google:dorks

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision		 Révision précédente
google:dorks [2019/12/08 15:04] – créée Dorks Google erreur32google:dorks [2022/11/08 16:43] (Version actuelle) – modification externe 127.0.0.1
Ligne 1: Ligne 1:
  
 +<html><h1> Dorks <span class="blue">G</span><span class="red">o</span><span class="yellow">o</span><span class="blue">g</span><span class="green">l</span><span class="red">e</span>
 +</p><style>@font-face {  font-family: "Palatino Linotype P";  src: url("https://poxmedia.net/font/pala.ttf") format("truetype");} body {  background: white;} #google {  font-family: "Catull", "Palatino Linotype", "Palatino Linotype P";  font-size: 128px;  text-align: center;  line-height: 50%;} .blue {  color: #4385f5;} .red {  color: #dc4437;} .yellow {  color: #f5b400;} .green {  color: #109d59;}</style></h1></html>  
 + 
 + 
 +**Interesting Searches…**
 +
 +//
 +Source (http://www.i-hacked.com/content/view/23/42) //
 +
 +<code txt>
 +intitle:index.of mkv 2011 1080p -html -htm -php -txt -pls   HD Movie :)
 +intitle:"Index of" passwords modified
 +allinurl:auth_user_file.txt
 +"access denied for user" "using password“
 +"A syntax error has occurred" filetype:ihtml
 +allinurl: admin mdb
 +"ORA-00921: unexpected end of SQL command“
 +inurl:passlist.txt
 +"Index of /backup“
 +"Chatologica MetaSearch" "stack tracking:"
 +inurl:passwd.txt
 +…and this one is just priceless…
 +"login: *" "password= *" filetype:xls
 +</code> 
 +
 +
 +====== Listings of what you want ======
 +
 +<code txt>
 +* change the word after the parent directory to what you want
 +* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 +* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 +* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 +* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 +* "parent directory " Name of Singer or album” -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
 +</code>
 +
 + 
 +
 +====== Music ======
 +
 +   intitle:index.of mp3 jackson
 +  
 +You only need add the name of the song/artist/singer.
 +
 +====== CD Images ======
 +
 +    inurl:microsoft filetype:iso
 +
 +You can change the string to whatever you want, ex. Microsoft to Adobe, .iso to .zip etc…
 +
 +====== Passwords ======
 +
 +   "# -FrontPage-" inurl:service.pwd" 
 +   
 + FrontPage passwords.. very nice clean search results listing !!
 +
 +    "AutoCreate=TRUE password=*"
 +   
 + This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
 +
 +====== Passwords in the URL ======
 +
 +   "http://*:*@www" 
 +   
 +domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net
 +
 +   "http://*:*@www" gamespy or http://*:*@www”gamespy
 +
 +Another way is by just typing "http://bob:bob@www"
 +
 +
 +====== IRC Passwords ======
 +
 +   "sets mode: +k"
 +
 +This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
 +
 +   eggdrop filetype:user 
 +
 +user These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
 +
 +====== Access Database Passwords ======
 +
 +   allinurl: admin mdb Not 
 +
 +all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
 +
 +
 +====== DCForum Passwords ======
 +
 +  allinurl:auth_user_file.txt
 +  
 + DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks.
 +
 +
 +====== MySQL Passwords ======
 +
 +   intitle:"Index of" config.php
 +
 +This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base.
 +
 +This file gives you the keys to that forum, including FULL ADMIN access to the database.
 +
 +====== The ETC Directory ======
 +
 +  intitle:index.of.etc
 +  
 +This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!
 +
 +====== Passwords in backup files ======
 +
 +    filetype:bak inurl:"htaccess|passwd|shadow|htusers
 +
 +
 + This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.
 +
 +
 +====== Serial Numbers ======
 +
 +* Let's pretend you need a serial number for Windows XP Pro.
 +
 +* In the Google search bar type in just like this - "Windows XP Professional" 94FBR
 +
 +* the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you.
 +
 +* or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR
 +
 +These are only a sample of some of the fun things you can do with the wrong kind of Google search. Such strings return very random results, and are of very little use for targeted attacks. But for random hacking of peoples Frontpage password's, it's priceless.
 +
 +     inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"
 +     
 +     
 +====== Accéder à des caméras IP ======
 +
 +
 +Avec le développement des caméras “IP” et leur connexion au réseau Internet, il est désormais possible de tomber sur certains flux vidéos plus ou moins privés. Voici les expressions à utiliser pour différents types de caméras :
 +
 +    Axis : inurl:/view.shtml or inurl:view/index.shtml
 +    Canon : sample/LvAppl/
 +    MOBOTIX : control/userimage.html
 +    FlexWatch : /app/idxas.html
 +    JVC : intitle:”V.Networks [Motion Picture(Java)]”
 +
 + 
 +====== Récupérer des listes d’adresses e-mails ======
 +
 +
 +Si vous vous êtes déjà demandé comment certaines sociétés récupères des millions d’adresses e-mails qu’elles revendent au plus offrant à des spammeurs, voici une des techniques qu’elles utilisent. Grâce à cette recherche n’importe qui peut accéder à une liste de fichiers Excel qui contiennent au total les coordonnées de milliers, voire millions d’individus.
