Google Dork

Google Dork and exploit Database
No Dork Kategori Deskripsi
4501 inurl:"/jira/login.jsp" intitle:"JIRA login" Pages Containing Login Portals inurl:"/jira/login.jsp" intitle:"JIRA login" Jira login pages ManhNho
4502 inurl:"root?originalDomain" Files Containing Juicy Info Dorks giving up domains and hosts information Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4503 inurl:/dbcp.properties + filetype:properties -github.com Files Containing Passwords inurl:/dbcp.properties + filetype:properties -github.com file containing password ManhNho
4504 inurl:configuration.php and intext:"var $password=" Files Containing Passwords Dork: *inurl:configuration.php and intext:"var $password=" * A Google dork that gives the information about target database. Containing username and password in plain text. Dork discovered by: Sachin Wagh (@tiger_tigerboy)
4505 inurl:"debug/default/view?panel=config" Files Containing Juicy Info inurl:"debug/default/view?panel=config" This dork will open the debug page of Yii framework. Which discloses all the requests to Yii framework, in some cases POST request contains clear text username/password, it also discloses server Phpinfo details and database queries. Thanks Aamir Rehman
4506 intitle:HTTP Server Test Page powered by CentOS Web Server Detection intitle:HTTP Server Test Page powered by CentOS CentOS detected ManhNho
4507 "air confirmation" "passenger(s)" Files Containing Juicy Info Dork with very juicy information. Rootkit Pentester.
4508 intext:"please change your" password |code | login file:pdf | doc | txt | docx -github Files Containing Passwords Passwords Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4509 inurl:"/tiny_mce/plugins/ajaxfilemanager/inc/data.php" | inurl:"/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php" -github Footholds finds tiny_mce vulnerable targets -- *Regards* *Ebaduddin Ahmad*
4510 intitle:index.of id_rsa -id_rsa.pub Sensitive Directories A simple dork to find SSH private keys indexed by google! Where many of the keys work Have Responsibly fun! __________________________________ Securitybits.io
4511 intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github Files Containing Passwords Some spreadsheet containing passwords Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4512 inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com Files Containing Juicy Info inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com p3p.xml files ManhNho
4513 "var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous Files Containing Juicy Info This is a dork for search sites running Crypto loot miner Dork : "var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous SMII Mondher
4514 inurl:secure/dashboard jspa Pages Containing Login Portals Access to JIRA dashboards login portals and sometimes direct access to projects dashboard itself. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4515 inurl:travis.yml tornado site:github.com Files Containing Juicy Info This can be used to identify the code hosted by different companies that use Tornado Web Server. Thanks, Mufeed VH
4516 inurl:nginx.conf nginx site:github.com Files Containing Juicy Info This dork can be used to detect codes hosted by different companies that uses NGINX Web Server. Mufeed VH
4517 intext:"successfully" intitle:"index of" config | log | logged -stackoverflow Files Containing Juicy Info Some juicy information. This can contain successful events of the system like: DB changes, users actions, file & folder creation, account loggins, etc... Also very usefull to see what kind of application the system is running. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4518 ext:log intext:"connection" intitle:"index of" -stackoverflow Files Containing Juicy Info Juicy information mainly found in log files ( WSFTP.LOG, access.log, machttp.log, password.log) Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4519 employee "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx Files Containing Juicy Info This will give you a good insight of the targets BOS(Business Operation Software) and sometimes their supply chain. also try: newcomer "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx hr | admin "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx 1st level support "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx suppervisor "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx engineer "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx You can also replace "training" with "exercise" or "education" Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4520 hardware | software "migration" intitle:index.of ext:xls | xlsx | doc | docx | pdf Files Containing Juicy Info Information regarding company's IT migration process usefull to find out why, how and what is the target changing/migrating. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4521 inurl:lighttpd.conf lighttpd site:github.com Files Containing Juicy Info This dork can be used to detect codes hosted by different companies that uses lighttpd Web Server. Anwar Ayoob
4522 -site:smarty.net ext:tpl intext:" Files Containing Juicy Info -site:smarty.net ext:tpl intext:"
