google:dorks

<html><h1> Dorks Google </p><style>@font-face { font-family: “Palatino Linotype P”; src: url(“https://poxmedia.net/font/pala.ttf”) format(“truetype”);} body { background: white;} #google { font-family: “Catull”, “Palatino Linotype”, “Palatino Linotype P”; font-size: 128px; text-align: center; line-height: 50%;} .blue { color: #4385f5;} .red { color: #dc4437;} .yellow { color: #f5b400;} .green { color: #109d59;}</style></h1></html>

Interesting Searches…

Source (http://www.i-hacked.com/content/view/23/42)

intitle:index.of mkv 2011 1080p -html -htm -php -txt -pls   HD Movie :)
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password“
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command“
inurl:passlist.txt
"Index of /backup“
"Chatologica MetaSearch" "stack tracking:"
inurl:passwd.txt
…and this one is just priceless…
"login: *" "password= *" filetype:xls

Listings of what you want

* change the word after the parent directory to what you want
* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Name of Singer or album” -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Music

 intitle:index.of mp3 jackson

You only need add the name of the song/artist/singer.

CD Images

  inurl:microsoft filetype:iso

You can change the string to whatever you want, ex. Microsoft to Adobe, .iso to .zip etc…

Passwords

 "# -FrontPage-" inurl:service.pwd" 
 

FrontPage passwords.. very nice clean search results listing !!

 "AutoCreate=TRUE password=*"
 

This searches the password for “Website Access Analyzer”, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

Passwords in the URL

 "http://*:*@www" 
 

domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net

 "http://*:*@www" gamespy or http://*:*@www”gamespy

Another way is by just typing “http://bob:bob@www

IRC Passwords

 "sets mode: +k"

This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

 eggdrop filetype:user 

user These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

Access Database Passwords

 allinurl: admin mdbNot 

all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

DCForum Passwords

allinurl:auth_user_file.txt

DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks.

MySQL Passwords

 intitle:"Index of" config.php

This search brings up sites with “config.php” files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base.

This file gives you the keys to that forum, including FULL ADMIN access to the database.

The ETC Directory

intitle:index.of.etc

This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

Passwords in backup files

  filetype:bak inurl:"htaccess|passwd|shadow|htusers

This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.

Serial Numbers

* Let's pretend you need a serial number for Windows XP Pro.

* In the Google search bar type in just like this - “Windows XP Professional” 94FBR

* the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you.

* or if you want to find the serial for WinZip 8.1 - “WinZip 8.1” 94FBR

These are only a sample of some of the fun things you can do with the wrong kind of Google search. Such strings return very random results, and are of very little use for targeted attacks. But for random hacking of peoples Frontpage password's, it's priceless.

   inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"
   
   

Accéder à des caméras IP

Avec le développement des caméras “IP” et leur connexion au réseau Internet, il est désormais possible de tomber sur certains flux vidéos plus ou moins privés. Voici les expressions à utiliser pour différents types de caméras :

  Axis : inurl:/view.shtml or inurl:view/index.shtml
  Canon : sample/LvAppl/
  MOBOTIX : control/userimage.html
  FlexWatch : /app/idxas.html
  JVC : intitle:”V.Networks [Motion Picture(Java)]”

Récupérer des listes d’adresses e-mails

Si vous vous êtes déjà demandé comment certaines sociétés récupères des millions d’adresses e-mails qu’elles revendent au plus offrant à des spammeurs, voici une des techniques qu’elles utilisent. Grâce à cette recherche n’importe qui peut accéder à une liste de fichiers Excel qui contiennent au total les coordonnées de milliers, voire millions d’individus.

  filetype:xls inurl:”email.xls”

Envie d’un film ou d’une musique ?

GeekOrama vous recommande de ne pas télécharger illégalement, mais il est bon de savoir que si vous stockez des films ou fichiers sur Internet, même si personne n’est censé avoir l’adresse, vous devenez coupable de piratage et diffusion de contenus protégés. Pour exemple, voici comment trouver des morceaux de Green Day par exemple

  1. inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(wma|mp3) “green day”

Pour les films, utilisez quelque chose de ce genre :

  1. inurl:(htm|html|php) intitle:”index of” +”last modified” +”parent directory” +description +size +(avi|mkv) “dvdrip fr”

Même des mots de passe !

Qui vous a raconté que vos mots de passe sont gardés précieusement ? On lit quasiment toutes les semaines dans la presse que telle ou telle compagnie s’est fait pirater des milliers de comptes. Les techniques des pirates sont souvent plus sophistiquées, mais pas toujours. Une simple recherche Google peut ouvrir la porte à beaucoup de chose :

  “Login: *” “password =*” filetype: xl
  filetype:dat “password.dat”
  filetype:sql (“values * MD5″ | “values * password” | “values * encrypt”) date:12

Le terme “date:12″ utilisé dans la dernière expression indique au moteur de recherche que vous ne souhaitez que les résultat de moins de 12 mois. Une liste plus exhaustive de Google Hacks pour retrouver des mots de passe est diponible ici ou encore ici, mais les possibilités sont infinies.

