Google Hacking Database PDF
October 12, 2022 | Author: Anonymous | Category: N/A
Short Description
Download Google Hacking Database PDF...
Description
Anonymous surfing with bigate.cgi. Remove http:// http:// when you copy paste or it won’t 2005inurl:cgi-bi inurl:cgi-bin n inurl:bigate. inurl:bigate.cgi cgi 04-27 work….
filetype:pl 2004intext:”/usr/bin/perl” 12-01
inur…
WebCal allows you to create and maintain an interactive events calendar or scheduling system on…
2004- filetype:mdb 11-30 inurl:”news/news”
Web Wiz Site News unprotected database holds config and admin information in a microsoft access…
inurl:php.exe e filetype:ex filetype:exe e - It is possible to read any file remotely on the server with PHP.EXE (assuming a script 2004- inurl:php.ex alias fo… 11-28 example.com 2004- “Powered by Land Down 11-18 Under 601”
sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access…
2004- ext:asp “powered by 11-16 DUForum” inurl:(mess…
DUForum is one of those free forum software packages. The database location is determined by th…
2004- ext:asp inurl:DUgal inurl:DUgallery lery 11-16 intitle:”3.0″ -s…
The MS access database can be downloaded from inside the docroot. The user table holds the admi…
2004- filetype:cgi 11-04 inurl:cachemgr.cgi
cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default…
2004“powered by YellDL” 10-31
Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP….
2004- inurl:click.php 10-27 intext:PHPClickLog
A script written in PHP 4 which logs a user’s statistics when they click on a link. The log is…
2004- “File Upload Manager 10-27 v1.3” “rename …
thepeak file upload manager let you manage your y our webtree with up and downloading files….
2004- intitle:”phpremoteview” 10-26 filetype:php &qu…
phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the s…
2004- intitle:”ASP FileMan” 10-19 Resend -site:iiswo…
FileMan is a corporate web based storage and file management solution for intraand internet. …
2004ezBOO WebStats is a high level statistical tool for web sites monitoring. It ezBOO “Administrator Panel” -cvs 10-16 allows real time … MyWebFTP Free is a free lite version of MyWebFTP Personal – a PHP script providing FTP client c…
2004- intitle:mywebftp “Please enter 10-14 your password&…
2004Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed intitle:”Directory Listing” “tree v… intitle:”Directory 10-14 * Tiled …
2004- inurl:changepassword.cgi inurl:changepassword.cgi -cvs 10-09
Allows a user to change his/her password for authentication to the system. Script allows for r…
WWWADMIN.PL” .PL” 2004- inurl:” WWWADMIN 10-06 intitle:”wwwad…
wwwadmin.pl is a script that allows a user with a valid username and password, to delete files …
2004inurl:cgi.asx?StoreID 10-05
BeyondTV is a web based software product which let you manage your TV station. All you need is …
2004filetype:lit lit (books|ebooks) 09-18
Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with t…
2004- PHP-Nuke – create super user 09-13 right now !
PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think …
2004Gallery configuration setup files 09-10
Gallery is a popular images package for websites. Unfortunately, Unfortunately, with so many users, more bugs …
2004- inurl:”nph-proxy.cgi” “Start 09-09 browsi…
Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear sto…
2004Toast Forums is an ASP message board on the Internet. Toast Forums also link:http://www.toastforums.com/ 09-06 has all the features of…
2004inurl:”plog/register.php” 09-06
pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites runn…
2004inurl:robpoll.cg inurl:robpoll.cgii filetype:cg filetype:cgii 08-30
robpoll.cgi is used to administrate polls.The default password used for adding polls is ‘robpol…
2004- intitle:”PHP Explorer” ext:php 08-20 (inurl:ph…
This searches for PHP Explorer scripts. This looks like a file manager with some nice extra opt…
2004ext:cgi inurl:ubb6_test 08-13
The UBB trial version contains files that are not safe to keep online after going live. The ins…
2004filetype:inc inc intext:setcookie 08-01
Cookies are often used for authentication and a lot of other stuff.The “inc” php head…
2004- filetype:wsdl wsdl 08-01
The XML headers are called *.wsdl files.they can include data, functions or objects. An attacke…
2004filetype:cnf my.cnf -cvs -example 07-21
The MySQL database system uses my.cnf files for configurat configuration. ion. It can include a lot of informat…
Programmers do strange things sometimes and forget about security. This 2004filetype:php inurl:”view inurl:”viewfile” file” -“ind… search is the perfect e… 06-16 2004- intitle:”Index of /” modified 06-10 php.exe
PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary …
Search Oracle Reports likely vulnerable to DB user/password disclosure
2014
02-05 inurl:”/repor inurl:”/reports/rwservle ts/rwservlet” t” intext:”…
(CVE-2012- 3152 and CVE…
2013inurl:”struts” filetype:action 11-25
Google search for actoin files wich could be explotable via CVE-20132251 “Multiple Remot…
inurl:.php? inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin 2013intext:CHARACTER_SETS,COLLATIONS, view phpMyAdmin of web sit… 08-08
?int…
2012inurl:/wp-content/w3tc/dbcache/ 12-31
– Jay Townsend…
2012- intext:SQL syntax & 12-31 inurl:index.php inurl:index.php?=id ?=id & … 2012intext: intext: intext: intext: intext: 08-21
# Exploit Title: SQLI Exploit # Google Dork: intext:SQL syntax & inurl:index.php?=id inurl:index.ph p?=id &…
More than 100k sites affected It will show asp sites that are vulnerable to sql injection (…
2012intitle:awen+intitle:asp.net 05-15
Hi, This google dork exposes any already uploaded asp.net shells which are available in Bac…
2012- intitle:”-N3t” filetype:php 05-15 undetectable
intitle:”-N3t” filetype:php undetectable Search WebShell indexed on a page. — …
2011- inurl:.php intitle:- BOFF 1.0 intext:[ 12-23 Sec. Info ]
This search attempts to find the BOFF 1.0 Shell. Author: alsa7r …
2011- filetype:php inurl:tiki-ind inurl:tiki-index.php ex.php 11-25 +sirius +1.9.*
Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt Jones …
2011- filetype:php inanchor:c99 inurl:c99 11-24 intitle:c99s he…
This search attempts to find the c99 backdoor that may be knowingly or unknowingly installed o…
2011- inurl:php intitle:”Cpanel , FTP 11-19 CraCkeR”
locates cpanel and ftp cracker. Author: alsa7r …
2011intitle:#k4raeL – sh3LL intitle:#k4raeL – 10-11
intitle::#k4raeL intitle #k4raeL – – sh3LL Finds K4rael Shell , though many of them are dead but we can get som…
2011inurl:view.php?board1_sn= 09-26
locates a webapp vulnerable to SQL injection …
2011intitle:m1n1 1.01 07-26
find the b374k shell…. Submitted by : biLLbud …
2011intitle:Locus7shell intext:”Software:” intext:”Software:” Submitted by lionaneesh — Thanks intitle:Locus7shell intext:”Software: intext:”Software:”” 05-03 Ane… 2011intitle:”[EasyPHP] – Administration” 03-23
Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra (lionaneesh) …
2011- MySQL: ON MSSQL: OFF Oracle: OFF 02-24 MSSQL: OFF Postgr…
Author :- eXeSoul You will get lots of web shells even some private shells….
