Google Dork - Dorking Code

Bunch Collection of Google Dork You Might Know
No Dork
51 inurl:"/uddiexplorer/searchpublicregistries.jsp"
Category: Page containing log in portal & Web Server Detection Description: This dork allows user to access default page of Oracle Weblogic Server - UDDI Explorer. Some of scanner tools would detect SSRF vulnerability for weblogic uddi explorer. Moreover, there is a flaw regarding the weblogic server version which vulnerables to XSS. Reference: https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html Author: Zulfikar Azhari
Category: Advisories and Vulnerabilities
52 inurl="/uddiexplorer/SetupUDDIExplorer.jsp"
Category: Page containing log in portal & Web Server Detection Description: This dork allows user to access default page of Oracle Weblogic Server - UDDI Explorer. Some of scanner tools would detect SSRF vulnerability for weblogic uddi explorer. Moreover, there is a flaw regarding the weblogic server version which vulnerables to XSS. Reference: https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html Author: Zulfikar Azhari
Category: Advisories and Vulnerabilities
53 intitle:login "recruiter" | "employer" | "candidate"
Recruitment and employers login portals. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
54 filetype:reg reg HKEY_CURRENT_USER intext:password
Get passwords from registry. You can also use filetype:reg reg HKEY_CURRENT_USER This would be a good way to find out details about the target software in the target machine. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Files Containing Passwords
55 inurl:department intext:"hardware inventory" firewall router ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw )
Hardware information, mainly firewall and routers. Change the words to fit your needs. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Network or Vulnerability Data
56 intext:"authentication" intranet password login inurl:account ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw | xlsx | docx | mail)
A mix of login portals and passwords Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
57 inurl:login intext:"reset your password"
Information on how login portals reset their users/customers passwords and so on. Bruno Schmid https://ch.linkedin.com/in/schm
Category: Pages Containing Login Portals
58 intext:"Powered by Nesta"
Nesta, a Ruby CMS Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Web Server Detection
59 Coldbox | contentbox | commandbox "Powered by ContentBox"
ContentBox content management tools and CMS. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Web Server Detection
60 intext:(username | user | email | sign on | login | auth) admin dashboard | panel -stackoverflow
A lot of login portals. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
61 inurl:login.do? | shoplogin.do | adminlogin
More login portals... Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
62 intext:"Powered by Typesetter"
Typesetter CMS dorks Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Web Server Detection
63 intext:"Powered by (Quantum | Quantum CMS | CMS)
Sites using Quantum CMS builder Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Web Server Detection
64 inurl:"Default+Administrator+View"
Some login portals, somtimes obsolete Verizon Java based applications Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
65 inur:"arsys/forms" | "arsys/shared" | "/arsys/home"
BMC remedy AR System Server portals Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Pages Containing Login Portals
66 filetype:txt $9$ JunOS
filetype:txt $9$ JunOS Discover Juniper Junos OS Hashes Discovered By: Kevin Randall
Category: Files Containing Passwords
67 filetype:txt line vty 0 4
filetype:txt line vty 0 4 Discover Cisco Running Configuration Discovered By: Kevin Randall
Category: Files Containing Juicy Info
68 "ProQuest provides subscription access to numerous premium technical journals, dissertations and other information databases."
Find login portals on websites using ProQuest. ~ CrimsonTorso
Category: Pages Containing Login Portals
69 intext:"paytm" intitle:"index of"
Discovers PayTm config files and open directories of Sites. PayTm Sensitive Directories Expose on Sites Google Dork :- intext:”paytm” intitle:”index of” Date:- 15th Oct, 2018 Exploit Author:- Harsh Mukeshbhai Joshi
Category: Sensitive Directories
70 intitle:"Log in - WhatsUp Gold"
Description: This google dork can expose the landing log in page for WhatsUp Gold network monitoring tool. Here's the published CVE link for WhatsUp Gold: https://www.cvedetails.com/vulnerability-list/vendor_id-193/product_id-3865/Ipswitch-Whatsup-Gold.html Author: Zulfikar Azhari
Category: Pages Containing Login Portals
71 intitle:"OAuth Server Login"
intitle:"OAuth Server Login" Login page ManhNho
Category: Pages Containing Login Portals
72 inurl:"standalone.xml" intext:"password>"
Google Dork: Files Containing Passwords inurl:"standalone.xml" intext:"password>" Author: Xin Min This dork allows you to search for password of wildfly or jboss configuration.
Category: Files Containing Passwords
73 intext:Modified files in JOE when it aborted on JOE was aborted because the terminal closed
intext:Modified files in JOE when it aborted on JOE was aborted because the terminal closed This Google Dork discovers servers exposing possible useful information hidden in DEADJOE files. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Files Containing Juicy Info
74 intext:"please find attached" "login" | password ext:pdf
Passwords and information on target's employees/customers. awesome for spear phishing. Replace pdf extension with any other document extension like doc, docx, txt... Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Files Containing Juicy Info
75 intitle:Login inurl:login.php intext:admin/admin
intitle:Login inurl:login.php intext:admin/admin This Google Dork discovers login portals with weak default passwords. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Pages Containing Login Portals
76 intext:"KRAB-DECRYPT.txt" intitle:"index of"
