Scribd Logo
Upload

Welcome to Scribd!

  • Google Dorks

    Uploaded by

    atrix
    3 views4 pages

    Original Title

    GoogleDorks

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    3 views4 pages

    Google Dorks

    Uploaded by

    atrix

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 4

    Dorks and exploits :

    A.) FTP PASSWORD GOOGLE DORKS


    B.) XSS GOOGLE DORKS
    C.) PHP GOOGLE DORKS
    D.) SQL DORKS
    E.) WORDPRESS DORKS
    F.) PASSWORD FILE DORKS
    G.) MISC. DORKS
    H.) FREE SWAG DORKS
    I.) WEBCAM DORKS
    A.) FTP PASSWORD GOOGLE DORKS
    1.) ws_ftp.ini configuration file search:
    intitle:index.of ws_ftp.ini
    2.) ws_ftp.ini configuration file with “Parent Directory” search:
    filetype:ini ws_ftp pwd
    3.) Variation:
    ”index of/” “ws_ftp.ini” “parent directory”
    4.) Variation:
    +htpasswd +WS_FTP.LOG filetype:log
    5.) Variation:
    (Substitute vulnerablesite.com with your site you want to search)
    ”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log”
    B.) XSS GOOGLE DORKS
    1.) cart32 executable file.
    allinurl:/scripts/cart32.exe
    2.) Cute news php file.
    allinurl:/CuteNews/show_archives.php
    3.) phpinfo.php file.
    allinurl:/phpinfo.php
    C.) PHP GOOGLE DORKS
    1.) config.php file search:
    intitle:index.of config.php
    2.) PHP file contents search:
    intitle:”Index of” phpinfo.php
    3.) download.php directory transversal vulneralbilities:
    inurl:download.php?=filename
    4.) upload.php search:
    intitle:index.of upload.php
    inurl:upload.php
    D.) SQL PASSWORD DUMP DORKS
    1.) SQL dumps saved to database search. (Some of the more common passwords for
    you):
    a.) ”123456″ = hashed password
    ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e
    b.) ”654321″ = hashed password
    ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059
    c.) ”password” = hashed password
    ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99
    d.) ”12345678″ = hashed password
    ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
    e.) ”iloveyou” = hashed password
    ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0
    2.) Variation of above search:
    a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password
    b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password
    c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password
    d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password
    e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password
    f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password
    3.) SQLi
    allinurl:/privmsg.php
    E.) WORDPRESS GOOGLE DORKS
    1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility.
    inurl:Editor/assetmanager/assetmanager.asp
    2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and
    upload the shell. (It has been patched, but there are still a lot of webmasters who
    have NOT updated!)
    inurl:index.of thumb.php
    inurl:thumb.php
    3.) Search for plugins directory:
    inurl:wp-content/plugins/
    4.) Search for themes directory:
    inurl:wp-content/themes/
    F.) PASSWORD FILE GOOGLE DORKS
    1.) Search for Microsoft Excel data file:
    ”Login: *” “password =*” filetype: xls
    2.) Search for auth_user_file:
    allinurl: auth_user_file.txt
    3.) Search for username/password saved in Microsoft Excel files:
    filetype: xls inurl: “password.xls”
    4.) Search for login pages:
    intitle: login password
    5.) Search for “master password” page:
    intitle: “Index of” master.passwd
    6.) Search for backup directory:
    index of /backup
    7.) Search for password backup file index:
    intitle:index.of passwd.bak
    8.) Search for password databases:
    intitle:index.of pwd.db
    intitle:”index of” pwd.db
    9.) Search for /etc/passwd/ index:
    intitle:”index of .. etc” passwd
    10.) Search for plaintext password file:
    index.of passlist.txt
    inurl:passlist.txt
    11.) Search for hidden documents/password files:
    index.of.secret
    index.of.private
    12.) Search for PhpMyAdmin files:
    ”# PhpMyAdmin MySQL-Dump” filetype: txt
    13.) Hidden Superuser (root) data files:
    inurl:ipsec.secrets-history-bugs
    inurl:ipsec.secrets “holds shared secrets”
    14.) Find the information files:
    inurl:ipsec.conf-intitle:manpage
    15.) Search for a stored password in a database:
    filetype:ldb admin
    16.) Search for admin.php file:
    inurl:search/admin.php
    17.) Search for password log files:
    inurl:password.log filetype:log
    18.) Search for Hkey_Current_User in registry files:
    filetype: reg HKEY_CURRENT_USER username
    19.) Search for username/password file backups:
    ”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd |
    shadow | ht users”
    20.) Search for username/password files:
    filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files
    21.) Search for Microsoft Frontpage passwords:
    ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”
    22.) Search for SQL database Code and passwords:
    filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”)
    23.) Search for e-mail account files:
    intitle: “Index Of”-inurl: maillog
    G.) MISC. DORKS
    1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility:
    inurl:rte/my_documents/my_files
    2.) EZFilemanager – Remote file upload vulneralbility:
    inurl:ezfilemanager/ezfilemanager.php
    3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull
    off a directory transversal with this:
    inurl:robots.txt
    4.) Serial Numbers – Look for software serial numbers
    ”software name” 94FBR
    H.) FIND FREE SWAG
    1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download
    2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download
    3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download
    4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download
    5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download
    6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download
    7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download
    8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download
    9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download
    10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus
    11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus
    12.) intitle:Thank you for your order! intext:PLR OR MRR
    13.) intitle:Thank you for your Purchase! intext:PLR OR MRR
    14.) inurl:/thankyou*.html intitle:Thank you for your order!
    15.) intext:Click Here To Download
    16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html
    17.) intitle:Thank You For Your Order! intext:Private Label
    18.) intitle:Thank You For Your Purchased! intext:Private Label
    19.) intext:”Thank You For Your Order” intext:PLR
    20.) intitle:”Thank You For Your Order!” intext:download
    21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now
    22.) intitle:Thank you for your purchase! intext:Click Here to Download
    23.) * thank you for your order download
    24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
    25.) * intitle:Thank you for your order! intext:PLR OR MRR
    26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download
    27.) * intitle:Thank You For Your Order! intext:download
    28.) inurl:index.of .mp3
    29.) inurl:index.of .mov
    30.) inurl:index.of .iso
    31.) ?intitle:index.of? mp3
    32.) ?intitle:index.of? mov
    33.) ?intitle:index.of? iso
    34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar
    35.) intext:”parent directory” intext:”[EXE]“
    36.) intext:”parent directory” index of:”[EXE]“
    37.) intext:”parent directory” index of:”[RAR]“
    38.) intext:”parent directory” intext:”[VID]“
    39.) intext:”parent directory” index of:”[VID]“
    40.) intext:”parent directory” intext:”[MP3]“
    41.) intext:”parent directory” index of:”[MP3]“
    42.) intext:”parent directory” index of:”[Gamez]“
    I.) WEBCAM GOOGLE DORKS
    1.) inurl:/view.index.shtml
    2.) inurl:/view.shtml
    3.) intitle:”Live View / – AXIS” | inurl:view/view.shtml^
    4.) inurl:ViewerFrame?Mode=
    5.) inurl:ViewerFrame?Mode=Refresh

    You might also like