| No | Dork | Kategori | Deskripsi | ||
|---|---|---|---|---|---|
| 4501 | inurl:"/jira/login.jsp" intitle:"JIRA login" | Pages Containing Login Portals | inurl:"/jira/login.jsp" intitle:"JIRA login" Jira login pages ManhNho | ||
| 4502 | inurl:"root?originalDomain" | Files Containing Juicy Info | Dorks giving up domains and hosts information Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4503 | inurl:/dbcp.properties + filetype:properties -github.com | Files Containing Passwords | inurl:/dbcp.properties + filetype:properties -github.com file containing password ManhNho | ||
| 4504 | inurl:configuration.php and intext:"var $password=" | Files Containing Passwords | Dork: *inurl:configuration.php and intext:"var $password=" * A Google dork that gives the information about target database. Containing username and password in plain text. Dork discovered by: Sachin Wagh (@tiger_tigerboy) | ||
| 4505 | inurl:"debug/default/view?panel=config" | Files Containing Juicy Info | inurl:"debug/default/view?panel=config" This dork will open the debug page of Yii framework. Which discloses all the requests to Yii framework, in some cases POST request contains clear text username/password, it also discloses server Phpinfo details and database queries. Thanks Aamir Rehman | ||
| 4506 | intitle:HTTP Server Test Page powered by CentOS | Web Server Detection | intitle:HTTP Server Test Page powered by CentOS CentOS detected ManhNho | ||
| 4507 | "air confirmation" "passenger(s)" | Files Containing Juicy Info | Dork with very juicy information. Rootkit Pentester. | ||
| 4508 | intext:"please change your" password |code | login file:pdf | doc | txt | docx -github | Files Containing Passwords | Passwords Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4509 | inurl:"/tiny_mce/plugins/ajaxfilemanager/inc/data.php" | inurl:"/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php" -github | Footholds | finds tiny_mce vulnerable targets -- *Regards* *Ebaduddin Ahmad* | ||
| 4510 | intitle:index.of id_rsa -id_rsa.pub | Sensitive Directories | A simple dork to find SSH private keys indexed by google! Where many of the keys work Have Responsibly fun! __________________________________ Securitybits.io | ||
| 4511 | intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github | Files Containing Passwords | Some spreadsheet containing passwords Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4512 | inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com | Files Containing Juicy Info | inurl:"/p3p.xml" | intitle: "p3p.xml" -github.com p3p.xml files ManhNho | ||
| 4513 | "var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous | Files Containing Juicy Info | This is a dork for search sites running Crypto loot miner Dork : "var miner=new CryptoLoot.Anonymous" intext:CryptoLoot.Anonymous SMII Mondher | ||
| 4514 | inurl:secure/dashboard jspa | Pages Containing Login Portals | Access to JIRA dashboards login portals and sometimes direct access to projects dashboard itself. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4515 | inurl:travis.yml tornado site:github.com | Files Containing Juicy Info | This can be used to identify the code hosted by different companies that use Tornado Web Server. Thanks, Mufeed VH | ||
| 4516 | inurl:nginx.conf nginx site:github.com | Files Containing Juicy Info | This dork can be used to detect codes hosted by different companies that uses NGINX Web Server. Mufeed VH | ||
| 4517 | intext:"successfully" intitle:"index of" config | log | logged -stackoverflow | Files Containing Juicy Info | Some juicy information. This can contain successful events of the system like: DB changes, users actions, file & folder creation, account loggins, etc... Also very usefull to see what kind of application the system is running. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4518 | ext:log intext:"connection" intitle:"index of" -stackoverflow | Files Containing Juicy Info | Juicy information mainly found in log files ( WSFTP.LOG, access.log, machttp.log, password.log) Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4519 | employee "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx | Files Containing Juicy Info | This will give you a good insight of the targets BOS(Business Operation Software) and sometimes their supply chain. also try: newcomer "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx hr | admin "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx 1st level support "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx suppervisor "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx engineer "training" intitle:index.of ext:doc | pdf | xls |docx |xlsx You can also replace "training" with "exercise" or "education" Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4520 | hardware | software "migration" intitle:index.of ext:xls | xlsx | doc | docx | pdf | Files Containing Juicy Info | Information regarding company's IT migration process usefull to find out why, how and what is the target changing/migrating. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4521 | inurl:lighttpd.conf lighttpd site:github.com | Files Containing Juicy Info | This dork can be used to detect codes hosted by different companies that uses lighttpd Web Server. Anwar Ayoob | ||
| 4522 | -site:smarty.net ext:tpl intext:" | Files Containing Juicy Info | -site:smarty.net ext:tpl intext:" | ||
