DuckDuckGo

DuckDuckGo (DDG) respects the end user's privacy and even has a Tor Hidden Service making it a prime service for the privacy aware hacker. After making cristal clear that abusers are a tiny tiny percentage and the privacy provided is awesome, let's see if "Duck Hacking" even works. First off, you need to know that DuckDuckGo doesn't quite work like other search engines:

In fact, DuckDuckGo gets its results from over four hundred sources. These include hundreds of vertical sources delivering niche Instant Answers, DuckDuckBot (our crawler) and crowd-sourced sites (like Wikipedia, stored in our answer indexes). We also of course have more traditional links in the search results, which we source from Bing, Yahoo, and Yandex.
Source: https://duck.co/help/results/sources

This is indeed interesting. Assume website X have notified Google and Bing that resource Y should be removed because of its sensitive nature. DDG could possibly list it anyways because Yandex still indexes it.

Dorks

No need to  reinvent   the   wheel. However most need a bit of modification as seen below.

Search operators

Note that the syntax is strict e.g.:
((disallow)AND(inurl:robots.txt)AND(filetype:txt)) works fine yet disallow inurl:robots.txt AND filetype:txt returns zero results.

OperatorPurposeExampleNotes
inurlSearch URLinurl:tabernacleWorks just as google's inurl
titleSearch page titletitle:tabernacleWorks just as google's intitle
inbodySearch page bodyinbody:tabernacleWorks just as google's inbody
-Excluding matchessteve -tabernacleWorks as google's -
filetypeMatch filetypefiletype:txtSupports: htm(l), pdf, txt, doc(x), xls(x) and ppt(x).
siteRestrict to domainsite:stevetabernacle.github.ioMax 1 domain per search
regionBoost results from regionregion:ccUse region:none to turn off
ORSearch URL((profit)OR(academic credz))Tems inside parenthesis is the same as quoted content
ANDSearch URL((fun)AND(profit))
) (Grouping search terms((term1)OR(term2)AND(term3)OR(term4))Precedence works as you'd expect
"Exact match"For fun and profit"

Don't be a skiddie

Information provided on this blog are for educational purposes only. Do NOT misuse this information for any illegal purpose. Note that mere recon may be illegal in your country.

Please report any found vulnerability or leakage per responsible disclosure to the affected vendor or through their bug bounty program (if any).




UPDATE 2016-12-26

Did not expect this feedback, the folks at DuckDuckGo are really awesome!