2011intitle:cyber anarchy shell 02-24
Submitter: eXeSoul cyber anarchy shell …
2010inurl:/vb/install/upgrade.php 12-10
Vbulletin custom updrade wizards. Author: ScOrPiOn…
2010inurl:/vb/install/install.php 12-10
Vbulletin installation wizards, allow users to modify installation parameters. May also rev
-Telnetto Unit-x Team 2010Connected *.com&qu… 12-09 “CGI
Locates CGI-Telnet web shells. Author: ScOrPiOn…
2010- “www.*.com – c99shell c99shell”” OR 12-08 “www.*.ne…
Locates c99 web shells Author: ScOrPiOn…
2010- “safe_mode: * PHP version: * Locates r57 web shells Author: ScOrPiOn… 12-07 cURL: * MySQL… 2010“r57shell” 12-07
Locates r57 web shells Author: ScOrPiOn…
2010“r57shell 1.4” 12-07
Locates r57 web shells Author: ScOrPiOn…
2010- “[ phpinfo ] [ php.ini ] [ cpu ] [ Locates r57 web shells Author: ScOrPiOn… 12-07 mem ] … 2010- inurl:index.p inurl:index.php?pagedb=rs hp?pagedb=rsss 11-13 Vulnerabilit Vulnerabilityy -inurl
CVE: 2007-4007 EDB-ID: 4221 This google dork possibly exposes sites with the Article Dir
2006- intitle:”Uploader – Uploader 05-03 v6″ -pixloa…
File upload servers, dangerous if used in couple with mytrashmail.com…
2006intitle:”MvBlog powered” 04-25
MvBlog is prone to multiple input-validation vulnerabilities. vulnerabilities. These issues are due to a fail
2006- intitle:”Horde :: My Portal” 02-03 “[Tic…
Hi It will give you administrat ive ownership over Horde webmail system plus all users in
2006inurl:rpSys.html 01-22
Web configuration pages for various types of systems. Many of these systems are not password pr…
2006- filetype:pl intitle:”Ultrab intitle:”Ultraboard oard 01-16 Setup”
setup pages to the ultraboard system….
2005- “Welcome to Administration” This reveals admin site for Argo Software Design Mail Server…. 09-17 “Genera… 2005-
XOOPS custom installation wizards, allow users to modify installation parameters. May al
09-16 XOOPS Custom Installation
reve…
2005- “you can now password” | 09-15 “this is a…
IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER via deta…
2005- “set up the administrator 07-03 user” inurl:pi…
Using this, you can find sites with a Pivot weblog installed but not set up. The default set
2005“html allowed” guestbook 06-11
When this is typed in google it finds websites which have HTML Enabled guestbooks. Thi real…
2005- “Powered by: vBulletin 03-19 Version 1.1.5”
This google dork reveals vulnerable message boards. It works for all Vbulletin version up
2005This search brings up results for Novell NetWare’s Web Search Manager.. at best the site inurl:”/NSearch/AdminServlet” 01-26 … 2005inurl:servlet/webacc 01-06
I was playing around on the net when I found a small problem with Novell’s WebAcces. With User….
2004- “There are no Administrators 12-27 Accounts” i…
This is a more specific search for the vulnerable PhpNuke index already seen on this website.Ph…
2004- intitle:”Mail Server CMailServer 12-04 Webmail”…
CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buff…
2004inurl:newsdesk.cgi? inurl:newsdesk.cgi? inurl:”t=” 11-07
Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due …
2004- (inurl:/shop.cgi/page=) (inurl:/shop.cgi/page=) | 11-07 (inurl:/shop.pl/page=)
This is a “double “ double dork” finds two different shopping carts, both vulnerable1) Cyber-V…
2004AOL Journals BlogID Incrementing Discloses Account Names and Email inurl:aol*/_do/rss_popup?blogID= AddressesAOL Journals is bas… 11-06 2004- natterchat inurl:home.asp 11-05 site:natterchat.co.uk
NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identifie…
2004- intitle:phpMyAdmin “Welcome to phpMyAdmin is a tool written in PHP intended to handle the administration 10-31 phpMyAdmin ***… of MySQL over the Web… 2004- intitle:phpMyAdmin “Welcome to search for phpMyAdmin installations that are configured to run the MySQL database with root pri… 08-21 phpMyAdmin ***… 2004“ftp://” “www.eastga “www.eastgame.net” me.net” 08-20
Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing.”t…
2004- intext:”Warning: * am able * 08-13 write ** configu…
OsCommerce has some security issues, including the following warning message: “Warning: I …
2004- allinurl:”index.php”
Easyins Stadtportal v4 is a German Content Management System for cities
07-29 “site=sglinks&…
and regions. Version 4 …
2004- inurl:”index.php? 07-29 module=ew_filemanager”
http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module – http… This brings up alot of insecure as well as secure filemanagers. These software solutions are of…
2004filetype:cgi inurl:”file inurl:”fileman.cgi” man.cgi” 07-26
2004Zero X reported that “Web_Store.cgi” allows Command Execution:This filetype:cgi inurl:”Web_ inurl:”Web_Store.cgi” Store.cgi” 07-26 application was wr… hAcxFtpScan – software that use ‘l33t h@x0rz’ to monitor their file stroz on on 2004”) … ftp. On the ftp se… (“Indexed.By”|”Monitored.By”) 07-26 (“Indexed.By”|”Monitored.By
2004- “Welcome to the Prestige Web06-04 Based Configurat…
This is the configuration screen for a Prestige router. This page indicates that the router has…
2004inurl:vAuthenticate enticate filetype:php inurl:vAuth 06-04
vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new …
2004- intitle:”Samba Web 05-04 Administration Tool” …
This search reveals wide-open samba web adminitration servers. Attackers can change options on …
2004- intitle:”Gateway Configuration 04-28 Menu”
This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (…
2004This is a default login portal used by Oracle. In addition to the fact that this file inurl:pls/admin_/gateway.htm can be us… 04-28
2004allinurl:install/install.php 04-06
Pages with install/install.php install/install.php files may be in the process of installing a new service or progr…
2004allinurl:intranet allinurl:intranet admin 03-29
According to whatis.com: “An intranet is a private network that is contained within an ent…
2004- “Select a database to view” 03-29 intitle:&quo…
An oldie but a goodie. This search locates servers which provides access to Filemaker pro datab…
2004- “Welcome to PHP-Nuke” 03-18 congratulations
This finds default installations of the postnuke CMS system. In many cases, default installatio…
2004inurl:info.inc.php 03-14
From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0…
2004inurl:footer.inc.php 03-14
From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0…
2004inurl:search.php inurl:search.php vbulletin 03-04
Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerabilit…
0000-
According to whatis.com: “An intranet is a private network that is contained
00-00 “Welcome to Intranet”
within an ent…
2004- intitle:”Remote Desktop Web Microsoft Remote Desktop Connection Web Connection pages. These pages are 03-04 Connection” not necessarily insec… 2004- intitle:”Terminal Services Web Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine… 03-04 Connection&quo… 2004inurl:ManyServers.htm 03-04
Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, s…
2004- intitle:osCommerce 03-04 inurl:admin intext:”redist…
This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending o…
2004Gallery is a nice little php program that allows users to post personal pictures on Gallery in configuration mode 03-04 their websi…
Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an S…
2004“YaBB SE Dev Team” 03-04
2003- Hassan Consulting’s Shopping These servers can be messed with in many ways. One specific way is by way of 07-08 Cart Version 1.18 the “../”… X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn’t 2005- intext:”Powered by X06-03 Cart: shopping cart soft… seem to be …
2005- intext:”powered by 05-29 Hosting Controller” i…
Description:==============Hosting Controller is a complete array of Web hosting automation tool…
site:ups.com Ever use the UPS Automated Tracking Service?? Wanna see where packages are 2004intitle:"Ups Package intitle:"Ups going? Want to Man-i… 11-25 trackin… 2004inurl:midicart.mdb 10-10
MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A…
2004- “More Info about 10-10 MetaCart Free”
MetaCart is an ASP based shopping Cart application with SQL database. A security vulnerability …
2004inurl:shopdbtest.asp 10-10
shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script al…
2004Comersus is an e-commerce system and has been installed all over the world in more Comersus.mdb Comersus.mdb database 07-12 than 20000 s… 2004- VP-ASP Shop Administrators ors only 06-25 Administrat
VP-ASP (Virtual Programming – ASP) has won awards both in the US and France. It is now in use i…
2004- POWERED BY HIT 06-06 JAMMER 1.0!