| 4523 | swiftmailer intitle:"index of" "smtp.yml" | "smtp.xml" | Files Containing Juicy Info | This dork might give passwords and server directoies with juicy info. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4524 | intitle:"index of" "config.yml" | "config.xml" intext:login | auth | Files Containing Juicy Info | Dorks containing login credentials and more. You can also try. intitle:"index of" "config.yml" | "config.xml" intext:user | auth | pass intitle:"index of" "config.yml" | "config.xml" intext:passwd | auth | password Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4525 | intitle:"index of" "config.yml" | "config.xml" intext:login | auth | Files Containing Juicy Info | Dorks containing login credentials and more. You can also try. intitle:"index of" "config.yml" | "config.xml" intext:user | auth | pass intitle:"index of" "config.yml" | "config.xml" intext:passwd | auth | password Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4526 | intitle:"index of" ".gitignore" | Files Containing Juicy Info | Here contains information related to what the target uses as IDE, and many other software related to development. Great for footprinting Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4527 | intext:APIKey ext:js | xml | yml | txt | conf | py -github -stackoverflow intitle:"index of" | Files Containing Juicy Info | Dork containing some API Keys from several web applications. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4528 | inurl:tests/mocks intext:autoloader | Web Server Detection | *inurl:tests/mocks intext:autoloader* This will help us identify websites made with codeigniter. Thank you Athira M | ||
| 4529 | intitle:"index of" ".travis.yml" | ".travis.xml" | Files Containing Juicy Info | Juicy info Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4530 | intitle:"index of" "laravel.log" | "main.yaml" | "server.cfg" | Files Containing Juicy Info | Juicy info which sometimes gives you good DB queries or login information Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4531 | "ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of" | Network or Vulnerability Data | Target's system configuration, networks, etc... Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4532 | intext:"rabbit_password" | "service_password" filetype:conf | Files Containing Passwords | Passwords in openstack setups. Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4533 | "whoops! there was an error." "db_password" | Files Containing Passwords | Dork with lots of passwords!. Dork discover by Rootkit Pentester. | ||
| 4534 | intext:"Thank you for using BIG-IP." | Pages Containing Login Portals | BIG-IP F5 devices footprinting, it gives you login portals and errorcodes for F5 Also try: inurl:my.logout.php3? inurl:"/my.policy" big-ip Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4535 | inurl:login.php.bak | Files Containing Juicy Info | inurl:login.php.bak This Google Dork discovers badly configured servers exposing useful and sensitive information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4536 | inurl:wp-config.bak | Files Containing Passwords | inurl:wp-config.bak This Google Dork discovers badly configured servers exposing sensitive Wordpress setup information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4537 | inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell" | Footholds | inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell" This Google Dork discovers servers infected with the "Mister Spy" web shell. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4538 | "battlefield" "email" site:pastebin.com | Files Containing Passwords | Hacked EA/Origin passwords | ||
| 4539 | "File Manager - Current disk free" | Footholds | # Google Dork: "File Manager - Current disk free" # Date: 18/8/2018 # Exploit Author: srikwit Google Dork to locate PhpSpy web shells | ||
| 4540 | "Index of" "database.sql" | Sensitive Directories | - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4541 | inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail | Files Containing Juicy Info | # Google Dork: inurl:elmah.axd intext:"Powered by ELMAH" -inurl:detail # Date: 13.08.2018 # Exploit Author: NSIDE Attack Logic GmbH # Vendor Homepage: https://elmah.github.io/ #Description: This dorks can be used to identify public ELMAH (Error Logging Modules and Handlers) instances that provide sensitive Information, from the application path to the session token of an authenticated user. | ||
| 4542 | "index of" /wp-content/uploads/shell.php | Footholds | "index of" /wp-content/uploads/shell.php This Google Dork discovers servers running Wordpress that are infected with web shells. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4543 | "index of" "database_log" | Sensitive Directories | "index of" "database_log" This Google Dork discovers servers exposing sensitive SQL log data. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609) | ||
| 4544 | inurl:/usersignin? | Pages Containing Login Portals | Login portals Bruno Schmid https://ch.linkedin.com/in/schmidbruno | ||
| 4545 | inurl:"/gitweb.cgi?" | Various Online Devices | Google dork *description: * A web-enabled interface to the open source distributed version control system Git *Google Search: *inurl:"/gitweb.cgi?" Submitted by: Alfie Website: (https://the-infosec.com) | ||
| 4546 | inurl:conf/tomcat-users.xml -github | Files Containing Juicy Info | inurl:conf/tomcat-users.xml -github Find some login information of apache tomcat | ||