4523 swiftmailer intitle:"index of" "smtp.yml" | "smtp.xml" Files Containing Juicy Info This dork might give passwords and server directoies with juicy info. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4524 intitle:"index of" "config.yml" | "config.xml" intext:login | auth Files Containing Juicy Info Dorks containing login credentials and more. You can also try. intitle:"index of" "config.yml" | "config.xml" intext:user | auth | pass intitle:"index of" "config.yml" | "config.xml" intext:passwd | auth | password Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4525 intitle:"index of" "config.yml" | "config.xml" intext:login | auth Files Containing Juicy Info Dorks containing login credentials and more. You can also try. intitle:"index of" "config.yml" | "config.xml" intext:user | auth | pass intitle:"index of" "config.yml" | "config.xml" intext:passwd | auth | password Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4526 intitle:"index of" ".gitignore" Files Containing Juicy Info Here contains information related to what the target uses as IDE, and many other software related to development. Great for footprinting Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4527 intext:APIKey ext:js | xml | yml | txt | conf | py -github -stackoverflow intitle:"index of" Files Containing Juicy Info Dork containing some API Keys from several web applications. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4528 inurl:tests/mocks intext:autoloader Web Server Detection *inurl:tests/mocks intext:autoloader* This will help us identify websites made with codeigniter. Thank you Athira M
4529 intitle:"index of" ".travis.yml" | ".travis.xml" Files Containing Juicy Info Juicy info Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4530 intitle:"index of" "laravel.log" | "main.yaml" | "server.cfg" Files Containing Juicy Info Juicy info which sometimes gives you good DB queries or login information Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4531 "ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of" Network or Vulnerability Data Target's system configuration, networks, etc... Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4532 intext:"rabbit_password" | "service_password" filetype:conf Files Containing Passwords Passwords in openstack setups. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4533 "whoops! there was an error." "db_password" Files Containing Passwords Dork with lots of passwords!. Dork discover by Rootkit Pentester.
4534 intext:"Thank you for using BIG-IP." Pages Containing Login Portals BIG-IP F5 devices footprinting, it gives you login portals and errorcodes for F5 Also try: inurl:my.logout.php3? inurl:"/my.policy" big-ip Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4535 inurl:login.php.bak Files Containing Juicy Info inurl:login.php.bak This Google Dork discovers badly configured servers exposing useful and sensitive information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4536 inurl:wp-config.bak Files Containing Passwords inurl:wp-config.bak This Google Dork discovers badly configured servers exposing sensitive Wordpress setup information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4537 inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell" Footholds inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell" This Google Dork discovers servers infected with the "Mister Spy" web shell. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4538 "battlefield" "email" site:pastebin.com Files Containing Passwords Hacked EA/Origin passwords
4539 "File Manager - Current disk free" Footholds # Google Dork: "File Manager - Current disk free" # Date: 18/8/2018 # Exploit Author: srikwit Google Dork to locate PhpSpy web shells
4540 "Index of" "database.sql" Sensitive Directories - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4541 inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail Files Containing Juicy Info # Google Dork: inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail # Date: 13.08.2018 # Exploit Author: NSIDE Attack Logic GmbH # Vendor Homepage: https://elmah.github.io/ #Description: This dorks can be used to identify public ELMAH (Error Logging Modules and Handlers) instances that provide sensitive Information, from the application path to the session token of an authenticated user.
4542 "index of" /wp-content/uploads/shell.php Footholds "index of" /wp-content/uploads/shell.php This Google Dork discovers servers running Wordpress that are infected with web shells. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4543 "index of" "database_log" Sensitive Directories "index of" "database_log" This Google Dork discovers servers exposing sensitive SQL log data. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
4544 inurl:/usersignin? Pages Containing Login Portals Login portals Bruno Schmid https://ch.linkedin.com/in/schmidbruno
4545 inurl:"/gitweb.cgi?" Various Online Devices Google dork *description: * A web-enabled interface to the open source distributed version control system Git *Google Search: *inurl:"/gitweb.cgi?" Submitted by: Alfie Website: (https://the-infosec.com)
4546 inurl:conf/tomcat-users.xml -github Files Containing Juicy Info inurl:conf/tomcat-users.xml -github Find some login information of apache tomcat

A PHP Error was encountered

Severity: Core Warning

Message: Module 'sqlite3' already loaded

Filename: Unknown

Line Number: 0

Backtrace: