Dork Engine is a web-based tool designed to facilitate advanced search queries, commonly known as "Google dorks," to uncover potential vulnerabilities and exposed information on target domains. This tool is particularly useful for security researchers, ethical hackers, and cybersecurity enthusiasts looking to perform reconnaissance and identify sensitive data or security misconfigurations.
-
Dynamic Query Generation: Users can input a target domain and select from a variety of pre-defined search queries to uncover directory listings, exposed configuration files, SQL errors, WordPress vulnerabilities, and more.
-
Customizable Searches: The tool allows for customized searches using specific dork queries tailored to different types of information, including backup files, login pages, exposed documents, and source code repositories.
-
User-Friendly Interface: The interface is designed for simplicity and ease of use, featuring a text input for domain entry and a series of buttons to execute various search queries.
-
Responsive Design: The tool is fully responsive, ensuring usability across different devices, including desktops, tablets, and smartphones.
-
External Resources: In addition to Google search, the tool integrates with other resources like Shodan, Censys, GitHub, and the Wayback Machine to extend the search for security information and exposed data.
- Enter Domain: The user inputs the target domain into the provided text field.
- Select Dork Query: The user clicks on one of the search buttons, each corresponding to a specific dork query.
- View Results: The tool opens a new tab with Google search results for the generated dork query, tailored to the input domain.
- Directory Listing Vulnerabilities
- Exposed Configuration Files
- Exposed Database Files
- Exposed Log Files
- WordPress Vulnerabilities
- Backup and Old Files
- Login Pages
- SQL Errors
- Publicly Exposed Documents
- Apache Config Files
- Robots.txt
- phpinfo
- Finding Backdoors
- Install/Setup Files
- Open Redirects
- Apache STRUTS RCE
- Find Pastebin Entries
- API Docs
- 3rd Party Exposure
- GitLab
- .git Folder
- Employees on LinkedIn
- .htaccess Sensitive Files
- JFrog Artifactory
- Find Subdomains
- Find Sub-Subdomains
- Find WordPress (Secondary)
- Apache Server Status
- Search in Bitbucket and Atlassian
- Search in Stackoverflow
- Search in GitHub
- Search in OpenBugBounty
- Search in Reddit
- Search in Crt.sh
- Search in Shodan
- Check in Censys (IPv4)
- Check in Censys (Domains)
- Check in Censys (Certs)
- Find WordPress (Wayback Machine)
- Digital Ocean Spaces
- Firebase
- s3 Bucket
- Google APIs
- Google Drive
- Azure
- OneDrive
- DropBox
- Google Docs
- Search in Web Archive (Primary)
- Search in Web Archive (Secondary)
- Reverse IP Lookup
- Source Code-Public[WWW]
- What CMS?
- ArcGIS REST Services Directory
- Juicy Extensions
- XSS Prone Parameters
- File Upload Endpoints
- Sensitive Documents
- Sensitive Parameters
- SSRF Prone Parameters
- LFI Prone Parameters
- RCE Prone Parameters
- Adobe Experience Manager (AEM)
- Google Groups