Hit Jammer is a Unix compatible script that allows you to manage the content and traffic exchan…
2014 -02- “[function.getimagesize]: “[function.getimagesize]: failed to open stre… 05
Just another error that reveals full paths…
2014 -02- intext:”Access denied for” intitle:”… 05
Here is a Dork I use in conjunction with sqlmap, for shopping carts with MySQL Error messages…
2013 inurl:advsearch.php?module= inurl:advsearch.php?module = & intext:sql -04synta… 09
Exploit Title : SQLI Exploit Google Dork :
inurl:advsearch.php?module= inurl:advsearc h.php?module= & intext:sql syntax…
2012 -12- intext:”Fatal error: Class ‘Red_Action’ not f… 06
Dork to find Plugin errors in wordpress websites Dork – intext:”Fatal error: Class ‘Red_A…
2012 “CHARACTER_SETS”” “COLLATION_CHARACT “COLLATION_CHARACT… … -08- “CHARACTER_SETS 21
“CHARACTER_SETS”+”COLLATION_CHARACTER_SET_APPLIC “CHARACTER_SETS”+”COLLATION_CHARAC TER_SET_APPLICABI ABI LITY” find sql injectab…
2012 -05- inurl:”*.php?*=*.php” inurl:”*.php?*=*.php” intext:”Warni… 15
PHP Error Messages…
2011 Author: eidelweiss inurl:”index.php?m=content+c=rss+catid=10& inurl:”index.php?m=content+c=r ss+catid=10&q q -01http://host/index.php?m=content&c=rss&catid=5 show MySQL
uo…
Error (tabl…
21 2010 -12- “plugins/wp-db-backup/wp-db-backup.php” 08
Many of the results of the search show error logs which give an attacker the server side paths …
2010 -11- allintext:”fs-admin.php” 11
A foothold using allintext:”fs-admin.php” shows the world readable directories directories of a p…
2006 -06- intitle:”Apache Tomcat” “Error Repo… 15
Apache Tomcat Error messages. These can reveal various kinds information depending on the type …
2006 -04- “Unable to jump to row” “on MySQL r… 25
another error message…
2006 -04- “Warning: Bad arguments to (join|implode) () … and another error. open it from cache when not working…. 25
2006 -04- “Warning:” “failed to open stream: … 25
Just another error message….
2006 This dork reveals logins to databases that were denied for some mysql_connect(): Access denied for … -04- “Warning: mysql_connect(): reason…. 25
2006 -04- “Warning: Division by zero in” “on … 25 2006 -03- filetype:asp + “[ODBC SQL” 13
Just another error that reveals full paths….
This search returns more than just the one I saw already here. This one will return all ODBC SQ…
2005 -09- “Warning:” “SAFE MODE Restriction i… 25
This error message reveals full path information. Recommend use of site: operator to narrow sea…
2005 argument is not a valid Fi… -09- “Warning: Supplied argument 25
This error message cqan reveal path information. This message (like other error messages) is of…
2005 “There seems to have been a problem with -08the&… 16
search reveals database errors on vbulletin sites. View the page source and you can get informa…
2005 -04- intitle:”Default PLESK Page”
Plesk Server Administrator (PSA) is web based software that enables remote administration of we…
26 2005- “Parse error: parse error, 04-26 unexpected T_VARIA…
PHP error with a full web root path disclosure…
"SQL Server 2005Driver][SQL Server]Line 1: 04-07
you can find many servers infected with sql injection…
In…
2005- Netscape Applicati Application on 04-05 Server Error page
This error message highlights potentially unpatched or misconfigured Netscape Application Serve…
2005- intext:”Error Message :
This throws up pages which contain “CGI ERROR” reports – which include the file
01-26 Error loading require…
(and …
mysql_query()”” 2004- “Warning: mysql_query() MySQL query errors revealing database schema and usernames…. 11-28 “invalid q… 2004- intitle:Configuration.File 11-13 inurl:softcart.exe
This search finds configuration file errors within the softcart application. It includes the na…
2004- “The script whose uid is ” 10-16 “is not …
This PHP error message is revealing the webserver’s direct directory ory and user ID….
2004snitz forums uses a microsoft access databases for storage and the default name is snitz! forums db path error 09-07 “Snitz_… 2004- filetype:log “PHP Parse 08-14 error” | “P…
This search will show an attacker some PHP error logs wich may contain information on wich an a…
“ASP.NET_SessionId” “data .NET pages revealing their datasource and sometimes the authentication 2004- “ASP.NET_SessionId” 07-26 source=&q… credentials with it. The… 2004- “ORA-12541: TNS:no 07-16 listener” intitle:&qu…
In many cases, these pages display nice bits of SQL code which can be used by an attacker to mo…
2004- filetype:php 07-16 inurl:”logging inurl:”logging.php” .php” “D…
Discuz! Board error messages related to MySQL. The error message may be empty or contain path i…
2004- “Internal Server Error” 07-16 “server at&…
We have a similar search already, but it relies on “500 Internal Server” which doesn’…
2004- PHP application warnings 07-14 failing “include_pat…
These error messages reveal information about the application that created them as well as reve…
2004- intext:”Warning: Failed 07-09 opening” “o…
These error messages reveal information about the application that created them as well as reve…
2004ht://Dig htsearch error 06-24
The ht://Dig system is a complete world wide web indexing and searching system for a domain or …
2004- intitle:”Error Occurred 06-24 While Processing Requ…
Cold fusion error messages logging the SQL SELECT or INSERT statements and the location of the …
2004- intitle:”Error using 06-15 Hypernews” “Se…
HyperNews is a cross between the WWW and Usenet News. Readers can browse through the messages w…
2004- “Invision Power Board 05-28 Database Error”
These are SQL error messages, ranging from to many connections, access denied to user xxx, show…
2004- “error found handling the 07-29 request” cocoo…
Cocoon is an XML publishing framework. It allows you to define XML documents and transformation…
2004- intitle:”Execution of this 04-28 script not permitt…
This is a cgiwrap error message which displays admin name and email, port numbers, path names, …
2004- intitle:”Error Occurred” 04-19 “The error…
This is a typical error message from ColdFusion. A good amount of information is available from…
2004- warning “error on line” 03-11 php sablotron
sablotron is an XML toolit thingie. This query hones in on error messages generate generated d by this too…
2004- “Fatal error: Call to 03-16 undefined function”…
This error message can reveal information such as compiler used, language used, line numbers, p…
2004- filetype:asp “Custom 03-16 Error Message” Cate…
This is an ASP error message that can reveal information such as compiler used, language used, …
2004- “Can’t connect to local”
Another SQL error message, this message can display database name, path names
03-04 intitle:warning
and partial SQL c…
2004- intitle:”Under 03-04 construction” “does …
This error message can be used to narrow down the operating system and web server version which…
2004- “access denied for user” 03-04 “using pas…
Another SQL error message, this message can display the username, database, path names and part…