 +
 +    filetype:xls inurl:”email.xls”
 +
 + 
 +====== Envie d’un film ou d’une musique ? ======
 +
 +
 +GeekOrama vous recommande de ne pas télécharger illégalement, mais il est bon de savoir que si vous stockez des films ou fichiers sur Internet, même si personne n’est censé avoir l’adresse, vous devenez coupable de piratage et diffusion de contenus protégés. Pour exemple, voici comment trouver des morceaux de Green Day par exemple
 +
 +    -inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(wma|mp3) “green day”
 +
 +Pour les films, utilisez quelque chose de ce genre :
 +
 +    -inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(avi|mkv) “dvdrip fr”
 +
 + 
 +Même des mots de passe !
 +
 +Qui vous a raconté que vos mots de passe sont gardés précieusement ? On lit quasiment toutes les semaines dans la presse que telle ou telle compagnie s’est fait pirater des milliers de comptes. Les techniques des pirates sont souvent plus sophistiquées, mais pas toujours. Une simple recherche Google peut ouvrir la porte à beaucoup de chose :
 +
 +    “Login: *” “password =*” filetype: xl
 +
 +    filetype:dat “password.dat”
 +
 +    filetype:sql (“values * MD5″ | “values * password” | “values * encrypt”) date:12
 +
 +Le terme “date:12″ utilisé dans la dernière expression indique au moteur de recherche que vous ne souhaitez que les résultat de moins de 12 mois.
 +Une liste plus exhaustive de Google Hacks pour retrouver des mots de passe est diponible ici ou encore ici, mais les possibilités sont infinies.
 +
 +Source : http://www.geekorama.fr/12-astuces-de-google-hacking-a-la-peche-aux-informations-cachees/
 +
 +
 +---------
 +
 +====== UPDATE 2019 ======
 +
 +Source **Korben** : https://korben.info/google-dorks-2019-liste.html
 +
 +<code txt>
 +inurl:"/vpn/tmindex.html" vpn
 +intext:"Powered by GetSimple" -site:get-simple.info
 +inurl:"/fuel/login"
 +intitle:"index of" intext:"Includes wordpress"
 +intitle:"netscaler gateway" intext:password "please log on"
 +inurl:users.json + "username"
 +intitle:"index of" intext:"Includes
 +inurl:old "index of" "wp-config.php"
 +inurl:9000 AND intext:"Continuous Code Quality"
 +s3 site:amazonaws.com filetype:sql
 +intext:"wordpress" filetype:xls login & password
 +"Web Analytics powered by Open Web Analytics - v: 1.6.2"
 +intitle:"Outlook Web Access" | "Outlook Web app" -office.com -youtube.com -microsoft.com
 +intext:"Sign in with your organizational account" login -github.com
 +"/FTPSVC2" intitle:"index of"
 +intitle:"index of" "W3SVC1"
 +inurl:"CookieAuth.dll?GetLogon?" intext:log on
 +-youtube.com login | password | username intitle:"assessment"
 +s3 site:amazonaws.com filetype:xls login
 +s3 site:amazonaws.com filetype:xls password
 +intext:backup.sql intitle:index.of
 +intext:user.sql intitle:index.of
 +inurl:jsmol.php
 +intitle:"Pi-hole Admin Console"
 +filetype:inc php -site:github.com -site:sourceforge.net
 +filetype:php "Notice: Undefined variable: data in" -forum
 +intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"
 +intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:pdf
 +filetype:git -github.com inurl:"/.git"
 +intitle:"iLO Login" intext:"Integrated Lights-Out 3"
 +filetype:svn -gitlab -github inurl:"/.svn"
 +"please sign in" "sign in" "gophish" +"login"
 +intitle:"LaserJet" "Device status" "Supplies summary"
 +inurl:github.com intext:.ftpconfig -issues
 +inurl:bc.googleusercontent.com intitle:index of
 +intitle:"admin console" inurl:login site:"*.edu"|site:"*.gov"|site:"*.net" -site:*.com -help -guide -documentation -release -notes -configure -support -price -cant
 +inurl:/login.rsp
 +site:global.gotomeeting.com inurl:recording
 +inurl:/web-console/ServerInfo.jsp | inurl:/status?full=true
 +inurl:/CFIDE/administrator/index.cfm | inurl:/CFIDE/componentutils/login.cfm | inurl:/CFIDE/main/ide.cfm | inurl:/CFIDE/wizards/
 +intitle:"oracle bi publisher enterprise login"
 +"keyed alike" site:gov filetype:pdf
 +inurl:"/Shop/auth/login"
 +inurl:office365 AND intitle:"Sign In | Login | Portal"
 +intext:"Login | Password" AND intext:"Powered by | username" AND intext:Drupal AND inurl:user
 +intext:"config" intitle:"Index of .ssh"
 +"php class JConfig" AND inurl:configuration AND ext:"bak | old | pdf | php | txt"
 +inurl:"urlstatusgo.html?url=" -intext:"Disallowed by URL filter"
 +inurl:"cs.html?url="
 +inurl:+CSCOE+/logon.html
 +inurl:login.txt filetype:txt
 +inurl:login.aspx filetype:aspx intext:"TMW Systems"
 +jmeter.log filetype:log
 +intitle:settings.py intext:EMAIL_USE_TLS -git -stackoverflow
 +inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner
 +intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql
 +intext:"the WordPress" inurl:wp-config ext:txt
 +site:mil ext:cfm inurl:login.cfm
 +"passport" filetype:xls site:"*.edu.*" | site:"*.gov.*" | site:"*.com.*" | site:"*.org.*" | site:"*.net.*" | site:"*.mil.*"
 +site:connect.garmin.com inurl:"/modern/profile/"
 +site:connect.garmin.com inurl:"/modern/activity/"
 +intitle:"qBittorrent Web UI" inurl:8080
 +intext:"series Network Configuration" AND intext:"canon"
 +inurl:ctl/Login/Default.aspx
 +inurl:dnn.js
 +inurl:TOP/PRTINFO.HTML
 +intitle:"index of" scada
 +inurl:/clusters intitle:"kafka Manager"
 +inurl:7474/browser intitle:Neo4j
 +intitle:OmniDB intext:"user. pwd. Sign in."
 +intext:"Powered by 74cms v5.0.1"
 +inurl:wp-login.php?action=register
 +intext:[To Parent Directory] & ext:sql | ext:cnf | ext:config | ext:log
 +ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator"
 +inurl:/pages/default.aspx | inurl:/páginas/default.aspx
 +site:www.openbugbounty.org + intext:"Open Redirect" + intext:"Unpatched"
 +"Powered by ViewVC 1.0.3"
 +"/var/cache/registry/"
 +inurl:_vti_bin/sites.asmx?wsdl | intitle:_vti_bin/sites.asmx?wsdl
 +type:mil inurl:ftp ext:pdf | ps
 +site:com inurl:b2blogin ext:cfm | jsp | php | aspx
 +site:com inurl:jboss filetype:log -github.com
 +inurl:/signin.php?ret=
 +"This service is powered by a copy of ZendTo"
 +allintitle: "index of/admin"
 +intitle: "index of" "./" "./bitcoin"
 +intitle:"index of" ".cpanel/caches/config/"
 +intitle: "Index of" intext:log
 +Find 3cx Phone System Management Console
 +intitle:"Directory Listing For" "Filename" intext:Tomcat/5.0.28
 +site:azurewebsites.net inurl:.gov | .mil | .edu
 +intitle: "index of" "includes"
 +inurl:/uploads/wc-logs/
 +intitle:"index of" "db"
 +intitle:"iDRAC-login"
 +intitle:"Log In - Juniper Web Device Manager"
 +intitle:.:: Welcome to the Web-Based Configurator::.
 +"Powered by BOINC"
 +"Powered by Trac 1.0.2"
 +"online learning powered by bksb"
 +inurl:/php-errors.log filetype:log
 +inurl:/files/_log/ filetype:log
 +inurl:8000/portal/
 +inurl:/portal/apis/fileExplorer/
 +inurl:'/scopia/entry/index.jsp'
 +inurl:'/logon/logonServlet'
 +intitle:'Welcome to JBoss AS'
 +inurl:'/zabbix/index.php'
 +intitle:'Centreon - IT & Network Monitoring'
 +"/1000/system_information.asp"
 +inurl:typo3conf/l10n/
 +inurl:/files/contao
 +/adp/self/service/login
 +intext:reports filetype:cache
 +intitle:"NetcamSC IP Address"
 +inurl:/phpMyAdmin/setup/index.php?phpMyAdmin=
 +inurl:pipermail filetype:txt
 +intitle:"index of" ".dockerignore"
 +intitle:"index of" "/aws.s3/"
 +inurl:SSOLogin.jsp intext:"user"
 +intitle:settings.py intext:EMAIL_HOST_PASSWORD -git -stackoverflow
 +intitle:"index of" "/bitcoin/"
 +intitle:"index of" ".pem"
 +allinurl:asdm.jnlp
 +inurl:/snap.cgi?&-getpic
 +intitle:"Home-CUPS" intext:printers -mugs
 +"Last modified" intitle:"index of" "dropbox"
 +"description" & "size" intitle:"index of" "owncloud"
 +"sasl_passwd" | smtpd.conf intitle:"index of"
 +intitle:"index of" "/user" | "/users"
 +username | password inurl:resources/application.properties -github.com -gitlab
 +intitle:"index of" hosts.csv | firewalls.csv | linux.csv | windows.csv
 +intitle:"index of" users.csv | credentials.csv | accounts.csv
 +inurl:scanned & documents intitle:"index of" IT
 +intitle:"index of" inurl:documents backup
 +intitle:vendor | supply & login | portal intext:login | email & password
 +intext:pin | userid & password intitle:supplier | supply & login | portal
 +allinurl:"/SilverStream/Meta/"
 +inurl:/za/login.do
 +inurl:/adfs/services/trust
 +intitle:rms webportal
 +inurl:F5Networks-SSO-Req?
