Fast-Google-Dorks-Scan
Fast-Google-Dorks-Scan (FGDS) is a Python tool that automatically fetches Google dorks from the Google Hacking Database (GHDB) and performs multi-threaded automated scans.
Installation
Linux/Ubuntu
# Clone repository
git clone https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan.git
cd Fast-Google-Dorks-Scan
# Install requirements
pip3 install -r requirements.txt
# Make executable
chmod +x fgds.pymacOS
# From source
git clone https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan.git
pip3 install selenium requestsBasic Syntax
# General usage
python3 fgds.py -d <domain> [options]
# View help
python3 fgds.py -hCommand-Line Options
| Option | Description |
|---|---|
-d, --domain <DOMAIN> | Target domain |
-l, --list <FILE> | Dork list file |
-t, --threads <NUM> | Thread count (default: 5) |
-o, --output <FILE> | Output file |
-c, --count <NUM> | Results per dork (default: 10) |
--timeout <SEC> | Request timeout |
--proxy <IP:PORT> | HTTP proxy |
--user-agent <UA> | Custom User-Agent |
-v, --verbose | Verbose output |
Google Dorks Reference
Information Disclosure
# Exposed configuration files
site:target.com filetype:conf
site:target.com filetype:ini
site:target.com filetype:properties
# Source code exposure
site:target.com filetype:php
site:target.com filetype:java
site:target.com filetype:py
# Backup files
site:target.com filetype:bak
site:target.com filetype:sql
site:target.com filetype:zipSensitive Directories
# Admin panels
site:target.com inurl:admin
site:target.com inurl:/admin/
site:target.com inurl:wp-admin
# Database access
site:target.com inurl:phpmyadmin
site:target.com inurl:administrator
# Backup/archive directories
site:target.com inurl:backup
site:target.com inurl:/uploads/backupCredentials and Keys
# API keys
site:target.com inurl:api_key
site:target.com "api_key"
site:target.com "password"
# Private keys
site:target.com filetype:pem
site:target.com filetype:key
site:target.com "BEGIN RSA PRIVATE KEY"Error Messages and Debugging
# SQL errors
site:target.com inurl:error
site:target.com "SQL error"
site:target.com "MySQL error"
# Debug pages
site:target.com inurl:debug
site:target.com "PHP Fatal error"
site:target.com "Stack trace"Basic Scanning
Single Domain Scan
# Scan target domain
python3 fgds.py -d target.com
# Scan with custom thread count
python3 fgds.py -d target.com -t 10
# Save results
python3 fgds.py -d target.com -o results.txt
# Verbose output
python3 fgds.py -d target.com -vCustom Dork List
# Create custom dorks
cat > custom_dorks.txt << EOF
site:target.com inurl:admin
site:target.com filetype:conf
site:target.com "password"
site:target.com inurl:api
EOF
# Scan with custom dorks
python3 fgds.py -d target.com -l custom_dorks.txt
# Save results
python3 fgds.py -d target.com -l custom_dorks.txt -o dork_results.txtAdvanced Techniques
Multi-threaded Scanning
# Maximum threads for speed
python3 fgds.py -d target.com -t 20
# Balanced approach
python3 fgds.py -d target.com -t 10
# Conservative (avoid detection)
python3 fgds.py -d target.com -t 2Result Limiting
# Get more results per dork
python3 fgds.py -d target.com -c 50
# Limit results
python3 fgds.py -d target.com -c 5Proxy Configuration
# Route through proxy
python3 fgds.py -d target.com --proxy http://127.0.0.1:8080
# With custom User-Agent
python3 fgds.py -d target.com \
--proxy socks5://127.0.0.1:9050 \
--user-agent "Mozilla/5.0 (X11; Linux x86_64)"Practical Reconnaissance
Complete Domain Assessment
# Full OSINT scan
python3 fgds.py \
-d target.com \
-l default_dorks.txt \
-t 15 \
-c 20 \
-o full_assessment.txt \
-v
# Review results
cat full_assessment.txt | sort -u > unique_results.txtSensitive Information Search
# Create sensitive data dorks
cat > sensitive_dorks.txt << EOF