2004- “Warning: Cannot modify A PHP error message, this message can display path names, function names, 03-04 header information – … filenames and partial…
pg_connect(): t(): 2004- “Warning: pg_connec 08-25 Unable to connect to …
This search reveals Postgresql servers in yet another way then we had seen before. Path informa…
An unexpected token 2004“END-OF-STATEMENT” 03-04
A DB2 error message, this message can display path names, function names, filenames, partial co…
2004- “detected an internal 03-04 error [IBM][CLI Driver]…
A DB2 error message, this message can display path names, function names, filenames, partial co…
2004- “A syntax error has 03-04 occurred” filetype:i…
An Informix error message, this message can display path names, function names, filenames and p…
2004- “An illegal character has 03-04 been found in the s…
An Informix error message, this message can display path names, function names, filenames and p…
2004- “Syntax error in query 03-04 expression ” -the
An Access error message, this message can display path names, function names, filenames and par…
w…
2004- supplied argument is not An PostgreSQL error message, this message can display path names, function names, 03-04 a valid PostgreSQL result filenames and… 2004- “PostgreSQL query failed: An PostgreSQL error message, this message can display path names, function names, 03-04 ERROR: parser: pa… filenames and… 2004“Incorrect syntax near” 03-04
An SQL Server error message, this message can display path names, function names, filenames and…
2004“Incorrect syntax near” 03-04
An SQL Server error message, this message can display path names, function names, filenames and…
2004- “Unclosed quotation mark An SQL Server error message, this message can display path names, function names, filenames and… 03-04 before the character…
“ORA-00933: SQL 2004command not properly 03-04
An Oracle error message, this message can display path names, function names, filenames and par…
2004- ORA-00921: unexpected 03-04 end of SQL command
Another generic SQL message, this message can display path names, function names, filenames and…
2004- ORA-00936: missing 03-04 expression
A generic ORACLE error message, this message can display path names, function names, filenames …
ended&qu…
2004- “Supplied argument is not Another generic SQL message, this message can display path names, function 03-04 a valid MySQL resul… names, filenames and… 2004sQL syntax error 03-04
Another generic SQL message, this message can display path names and partial SQL code, both of …
2004mysql error with query 03-04
Another error message, this appears when an SQL query bails. This is a generic mySQL message, s…
200403-04 Internal Server Error
This one shows the type of web server running on the site, and has the ability to show other in…
2004- IIS web server error 03-04 messages
This query finds various types of IIS servers. This error message is fairly indicative of a som…
2004- Windows 2000 web server Windows 2000 web servers. servers. Aging, fairly easy to hack, especially out of the box…… 03-04 error messages 2004IIS 4.0 error messages 03-04
IIS 4.0 servers. Extrememly old, incredibly easy to hack……
2004sitebuilderpictures 03-04
This is a default directory for the sitebuilder web design software program. If these people po…
2004sitebuilderfiles 03-04
This is a default directory for the sitebuilder web design software program. If these people po…
2004sitebuildercontent 03-04
This is a default directory for the sitebuilder web design software program. If these people po…
2004- ORA-00921: unexpected 01-09 end of SQL command
Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filename…
2003- “Chatologica MetaSearch” There is soo much crap in this error mess age… Apache version, CGI environment vars, path name… 08-15 “stack tra… 2003- MYSQL error message: 06-24 supplied argument….
One of many potential error messages that spew interesting information. The results of this mes…
2003Coldfusion Error Pages 06-24
These aren’t too horribly bad, but there t here are SO MANY of them. These sites got googlebotted whil…
2012inurl:finger.cgi 11-02
Finger Submitted by: Christy Philip Mathew…
2012- site*.*.*/webalizer 08-21 intitle:”Usage Statistics…
Shows usage statistics of sites. Includes monthy reports on the IP addresses, user agents, and …
2006- intitle:r57s intitle:r57shell hell +uname 05-04 bbpress
compromised servers… servers… a lot are dead links, but pages cached show interesting info, this is r5…
2006- “The statistics were last 05-03 updated” “…
Results include many varius Network activity logs…
2006- inurl:/counter/index.php 04-06 intitle:”+PHPCounter…
This is an online vulnerable web stat program called PHPCounter 7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, 03-13 | intitle:&q… access beyond the p… 2006- inurl:CrazyWWWBoard.cgi 02-08 intext:”detailed debu…
gives tons of private forum configuration information. information.examples: examples: Global variables installed, wha…
2005inurl:ovcgi/jovw 12-31
An HP Java network management tool. It is a sign that a network may not be configured properly….
2005- inurl:proxy | inurl:wpad 12-21 ext:pac | ext:dat findpro…
Information about proxy servers, internal ip addresses and other network sensitive stuff….
2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want 11-21 .gov -.edu -.mil -op… your IP spewed acros… 2005- intitle:”Retina Report” 10-26 “CONFIDENTI…
This googledork finds vulnerability reports produced by eEye Retina Security Scanner. The info…
2005- “Shadow Security Scanner 10-26 performed a vulnerab…
This is a googledork to find vulnerability reports produced by Shadow Security Scanner. They c…
2005- “The following report 10-26 contains confidential i…
This googledork reveals vunerability reports from many different vendors. These reports can co…
2005inurl:status.cgi?host=all 10-04
Nagios Status page. See what ports are being monitored as well as ip addresses.Be addresses.Be sure to check…
2005inurl:login.jsp.bak 09-30
JSP programmer anyone? You can read this!…
2005- intitle:”Belarc Advisor 02-15 Current Profile”…
People who have foolishly published an audit of their machine(s) on the net with some server in…
2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See 03-05 Port *… also #198… 2005- “powered | performed by 02-03 Beyond Security’s Aut…
This search finds Beyond Security reports. Beyond Security sells a box which performs automated…
2004- intitle:”PHPBTTracker 12-30 Statistics” | inti…
This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers – all the …
2004-
This query shows pages which summarise activity on BNBT-powered BitTorrent
12-30 intitle:”BNBT Tracker Info”
trackers – including…
2004- intitle:”Azureus : Java BitTorrent 12-30 Client Tra…
This query shows machines using the Azureus BitTorrent client’s built-in tracker – the pages ar…
2004inurl:”install/install.php” 12-29
This searches for the install.php install.php file. Most results will be a Bulletin board like Phpbb etc.T…
2004- intext:”Welcome to the Web 12-07 V.Networks” i…
see and control JVC webcameras, you can move the camera, zoom… change the settings, etc…….
MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for 2004remo… remote PBX access(MCK… 12-10 intitle:”start.managing.the.device” 2004ext:cfg radius.cfg 12-06
“Radiator is a highly configurable and flexible Radius server that supports authentication…
2004- filetype:php inurl:ipinfo.p inurl:ipinfo.php hp 12-07 “Distributed In…
Dshield is a distributed intrusion detection system. The ipinfo.php script includes a whois loo…
Mercury SiteScope designed to ensure the availability and performance of 2004inurl:”sitescope.html” inurl:”sitescope.html” intitle:”sit… distributed IT infrast… 12-03
2004- intitle:”twiki” 12-02 inurl:”TWikiUsers&q…
TWiki has many security problems, problems, depeding on the version installed. TWiki, is a flexible, powe…
2004- “Phorum Admin” “Database 11-28 Connection…
Phorum admin pagesThis either shows Information leakage (path info) or it shows Unprotected Adm…
sysWatch is a CGI to display current information about your UNIX system. It 2004“Output produced by SysWatch *” can display drive p… 11-28
2004inurl:testcgi xitami 11-28
Testpage / webserver environmentThis is the test cgi for xitami webserver. It shows the webserv…
2004- filetype:log 11-28 intext:”ConnectionManager2″
ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip addresses, phon…
2004- intitle:”sysinfo * ” 11-12 intext:”Genera…
Lots of information leakage on these pages about active network services, server info, network …
inurl:portscan.php “from 2004- inurl:portscan.php 11-12 Port”|”Por…
This is general search for online port scanners which accept any IP. It does not find a specifi…
2004inurl:/adm-cfgedit.php 11-07
PhotoPost Pro is photo gallery system. This dork finds its installation page.You can use this p…
2004inurl:webutil.pl 11-07
webutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslo…
200410-20 inurl:statrep.nsf inurl:statrep.nsf -gov
Domino is server technology technology which transforms Lotus Notes® into an Internet a…
2004The finger command on unix displays information about the system users. inurl:/cgi-bin/finger? “In real life” 10-19 This search displays pr…
2004- inurl:/cgi-bin/finger? Enter 10-19 (account|host|user|us…
The finger command on unix displays information about the system users. This search displays th…
2004- filetype:php inurl:nqt 10-18 intext:”Network Query …
Network Query Tool enables any Internet user to scan network information using:* Resolve/Revers… Resolve/Revers…
2004- inurl:”map.asp?” 10-05 intitle:”WhatsUp G…
-Wide to easily track “WhatsUpassociate… Gold’s new variables SNMP Viewer tool enables Area
network data and other resource 2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network utilization dat… 09-29 web pa… 2004- ((inurl:ifgraph “Page 09-29 generated at”) OR …
ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RR…
2004- inurl:”/catalog.nsf” 09-10 intitle:catalog
This will return servers which are running versions of Lotus Domino. The catalog.nsf is the ser…
2004- “Powered by
phpOpenTracker is a framework solution for the analysis of website traffic and
09-21 phpOpenTracker” phpOpenTracker” Statistics visitor analysis… site:netcraft.com 2004Netcraft reports a site’s operating system, web server, and netblock owner together intitle:That.Site.Running 09-21 with, if av… Apache
2004- “this proxy is working 08-13 fine!” “ente…
These are test pages for some proxy program. Some have a text field that allows you to use that…
2004“apricot – admin” 00h 07-29
This search shows the webserver access stats as the user “admin”. The language used i…
2006- “by Reimar Hoven. All 04-15 Rights Reserved. Discla…
dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&… inurl:”log/logdb.dta&…
2004- intitle:”Microsoft Site 07-16 Server Analysis”
Microsoft discontinued Site Server and Site Server Commerce Edition on June 1, 2001 with the in…
2004- Analysis Console for 07-12 Incident Databases
ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend f…
2004Looking Glass 06-22
A Looking Glass is a CGI script for viewing results of simple queries executed on remote router…
2004- “Version Info” “Boot 06-04 Version” …
This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved from this …
2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from this page incl… 06-04 page”
2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive 05-13 samples -examples information such a… 2004- filetype:pdf “Assessment 05-03 Report” nessus
These are reports from the Nessus Vulnerability Scanner. These report contain detailed informat…
2004- inurl:phpSysI nurl:phpSysInfo/ nfo/ “created This statistics program allows the an admin to view stats about a webserver. Some 04-16 by phpsysinfo”… sites leave t… 200404-16 “SnortSnarf alert page”
snort is andete… intrusion detection system. SnorfSnarf creates pretty web pages from intrusion
potential vulnerabilities on hosts and 2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential networks. … 03-30 Report” “I… 2004- “This report lists” 03-30 “identified by … 2004- intitle:”Nessus Scan 03-30 Report” “This … 2014
This search yeids ISS scan reports, revealing potential potential vulnerabilities on hosts and networks. … This search yeids nessus scan reports. Even if some of the vulnerabilities have been fixed, we …
iletype:pdf “acunetix f iletype:pdf
-03- website audit” &q… 31
Finds reports generated by Acunetix scans. – Andy G – twitter.com/vxhe twitter.com/vxhexx …
2014 inurl:clientaccesspolicy Locates clientaccesspolicy.xml clientaccesspolicy.xml files used by silverlight silverlight to determine determine the cross domain -03- filetype:xml policy … 27 intext:allow… 2014 inurl:crossdomain -03- filetype:xml 27 intext:allow-access…
Locates crossdomain.xml files used by flash/flex/silverlight to determine the cross domain pol…
2014 site:bitbucket.org -02inurl:.bash_history 05
Finding Sensitive data site:bitbucket.org site:bitbucket.org inurl:.bash_history By Pharos …
2013 intext:phpMyAdmin SQL intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, -11- Dump filetype:sql `password`) V… 27 intext:INS… 2013 inurl:mikrotik -11filetype:backup 27
mikrotik url backups uploaded.. then.. credentials cracked via http://mikrotikpasswordrecove…
2013 filetype:xml -11inurl:sitemap 25
Sitemaps, the opposite of Web Robots Exclusion Detail directory and page map — [Volun…
JBoss 2013 inurl:”jmx-11- console/HtmlAdaptor” http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to _the_J… 25 intitle:…
2013 -11- inurl:tar filetype:gz 25
Tar files Contain user and group information (in addition to potentially useful files) — …
2013 filetype:bak (inurl:php | This one could be used to find all sorts of backup data, but this example is limited to just -11c… inurl:asp | inurl:rb) 25 2013 site:github.com -11- inurl:”id_rsa” 25 inurl:&q…
Finds private SSH keys on GitHub. – Andy G – twitter.com/ twitter.com/vxhex vxhex …
2013 site:github.com -11- inurl:”known_hosts” 25 &quo…
Finds SSH known_hosts files on GitHub. – Andy G – twitter.com/vxhex …
2013 inurl:/wp-11- content/uploads/ 25 filetype:sql
Google dork for WordPress database backup file (sql): inurl:/wp-content/uploads/ inurl:/wp-content/uploads/ filetype:sq…
2013 inurl:config “fetch = -11- +refs/heads/*:refs/rem Git config file Easy way to find Git Repositories — -[Voluntas Vincit Omnia]- website… 25
o…
2013 filetype:php Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/) Can -11- intext:”PROJECT HONEY identify the … 25 POT ADDRES… 2013 inurl:github.com -11- intext:sftp-conf.json 25 +intext:/wp…
Find FTP logins and full path disclosures pushed to github inurl:github.com intext:sftpintext:sftpconf…
2013 inurl:*/webalizer/* -09- intitle:”Usage 24 Statistics…
*Obrigado,* …
2013 intitle:index.of -09intext:.ssh 24
Find peoples ssh public and private keys – tmc / / #havok #havok …
2013 filetype:txt This dork can be used to find symlinked WordPress configuration configuration files of other web sites -08inurl:~~Wordpress2.txt … 08 2013 filetype:txt inurl:wp-08config.txt 08
Easily hunt the WordPress configuration file in of remote web sites Author : Un0wn_X …
2013inurl:~~joomla3.txt filetype:txt 08-08
By this dork you can find juicy information joomla configuration files Author: Un0wn_X …
2013- intitle:”WAMPSERVER Homepage” & 08-08 inte…
#Summary: Wampserver Homepage free access #Summary: (*http://www.wampserver.com/).* #Author: g00gl3 5c0u…
2013inurl:wp-content/uploads/dump.sql 08-08
This is *Mohan Pendyala* (penetration tester) from india. Google Dork: *inurl:wp-content/u…
2013inurl:fluidgalleries/dat/login.dat 08-08
Works with every single fluidgalleries portofolio sites. Just decrypt the MD5 hash and login on…
2013“information_schema” ma” filetype:sql 08-08 “information_sche
Dork: “information_schema” filetype:sql By: Cr4t3r …
2013- inurl:”zendesk.com/attachments/token” zendesk is good ticketing system . It has thousands of clients. with the above dork you can s… 08-08 si…
Searching for “allintext: /iissamples/default/” may provide interesting informatio…
2013allintext: /iissamples/default/ 04-23
intitle:phpinfo info Tries to reduce false positive results from similar dorks. Finds pages 2013- filetype:php -site:php.net intitle:php containing output from … 04-22 “p… 2013- filetype:ini “This is the default settings 04-22 fi…
Finds PHP configuration files (php.ini) that have been placed in indexed folders. Php.ini defi…
2013inurl:”php?id=” intext:”DB_Error Ob… inurl:”php?id=” 04-09
Description: Files containing juicy info Author:ruben_linux Author:ruben_linux …
2013ext:gnucash 02-05
*Google Search:* http://www.google.com/search?q=ext:gnucash *Description:* Find Gnucas…
2013runtimevar softwareVersion= 02-05
Hits: 807 Config file from Thomson home routers, sometimes it contains password’s and user’s …
2012- inurl:admin intext:username= AND 12-31 email= AND passwo…
— nitish mehta …
2012- inurl:newsnab/www/ 12-06 automated.config.php
Usenet Accounts from Newsnab configs inurl:newsnab/www/ automated.config.php automated.config. php Author: rmccurd…
2012inurl:.com/configuration.php-dist 11-02
Finds the configuration files of the PHP Database on the server. By Chintan GurjarRahul Tygi…
2012filetype:avastlic 08-21
Lots of Avast Licenses . Author : gr00ve_hack3r www.gr00vehack3r.wordpress.com …
2012- filetype:docx Domain Registrar $user 08-21 $pass
Dork :- *filetype:docx Domain Registrar $user $pass* Use :- *To find domain login password fo…
2012- inurl:”phpmyadmin/index.php” 08-21 intext:&quo…
This dork finds unsecured databases …
2012- intext:”Thank you for your 05-15 purchase/trial of …
This dork can fetch you Avast product licenses especially Avast Antiviruses , including Profes…
2012?intitle:index.of?”.mysql_history” 05-15
Find some juicy info in .mysql_history files enjoy bastich …
2012intext:”~~Joomla1.txt” xt” title:”Index… intext:”~~Joomla1.t 05-15
intext:”~~Joomla1.txt” title:”Index of /” Get all server configs files…
2011allintext:D.N.I filetype:xls 12-27
This Query contains sensitive data (D.N.I and D.N.I for People of…
) in a xls format (excel)
2011- List of Phone Numbers (In XLS File ) 12-19 allinurl:tele…
This is a dork for a list of Phone Private Numbers in Argentina. Author Author:: Luciano UNLP …
2011- Microsoft-IIS/7.0 intitle:index.of name 12-19 size
IIS 7 directory listing. Author: huang …
2011- Google Dork inurl:Curriculum Vitale 12-16 filetype:doc (…
This dork locates Curriculum Vitale files. Autho r: Luciano UNLP …
2011- Google Dork For Social Security Number This dork locates social security numbers. Author: Luciano UNLP … 12-16 ( In Spain … (mysql_connect)) () 201111-24 filetype:old (mysql_connect
There are three of mysql_connects but that all search in .inc or warnings, non search for .old…
2011- filetype:old this dork locates backed up config files filetype:php~ 11-24 (define)(DB_USER|DB_PASS|DB_NAME) (define)(DB_U (define)(DB_USER|DB_PASS SER|DB_PASS|DB_NAME) |DB_NAME) file… 2011- filetype:reg reg HKEY_CURRENT_USER 11-19 SSHHOSTKEYS
this dork locates registry dumps …
2011intitle:index.of? configuration.php.zip 11-19
this dork finds mostly backed up configuration.php files. Its possible to change the *.zip to …
2011inurl:”/includes/config.php” 11-19 2011inurl:”trace.axd” ext:axd “Applicat… 11-19
The Dork Allows you to get data base information from config files. Author: XeNon …
example google dork to find trace.axd, a file used for debugging asp that reveals full http re…
2011- +intext:”AWSTATS DATA FILE” 09-26 filetype:txt
Shows data downloads containing statistics on the site.Made by AwstatsThe best dork for that sy…
2011- filetype:ini “Bootstrap.php” 08-25 (pass|passw…
Zend application ini, with usernames, passwords and db info love Bastich …
2011filetype:pem “Microsoft” 07-26
Microsoft private keys, frequently used for servers with UserID on the same page. — Sha…
2011- inurl:server-info intitle:”Server 07-26 Information…
Juicy information about the apache server installation in the website. — *Regards, Fady …
2011- inurl:/push/ .pem apns -“push 07-18 notifications&q…
iphone apple push notification system private keys, frequently unencrypted, frequently with De…
2011- site:stashbox.org cv Or resume OR 07-18 curriculum vitae…
Searches StashBox for publicly avaliable PDF’s or .doc files containing information used in a…
2011- site:mediafire.com cv Or resume OR 07-18 curriculum vita…
Searches Mediafire for publicly avalia ble PDF’s containing information used in a CV/Resume/Cur… CV/Resume/Cur…
2011intitle:(cv Or resume OR curr… 07-18 site:docs.google.com
Searches GoogleDocs for publicly avaliable information used in a CV/Resume/Cu… CV/Resume/Cu … PDF’s containing
Searches Dropbox for publicly avaliable PDF’s containing 2011site:dl.dropbox.com site:dl.dropbox.com filetype:pdf cv OR curriculum … information used in a CV/Resume/Curri… CV/Resume/Curri… 07-01
2011inurl:sarg inurl:siteuse inurl:siteuser.html r.html 05-26
Submitter: pipefish Squid User Access Reports that show users’ browsing history t… The filetype:xls never changes What is inbtween then + sings can be what ever you are looking …
2011filetype:xls + password + inurl:.com 05-03
2011-
allinurl:http://w allinurl:http://www.googl ww.google.co.in/latitud e.co.in/latitude/apps/bad… e/apps/bad…
Site: google.com/latitude – This is a free application where
you can track your PC, laptop and…
05-03 2011intext:db_pass ss inurl:settin inurl:settings.ini gs.ini intext:db_pa 02-24
Submitter: Bastich mysql.nimbit.com dashboard settings…
2011inurl:app/etc/local.xml 02-19
Magento local.xml sensitive information disclosure Author: Rambaud Pierre…
2010allinurl:/xampp/security.php 12-13
XAMPP Security Setting Page Information Disclosure. Author: modpr0be …
2010inurl:phpinfo.php 12-10
Locates phpinfo files. A phpinfo file Outputs a large amount of information about the current s…
2010inurl:”config. inurl:”config.php.new” php.new” +vbulletin 12-07
locates the default configuration file for vBulletin (/includes/config.php.new (/includes/conf ig.php.new)) Author: MaXe…
2010inurl:configuration.php-dist 12-07
locates the default configuration file of JOOMLA Author: ScOrPiOn …
2010filetype: log inurl:”acce inurl:”access.log” ss.log” +intext… 11-25
2010“Cisco PIX Security Appliance Software Versio… 11-10
Match some apache access. access.log log files. Author: susmab…
Google search for Pix Authorization Keys Author: fdisk…
2010This search locates private SSHHostkeys. Author: 11-10 filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS loganWHD…
2006intitle:”AppServ Open Project *” “A… 10-02
Often includes phpinfo and unsecured links to phpmyadmin….