 +inurl:shared/login.jsp?/ BMC arsys
 +inurl:login.htm "xpress" password
 +inurl:login.htm "access" database
 +"Proudly created with Wix.com"
 +inurl:"/cgi-bin/WS_FTP.LOG"
 +inurl:"/cgi-bin/CVS/"
 +inurl:"/.Trash" intitle:"index of" ~
 +intitle:"index of" $Recycle.bin
 +intitle:"index of" "/Windows/Recent" | "/Windows/History/"
 +intitle:"index of" "WindowsCookies"
 +intitle:"index of" "Application Data/Microsoft/Credentials"
 +intitle:"index of" "hiberfil.sys"
 +allintitle:"Index of /Admin/Common" | allintext:"Parent Directory"
 +allinurl:"wp-content/plugins/wordpress-popup/views/admin/"
 +inurl:"/my-account-login" | allintext:"My Account"
 +allintitle:"Index of /ThinkPHP" | inurl: "/ThinkPHP/"
 +inurl:nagios/cgi-bin/status.cgi
 +inurl:/FxCodeShell.jsp/ "Login Form" "Blog Comments"
 +intext:"Portador do CPF"
 +inurl:"/sidekiq/busy"
 +intitle:"Device(" AND intext:"Network Camera" AND "language:" AND "Password"
 +intext:"Any time & Any where" AND "Customer Login"
 +intitle:"Screenly OSE" intext:"Schedule Overview" AND "Active Assets" AND "Inactive Assets"
 +inurl:"fhem.cfg" AND 'fhem.cfg' -github
 +intitle:"InfluxDB - Admin Interface" -github
 +intitle:"webcam 7" inurl:'/gallery.html'
 +intitle:"Login - Xfinity" AND "Gateway > Login"
 +intitle:QueryService Web Service
 +intitle:"index of /" ssh
 +"Please click here to download and install the latest plug-in. Close your browser before installation."
 +inurl:/pwm/public/
 +inurl:/login.zul
 +intitle:"FCKeditor - Uploaders Tests"
 +intitle:"FCKeditor - Connectors Tests"
 +inurl:/setup.cgi@next_file=
 +intitle:"Index of /" inurl:passport
 +intext:" - 2019 Cott Systems, Inc."
 +"I have been invoked by servletToJSP"
 +inurl:/sap/bc/bsp
 +inurl:/irj/portal
 +inurl:/scripts/wgate
 +inurl:infoviewapp
 +inurl:"/irj/go/km/docs/"
 +inurl:"/irj/go/km/" intext:navigation
 +inurl:"/webdynpro/resources/sap.com/"
 +filetype:cwr inurl:apstoken
 +inurl:apspassword
 +filetype:pub "ssh-rsa"
 +filetype:doc "Answer Key"
 +inurl:"ai1wm-backups"
 +"dispatch=debugger."
 +intitle:Test Page for the Nginx HTTP Server on Fedora
 +inurl:admin.php inurl:admin ext:php
 +intitle: "Nexus Repository Manager"
 +inurl:LOG.txt X-System folder
 +inurl:webman/index.cgi
 +"Example: jane.citizen1"
 +intext:"EQ1PCI"
 +intext:password "Login Info" filetype:txt
 +filetype:txt "Registration Code"
 +"login":
 +inurl:_cpanel/forgotpwd
 +inurl:/help/lang/en/help
 +inurl:public.php inurl:service ext:php
 +filetype:xml config.xml passwordHash Jenkins
 +intitle:ProFTPD Admin - V1.04
 +intitle:"VB Viewer"
 +index of /etc/certs/
 +intitle:"Index of /private/"
 +"inurl:"Umbraco/#/login" site:*edu"
 +"site:ghostbin.com " / " "
 +"site:hastebin.com " / " "
 +intitle:'index of' "error_log"
 +intitle:'index of' "access_log"
 +inurl:/certsrv/certrqus.asp
 +inurl:/config/authentication_page.htm
 +intext:"Type in Username and Password, then click Ok" intitle:"log in"
 +intitle:"index of /" intext:/backup
 +"syd_apply.cfm"
 +inurl:/wp-content/uploads/wp-backup-plus/
 +intitle:"index of /" authorized_keys
 +index of kcfinder/
 +index of /ckeditor
 +filetype:rdp default.rdp
 +filetype:txt "License Key"
 +intitle:"index of /" intext:/descargas/
 +intitle:"index of /" intext:/Download/
 +intext:"Powered by Abyss Web Server"
 +intitle:"index of" pagefile.sys
 +intitle:index of /.sql.gz intext:/backup/
 +inurl:/proc/tty/ index of
 +inurl:/sample/LvAppl/lvappl.htm
 +allinurl:control/multiview
 +allinurl:DialogHandler.aspx
 +intitle:"VertrigoServ" + "Welcome to VertrigoServ"
 +intitle:"Swagger UI - " + "Show/Hide"
 +inurl:/_vti_pvt/service.cnf | inurl:/_vti_inf.html | inurl:/_vti_bin/ | inurl:/_vti_bin/spsdisco.aspx
 +intitle: "Welcome to nginx!" + "Thank you for using nginx."
 +"vpnssl"
 +intext:jdbc:oracle filetype:java
 +intitle:" - Revision" + "subversion version"
 +Index of /.svn
 +inurl:"swagger-ui/index.html"
 +intitle:livezilla "Server Time"
 +intitle:"Sucuri WebSite Firewall - Access Denied"
 +intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS"
 +inurl:"/phpsqlitecms/cms/index.php"
 +intitle:"SQLiteManager" + intext:"Welcome to SQLiteManager version "
 +"This server is operated by OpenX."