Source : http://www.geekorama.fr/12-astuces-de-google-hacking-a-la-peche-aux-informations-cachees/


UPDATE 2019

Source Korben : https://korben.info/google-dorks-2019-liste.html

inurl:"/vpn/tmindex.html" vpn
intext:"Powered by GetSimple" -site:get-simple.info
inurl:"/fuel/login"
intitle:"index of" intext:"Includes wordpress"
intitle:"netscaler gateway" intext:password "please log on"
inurl:users.json + "username"
intitle:"index of" intext:"Includes
inurl:old "index of" "wp-config.php"
inurl:9000 AND intext:"Continuous Code Quality"
s3 site:amazonaws.com filetype:sql
intext:"wordpress" filetype:xls login & password
"Web Analytics powered by Open Web Analytics - v: 1.6.2"
intitle:"Outlook Web Access" | "Outlook Web app" -office.com -youtube.com -microsoft.com
intext:"Sign in with your organizational account" login -github.com
"/FTPSVC2" intitle:"index of"
intitle:"index of" "W3SVC1"
inurl:"CookieAuth.dll?GetLogon?" intext:log on
-youtube.com login | password | username intitle:"assessment"
s3 site:amazonaws.com filetype:xls login
s3 site:amazonaws.com filetype:xls password
intext:backup.sql intitle:index.of
intext:user.sql intitle:index.of
inurl:jsmol.php
intitle:"Pi-hole Admin Console"
filetype:inc php -site:github.com -site:sourceforge.net
filetype:php "Notice: Undefined variable: data in" -forum
intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"
intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:pdf
filetype:git -github.com inurl:"/.git"
intitle:"iLO Login" intext:"Integrated Lights-Out 3"
filetype:svn -gitlab -github inurl:"/.svn"
"please sign in" "sign in" "gophish" +"login"
intitle:"LaserJet" "Device status" "Supplies summary"
inurl:github.com intext:.ftpconfig -issues
inurl:bc.googleusercontent.com intitle:index of
intitle:"admin console" inurl:login site:"*.edu"|site:"*.gov"|site:"*.net" -site:*.com -help -guide -documentation -release -notes -configure -support -price -cant
inurl:/login.rsp
site:global.gotomeeting.com inurl:recording
inurl:/web-console/ServerInfo.jsp | inurl:/status?full=true
inurl:/CFIDE/administrator/index.cfm | inurl:/CFIDE/componentutils/login.cfm | inurl:/CFIDE/main/ide.cfm | inurl:/CFIDE/wizards/
intitle:"oracle bi publisher enterprise login"
"keyed alike" site:gov filetype:pdf
inurl:"/Shop/auth/login"
inurl:office365 AND intitle:"Sign In | Login | Portal"
intext:"Login | Password" AND intext:"Powered by | username" AND intext:Drupal AND inurl:user
intext:"config" intitle:"Index of .ssh"
"php class JConfig" AND inurl:configuration AND ext:"bak | old | pdf | php | txt"
inurl:"urlstatusgo.html?url=" -intext:"Disallowed by URL filter"
inurl:"cs.html?url="
inurl:+CSCOE+/logon.html
inurl:login.txt filetype:txt
inurl:login.aspx filetype:aspx intext:"TMW Systems"
jmeter.log filetype:log
intitle:settings.py intext:EMAIL_USE_TLS -git -stackoverflow
inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner
intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql
intext:"the WordPress" inurl:wp-config ext:txt
site:mil ext:cfm inurl:login.cfm
"passport" filetype:xls site:"*.edu.*" | site:"*.gov.*" | site:"*.com.*" | site:"*.org.*" | site:"*.net.*" | site:"*.mil.*"
site:connect.garmin.com inurl:"/modern/profile/"
site:connect.garmin.com inurl:"/modern/activity/"
intitle:"qBittorrent Web UI" inurl:8080
intext:"series Network Configuration" AND intext:"canon"
inurl:ctl/Login/Default.aspx
inurl:dnn.js
inurl:TOP/PRTINFO.HTML
intitle:"index of" scada
inurl:/clusters intitle:"kafka Manager"
inurl:7474/browser intitle:Neo4j
intitle:OmniDB intext:"user. pwd. Sign in."
intext:"Powered by 74cms v5.0.1"
inurl:wp-login.php?action=register
intext:[To Parent Directory] & ext:sql | ext:cnf | ext:config | ext:log
ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator"
inurl:/pages/default.aspx | inurl:/páginas/default.aspx
site:www.openbugbounty.org + intext:"Open Redirect" + intext:"Unpatched"
"Powered by ViewVC 1.0.3"
"/var/cache/registry/"