2006intitle:”LOGREP – Log file reporting system&q… 03-21
Logrep is an open source log file Extraction and Reporting System by ITeF!x. This dork finds t…
2006(intitle:”PRTG Traffic Grapher” inurl:&q… 03-18
PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It pro…
2006- intitle:”Joomla – Web Installer” 03-18
Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CM…
2006“not for public release” -.edu -.gov -.m… 02-22
if you search through lots of these then you find some really juicy things, there files from po…
2006intext:ViewCVS inurl:Settings.php 01-16
CVs is a software used to keep track of changes to websites. You can review all updates and pre…
General build error file. Can tell what modules are installed, the OS the compiler the language…
2006inurl:build.err 01-16 2005-
inurl:/cgi-bin/pass.txt
Passwords…
12-22 WebStatistica provides detailed statistics about a web page. Normally you would WebStatistica 2005- (intitle:WebStatistica inurl:main.php)) | (intitle:… have to login … 12-19 inurl:main.php 2005- inurl:wp-mail.php + “There This is the WordPress script handling Post-By-Email functionality, the search is 11-24 doesn’t seem to b… focussed on th… 2005- intitle:”Welcome to FAn attacker may want to know about the antivirus software running. The 11-16 Secure Policy Manager S… description says he can… intitle:Bookmarks 2005inurl:bookmarks.html 10-22
“Bookm… 2005- intitle:”urchin 10-04 (5|3|admin)” ext:cgi
AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often …
Gain access to Urchin analysis reports….
2005- rdbqds -site:.edu -site:.mil - Ceasar encryption is a rather simple encryption. You simply shift letters up or down 09-08 site:.gov across the… 2005contacts ext:wml 08-23
Forget Bluetooth Hacking! You’ll be amazed, at how many people sync their Cell Phones to the sa…
2005- intitle:”curriculum intitle:”curriculum vitae” 08-12 filetype:doc
Hello. 1. It reveals personal datas, often o ften private addresses, phone numbers, e-mails, how many …
2005- intitle:”admin panel” 08-16 +”Powered by …
This finds all versions of RedKernel Referer Tracker( Tracker(stats stats page) it just gives out some nice in…
2005- ext:(doc | pdf | xls | txt | 07-30 ps | rtf | odt | sxw …
Although this search is a bit broken (the file extensions don’t always work), it reveals intere…
2005- site:www.mailinator.com 07-24 inurl:ShowMail.do
Mailinator.com allows people to use temporary email boxes. Read the site, I won’t explain here….
2005allinurl:cdkey.txt 07-21
cdkeys…
2005- filetype:PS ps 07-08
PS is for “postscript”…which basically means you get the high quality press data fo…
2005filetype:QBW qbw 06-21
Quickbooks is software to manage m anage your business’s financials. Invoicing, banking, payroll, etc, …
2005inurl:XcCDONTS.asp 06-07
This query reveals an .asp script which can often be used to send anonymous emails from fake se…
2005ext:DCA DCA 04-27
IBM DisplayWrite Document Content Architecture Text File…
2005-
ext:ccm ccm -catacomb
04-27 2005ext:CDX CDX 04-27 2005ext:DBF DBF 04-27
Lotus cc:Mail Mailbox file…
Visual FoxPro database index…
Dbase DAtabase file. Can contain sensitive data like any other database….
2005ext:jbf jbf 04-27
There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulner…
filetype:plist st 2005- ext:plist filetype:pli 04-26 inurl:bookmarks.plist
These Safari bookmarks that might show very interesting info about a user’s surfing habits…
2005ext:ics ics 04-26
ICalender Fileder that can contain a lot of useful information about a possible target….
2005- “MacHTTP” filetype:log 04-26 inurl:machttp.log
MacHTTP is an webserver for Macs running OS 6- 9.x. It’s pretty good for older Macs but the defa…
2005WebLog Referrers 03-30
ExpressionEngine ExpressionEng ine is a modular, flexible, feature-packed web publishing system that adapts to a …
#mysql dump” filetype:sql 2005- “#mysql 02-28 21232f297a57a…
this is a mod of o f one of the previous queries posted in here. the basic thing is, to add this:21…
200502-15 filetype:ora tnsnames
This searches for tns names files. This is an Oracle configuration configuration file that sets up connectio…
2005These pages contain hotmail messages that were saved as HTML. These inurl:getmsg.html intitle:hotmail 03-02 messages can contain anythi… 2005+”HSTSNR” -“netop.com” 02-28
This search reveals NetOp license files. From the netop website: “NetOp Remote Control is …
2005- intitle:”web server status” SSH 02-15 Telnet
simple port scanners for most common ports…
2005- -site:php.net -“The PHP Group” scripts to view the source code of PHP scripts running on the server. Can be very interesting i… 02-15 inurl:sou… 2005inurl:netscape.hst 01-27
History for Netscape – So an attacker can read a user’s browsing history….
2005inurl:”bookmark.htm” 01-27
Bookmarks for Netscape and various other o ther browsers….
2005inurl:netscape.hst 01-27
Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history…
2005-
There’s a bunch of interesting info in netscape.ini1. Viewers: which multimedia
inurl:netscape.ini
01-27
viewers the fir…
2005- intitle:”edna:streaming intitle:”edna:streaming mp3 01-27 server” -for…
Edna allows you to access your MP3 collection from any networked computer. computer. This software stream…
2005ext:reg “username=*” putty 01-27
Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, …
2005ext:txt inurl:dxdiag 01-22
This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of t…
2005intitle:”FTP root at” 01-13
This dork will return some FTP root directories. The string can be made more specific by adding…
2005- intext:gmail invite This is a dork I did today. At first, I wanted to find out the formula for making 01-02 intext:http://gmail.google.com… one, but … … 2005Peoples MSN contact lists 01-02
This will give msn contact lists .. modify the “msn” to what ever you feel is messeng…
2005filetype:ctt Contact 01-02
This is for MSN Contact lists……
2004- intitle:”index.of” .diz .nfo last 12-30 modifi…
File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Alt…
200412-30 filetype:blt “buddylist”
AIM buddylists….
The access.cnf file is a “weconfigfile” (webconfig (webconfig file) used by Frontpage Extentions…
2004- filetype:cnf inurl:_vti_ inurl:_vti_pvt pvt 12-30 access.cnf
squeezebox is the easiest way for music lovers to enjoy high-quality playback 2004intitle:”welcome.to.squeezebox” of their whole di… 12-19
2004inurl:preferences.ini “[emule]” inurl:preferences.ini 12-19
This finds the emule configuration file which contains some general and proxy information.Somet…
2004- ext:conf inurl:rsyncd.c inurl:rsyncd.conf onf -cvs - rsync is an open source utility that provides fast incremental file transfer.rsync 12-19 man can also tal… 2004inurl:ds.py 12-13
Affordable Web-based document and content management application lets businesses of every size …
2004ext:dat bpk.dat 12-13
Perfect Keylogger Keylogger is as the name says a keylogger :)This dork finds the corresponding datafiles…
2004- intitle:”Multimon UPS status 12-04 page”
Multimon provide UPS monitoring services…
2004- php-addressbook “This is the
php-addressbook shows user address information without a password….