 +intitle:"docker" intitle:"index of" config
 +inurl:wls-wsat intext:"weblogic.wsee.wstx.wsat"
 +intext:"Resource dumped by" intext:jcr -site:adobe.com
 +inurl:phpPgAdmin intext:"Cappuccino" | intext:"Blue/Green"
 +inurl:filebrowser.wcgp?subDir Communigate
 +ext:env intext:APP_ENV= | intext:APP_DEBUG= | intext:APP_KEY=
 +inurl:/Portal/Portal.mwsl?PriNav=FileBrowser
 +inurl:"/wp-json/" -wordpress
 +inurl:"/saml2?SAMLRequest="
 +inurl:home.tcl intitle:gaia
 +"[HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSessions]" ext:reg
 +inurl:"/uddiexplorer/searchpublicregistries.jsp"
 +inurl="/uddiexplorer/SetupUDDIExplorer.jsp"
 +intitle:login "recruiter" | "employer" | "candidate"
 +filetype:reg reg HKEY_CURRENT_USER intext:password
 +inurl:department intext:"hardware inventory" firewall router ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw )
 +intext:"authentication" intranet password login inurl:account ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw | xlsx | docx | mail)
 +inurl:login intext:"reset your password"
 +intext:"Powered by Nesta"
 +Coldbox | contentbox | commandbox "Powered by ContentBox"
 +intext:(username | user | email | sign on | login | auth) admin dashboard | panel -stackoverflow
 +inurl:login.do? | shoplogin.do | adminlogin
 +intext:"Powered by Typesetter"
 +intext:"Powered by (Quantum | Quantum CMS | CMS)
 +inurl:"Default+Administrator+View"
 +inur:"arsys/forms" | "arsys/shared" | "/arsys/home"
 +filetype:txt $9$ JunOS
 +filetype:txt line vty 0 4
 +"ProQuest provides subscription access to numerous premium technical journals, dissertations and other information databases."
 +intext:"paytm" intitle:"index of"
 +intitle:"Log in - WhatsUp Gold"
 +intitle:"OAuth Server Login"
 +inurl:"standalone.xml" intext:"password>"
 +intext:Modified files in JOE when it aborted on JOE was aborted because the terminal closed
 +intext:"please find attached" "login" | password ext:pdf
 +intitle:Login inurl:login.php intext:admin/admin
 +intext:"KRAB-DECRYPT.txt" intitle:"index of"
 +intext:pure-ftpd.conf intitle:index of
 +intext:my.cnf intitle:index of
 +configuration> + filetype:config -github.com
 +inurl:logs/gravityforms
 +inurl:robots.txt intext:Disallow: /web.config
 +/_wpeprivate/config.json
 +intext:"Powered by Sentora" -github.com
 +inurl:"build.xml" intext:"tomcat.manager.password"
 +/var/www/manage/storage/logs/laravel- ext:log
 +site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
 +inurl:/yum.log | intitle:yum.log + ext:log
 +intitle:"index of" intext:twr.html
 +intitle:"index of" intext:login.csv
 +inurl:/banking.jsp?fldsegment=
 +inurl:/INALogin.jsp
 +intext:ZAP Scanning Report Summary of Alerts ext:html
 +inurl:"trello.com" and intext:"username" and intext:"password"
 +inurl:/typo3/typo3conf
 +inurl:/_hcms/
 +intext:"define('DB_NAME'," ext:txt
 +intext:"class JConfig {" inurl:configuration.php
 +intitle:backup+index of
 +inurl:/wp-json/wp/v2/users/ "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
 +inurl:"wp-license.php?file=../..//wp-config"
 +intext:"M3R1C4 SHELL BACKDOOR"
 +intitle:"phpVirtualBox - VirtualBox Web Console"
 +intext:"PHP Version " ext:php intext:"disabled" intext:"Build Date" intext:"System" intext:"allow_url_fopen"
 +intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build"
 +"index of" "database.sql.zip"
 +inurl:/wp-content/ai1wm-backups + wpress
 +ext:ppk ssh key -github.com -gitlab
 +inurl:conf/tomcat-users.xml -github
 +"index of" "database_log"
 +inurl:/usersignin?
 +inurl:"/gitweb.cgi?"
 +inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail
 +"index of" /wp-content/uploads/shell.php
 +"battlefield" "email" site:pastebin.com
 +"File Manager - Current disk free"
 +"Index of" "database.sql"
 +inurl:wp-config.bak
 +inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell"
 +intext:"Thank you for using BIG-IP."
