GoogleBing

filetype:pdf site:target.gov "prepared by"

Documents often contain author names, email addresses, internal paths in metadata.