DorkForge v2

1 Target Scope (optional)

Gov .gov .mil .gov.uk .gov.au

Edu .edu .ac.uk

Generic .com .org .net .io .dev

EU .co.uk .de .fr .nl .it .es .ru

APAC .cn .jp .in .au .kr

2 Mode

Effective: Each generation rotates pattern banks for unique dork sets.

3 Extensions

.php.asp.aspx.jsp.jspx.cfm.cgi.pl.do.action.html.htm.phtml.shtml.ashx.json

4 Categories

Selected: 0

Modern SQL Patterns

Rotating SQL-targeted templates — highest hit ratio, max variation

SQL Errors

Surfaced DB error strings — MySQL/MSSQL/Oracle/Postgres signatures

Injectable Params

Dynamic ?param= endpoints with high SQLi/IDOR surface

LFI / Inclusion

page= file= include= path= load= traversal-prone params

Sign-in portals, auth flows, session & token endpoints

Admin / Panels

Dashboards, control panels, management & backend routes

Exposed Files

ext:env ext:sql ext:log ext:bak — leaked configs & dumps

Open Directories

intitle:"index of" listings of sensitive folders

E-commerce

product/cart/order params — DB-driven storefronts

API / Endpoints

REST/GraphQL routes, keys, versioned API surfaces

Stack Traces

Fatal/parse errors, debug output, framework traces

Info Disclosure

phpinfo, server-status, env dumps, build metadata

User Data

profile/account/member endpoints exposing PII params

5 Keyword (optional)

admin login config backup database upload .env password

Generated Dorks (8)

site:example.com inurl:view.php?action=

site:example.com inurl:"&do=" OR inurl:"?do=" ext:php

site:example.com filetype:php inurl:"load=" "admin"

site:example.com inurl:login.php

site:example.com "mysql_fetch_array()"

site:example.com intitle:"index of" "config.php"

site:example.com inurl:?id= intext:admin ext:php

site:example.com ~token key ext:php inurl:?id=

⚠

Authorized targets only. Only use on systems you own or have written permission to test.

Domains (one per line)

⚡ top 20 EU Asia × clear

Keywords (one per line · every keyword maps to a parameter)

⚡ add all HQ 🔑 auth set ⚙ CMS set × clear

🎲 random HY keywords generate + append

loginsigninsignupsignoutregisterlogoutauthoauthssoaccountuserpasswordresetforgotverifyactivateconfirmotptwofacaptchasessiontokencredentialauthenticateauthorize

Admin / Panels

adminadministratoradministrationsuperadminmanagemanagermanagementcontrolcontrolpanelcpaneldashboardpanelbackendmoderatorconsolesettingsettingspreferencepreferences

Config / System

configconfigurationsetupinstallenvenvironmentsystemservicecrontaskjobqueuecachewidgetmodulepluginthemetemplatelayout

File Operations

uploaddownloadfilefilesfolderdirectoryattachmentattachdocumentdocumentsfileuploadfilemanagerstorageassetresourcedocpdfcsvexcelprint

E-commerce

shopstorecartcheckoutorderpaymentinvoiceproductproductscatalogcategoryitemitemsbrandpricepurchasetransactionwishlistcoupondiscountvouchersubscriptionplanbillingrefund

User Data

profilemembercustomercustomerssubscriberemployeestaffcontactcontactsaddressrecordrecordsgroupteamrolepermissionmessagemailfeedback

Content / Blog

newsarticlearticlespostpostsblogblogsstorystoriesreviewreviewsratingcategorytagforumthreadtopiccommentfeedrssnewsletterannouncementfaqhelpsupportticketkbwiki

Media

imageimagesphotophotosgalleryalbumalbumsvideovideosaudiomusictrackmediastreamplayerthumbnail

API / Infra

apirestgraphqlendpointwebhookcallbackkeytokenproxygatewayrouterredirecturlstatushealthmonitormetrictraceloglogsdebugreportexport

Database

databasedbsqlquerytabledumpbackupmysqlmssqloraclepostgresmongoredisphpmyadminadminer

Location / Geo

locationcityregioncountrymapgeostore_locatorbrancheventcalendarbookingreservation

Click or drop .txt — import keywords

Extensions

.php.asp.aspx.jsp.jspx.cfm.cgi.pl.do.action.html.htm.phtml.shtml.ashx.json

categories

est. dorks

⚠

Authorized targets only.

