OSINT-Advanced Search Operators

OSINT-Advanced Search Operators

Advanced Search Operators are very powerful. Knowing how to properly use them could mean the difference between finding the specific information you are looking for and being overwhelmed with tons of not so relavant information.

It is also very important to use multiple search engines to ensure that you have a better chance of obtaining the information you are searching for.

Here is an overview of several search engines and the operators they use:

Google:

Basic Operators

  • site: – Limits results to a specific site or domain.
    • site:example.com "keyword"
  • intitle: – Finds pages with a specific word in the title.
    • intitle:"cybersecurity tools"
  • allintitle: – Requires all words to be in the title.
    • allintitle:cybersecurity tools detection
  • inurl: – Searches for a word in the URL.
    • inurl:login
  • allinurl: – Requires all words to be in the URL.
    • allinurl:admin dashboard
  • filetype: – Finds specific file types (PDF, DOCX, XLSX, etc.).
    • filetype:pdf "incident response"
  • ext: – Similar to filetype:, searches for file extensions.
    • ext:log security events
  • intext: – Searches for a word in the body of a webpage.
    • intext:"data breach report"
  • allintext: – Requires all words to be in the page text.
    • allintext:cybersecurity awareness training

Advanced Filtering Operators

  • related: – Finds sites related to a specific URL.
    • related:cyberseek.org
  • link: – (Deprecated) Previously found pages linking to a URL.
  • cache: – Shows Google’s last cached version of a page. This is no longer available. You can however click the 3 dot menu next to search results, then chose "More info about this page" You will then see when the site was first crawled by Google, as well as a link to the "Wayback Time Machine".
    • cache:example.com
  • before: & after: – Filters results by date (YYYY-MM-DD).
    • breach database before:2024-01-01
    • ransomware after:2023-01-01 before:2023-12-31
  • AROUND(X) – Finds words within a certain number of words of each other.
    • "cybersecurity" AROUND(5) "threats"

Exclusion & Wildcard Operators

  • - (Minus sign) – Excludes a term from results.
    • dark web -reddit
  • * (Asterisk wildcard) – Acts as a placeholder for unknown words.
    • "cybersecurity * best practices"
  • " (Quotes) – Searches for an exact phrase.
    • "log4j vulnerability"
  • OR / | – Searches for either term.
    • malware OR ransomware
    • hacker | pentester

These operators are powerful for OSINT, cybersecurity investigations, and recon.


Bing

Basic Operators

  • site: – Limits results to a specific site or domain.
    • site:example.com "keyword"
  • intitle: – Finds pages with a specific word in the title.
    • intitle:"cybersecurity tools"
  • inbody: – Searches for a word in the body of a webpage.
    • inbody:"data breach report"
  • inurl: – Searches for a word in the URL.
    • inurl:login
  • filetype: – Finds specific file types (PDF, DOCX, XLSX, etc.).
    • filetype:pdf "incident response"
  • contains: – Finds pages that link to specific file types.
    • contains:pdf

Advanced Filtering Operators

  • linkfromdomain: – Finds pages linked from a specific domain.
    • linkfromdomain:example.com
  • url: – Searches for an exact URL.
    • url:example.com/page.html
  • feed: – Finds RSS or Atom feeds related to a topic.
    • feed:cybersecurity
  • ip: – Shows websites hosted on a specific IP address.
    • ip:192.168.1.1
  • loc: or location: – Finds results from a specific country or region.
    • loc:US

Exclusion & Wildcard Operators

  • - (Minus sign) – Excludes a term from results.
    • dark web -reddit
  • * (Asterisk wildcard) – Acts as a placeholder for unknown words.
    • "cybersecurity * best practices"
  • " (Quotes) – Searches for an exact phrase.
    • "log4j vulnerability"
  • OR / | – Searches for either term.
    • malware OR ransomware
    • hacker | pentester

DuckDuckGo:

DuckDuckGo has fewer advanced search operators compared to Google and Bing, but it still supports useful filtering options. Here’s a list of the most effective ones:

Basic Operators

  • site: – Limits results to a specific site or domain.
    • site:example.com "keyword"
  • intitle: – Finds pages with a specific word in the title.
    • intitle:"cybersecurity tools"
  • inurl: – Searches for a word in the URL.
    • inurl:login
  • filetype: – Finds specific file types (PDF, DOCX, XLSX, etc.).
    • filetype:pdf "incident response"

Advanced Filtering Operators

  • - (Minus sign) – Excludes a term from results.
    • dark web -reddit
  • * (Asterisk wildcard) – Acts as a placeholder for unknown words.
    • "cybersecurity * best practices"
  • " (Quotes) – Searches for an exact phrase.
    • "log4j vulnerability"
  • OR / | – Searches for either term.
    • malware OR ransomware
    • hacker | pentester

DuckDuckGo-Specific Features

DuckDuckGo has bangs (!), which are shortcuts to search directly within other websites. For example:

  • !g – Google search: !g cybersecurity news
  • !b – Bing search: !b penetration testing
  • !yt – YouTube search: !yt OSINT tools
  • !github – GitHub search: !github threat detection

Yandex:

Basic Operators

  • site: – Limits results to a specific site or domain.
    • site:example.com "keyword"
  • title: – Finds pages with a specific word in the title.
    • title:"cybersecurity tools"
  • url: – Searches for a specific URL or part of it.
    • url:admin
  • mime: – Finds specific file types (PDF, DOCX, XLSX, etc.).
    • mime:pdf "incident response"

Advanced Filtering Operators

  • host: – Limits results to a specific host (similar to site: but more precise).
    • host:example.com
  • date: – Filters results by publication date (YYYY-MM-DD format).
    • date:2024-01-01..2024-12-31
  • domain: – Searches for results within a specific domain and its subdomains.
    • domain:example.com
  • lang: – Filters results by language.
    • lang:en
  • region: – Limits results to a specific country or region.
    • region:US

Exclusion & Wildcard Operators

  • - (Minus sign) – Excludes a term from results.
    • dark web -reddit
  • * (Asterisk wildcard) – Acts as a placeholder for unknown words.
    • "cybersecurity * best practices"
  • " (Quotes) – Searches for an exact phrase.
    • "log4j vulnerability"
  • OR / | – Searches for either term.
    • malware OR ransomware
    • hacker | pentester

Yandex is widely used for OSINT, especially in Russian-language sources.

If you have any comments or suggestions, please feel free to email me.