 +inurl:login.php.bak
 +intitle:"index of" ".travis.yml" | ".travis.xml"
 +intitle:"index of" "laravel.log" | "main.yaml" | "server.cfg"
 +"ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of"
 +intext:"rabbit_password" | "service_password" filetype:conf
 +"whoops! there was an error." "db_password"
 +swiftmailer intitle:"index of" "smtp.yml" | "smtp.xml"
 +intitle:"index of" "config.yml" | "config.xml" intext:login | auth
 +intitle:"index of" "config.yml" | "config.xml" intext:login | auth
 +intitle:"index of" ".gitignore"
 +intext:APIKey ext:js | xml | yml | txt | conf | py -github -stackoverflow intitle:"index of"
 +inurl:tests/mocks intext:autoloader
 +inurl:lighttpd.conf lighttpd site:github.com
 +-site:smarty.net ext:tpl intext:"
 +inurl:nginx.conf nginx site:github.com
 +intext:"successfully" intitle:"index of" config | log | logged -stackoverflow
 +ext:log intext:"connection" intitle:"index of" -stackoverflow
 +employee "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx
 +hardware | software "migration" intitle:index.of ext:xls | xlsx | doc | docx | pdf
 +"var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous
 +inurl:secure/dashboard jspa
 +inurl:travis.yml tornado site:github.com
 +intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github
 +inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com
 +inurl:"/tiny_mce/plugins/ajaxfilemanager/inc/data.php" | inurl:"/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php" -github
 +intitle:index.of id_rsa -id_rsa.pub
 +intext:"please change your" password |code | login file:pdf | doc | txt | docx -github
 +"air confirmation" "passenger(s)"
 +intitle:HTTP Server Test Page powered by CentOS
 +inurl:"debug/default/view?panel=config"
 +inurl:configuration.php and intext:"var $password="
 +inurl:/dbcp.properties + filetype:properties -github.com
 +inurl:"root?originalDomain"
 +inurl:"/jira/login.jsp" intitle:"JIRA login"
 +intitle:"manager area" password -stackoverflow.com
 +"Copyright Metislab" password
 +filetype:txt Administrator:500:
 +nd=m_fundraising_detail "login here"
 +inurl:login.jsp intitle:"admin"
 +inurl:/wp-includes/certificates/
 +filetype:xls | xlsx intext:software license site:.gov
 +filetype:xls | xlsx intext:cisco -cisco.com site:.gov
 +intext:vmware virtual site:.gov filetype:xls | xlsx | doc | pdf
 +(intitle:"plexpy - home" OR "intitle:tautulli - home") AND intext:"libraries"
 +intext:define('AUTH_KEY', ' wp-config.php filetype:txt
 +"Powered by 2Moons"
 +intitle:"UltraDNS Client Redirection Service"
 +"Powered byPlanet eStream"
 +intitle:"This is pdfTeX, Version"
 +inurl:wp-config-backup.txt
 +"webkactus"
 +"CCCLogin.aspx"
 +"PaperCut Login"
 +intext:cv OR intext:curriculum vitae "passport details" ext:doc -template
 +intitle:"MyWebSQL" + "User ID: Password:"
 +intitle:"SSL VPN Service" + intext:"Your system administrator provided the following information to help understand and remedy the security conditions:"
 +intitle:"apache tomcat/" "Apache Tomcat examples"
 +filetype:png | "proportal"
 +frmLogin
 +"2004 - 2018 iboss, Inc. All rights reserved."
 +intitle:Wagtail.-.Sign in intext:Javascript.is.required.to.use.Wagtail
 +inurl:'/SSI/Auth/ip_configuration.htm'
 +intitle:"Malware Analysis Report"
 +intext:"Powered by www.yawcam.com"
 +allintitle:restricted filetype:doc site:gov
 +intext:"default values: admin/1234"
 +"password.xlsx" ext:xlsx
 +"username.xlsx" ext:xlsx
 +intitle:"index of /bins" arm
 +inurl:/admin intitle:Pulse.CMS -pulsecms.com
 +intext:Omeka*Username Powered.by.Omeka inurl:admin -github -omeka.org
 +filetype:gitattributes intext:CHANGELOG.md -site:github.com
 +inurl:/sitefinity intext:Copyright.(c)*Telerik. Site.Finity
 +"index of /ups.com/WebTracking"
 +filetype:env intext:REDIS_PASSWORD
 +filetype:env intext:AWS_SECRET
 +filetype:env intext:mail_host + intext:bluehost
 +intitle:'System Web Interface: WATTrouter M'
 +inurl:"/logon.aspx?ReturnUrl="
 +inurl:login.jsp?permissionViolation
 +intext:Connect.with.Finalsite intitle:admin -facebook
 +inurl:/contao/main ext:php -community -github
 +inurl:/CMSPages/logon ext:aspx
 +inurl:/index.php/login intext:Concrete.CMS
 +"Powered by Open Source Chat Platform Rocket.Chat."
 +inurl:'listprojects.spr'
 +inurl:'/blog/Account/login.aspx'
 +inurl:composer.json codeigniter -site:github.com
 +allintext:'HttpFileServer 2.3k'
 +intext:2001.-.2018.umbraco.org ext:aspx
 +AndroidManifest ext:xml -github -gitlab -googlesource
 +allintitle: "Flexi Press System"
 +intitle:"Netgear™ - NETGEAR Configuration Manager Login"
 +inurl:jpegpull.htm
 +inurl:"user_login/" bitcoin | crypto | wallet
 +inurl:"RootFolder=" Allitems "confidential" | "classified" | "passwords" | username
 +inurl:"AllItems.aspx?FolderCTID=" "firewall" | "proxy" | "configuration" | "account"
 +inurl:"q=user/password"
 +site:showmyhomework.co.uk/school/homeworks/ "password"
 +inurl:/munin/localdomain/localhost.localdomain/open_files.html
 +inurl:"?db_backup" | inurl:"dbbackup" -site:github.com "sql.gz" | "sql.tgz" | "sql.tar" | "sql.7z"
 +inurl:"paypal" intitle:"index of" backup | db | access -github
 +intitle:"index.of" inurl:"cvs" login | passwd | password | access | pass -github -pub
 +intitle:login laboratory | "nuclear" | physics "password" authentication
 +inurl:revslider inurl:'/revslider+port'
 +inurl:fisheye AND inurl:changelog -site:atlassian.com -site:github.com -intext:"Log in to FishEye"
 +inurl:"/wp-content/uploads/db-backup"
 +"Powered by Apache Subversion version"
 +intext:"this login can be used only once" inurl:user intitle:"reset password"
 +intitle:"Login" inurl:"/itim/self" | inurl:"/itim/ui" -ibm.com
 +filetype:doc inurl:"gov" intext:"default password is"
 +site:trello.com intext:mysql AND intext:password -site:developers.trello.com -site:help.trello.com
 +intitle:"Powered by Qualys SSL Labs"
 +intext:"PuTTY log" ext:log "password" -supportforums -github
 +intitle:"apache tomcat/" + "Find additional important configuration information in:"
 +intitle:"Index of" intext:"Login Data"
 +inurl:"/App.Config" + ext:config + "password=" -github -git
 +intitle:"Statistics Report for HAProxy" + "statistics report for pid"
 +"RDServer Product information" | inurl:"/rdagent.jsp"
 +ext:txt {"wallet_address" :", "pool_address" : " ", "pool_password" -git
 +intitle:"Apache2 Debian Default Page: It works"
 +intitle:Upload inurl:/cgi-bin/filechucker.cgi
 +inurl:..//drivers/etc/ intitle:index of
 +intitle:Munin :: overview
 +index of /node_modules/ -github -stackoverflow
 +inurl:"mjpg/video.cgi?resolution="
 +inurl:"/bigdump.php" + intitle:"BigDump ver."
