OSINT-Advanced Search Operators
Advanced Search Operators are very powerful. Knowing how to properly use them could mean the difference between finding the specific information you are looking for and being overwhelmed with tons of not so relavant information.
It is also very important to use multiple search engines to ensure that you have a better chance of obtaining the information you are searching for.
Here is an overview of several search engines and the operators they use:
Google:
Basic Operators
site:– Limits results to a specific site or domain.site:example.com "keyword"
intitle:– Finds pages with a specific word in the title.intitle:"cybersecurity tools"
allintitle:– Requires all words to be in the title.allintitle:cybersecurity tools detection
inurl:– Searches for a word in the URL.inurl:login
allinurl:– Requires all words to be in the URL.allinurl:admin dashboard
filetype:– Finds specific file types (PDF, DOCX, XLSX, etc.).filetype:pdf "incident response"
ext:– Similar tofiletype:, searches for file extensions.ext:log security events
intext:– Searches for a word in the body of a webpage.intext:"data breach report"
allintext:– Requires all words to be in the page text.allintext:cybersecurity awareness training
Advanced Filtering Operators
related:– Finds sites related to a specific URL.related:cyberseek.org
link:– (Deprecated) Previously found pages linking to a URL.cache:– Shows Google’s last cached version of a page. This is no longer available. You can however click the 3 dot menu next to search results, then chose "More info about this page" You will then see when the site was first crawled by Google, as well as a link to the "Wayback Time Machine".cache:example.com
before:&after:– Filters results by date (YYYY-MM-DD).breach database before:2024-01-01ransomware after:2023-01-01 before:2023-12-31
AROUND(X)– Finds words within a certain number of words of each other."cybersecurity" AROUND(5) "threats"
Exclusion & Wildcard Operators
-(Minus sign) – Excludes a term from results.dark web -reddit
*(Asterisk wildcard) – Acts as a placeholder for unknown words."cybersecurity * best practices"
"(Quotes) – Searches for an exact phrase."log4j vulnerability"
OR/|– Searches for either term.malware OR ransomwarehacker | pentester
These operators are powerful for OSINT, cybersecurity investigations, and recon.
Bing
Basic Operators
site:– Limits results to a specific site or domain.site:example.com "keyword"
intitle:– Finds pages with a specific word in the title.intitle:"cybersecurity tools"
inbody:– Searches for a word in the body of a webpage.inbody:"data breach report"
inurl:– Searches for a word in the URL.inurl:login
filetype:– Finds specific file types (PDF, DOCX, XLSX, etc.).filetype:pdf "incident response"
contains:– Finds pages that link to specific file types.contains:pdf
Advanced Filtering Operators
linkfromdomain:– Finds pages linked from a specific domain.linkfromdomain:example.com
url:– Searches for an exact URL.url:example.com/page.html
feed:– Finds RSS or Atom feeds related to a topic.feed:cybersecurity
ip:– Shows websites hosted on a specific IP address.ip:192.168.1.1
loc:orlocation:– Finds results from a specific country or region.loc:US
Exclusion & Wildcard Operators
-(Minus sign) – Excludes a term from results.dark web -reddit
*(Asterisk wildcard) – Acts as a placeholder for unknown words."cybersecurity * best practices"
"(Quotes) – Searches for an exact phrase."log4j vulnerability"
OR/|– Searches for either term.malware OR ransomwarehacker | pentester
DuckDuckGo:
DuckDuckGo has fewer advanced search operators compared to Google and Bing, but it still supports useful filtering options. Here’s a list of the most effective ones:
Basic Operators
site:– Limits results to a specific site or domain.site:example.com "keyword"
intitle:– Finds pages with a specific word in the title.intitle:"cybersecurity tools"
inurl:– Searches for a word in the URL.inurl:login
filetype:– Finds specific file types (PDF, DOCX, XLSX, etc.).filetype:pdf "incident response"
Advanced Filtering Operators
-(Minus sign) – Excludes a term from results.dark web -reddit
*(Asterisk wildcard) – Acts as a placeholder for unknown words."cybersecurity * best practices"
"(Quotes) – Searches for an exact phrase."log4j vulnerability"
OR/|– Searches for either term.malware OR ransomwarehacker | pentester
DuckDuckGo-Specific Features
DuckDuckGo has bangs (!), which are shortcuts to search directly within other websites. For example:
!g– Google search:!g cybersecurity news!b– Bing search:!b penetration testing!yt– YouTube search:!yt OSINT tools!github– GitHub search:!github threat detection
Yandex:
Basic Operators
site:– Limits results to a specific site or domain.site:example.com "keyword"
title:– Finds pages with a specific word in the title.title:"cybersecurity tools"
url:– Searches for a specific URL or part of it.url:admin
mime:– Finds specific file types (PDF, DOCX, XLSX, etc.).mime:pdf "incident response"
Advanced Filtering Operators
host:– Limits results to a specific host (similar tosite:but more precise).host:example.com
date:– Filters results by publication date (YYYY-MM-DD format).date:2024-01-01..2024-12-31
domain:– Searches for results within a specific domain and its subdomains.domain:example.com
lang:– Filters results by language.lang:en
region:– Limits results to a specific country or region.region:US
Exclusion & Wildcard Operators
-(Minus sign) – Excludes a term from results.dark web -reddit
*(Asterisk wildcard) – Acts as a placeholder for unknown words."cybersecurity * best practices"
"(Quotes) – Searches for an exact phrase."log4j vulnerability"
OR/|– Searches for either term.malware OR ransomwarehacker | pentester
Yandex is widely used for OSINT, especially in Russian-language sources.
If you have any comments or suggestions, please feel free to email me.