Google Dorking
Last updated
Last updated
Even without any Dorking techniques, finding an API as an end-user could be as easy as a quick search.
However, sometimes you may not get the exact results you were hoping for. If you are getting too many irrelevant results then you could deploy some Google Dorking techniques to more effectively discover APIs.
Google Dorking Query | Expected results |
---|---|
inurl:"/wp-json/wp/v2/users" | Finds all publicly available WordPress API user directories. |
intitle:"index.of" intext:"api.txt" | Finds publicly available API key files. |
inurl:"/api/v1" intext:"index of /" | Finds potentially interesting API directories. |
ext:php inurl:"api.php?action=" | Finds all sites with a XenAPI SQL injection vulnerability. (This query was posted in 2016; four years later, there are currently 141,000 results.) |
intitle:"index of" api_key OR "api key" OR apiKey -pool | This is one of my favorite queries. It lists potentially exposed API keys. |