inurl:_vti_bin/sites.asmx?wsdl | intitle:_vti_bin/sites.asmx?wsdl
type:mil inurl:ftp ext:pdf | ps
site:com inurl:b2blogin ext:cfm | jsp | php | aspx
site:com inurl:jboss filetype:log -github.com
inurl:/signin.php?ret=
"This service is powered by a copy of ZendTo"
allintitle: "index of/admin"
intitle: "index of" "./" "./bitcoin"
intitle:"index of" ".cpanel/caches/config/"
intitle: "Index of" intext:log
Find 3cx Phone System Management Console
intitle:"Directory Listing For" "Filename" intext:Tomcat/5.0.28
site:azurewebsites.net inurl:.gov | .mil | .edu
intitle: "index of" "includes"
inurl:/uploads/wc-logs/
intitle:"index of" "db"
intitle:"iDRAC-login"
intitle:"Log In - Juniper Web Device Manager"
intitle:.:: Welcome to the Web-Based Configurator::.
"Powered by BOINC"
"Powered by Trac 1.0.2"
"online learning powered by bksb"
inurl:/php-errors.log filetype:log
inurl:/files/_log/ filetype:log
inurl:8000/portal/
inurl:/portal/apis/fileExplorer/
inurl:'/scopia/entry/index.jsp'
inurl:'/logon/logonServlet'
intitle:'Welcome to JBoss AS'
inurl:'/zabbix/index.php'
intitle:'Centreon - IT & Network Monitoring'
"/1000/system_information.asp"
inurl:typo3conf/l10n/
inurl:/files/contao
/adp/self/service/login
intext:reports filetype:cache
intitle:"NetcamSC IP Address"
inurl:/phpMyAdmin/setup/index.php?phpMyAdmin=
inurl:pipermail filetype:txt
intitle:"index of" ".dockerignore"
intitle:"index of" "/aws.s3/"
inurl:SSOLogin.jsp intext:"user"
intitle:settings.py intext:EMAIL_HOST_PASSWORD -git -stackoverflow
intitle:"index of" "/bitcoin/"
intitle:"index of" ".pem"
allinurl:asdm.jnlp
inurl:/snap.cgi?&-getpic
intitle:"Home-CUPS" intext:printers -mugs
"Last modified" intitle:"index of" "dropbox"
"description" & "size" intitle:"index of" "owncloud"
"sasl_passwd" | smtpd.conf intitle:"index of"
intitle:"index of" "/user" | "/users"
username | password inurl:resources/application.properties -github.com -gitlab
intitle:"index of" hosts.csv | firewalls.csv | linux.csv | windows.csv
intitle:"index of" users.csv | credentials.csv | accounts.csv
inurl:scanned & documents intitle:"index of" IT
intitle:"index of" inurl:documents backup
intitle:vendor | supply & login | portal intext:login | email & password
intext:pin | userid & password intitle:supplier | supply & login | portal
allinurl:"/SilverStream/Meta/"
inurl:/za/login.do
inurl:/adfs/services/trust
intitle:rms webportal
inurl:F5Networks-SSO-Req?
inurl:shared/login.jsp?/ BMC arsys
inurl:login.htm "xpress" password
inurl:login.htm "access" database
"Proudly created with Wix.com"
inurl:"/cgi-bin/WS_FTP.LOG"
inurl:"/cgi-bin/CVS/"
inurl:"/.Trash" intitle:"index of" ~
intitle:"index of" $Recycle.bin
intitle:"index of" "/Windows/Recent" | "/Windows/History/"
intitle:"index of" "WindowsCookies"
intitle:"index of" "Application Data/Microsoft/Credentials"
intitle:"index of" "hiberfil.sys"
allintitle:"Index of /Admin/Common" | allintext:"Parent Directory"
allinurl:"wp-content/plugins/wordpress-popup/views/admin/"
inurl:"/my-account-login" | allintext:"My Account"
allintitle:"Index of /ThinkPHP" | inurl: "/ThinkPHP/"
inurl:nagios/cgi-bin/status.cgi
inurl:/FxCodeShell.jsp/ "Login Form" "Blog Comments"
intext:"Portador do CPF"
inurl:"/sidekiq/busy"
intitle:"Device(" AND intext:"Network Camera" AND "language:" AND "Password"
intext:"Any time & Any where" AND "Customer Login"
intitle:"Screenly OSE" intext:"Schedule Overview" AND "Active Assets" AND "Inactive Assets"
inurl:"fhem.cfg" AND 'fhem.cfg' -github
intitle:"InfluxDB - Admin Interface" -github
intitle:"webcam 7" inurl:'/gallery.html'
intitle:"Login - Xfinity" AND "Gateway > Login"
intitle:QueryService Web Service
intitle:"index of /" ssh
"Please click here to download and install the latest plug-in. Close your browser before installation."
inurl:/pwm/public/
inurl:/login.zul
intitle:"FCKeditor - Uploaders Tests"
intitle:"FCKeditor - Connectors Tests"
inurl:/setup.cgi@next_file=
intitle:"Index of /" inurl:passport