1 Paste URLs (one per line)

2 Extensions

.php.asp.aspx.jsp.jspx.cfm.cgi.pl.do.action.html.htm.phtml.shtml.ashx.json

3 Mode

Category bias adds category-styled dorks built from each link

⚠

Authorized targets only.

! Authorization required

This tool performs static, passive candidate-scoring of URL parameters and emits sqlmap commands you run yourself. It sends no traffic to any target. Only assess systems you own or have written permission to test. Unauthorized testing is illegal.

I confirm I own these targets or have written authorization to test them.

1 URLs (paste below, or import a large file — up to ~1M URLs)

Click or drop a .txt of URLs — streamed in chunks, no memory limit

2 sqlmap profile

--batch --random-agent --tor --delay=1 --threads=4

3 Test type (which sqlmap commands to emit)

🔍 detect injection 🧬 fingerprint DB 🗃 enumerate databases 💾 dump data 🛡 WAF check + bypass

Detect: probes whether the parameter is injectable. Start here before any enumeration.

High-rate cutoff for export ≥60% ≥70% ≥80% ≥90%

⚠

Authorized targets only. sqlmap commands are for execution against systems you are permitted to test. You run them in your own environment — this page sends nothing.

Saved (0)

No saved dorks yet

Category	Example	Description
Modern SQL Patterns	site:example.com inurl:view.php?action=	Rotating SQL-targeted templates — highest hit ratio, max variation
SQL Errors	site:example.com "mysql_fetch_array()"	Surfaced DB error strings — MySQL/MSSQL/Oracle/Postgres signatures
Injectable Params	site:example.com inurl:"&do=" OR inurl:"?do=" ext:php	Dynamic ?param= endpoints with high SQLi/IDOR surface
LFI / Inclusion	site:example.com filetype:php inurl:"load=" "admin"	page= file= include= path= load= traversal-prone params
Login / Auth	site:example.com inurl:login.php	Sign-in portals, auth flows, session & token endpoints
Admin / Panels	site:example.com inurl:cpanel	Dashboards, control panels, management & backend routes
Exposed Files	site:example.com ext:yml intext:admin	ext:env ext:sql ext:log ext:bak — leaked configs & dumps
Open Directories	site:example.com intitle:"index of" "files"	intitle:"index of" listings of sensitive folders
E-commerce	site:example.com inurl:id= intext:admin ext:php	product/cart/order params — DB-driven storefronts
API / Endpoints	site:example.com ~token key ext:php inurl:?id=	REST/GraphQL routes, keys, versioned API surfaces
Stack Traces	site:example.com "Stack trace:"	Fatal/parse errors, debug output, framework traces
Info Disclosure	site:example.com intext:"Environment" inurl:env	phpinfo, server-status, env dumps, build metadata
User Data	site:example.com inurl:account OR inurl:?search= >" member ext:php	profile/account/member endpoints exposing PII params

Load Dork File

Click or drop .txt file

Or paste dorks

⚠

Authorized targets only.

Paste or import dorks to optimize & expand (import up to 10,000,000 — streamed & parsed in chunks)

Click or drop a .txt of dorks — up to 10M lines, streamed, no memory limit

Retarget domain (optional)

Operations

Fix syntax — repair stray quotes, ext: x spacing, inutl:→inurl:, malformed site:.. Clean & dedupe — trim, collapse spaces, drop exact & near duplicates Extension expansion — clone ext:php dorks across asp/aspx/jsp/html, merge into ext:a | ext:b unions Operator variants — derive related dorks (intext:↔inurl:↔intitle:, add param/file variants) Recon library expansion — rotate a large library of sensitive filenames (.env, id_rsa, wp-config.php…), config extensions, and CMS paths into matching dorks — this is what multiplies the output Subdomain spread — add site:*.domain variants so each dork also sweeps subdomains Broaden for volume — also emit each structural dork with the site:domain scope removed, turning precision recon dorks into web-wide hunts that return far more URLs (e.g. site:x.com inurl:config ext:env → inurl:config ext:env)

⚠

Authorized targets only. Optimizes and expands search queries; sends no traffic.