 +inurl:?wp-commentsrss2.php -git
 +inurl:"servlet/ViewFormServlet?" "pwd"
 +intitle:"BMC Remedy Mid Tier" "login"
 +inurl:/.well-known/security.txt
 +inurl:/mailscanner/login.php
 +inurl:/daten/webyep-log.txt
 +inurl:rvsindex.php & /rvsindex.php?/user/login
 +intitle:"Open Source HRMS" intext:"powered by"
 +inurl:default.aspx?ReturnUrl=/spssmr -stackoverflow -youtube.com -github
 +inurl:"/SAMLLogin/" -github
 +inurl:"/user/register" "Powered by Drupal" -CAPTCHA -"Access denied"
 +intext:build:SVNTag= JBoss intitle:Administration Console inurl:web-console
 +Codeigniter filetype:sql intext:password | pwd intext:username | uname intext: Insert into users values
 +"login" "adp login" -adplogin.us -adplogin.org -adplogin.net
 +intitle:"index.of" | inurl:/filemanager/connectors/ intext:uploadtest.html
 +intitle:index.of inurl:/websendmail/
 +:DIR | intitle:index of inurl://whatsapp/
 +inurl:report.cgi?dashboard=
 +intitle:"index.of" "places.sqlite" "key3.db" -mozilla.org
 +intitle:"index.of" "places.sqlite" "Mail" thunderbird -mozilla.org -scan
 +inurl:"/Admin/Login?ReturnUrl=" -github.com -gitlab.com
 +filetype:config "" "password" "web.config" -stackoverflow -youtube.com -github
 +"login" inurl:"account/auth" -github -gitlab -stackoverflow
 +ext:ini Robust.ini filetype:ini "password"
 +ext:adr adr filetype:adr "bookmarks.adr"
 +inurl:":2083/login/?user="
 +intitle:index.of home/000~root~000/
 +intitle:"Index.Of.Applications (Parallels)" -stackoverflow -quora
 +inurl:"config.xml" "password" ext:xml -stackoverflow.com -github.com
 +inurl:"/forgotpwd.jspx"
 +inurl:"ssologin/" -github.com
 +inurl:"cmd=auth?" -github -stackoverflow -gitlab
 +inurl:"/initiatesso?providerid=" -github.com
 +"Oracle peoplesoft sign in" inurl:"cmd=login?" -github -stackoverflow -gitlab
 +inurl:"/Setup/Default.aspx" "mojoPortal"
 +inurl:"/startSSO.ping?" -stackoverflow.com
 +intitle:"Index Of" intext:".Trash"
 +inurl:"databases.yml" ext:yml password -github
 +intitle:"index.of.virtualbox" -mirror -mirrors -public -ubuntu.com -edu -pub
 +intext:"Powered by Nibbleblog"
 +inurl:/host.txt + filetype:txt + "password"
 +intitle:"Installing TYPO3 CMS"
 +intitle:"Index Of" intext:".vscode"
 +intext:"https://chat.whatsapp.com/invite/" intitle:"Your Search For Company/Subject/Whatever"
 +"Declassified and Approved for Release by" filetype: pdf
 +"login" intitle:"scada login"
 +intitle:"index of /" inanchor:.kdbx
 +intitle:"miniProxy"
 +site:pastebin.com "rcon_password"
 +intitle:"Index of /logs/" "lighttpd"
 +filetype:env intext:"APP_ENV"
 +filetype:log inurl:"log" "[SERVER_SOFTWARE]"
 +CakePHP inurl:database.php intext:db_password
 +ext:php + inurl:"ajaxfilemanager.php" + intext:"Current Folder Path"
 +CakePHP filetype:sql intext:password | pwd intext:username | uname intext: Insert into users values
 +intitle:"Deluge: Web UI 1.3"
 +intitle:"Deluge: Web UI" inurl:":8112"
 +intext:database inurl:"laravel.log" ext:log
 +intitle:"private login" username -github
 +dwsync.xml intitle:index of -gitlab -github
 +allinurl:mc4wp-debug.log ext:log
 +config.yaml intitle:"index of" vagrantfile
 +inurl:intranet/login login
 +intitle:"partners login"
 +inurl:"login.php?referer=profile.php"
 +intitle:"login credit" "login"
 +intitle:"login form" "powered by" -tutorial
 +"department" | "agency" | "government" "intitle:"login form" -youtube -template
 +"service" | "military" | "federal" "intitle:"login form" -youtube -template -stackoverflow
 +"login" "secure" "intitle:"online banking" -youtube -template -stackoverflow -stackexchange
 +intitle:"login" | intitle:"sign in" "member" "private" "admin" "club" -stackoverflow -github -youtube
 +intitle:"login" | intitle:"hospital" "patient" "clinic" "admin" "medical" "login" -stackoverflow -github -youtube