This a a dork for search sites affected with GrandCrab ransowmare : [+] Dork : intext:"KRAB-DECRYPT.txt" intitle:"index of" [+] Linkedin : https://www.linkedin.com/in/mondher-smii/ [+] Author : SMII Mondher [+] Email : smii.mondher@gmail.com
Category: Sensitive Directories
77 intext:pure-ftpd.conf intitle:index of
intext:pure-ftpd.conf intitle:index of This Google Dork discovers servers exposing pure-ftpd configuration files. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Sensitive Directories
78 intext:my.cnf intitle:index of
intext:my.cnf intitle:index of This Google Dork discovers servers exposing mysql configuration files. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Sensitive Directories
79 configuration> + filetype:config -github.com
web.config file ManhNho
Category: Files Containing Juicy Info
80 inurl:logs/gravityforms
# Exploit Title: WordPress GravityForms Information Leak # Google Dork: inurl:logs/gravityforms # Description: Websites using gravity forms have debug logs that are publicly available. Note that some include information that has some information from paypal: addresses, cookies, email addresses, ip addresses. # Date: Sunday Sept. 23, 2018 # Exploit Author: Dhruv Gramopadhye (dgramop) # Vendor Homepage: https://www.gravityforms.com/ # Version: 2.3.2 # Contact: https://dgramop.xyz Version number estimated, future versions may be affected.
Category: Files Containing Juicy Info
81 inurl:robots.txt intext:Disallow: /web.config
# Google Dork: inurl:robots.txt intext:Disallow: /web.config # Description: Google Dork to find /web.config file in robots.txt # Date: 2018-09-21 # Author: Miguel Santareno # Contact: https://www.linkedin.com/in/miguelsantareno/
Category: Files Containing Juicy Info
82 /_wpeprivate/config.json
file containing password ;) ManhNho
Category: Files Containing Passwords
83 intext:"Powered by Sentora" -github.com
Sites using Sentora CMS. Bruno Schmid https://ch.linkedin.com/in/schmidbruno
Category: Web Server Detection
84 inurl:"build.xml" intext:"tomcat.manager.password"
Google Dork: Files Containing Passwords inurl:"build.xml" intext:"tomcat.manager.password" Author: Xin Min This dork allows you to search for password of tomcat manager.
Category: Files Containing Passwords
85 /var/www/manage/storage/logs/laravel- ext:log
Laravel logs ManhNho
Category: Files Containing Juicy Info
86 site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
# Google Dork: site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view # Date: 2018-09-15 # Author: Akalanka Ekanayake (Jake Logan) # Vendor Homepage: https://securehacker.co.uk This dork will help you to find out videos published in Google drive.(Movies,Tv series,clips .etc) Example : site:drive.google.com /preview *intext:tv series* inurl:flv | wmv | mp4 -pdf -edit -view site:drive.google.com /preview *intext:tutorial* inurl:flv | wmv | mp4 -pdf -edit -view site:drive.google.com /preview *intext:720p *inurl:flv | wmv | mp4 -pdf -edit -view
Category: Various Online Devices
87 inurl:/yum.log | intitle:yum.log + ext:log
inurl:/yum.log | intitle:yum.log + ext:log yum log files ManhNho
Category: Files Containing Juicy Info
88 intitle:"index of" intext:twr.html
intitle:"index of" intext:twr.html This Google Dork discovers badly configured servers exposing sensitive Tripwire reports. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Files Containing Juicy Info
89 intitle:"index of" intext:login.csv
intitle:"index of" intext:login.csv This Google Dork discovers servers with open directories exposing login information files. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Files Containing Passwords
90 inurl:/banking.jsp?fldsegment=
[*] Description: Finds The Internet Banking Portals Which Are Running on Oracle Flex-cube Core Banking Solutions. [*] Google Dork: inurl:/banking.jsp?fldsegment= [*] Author: Osman Arif
Category: Pages Containing Login Portals
91 inurl:/INALogin.jsp
[*] Description: Finds The Internet Banking Backend Administrator Portals Running on Oracle Flex-cube Core Banking Solutions. [*] Google Dork: inurl:/INALogin.jsp [*] Author: Osman Arif
Category: Pages Containing Login Portals
92 intext:ZAP Scanning Report Summary of Alerts ext:html
intext:ZAP Scanning Report Summary of Alerts ext:html This Google Dork discovers badly configured servers exposing sensitive OWASP ZAP reports. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Network or Vulnerability Data
93 inurl:"trello.com" and intext:"username" and intext:"password"
Looking for the Username & Password from the public Trello board Sang Bui
Category: Files Containing Passwords
94 intitle:backup+index of
Checking for the public backup folder on the web server, It might include the sensitive files or database. Sang Bui
Category: Sensitive Directories
95 inurl:/wp-json/wp/v2/users/ "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
Category: Vulnerable file Misconfiguration attack to get information of wordpress users ManhNho
Category: Files Containing Juicy Info
96 inurl:/typo3/typo3conf
inurl:/typo3/typo3conf Find interesting files from TYPO3 CMS installation. by Franciny Salles (#Bl4kd43m0n)
Category: Sensitive Directories
97 inurl:/_hcms/
Google dork *description: * Get all sites using Hubspot's Content Mangement System (CMS) *Google Search: *inurl:/_hcms/ Submitted by: Alfie Website: (https://the-infosec.com) -- Regards, Alfie. the-infosec.com
Category: Web Server Detection
98 intext:"define('DB_NAME'," ext:txt
intext:"define('DB_NAME'," ext:txt This Google Dork discovers badly configured servers exposing sensitive Wordpress database information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Files Containing Juicy Info
99 intext:"class JConfig {" inurl:configuration.php
intext:"class JConfig {" inurl:configuration.php This Google Dork discovers badly configured servers exposing sensitive Joomla configuaration information. - Gionathan "John" Reale (https://www.exploit-db.com/author/?a=9609)
Category: Files Containing Juicy Info
100 inurl:"wp-license.php?file=../..//wp-config"
inurl:"wp-license.php?file=../..//wp-config" File contain password and directory traversal vulnerability ManhNho
Category: Files Containing Passwords

Tawaran Buat Anda

Total Pengujung 0