site:target.com "api_key"
site:target.com "secret_key"
site:target.com "password"
site:target.com filetype:sql
site:target.com filetype:pem
site:target.com "AWS_KEY"
site:target.com "BEGIN RSA PRIVATE KEY"
EOF
# Execute scan
python3 fgds.py -d target.com -l sensitive_dorks.txt -o sensitive_findings.txtSubdomain Discovery via Google
# Find subdomains through Google
cat > subdomain_dorks.txt << EOF
site:*.target.com
site:*.target.co.uk
site:*.target.internal
EOF
python3 fgds.py -d target.com -l subdomain_dorks.txt -o subdomains.txtCommon Dork Patterns
Configuration Files
site:target.com filetype:conf
site:target.com filetype:cfg
site:target.com filetype:ini
site:target.com filetype:conf.php
site:target.com filetype:web.config
site:target.com "config.php"Source Code Exposure
site:target.com filetype:php
site:target.com filetype:java
site:target.com filetype:py
site:target.com filetype:js
site:target.com filetype:aspx
site:target.com "source code"Admin and Management
site:target.com inurl:admin
site:target.com inurl:administrator
site:target.com inurl:panel
site:target.com inurl:dashboard
site:target.com inurl:console
site:target.com inurl:managementDatabase Systems
site:target.com inurl:phpmyadmin
site:target.com inurl:pgadmin
site:target.com inurl:adminer
site:target.com inurl:sqlserver
site:target.com inurl:mysqlBackup and Archive Files
site:target.com filetype:bak
site:target.com filetype:sql.bak
site:target.com filetype:zip
site:target.com filetype:tar.gz
site:target.com filetype:rar
site:target.com "backup"Output Analysis
Parse and Filter Results
# Extract URLs only
python3 fgds.py -d target.com -o results.txt
cat results.txt | grep "http" | sort -u > urls_only.txt
# Count results
wc -l results.txt
# Group by dork type
grep "inurl:" results.txt > inurl_results.txt
grep "filetype:" results.txt > filetype_results.txtValidation of Findings
# Check if results are still accessible
while IFS= read -r url; do
status=$(curl -s -o /dev/null -w "%{http_code}" "$url")
echo "$status - $url"
done < urls_only.txtAutomation and Integration
Combine with Other Tools
# Google dorks + web scanning
python3 fgds.py -d target.com -o dork_urls.txt
# Parse results and feed to other tools
cat dork_urls.txt | cut -d' ' -f1 | sort -u > unique_urls.txt
# Use with Burp Suite
# Copy URLs to Burp's target scope for further testingScheduled Scanning
# Automated daily reconnaissance
cat > daily_scan.sh << 'EOF'
#!/bin/bash
DOMAIN="target.com"
DATE=$(date +%Y%m%d)
python3 fgds.py -d "$DOMAIN" -t 10 -o "scan_${DATE}.txt"
EOF
chmod +x daily_scan.sh
# Schedule with cron
# 0 0 * * * /path/to/daily_scan.shEthical Considerations
Legal Dork Usage
# Authorized testing only
# - Get written permission
# - Document all activities
# - Use only for assigned targets
# - Follow responsible disclosure
# Examples of authorized dorks:
# Your own domain for OSINT
python3 fgds.py -d mycompany.com
# Client domains with permission letter
python3 fgds.py -d client.com -o authorized_assessment.txtResponsible Disclosure
# If sensitive data found:
# 1. Document findings securely
# 2. Do not access unauthorized systems
# 3. Report to organization immediately
# 4. Do not share results publicly
# 5. Allow time for remediationBest Practices
- Use appropriate thread counts (5-10 for public scanning)
- Respect robots.txt and sitemap.xml guidelines
- Rotate User-Agents to avoid detection
- Use proxies for long-term OSINT gathering
- Document all sources and timestamps
- Verify findings before reporting
- Focus on actionable intelligence
- Combine with other reconnaissance techniques
- Follow responsible disclosure practices
- Keep dork lists updated with new patterns
Last updated: 2025-03-30 | Fast-Google-Dorks-Scan GitHub