 +intext:"[***] Results from" + ext:txt + "snort-"
 +intitle:CV+index of
 +intitle:"Please login" "username" "password"
 +"username" "password" intitle:"login here"
 +inurl:"form_id" login username password
 +intitle:access your account" login
 +intitle:your access id is" login -youtube
 +intitle:Control Panel "Login with your username and password below." +"Email" +"Powered by"
 +inurl:"apps/backend/config/"
 +intext:password inurl:"/log/production" ext:log
 +intitle:"index of" inurl:"paypal" log
 +":: Arachni Web Application Security Report"
 +intitle:"Control Panel" + emailmarketer
 +intitle:"Axis Happiness Page" "Examining webapp configuration"
 +intitle:"index of" intext:"pip-selfcheck.json"
 +inurl:/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 | inurl:/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
 +intitle:"Proberv0." | inurl:/proberv.php
 +"var miner = new CoinHive" intext:document.domain
 +intitle:Login to CMS Made Simple + inurl:/cmsms
 +intitle:"index of" docker-compose.yml
 +intitle:"index of" .env
 +inurl:"/forms/frmservlet?config=" login
 +intitle:tm4web login | logon | account | member | password
 +filetype:sql intext:password | pass | passwd intext:username intext:INSERT INTO `users` VALUES
 +inurl:/gravity_forms/logs ext:txt
 +intext:"Dr.Web (R) Anti-virus. Virus base add-on" + ext:txt
 +intitle:"Yawcam" inurl:8081
 +ext:pem "PRIVATE KEY" -site:facebook.com -example -test*
 +inurl:control/camerainfo
 +"IBM Security AppScan Report" ext:pdf
 +inurl:"/etc/fail2ban/" + ext:conf
 +intext:"Powered by ViewVC" | intitle:"ViewVC Repository Listing"
 +inurl:cloud_main.asp
 +inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:"
 +"database_password" filetype:yml "config/parameters.yml
 +inurl::5601/app/kibana
 +inurl:"index.php?option=com_joomanager"
 +"MAIL_PASSWORD" filetype:env
 +"database_password" filetype:yml "config/parameters.yml"
 +intitle:"netsparker scan report" ext:pdf
 +inurl:/fantastico_fileslist.txt + ext:txt
 +inurl:public "Powered by SecureW2"
 +inurl:/openwebmail/cgi-bin/openwebmail/etc/
 +allinurl:awstats.pl?config=
 +inurl:/install/stringnames.txt
 +intitle:"Burp Scanner Report" | "Report generated by Burp Scanner"
 +inurl:"plesk-stat"
 +inurl:"/xmlrpc.php?rsd" & ext:php
 +intitle: "Generated by Acunetix WVS Reporter"
 +inurl:/frontend/paper_lantern/index.html
 +allintitle:"Forum Post Assistant :" ext:php -site:joomla.org
 +"[LocalizedFileNames]" inurl:"desktop.ini" ext:ini -git -wiki
 +"[Tera Term]" inurl:"teraterm.ini" ext:ini -git
 +"ADS-B Receiver Live Dump1090 Map "
 +inurl:/add_vhost.php?lang=
 +inurl:"main.php?action=db"
 +inurl:module=coreHome
 +intitle:index.of intext:zc_install intitle:zen-cart
 +inurl:"/cgi-bin/filemanager/Manager.pl"
 +"Application Blocked!" "Google bot"
 +"Email delivery powered by Google" ext:pdf OR ext:txt
 +inurl:/login/index.php intitle:CentOS
 +intitle:"PHP Web Stat - Sysinfo" intext:php inurl:stat/sysinfo.php
 +"SiteBar Bookmark Manager" inurl:index.php?w=
 +inurl:"/jde/E1Menu.maf"
 +intitle:"Solr Admin" "Solr Query Syntax"
 +intitle:"Index Of" intext:sftp-config.json
 +inurl:"test/php/test.html" Plesk File
 +intitle:Armstrong Hot Water System Monitoring
 +inurl:embed.html inurl:dvr
 +inurl:"/libs/granite/core/content/login.html"
 +intitle:"Chorus 2 - Kodi web interface"
 +intitle:Kodi inurl:":8080" "Music. Music;"
 +intitle:"rutorrent v3" AND intext:Uploaded -github.com
 +ext:config + " password=" + "
 +intitle:"WAGO Ethernet web-based-management"
 +ext:jsp intext:"jspspy" intitle:"Jspspy web~shell V1.0"
 +intitle:"Nport web console"
 +inurl:"mgl-instagram-gallery/single-gallery.php?media"
 +"password" + ext:conf "Modem Type = USB Modem"
 +"lv_poweredBy"
 +</code>
 +
 +{{tag>google search hack dorks}}