intext:" - 2019 Cott Systems, Inc."
"I have been invoked by servletToJSP"
inurl:/sap/bc/bsp
inurl:/irj/portal
inurl:/scripts/wgate
inurl:infoviewapp
inurl:"/irj/go/km/docs/"
inurl:"/irj/go/km/" intext:navigation
inurl:"/webdynpro/resources/sap.com/"
filetype:cwr inurl:apstoken
inurl:apspassword
filetype:pub "ssh-rsa"
filetype:doc "Answer Key"
inurl:"ai1wm-backups"
"dispatch=debugger."
intitle:Test Page for the Nginx HTTP Server on Fedora
inurl:admin.php inurl:admin ext:php
intitle: "Nexus Repository Manager"
inurl:LOG.txt X-System folder
inurl:webman/index.cgi
"Example: jane.citizen1"
intext:"EQ1PCI"
intext:password "Login Info" filetype:txt
filetype:txt "Registration Code"
"login":
inurl:_cpanel/forgotpwd
inurl:/help/lang/en/help
inurl:public.php inurl:service ext:php
filetype:xml config.xml passwordHash Jenkins
intitle:ProFTPD Admin - V1.04
intitle:"VB Viewer"
index of /etc/certs/
intitle:"Index of /private/"
"inurl:"Umbraco/#/login" site:*edu"
"site:ghostbin.com " / " "
"site:hastebin.com " / " "
intitle:'index of' "error_log"
intitle:'index of' "access_log"
inurl:/certsrv/certrqus.asp
inurl:/config/authentication_page.htm
intext:"Type in Username and Password, then click Ok" intitle:"log in"
intitle:"index of /" intext:/backup
"syd_apply.cfm"
inurl:/wp-content/uploads/wp-backup-plus/
intitle:"index of /" authorized_keys
index of kcfinder/
index of /ckeditor
filetype:rdp default.rdp
filetype:txt "License Key"
intitle:"index of /" intext:/descargas/
intitle:"index of /" intext:/Download/
intext:"Powered by Abyss Web Server"
intitle:"index of" pagefile.sys
intitle:index of /.sql.gz intext:/backup/
inurl:/proc/tty/ index of
inurl:/sample/LvAppl/lvappl.htm
allinurl:control/multiview
allinurl:DialogHandler.aspx
intitle:"VertrigoServ" + "Welcome to VertrigoServ"
intitle:"Swagger UI - " + "Show/Hide"
inurl:/_vti_pvt/service.cnf | inurl:/_vti_inf.html | inurl:/_vti_bin/ | inurl:/_vti_bin/spsdisco.aspx
intitle: "Welcome to nginx!" + "Thank you for using nginx."
"vpnssl"
intext:jdbc:oracle filetype:java
intitle:" - Revision" + "subversion version"
Index of /.svn
inurl:"swagger-ui/index.html"
intitle:livezilla "Server Time"
intitle:"Sucuri WebSite Firewall - Access Denied"
intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS"
inurl:"/phpsqlitecms/cms/index.php"
intitle:"SQLiteManager" + intext:"Welcome to SQLiteManager version "
"This server is operated by OpenX."
intitle:"docker" intitle:"index of" config
inurl:wls-wsat intext:"weblogic.wsee.wstx.wsat"
intext:"Resource dumped by" intext:jcr -site:adobe.com
inurl:phpPgAdmin intext:"Cappuccino" | intext:"Blue/Green"
inurl:filebrowser.wcgp?subDir Communigate
ext:env intext:APP_ENV= | intext:APP_DEBUG= | intext:APP_KEY=
inurl:/Portal/Portal.mwsl?PriNav=FileBrowser
inurl:"/wp-json/" -wordpress
inurl:"/saml2?SAMLRequest="
inurl:home.tcl intitle:gaia
"[HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSessions]" ext:reg
inurl:"/uddiexplorer/searchpublicregistries.jsp"
inurl="/uddiexplorer/SetupUDDIExplorer.jsp"
intitle:login "recruiter" | "employer" | "candidate"
filetype:reg reg HKEY_CURRENT_USER intext:password
inurl:department intext:"hardware inventory" firewall router ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw )
intext:"authentication" intranet password login inurl:account ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw | xlsx | docx | mail)
inurl:login intext:"reset your password"
intext:"Powered by Nesta"
Coldbox | contentbox | commandbox "Powered by ContentBox"
intext:(username | user | email | sign on | login | auth) admin dashboard | panel -stackoverflow
inurl:login.do? | shoplogin.do | adminlogin
intext:"Powered by Typesetter"
intext:"Powered by (Quantum | Quantum CMS | CMS)
inurl:"Default+Administrator+View"
inur:"arsys/forms" | "arsys/shared" | "/arsys/home"
filetype:txt $9$ JunOS
filetype:txt line vty 0 4
"ProQuest provides subscription access to numerous premium technical journals, dissertations and other information databases."
