B.) XSS GOOGLE DORKS C.) PHP GOOGLE DORKS D.) SQL DORKS E.) WORDPRESS DORKS F.) PASSWORD FILE DORKS G.) MISC. DORKS H.) FREE SWAG DORKS I.) WEBCAM DORKS A.) FTP PASSWORD GOOGLE DORKS 1.) ws_ftp.ini configuration file search: intitle:index.of ws_ftp.ini 2.) ws_ftp.ini configuration file with “Parent Directory” search: filetype:ini ws_ftp pwd 3.) Variation: ”index of/” “ws_ftp.ini” “parent directory” 4.) Variation: +htpasswd +WS_FTP.LOG filetype:log 5.) Variation: (Substitute vulnerablesite.com with your site you want to search) ”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log” B.) XSS GOOGLE DORKS 1.) cart32 executable file. allinurl:/scripts/cart32.exe 2.) Cute news php file. allinurl:/CuteNews/show_archives.php 3.) phpinfo.php file. allinurl:/phpinfo.php C.) PHP GOOGLE DORKS 1.) config.php file search: intitle:index.of config.php 2.) PHP file contents search: intitle:”Index of” phpinfo.php 3.) download.php directory transversal vulneralbilities: inurl:download.php?=filename 4.) upload.php search: intitle:index.of upload.php inurl:upload.php D.) SQL PASSWORD DUMP DORKS 1.) SQL dumps saved to database search. (Some of the more common passwords for you): a.) ”123456″ = hashed password ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e b.) ”654321″ = hashed password ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059 c.) ”password” = hashed password ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99 d.) ”12345678″ = hashed password ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad e.) ”iloveyou” = hashed password ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0 2.) Variation of above search: a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password 3.) SQLi allinurl:/privmsg.php E.) WORDPRESS GOOGLE DORKS 1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility. inurl:Editor/assetmanager/assetmanager.asp 2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and upload the shell. (It has been patched, but there are still a lot of webmasters who have NOT updated!) inurl:index.of thumb.php inurl:thumb.php 3.) Search for plugins directory: inurl:wp-content/plugins/ 4.) Search for themes directory: inurl:wp-content/themes/ F.) PASSWORD FILE GOOGLE DORKS 1.) Search for Microsoft Excel data file: ”Login: *” “password =*” filetype: xls 2.) Search for auth_user_file: allinurl: auth_user_file.txt 3.) Search for username/password saved in Microsoft Excel files: filetype: xls inurl: “password.xls” 4.) Search for login pages: intitle: login password 5.) Search for “master password” page: intitle: “Index of” master.passwd 6.) Search for backup directory: index of /backup 7.) Search for password backup file index: intitle:index.of passwd.bak 8.) Search for password databases: intitle:index.of pwd.db intitle:”index of” pwd.db 9.) Search for /etc/passwd/ index: intitle:”index of .. etc” passwd 10.) Search for plaintext password file: index.of passlist.txt inurl:passlist.txt 11.) Search for hidden documents/password files: index.of.secret index.of.private 12.) Search for PhpMyAdmin files: ”# PhpMyAdmin MySQL-Dump” filetype: txt 13.) Hidden Superuser (root) data files: inurl:ipsec.secrets-history-bugs inurl:ipsec.secrets “holds shared secrets” 14.) Find the information files: inurl:ipsec.conf-intitle:manpage 15.) Search for a stored password in a database: filetype:ldb admin 16.) Search for admin.php file: inurl:search/admin.php 17.) Search for password log files: inurl:password.log filetype:log 18.) Search for Hkey_Current_User in registry files: filetype: reg HKEY_CURRENT_USER username 19.) Search for username/password file backups: ”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd | shadow | ht users” 20.) Search for username/password files: filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files 21.) Search for Microsoft Frontpage passwords: ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-” 22.) Search for SQL database Code and passwords: filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”) 23.) Search for e-mail account files: intitle: “Index Of”-inurl: maillog G.) MISC. DORKS 1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility: inurl:rte/my_documents/my_files 2.) EZFilemanager – Remote file upload vulneralbility: inurl:ezfilemanager/ezfilemanager.php 3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull off a directory transversal with this: inurl:robots.txt 4.) Serial Numbers – Look for software serial numbers ”software name” 94FBR H.) FIND FREE SWAG 1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download 2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download 3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download 4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download 5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download 6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download 7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download 8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download 9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download 10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus 11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus 12.) intitle:Thank you for your order! intext:PLR OR MRR 13.) intitle:Thank you for your Purchase! intext:PLR OR MRR 14.) inurl:/thankyou*.html intitle:Thank you for your order! 15.) intext:Click Here To Download 16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html 17.) intitle:Thank You For Your Order! intext:Private Label 18.) intitle:Thank You For Your Purchased! intext:Private Label 19.) intext:”Thank You For Your Order” intext:PLR 20.) intitle:”Thank You For Your Order!” intext:download 21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now 22.) intitle:Thank you for your purchase! intext:Click Here to Download 23.) * thank you for your order download 24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus 25.) * intitle:Thank you for your order! intext:PLR OR MRR 26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download 27.) * intitle:Thank You For Your Order! intext:download 28.) inurl:index.of .mp3 29.) inurl:index.of .mov 30.) inurl:index.of .iso 31.) ?intitle:index.of? mp3 32.) ?intitle:index.of? mov 33.) ?intitle:index.of? iso 34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar 35.) intext:”parent directory” intext:”[EXE]“ 36.) intext:”parent directory” index of:”[EXE]“ 37.) intext:”parent directory” index of:”[RAR]“ 38.) intext:”parent directory” intext:”[VID]“ 39.) intext:”parent directory” index of:”[VID]“ 40.) intext:”parent directory” intext:”[MP3]“ 41.) intext:”parent directory” index of:”[MP3]“ 42.) intext:”parent directory” index of:”[Gamez]“ I.) WEBCAM GOOGLE DORKS 1.) inurl:/view.index.shtml 2.) inurl:/view.shtml 3.) intitle:”Live View / – AXIS” | inurl:view/view.shtml^ 4.) inurl:ViewerFrame?Mode= 5.) inurl:ViewerFrame?Mode=Refresh