Google Dorking

Even without any Dorking techniques, finding an API as an end-user could be as easy as a quick search.

However, sometimes you may not get the exact results you were hoping for. If you are getting too many irrelevant results then you could deploy some Google Dorking techniques to more effectively discover APIs.

Google Dorking Query	Expected results
inurl:"/wp-json/wp/v2/users"	Finds all publicly available WordPress API user directories.
intitle:"index.of" intext:"api.txt"	Finds publicly available API key files.
inurl:"/api/v1" intext:"index of /"	Finds potentially interesting API directories.
ext:php inurl:"api.php?action="	Finds all sites with a XenAPI SQL injection vulnerability. (This query was posted in 2016; four years later, there are currently 141,000 results.)
intitle:"index of" api_key OR "api key" OR apiKey -pool	This is one of my favorite queries. It lists potentially exposed API keys.

Google Dorking Query

Expected results

inurl:"/wp-json/wp/v2/users"

Finds all publicly available WordPress API user directories.

intitle:"index.of" intext:"api.txt"

Finds publicly available API key files.

inurl:"/api/v1" intext:"index of /"

Finds potentially interesting API directories.

ext:php inurl:"api.php?action="

Finds all sites with a XenAPI SQL injection vulnerability. (This query was posted in 2016; four years later, there are currently 141,000 results.)

intitle:"index of" api_key OR "api key" OR apiKey -pool

This is one of my favorite queries. It lists potentially exposed API keys.

PreviousPassive Reconnaissance NextGitDorking

Last updated 1 year ago