intext:"paytm" intitle:"index of"
intitle:"Log in - WhatsUp Gold"
intitle:"OAuth Server Login"
inurl:"standalone.xml" intext:"password>"
intext:Modified files in JOE when it aborted on JOE was aborted because the terminal closed
intext:"please find attached" "login" | password ext:pdf
intitle:Login inurl:login.php intext:admin/admin
intext:"KRAB-DECRYPT.txt" intitle:"index of"
intext:pure-ftpd.conf intitle:index of
intext:my.cnf intitle:index of
configuration> + filetype:config -github.com
inurl:logs/gravityforms
inurl:robots.txt intext:Disallow: /web.config
/_wpeprivate/config.json
intext:"Powered by Sentora" -github.com
inurl:"build.xml" intext:"tomcat.manager.password"
/var/www/manage/storage/logs/laravel- ext:log
site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
inurl:/yum.log | intitle:yum.log + ext:log
intitle:"index of" intext:twr.html
intitle:"index of" intext:login.csv
inurl:/banking.jsp?fldsegment=
inurl:/INALogin.jsp
intext:ZAP Scanning Report Summary of Alerts ext:html
inurl:"trello.com" and intext:"username" and intext:"password"
inurl:/typo3/typo3conf
inurl:/_hcms/
intext:"define('DB_NAME'," ext:txt
intext:"class JConfig {" inurl:configuration.php
intitle:backup+index of
inurl:/wp-json/wp/v2/users/ "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
inurl:"wp-license.php?file=../..//wp-config"
intext:"M3R1C4 SHELL BACKDOOR"
intitle:"phpVirtualBox - VirtualBox Web Console"
intext:"PHP Version " ext:php intext:"disabled" intext:"Build Date" intext:"System" intext:"allow_url_fopen"
intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build"
"index of" "database.sql.zip"
inurl:/wp-content/ai1wm-backups + wpress
ext:ppk ssh key -github.com -gitlab
inurl:conf/tomcat-users.xml -github
"index of" "database_log"
inurl:/usersignin?
inurl:"/gitweb.cgi?"
inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail
"index of" /wp-content/uploads/shell.php
"battlefield" "email" site:pastebin.com
"File Manager - Current disk free"
"Index of" "database.sql"
inurl:wp-config.bak
inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell"
intext:"Thank you for using BIG-IP."
inurl:login.php.bak
intitle:"index of" ".travis.yml" | ".travis.xml"
intitle:"index of" "laravel.log" | "main.yaml" | "server.cfg"
"ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of"
intext:"rabbit_password" | "service_password" filetype:conf
"whoops! there was an error." "db_password"
swiftmailer intitle:"index of" "smtp.yml" | "smtp.xml"
intitle:"index of" "config.yml" | "config.xml" intext:login | auth
intitle:"index of" "config.yml" | "config.xml" intext:login | auth
intitle:"index of" ".gitignore"
intext:APIKey ext:js | xml | yml | txt | conf | py -github -stackoverflow intitle:"index of"
inurl:tests/mocks intext:autoloader
inurl:lighttpd.conf lighttpd site:github.com
-site:smarty.net ext:tpl intext:"
inurl:nginx.conf nginx site:github.com
intext:"successfully" intitle:"index of" config | log | logged -stackoverflow
ext:log intext:"connection" intitle:"index of" -stackoverflow
employee "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx
hardware | software "migration" intitle:index.of ext:xls | xlsx | doc | docx | pdf
"var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous
inurl:secure/dashboard jspa
inurl:travis.yml tornado site:github.com
intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github
inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com
inurl:"/tiny_mce/plugins/ajaxfilemanager/inc/data.php" | inurl:"/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php" -github
intitle:index.of id_rsa -id_rsa.pub
intext:"please change your" password |code | login file:pdf | doc | txt | docx -github
"air confirmation" "passenger(s)"
intitle:HTTP Server Test Page powered by CentOS
inurl:"debug/default/view?panel=config"
inurl:configuration.php and intext:"var $password="
inurl:/dbcp.properties + filetype:properties -github.com
