⚠️Disclaimer: This is only for educational & ethical pentesting purposes with permission. The author is not responsible for any malicious or illegal abuse of the information shared here!

If you don't understand what is dorking, learn from beginning 👇

Advanced Google Dorking

Edit description

medium.com

Sites to eliminate in all below dorks

 -site:github.com -site:github.io -site:stackoverflow.com

Here, I am showing only the Google search engine results. But you must utilize all available search engines like Bing, Yandex, DuckDuckGo, Qwant, etc…

1️⃣ GET API

intitle:"GET api/" site:gov
intitle:"GET api/" site:gov.*
intitle:"GET api/" site:edu
intitle:"GET api/" site:TLD
intitle:"GET api/" site:ccTLD
None
intitle:"GET api/" site:gov "/all"
intitle:"GET api/" site:gov "/list"
intitle:"API" "application/json" "List of" site:gov
intitle:"GET api/" site:gov "Get all"
intitle:"GET api/" site:gov "Get a"
None
None

2️⃣ Create Method

"CREATE /" "API" inurl:doc site:gov

3️⃣ Post Method

"POST /" "API" inurl:doc site:gov

4️⃣ Put Method

"PUT /" "API" inurl:doc site:gov
"PUT /v1" "API" inurl:doc -site:github.com
"PUT /v2" "API" inurl:doc -site:github.com

5️⃣ Patch Method

intitle:"PATCH" site:gov "application/json"
None

6️⃣ Delete Method

intitle:"DELETE" site:gov "application/json"
None

📥 Download Spec

"APIs" "Protected by reCAPTCHA" inurl:docs "DOWNLOAD SPEC"

To get more results, remove one or two of the keywords or phrases from the above dork.

None

🖋️Edit on Github

inurl:api "Edit on Github" -site:github.com
None

📖Available on Github

"available on Github" "API" inurl:doc -site:github.com -site:github.io -inur:gitlab -site:medium.com
None

📚Redoc API Documentation

inurl:/redoc "application/json" -site:github.com -site:redoc.com

#more things to combine or remove
inurl:/v1/redoc
inurl:/v2/redoc
v3,v4,........
"application/"
None
None
None

📙Stoplight Powered API Documentation

"API" inurl:doc "Powered by Stoplight" -site:stoplight.io -site:github.io -site:github.com
None
None

📚Slate Powered API Documentation

"API" inurl:doc "Powered by Slate" -site:medium.com -site:github.com
"API" inurl:api "Powered by Slate" -site:medium.com -site:github.com
"API" inurl:v1 "Powered by Slate" -site:medium.com -site:github.com
"API" inurl:v2 "Powered by Slate" -site:medium.com -site:github.com

#positive filtering
"REST API"

#negative filtering
-"REST API"
-site:github.io
-inurl:gitlab
None

📕Aglio Generated API Documentation

"Generated by aglio" "API" inurl:api inurl:doc -site:github.com -site:github.io
"Aglio" "API" inurl:api inurl:doc -site:github.com -site:github.io
None

📙API documentation by Redocly

"API docs by Redocly" -site:github.com
None
None

📗Swagger Hub API Documentation

#with space
"Swagger Hub"  site:gov -ext:pdf

#without space
"SwaggerHub"  site:gov -ext:pdf


"app.swaggerhub.com" -site:swaggerhub.com -site:swagger.io site:gov.*

📘Sphinx

#created
"Created using Sphinx" "API" inurl:doc site:gov.*

#built with
"Built with Sphinx" "API" inurl:doc site:gov.*

📊GraphQL

"API" inurl:doc "GraphQL" -site:github.com -site:gitlab.com
inurl:doc "mutation" "GraphQL" -site:github.com -site:gitlab.com
None

Other Keywords to combine with existing dorks

"curl"
"curl -F"
"curl -u"
"curl http"
"postman"
"port"
"port number"
"port no"
"default cred"
"default credentials"
"default user"
"default username"
"default password"
"default pass"
"test"
"sample"
"webhook" "webhooks"
"endpoint"
"debug"

Critical Keyword Examples

social security number
bank
passport
payment
contact
address
date of birth

💡 Pro Tip: Wherever you find API version in any requests , downgrade it and test again. Forexample if found /api/v2/anything , check for /api/v1/anything . Developers forget to remove old endpoints even though the new version might be well tested.

© 2025 Medium Copyright AbhirupKonwar

Twitter | LinkedIn | YouTube | Substack