A small Chrome/Firefox extension that helps generate Google "dork" search queries for security research and information gathering against a target domain.
This extension provides a tiny popup UI where you enter a domain (for example example.com) and it generates a list of Google search queries (dorks). Each dork is rendered as a link that opens a Google search in a new tab.
Use this tool for legitimate security testing, reconnaissance with permission, or defensive research only. See the Ethics section below.
manifest.json— extension manifest (Manifest V3).popup.html— popup UI markup.popup.css— popup styles.popup.js— main popup script that generates the dork queries and saves the last-entered domain to local storage.icon16.png,icon48.png,icon128.png— extension icons.
- Quick generation of common Google search patterns (login pages, backup files, API endpoints, config files, etc.).
- Saves the last-entered domain using extension local storage.
- Opens each generated query in a new Google search tab.
- Open Chrome (or Chromium-based browser) and go to
chrome://extensions(or in Firefox go toabout:debugging#/runtime/this-firefox). - Enable Developer Mode (Chrome) or click "Load Temporary Add-on" (Firefox).
- Click "Load unpacked" and select this project folder (the directory containing
manifest.json). - The extension icon will appear in the toolbar; click it to open the popup.
- Click the extension icon to open the popup.
- Enter a domain like
example.comin the input field. - Press Enter or click "Generate Links".
- Click any generated link to open a Google search for that dork in a new tab.
Note: The extension only constructs Google search URLs and opens them in your browser — it does not query Google itself on the background beyond what your browser does when you click links.
- The main logic is in
popup.js. To change dorks or add/remove patterns, edit thedorksarray inside that file. - After editing, reload the unpacked extension in the browser to pick up changes.
The extension requests only the following permission in manifest.json:
storage— used to save and restore the last domain entered in the popup.
No network or host permissions are requested. The extension relies on the browser to open Google search URLs when links are clicked.
This tool is intended for defensive and educational tasks such as asset discovery, security research with authorization, or incident response. Misuse of Google dorks to access, expose, or exploit private systems, data, or accounts without explicit permission is illegal and unethical.
Before using this tool against any domain or infrastructure, ensure you have explicit permission from the owner and follow applicable laws and policies.
Contributions are welcome. If you change patterns, consider:
- Keeping queries focused on defensive discovery and avoid adding patterns that encourage exploitation.
- Adding tests or example domains to demonstrate benign use-cases.
Create issues or pull requests against this repository if you'd like to contribute.
This repository does not include a license file by default. If you want to make this project open-source, add a license such as the MIT License.
If you'd like, I can also add a small contributing guide, a license file, or clean up / normalize some dork patterns in popup.js.