inurl:"root?originalDomain"
inurl:"/jira/login.jsp" intitle:"JIRA login"
intitle:"manager area" password -stackoverflow.com
"Copyright Metislab" password
filetype:txt Administrator:500:
nd=m_fundraising_detail "login here"
inurl:login.jsp intitle:"admin"
inurl:/wp-includes/certificates/
filetype:xls | xlsx intext:software license site:.gov
filetype:xls | xlsx intext:cisco -cisco.com site:.gov
intext:vmware virtual site:.gov filetype:xls | xlsx | doc | pdf
(intitle:"plexpy - home" OR "intitle:tautulli - home") AND intext:"libraries"
intext:define('AUTH_KEY', ' wp-config.php filetype:txt
"Powered by 2Moons"
intitle:"UltraDNS Client Redirection Service"
"Powered byPlanet eStream"
intitle:"This is pdfTeX, Version"
inurl:wp-config-backup.txt
"webkactus"
"CCCLogin.aspx"
"PaperCut Login"
intext:cv OR intext:curriculum vitae "passport details" ext:doc -template
intitle:"MyWebSQL" + "User ID: Password:"
intitle:"SSL VPN Service" + intext:"Your system administrator provided the following information to help understand and remedy the security conditions:"
intitle:"apache tomcat/" "Apache Tomcat examples"
filetype:png | "proportal"
frmLogin
"2004 - 2018 iboss, Inc. All rights reserved."
intitle:Wagtail.-.Sign in intext:Javascript.is.required.to.use.Wagtail
inurl:'/SSI/Auth/ip_configuration.htm'
intitle:"Malware Analysis Report"
intext:"Powered by www.yawcam.com"
allintitle:restricted filetype:doc site:gov
intext:"default values: admin/1234"
"password.xlsx" ext:xlsx
"username.xlsx" ext:xlsx
intitle:"index of /bins" arm
inurl:/admin intitle:Pulse.CMS -pulsecms.com
intext:Omeka*Username Powered.by.Omeka inurl:admin -github -omeka.org
filetype:gitattributes intext:CHANGELOG.md -site:github.com
inurl:/sitefinity intext:Copyright.(c)*Telerik. Site.Finity
"index of /ups.com/WebTracking"
filetype:env intext:REDIS_PASSWORD
filetype:env intext:AWS_SECRET
filetype:env intext:mail_host + intext:bluehost
intitle:'System Web Interface: WATTrouter M'
inurl:"/logon.aspx?ReturnUrl="
inurl:login.jsp?permissionViolation
intext:Connect.with.Finalsite intitle:admin -facebook
inurl:/contao/main ext:php -community -github
inurl:/CMSPages/logon ext:aspx
inurl:/index.php/login intext:Concrete.CMS
"Powered by Open Source Chat Platform Rocket.Chat."
inurl:'listprojects.spr'
inurl:'/blog/Account/login.aspx'
inurl:composer.json codeigniter -site:github.com
allintext:'HttpFileServer 2.3k'
intext:2001.-.2018.umbraco.org ext:aspx
AndroidManifest ext:xml -github -gitlab -googlesource
allintitle: "Flexi Press System"
intitle:"Netgear™ - NETGEAR Configuration Manager Login"
inurl:jpegpull.htm
inurl:"user_login/" bitcoin | crypto | wallet
inurl:"RootFolder=" Allitems "confidential" | "classified" | "passwords" | username
inurl:"AllItems.aspx?FolderCTID=" "firewall" | "proxy" | "configuration" | "account"
inurl:"q=user/password"
site:showmyhomework.co.uk/school/homeworks/ "password"
inurl:/munin/localdomain/localhost.localdomain/open_files.html
inurl:"?db_backup" | inurl:"dbbackup" -site:github.com "sql.gz" | "sql.tgz" | "sql.tar" | "sql.7z"
inurl:"paypal" intitle:"index of" backup | db | access -github
intitle:"index.of" inurl:"cvs" login | passwd | password | access | pass -github -pub
intitle:login laboratory | "nuclear" | physics "password" authentication
inurl:revslider inurl:'/revslider+port'
inurl:fisheye AND inurl:changelog -site:atlassian.com -site:github.com -intext:"Log in to FishEye"
inurl:"/wp-content/uploads/db-backup"
"Powered by Apache Subversion version"
intext:"this login can be used only once" inurl:user intitle:"reset password"
intitle:"Login" inurl:"/itim/self" | inurl:"/itim/ui" -ibm.com
filetype:doc inurl:"gov" intext:"default password is"
site:trello.com intext:mysql AND intext:password -site:developers.trello.com -site:help.trello.com
intitle:"Powered by Qualys SSL Labs"
intext:"PuTTY log" ext:log "password" -supportforums -github
intitle:"apache tomcat/" + "Find additional important configuration information in:"
intitle:"Index of" intext:"Login Data"
inurl:"/App.Config" + ext:config + "password=" -github -git
intitle:"Statistics Report for HAProxy" + "statistics report for pid"
"RDServer Product information" | inurl:"/rdagent.jsp"
ext:txt {"wallet_address" :", "pool_address" : " ", "pool_password" -git
intitle:"Apache2 Debian Default Page: It works"
intitle:Upload inurl:/cgi-bin/filechucker.cgi
inurl:..//drivers/etc/ intitle:index of
intitle:Munin :: overview
index of /node_modules/ -github -stackoverflow
inurl:"mjpg/video.cgi?resolution="
inurl:"/bigdump.php" + intitle:"BigDump ver."
inurl:?wp-commentsrss2.php -git
inurl:"servlet/ViewFormServlet?" "pwd"
intitle:"BMC Remedy Mid Tier" "login"
inurl:/.well-known/security.txt
inurl:/mailscanner/login.php
inurl:/daten/webyep-log.txt
inurl:rvsindex.php & /rvsindex.php?/user/login
intitle:"Open Source HRMS" intext:"powered by"
inurl:default.aspx?ReturnUrl=/spssmr -stackoverflow -youtube.com -github
inurl:"/SAMLLogin/" -github
inurl:"/user/register" "Powered by Drupal" -CAPTCHA -"Access denied"
intext:build:SVNTag= JBoss intitle:Administration Console inurl:web-console
Codeigniter filetype:sql intext:password | pwd intext:username | uname intext: Insert into users values
"login" "adp login" -adplogin.us -adplogin.org -adplogin.net
intitle:"index.of" | inurl:/filemanager/connectors/ intext:uploadtest.html
intitle:index.of inurl:/websendmail/
:DIR | intitle:index of inurl://whatsapp/
inurl:report.cgi?dashboard=
intitle:"index.of" "places.sqlite" "key3.db" -mozilla.org
intitle:"index.of" "places.sqlite" "Mail" thunderbird -mozilla.org -scan
inurl:"/Admin/Login?ReturnUrl=" -github.com -gitlab.com
filetype:config "" "password" "web.config" -stackoverflow -youtube.com -github
"login" inurl:"account/auth" -github -gitlab -stackoverflow
ext:ini Robust.ini filetype:ini "password"
ext:adr adr filetype:adr "bookmarks.adr"
inurl:":2083/login/?user="
intitle:index.of home/000~root~000/
intitle:"Index.Of.Applications (Parallels)" -stackoverflow -quora
inurl:"config.xml" "password" ext:xml -stackoverflow.com -github.com
inurl:"/forgotpwd.jspx"
inurl:"ssologin/" -github.com
inurl:"cmd=auth?" -github -stackoverflow -gitlab
inurl:"/initiatesso?providerid=" -github.com
"Oracle peoplesoft sign in" inurl:"cmd=login?" -github -stackoverflow -gitlab
inurl:"/Setup/Default.aspx" "mojoPortal"
inurl:"/startSSO.ping?" -stackoverflow.com
intitle:"Index Of" intext:".Trash"
inurl:"databases.yml" ext:yml password -github
intitle:"index.of.virtualbox" -mirror -mirrors -public -ubuntu.com -edu -pub
intext:"Powered by Nibbleblog"
inurl:/host.txt + filetype:txt + "password"
intitle:"Installing TYPO3 CMS"
intitle:"Index Of" intext:".vscode"
intext:"https://chat.whatsapp.com/invite/" intitle:"Your Search For Company/Subject/Whatever"
"Declassified and Approved for Release by" filetype: pdf
"login" intitle:"scada login"
intitle:"index of /" inanchor:.kdbx
intitle:"miniProxy"
site:pastebin.com "rcon_password"
intitle:"Index of /logs/" "lighttpd"
filetype:env intext:"APP_ENV"
filetype:log inurl:"log" "[SERVER_SOFTWARE]"
CakePHP inurl:database.php intext:db_password
ext:php + inurl:"ajaxfilemanager.php" + intext:"Current Folder Path"
CakePHP filetype:sql intext:password | pwd intext:username | uname intext: Insert into users values
intitle:"Deluge: Web UI 1.3"
intitle:"Deluge: Web UI" inurl:":8112"
intext:database inurl:"laravel.log" ext:log
intitle:"private login" username -github
dwsync.xml intitle:index of -gitlab -github
allinurl:mc4wp-debug.log ext:log
config.yaml intitle:"index of" vagrantfile
inurl:intranet/login login
intitle:"partners login"
inurl:"login.php?referer=profile.php"
intitle:"login credit" "login"
intitle:"login form" "powered by" -tutorial
"department" | "agency" | "government" "intitle:"login form" -youtube -template
"service" | "military" | "federal" "intitle:"login form" -youtube -template -stackoverflow
"login" "secure" "intitle:"online banking" -youtube -template -stackoverflow -stackexchange
intitle:"login" | intitle:"sign in" "member" "private" "admin" "club" -stackoverflow -github -youtube
intitle:"login" | intitle:"hospital" "patient" "clinic" "admin" "medical" "login" -stackoverflow -github -youtube
intext:"[***] Results from" + ext:txt + "snort-"
intitle:CV+index of
intitle:"Please login" "username" "password"
"username" "password" intitle:"login here"
inurl:"form_id" login username password
intitle:access your account" login
intitle:your access id is" login -youtube
intitle:Control Panel "Login with your username and password below." +"Email" +"Powered by"
inurl:"apps/backend/config/"
intext:password inurl:"/log/production" ext:log
intitle:"index of" inurl:"paypal" log
":: Arachni Web Application Security Report"
intitle:"Control Panel" + emailmarketer
intitle:"Axis Happiness Page" "Examining webapp configuration"
intitle:"index of" intext:"pip-selfcheck.json"
inurl:/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 | inurl:/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
intitle:"Proberv0." | inurl:/proberv.php
"var miner = new CoinHive" intext:document.domain
intitle:Login to CMS Made Simple + inurl:/cmsms
intitle:"index of" docker-compose.yml
intitle:"index of" .env
inurl:"/forms/frmservlet?config=" login
intitle:tm4web login | logon | account | member | password
filetype:sql intext:password | pass | passwd intext:username intext:INSERT INTO `users` VALUES
inurl:/gravity_forms/logs ext:txt
intext:"Dr.Web (R) Anti-virus. Virus base add-on" + ext:txt
intitle:"Yawcam" inurl:8081
ext:pem "PRIVATE KEY" -site:facebook.com -example -test*
inurl:control/camerainfo
"IBM Security AppScan Report" ext:pdf
inurl:"/etc/fail2ban/" + ext:conf
intext:"Powered by ViewVC" | intitle:"ViewVC Repository Listing"
inurl:cloud_main.asp
inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:"
"database_password" filetype:yml "config/parameters.yml
inurl::5601/app/kibana
inurl:"index.php?option=com_joomanager"
"MAIL_PASSWORD" filetype:env
"database_password" filetype:yml "config/parameters.yml"
intitle:"netsparker scan report" ext:pdf
inurl:/fantastico_fileslist.txt + ext:txt
inurl:public "Powered by SecureW2"
inurl:/openwebmail/cgi-bin/openwebmail/etc/
allinurl:awstats.pl?config=
inurl:/install/stringnames.txt
intitle:"Burp Scanner Report" | "Report generated by Burp Scanner"
inurl:"plesk-stat"
inurl:"/xmlrpc.php?rsd" & ext:php
intitle: "Generated by Acunetix WVS Reporter"
inurl:/frontend/paper_lantern/index.html
allintitle:"Forum Post Assistant :" ext:php -site:joomla.org
"[LocalizedFileNames]" inurl:"desktop.ini" ext:ini -git -wiki
"[Tera Term]" inurl:"teraterm.ini" ext:ini -git
"ADS-B Receiver Live Dump1090 Map "
inurl:/add_vhost.php?lang=
inurl:"main.php?action=db"
inurl:module=coreHome
intitle:index.of intext:zc_install intitle:zen-cart
inurl:"/cgi-bin/filemanager/Manager.pl"
"Application Blocked!" "Google bot"
"Email delivery powered by Google" ext:pdf OR ext:txt
inurl:/login/index.php intitle:CentOS
intitle:"PHP Web Stat - Sysinfo" intext:php inurl:stat/sysinfo.php
"SiteBar Bookmark Manager" inurl:index.php?w=
inurl:"/jde/E1Menu.maf"
intitle:"Solr Admin" "Solr Query Syntax"
intitle:"Index Of" intext:sftp-config.json
inurl:"test/php/test.html" Plesk File
intitle:Armstrong Hot Water System Monitoring
inurl:embed.html inurl:dvr
inurl:"/libs/granite/core/content/login.html"
intitle:"Chorus 2 - Kodi web interface"
intitle:Kodi inurl:":8080" "Music. Music;"
intitle:"rutorrent v3" AND intext:Uploaded -github.com
ext:config + " password=" + "
intitle:"WAGO Ethernet web-based-management"
ext:jsp intext:"jspspy" intitle:"Jspspy web~shell V1.0"
intitle:"Nport web console"
inurl:"mgl-instagram-gallery/single-gallery.php?media"
"password" + ext:conf "Modem Type = USB Modem"
"lv_poweredBy"

  • google/dorks.txt
  • Dernière modification : 2022/11/08 16:43
  • de 127.0.0.1