12-05 addressbook for… 2004“Generated by phpSystem” 12-05
PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connect…
2004inurl:”/axs/ax-admin.pl” -script 12-04
This system records visits to your site. This admin script allows you to display these records …
2004ext:vmx vmx 12-03
VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a v…
2004ext:vmdk vmdk 12-03
VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images wh…
2004ext:pqi pqi -database 12-03
PQ DriveImage allows administrators to create hard rive images for lots of purposes including b…
2004ext:gho gho 12-03
Norton Ghost allows administrators to create hard rive images for lots of purposes including ba…
2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate PHP download … 11-28 (inurl:i… 2004- intitle:”DocuShare” 11-28 inurl:”docushar… 2004- ext:txt “Final encryption 11-28 key”
some companies use a Xerox Product called DocuShare. The problem with this is by default guest … IPSec debug/log data which contains user data and password hashes.Can be used to crack password…
2004- inurl:report “EVEREST 11-20 Home Edition “
Well what can be said about this t his one, I’ve added it to the DB under Juicy info, however it coul…
2004- “Microsoft (R) Windows * This file spills a lot of juicy info… in some cases, passwords in the raw dump, but not in an… 11-23 (TM) Version * DrWts… 2004- intitle:”Apache::Status” 11-21 (inurl:server-s…
The Apache::Status returns information about the server software, operating system, number of c…
2004- intitle:”PhpMyExplorer” 11-18 inurl:”inde…
without an…
2004filetype:myd myd -CVS 11-18
MySQL stores its data for each database in individual files with the extension MYD.An attacker …
PhpMyExplorerr is a PHP application that allows you to easily update your site online PhpMyExplore
2004- filetype:config filetype:config web.config - Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authen… 11-16 CVS 2004filetype:ns1 ns1 11-16
Netstunbler files contain information about the wireless network. For a cleanup add stuff like:…
2004- ext:cgi inurl:editcgi.cgi
This was inspired by the K-Otic report. Only two results at time of writing. The cgi
11-16 inurl:file=
script let…
2004- filetype:pst pst -from -to - Finds Outlook PST files which can contain emails, calendaring and address 11-12 date information…. 2004inurl:”putty.reg” 11-07
This registry dump contains putty saved session data. SSH servers the according usernames and p…
2004ext:conf NoCatAuth -cvs 11-07
NoCatAuth configuration configuration file. This reveals the configuration details of wirless gateway includi…
2004- “Certificate Practice 11-05 Statement” inurl:(…
Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA operation an…
2004- filetype:inf 11-05 inurl:capolicy.inf
The CAPolicy.inf file provides Certificate Servicces configuration information, which is read d…
2004- filetype:php inurl:index inurl:phpicalendar endar -site:… 10-31 inurl:phpical
PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays …
2004- intitle:”Web Server 10-31 Statistics for ****”
These are www analog webstat reports. The failure report shows information leakage about databa…
2004- intitle:”AppServ Open 10-31 Project” -site:www…
AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes…
2004- intitle:”Index of” upload 10-24 size parent di…
Files uploaded through ftp by other people, sometime sometimess you can find all sorts of things from mov…
2004inurl:log.nsf -gov 10-20
Domino is server technology which transforms Lotus Notes® into an Internet a…
2004ext:nsf nsf -gov -mil 10-20
Domino is server technology which transforms Lotus Notes® into an Internet a…
2004- intitle:”index.of *” admin 10-19 news.asp conf…
With Compulive News you can enter the details of your news items onto a webform and upload imag…
2004- inurl:cgi-bin/testcgi.exe 10-18 “Please distribute …
Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the …
2004- ext:mdb inurl:*.mdb 10-18 inurl:fpdb shop.mdb
The directory “http:/xxx/fpdb/” “http:/xxx/fpdb/” is the database folder used by some versions of Front…
2004ext:ini intext:env.ini 10-16
This one shows configuration files for various applications. based on the application an attack…
2004- “Installed Objects Scanner” Installed Objects Scanner makes it easy to test your IIS Webserver for installed 10-16 inurl:defaul… components. In… 2004- intitle:”ASP Stats 10-16 Generator *.*” “…
ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server s…
2004-
This search will show the googler ODBC client configuration files which may contain
inurl:odbc.ini ext:ini -cvs inurl:odbc.ini
10-09
usernames/d…
2004- intext:SQLiteManager 10-05 inurl:main.php
sQLiteManager sQLiteManag er is a tool Web multi-language of management of data bases SQLite. # Management of…
2004- +”:8080″ +”:3128″ 09-29 +”:80&q…
With the string [+”:8080″ +”:3128″ +”:80″ filetype:txt] it is pos…
2004inurl:/_layouts/settings 09-23
With the combined collaboration features of Windows SharePoint Services and SharePoint Portal S…
2004ext:ldif ldif 09-23
www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in o…
2004- filetype:pst 09-11 inurl:”outlook.pst”
All versions of the popular business groupware client called Outlook have the possibility to st…
2004filetype:vcs vcs 09-22
Filext.com says: “Various programs use the *.VCS extension; too many to list individually….
ext:log “Software:
2004Microsoft Internet 09-21
Microsoft Internet Information Services (IIS) has log files that are normally not in the docroo…
2004- Lotus Domino address 09-18 books
This search will return any Lotus Domino address books which may be open to the public. This ca…
2004- filetype:asp DBQ=” * 09-18 Server.MapPath(“*.m…
This search finds sites using Microsoft Access databases, by looking for the the database conne…
Informa…
2004- filetype:pdb pdb backup 09-10 (Pilot | Pluckerdb)
Hotsync database files can be found using “All databases on a Palm device, including the o…
2004- filetype:xls 09-10 inurl:”email.xls”
Our forum members never get tired of finding juicy MS office files. Here’s one by urban that fi…
2004John the Ripper is a popular cracking program program every hacker knows. It’s results are filetype:pot inurl:john.p inurl:john.pot ot 09-10 stored in a … 2004- filetype:reg “Terminal 09-07 Server Client”
These are Microsoft Terminal Services connection settings registry files. They may sometimes co…
2004filetype:rdp rdp 09-07
These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the cr…
2004inurl:snitz_forums_2000.mdb 09-07
The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: “it is strongl…
2004filetype:bkf bkf 09-06
This search will show backupfiles for xp/2000 machines.Of course these files could contain near…
2004-
This search will show QuickBooks Bakup Files. Quickbook is financial
filetype:qbb qbb
09-06
accounting software so sto…
filetype:eml ml | 2004- ( filetype:mail | filetype:e 08-26 filetype:mbox | f…
storing emails in your webtree isnt a good idea.with this search google will show files contai…
2004Quicken data files 08-25
The QDATA.QDF file (found sometimes in zipped “QDATA” archives online, sometimes not)…
2004“phone * * *” “address “ address *” &qu… 08-19
This search gives hounderd of existing curriculum vitae with names and adress. An attacker coul…
2004ext:asp inurl:patht inurl:pathto.asp o.asp 08-13
The UBB trial version contains files that are not safe to keep online after going live. The ins…
2004filetype:xls -site:gov inurl:contac inurl:contactt Microsoft Excel sheets containing contact information…. 08-09 2004- mail filetype:csv -site:gov 08-09 intext:name
CSV Exported mail (user) names and such….
2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean … 08-09 fil… Webmasters wanting to exclude search engine robots from certain parts of 2004(inurl:”robot.txt” | inurl:”robots…. their site often choos… 08-09 2004auto_inst.cfg cfg 08-05 filetype:cfg auto_inst.
Mandrake auto-install configuration files. These contain information about the installed packag…
2004filetype:fp7 fp7 08-05
These are Filemaker Pro version 7 databases files….
2004filetype:fp3 fp3 08-05
These are FileMaker Pro version 3 Databases….
2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both 08-02 -“cvs lo… version 5 and 6)…. filetype:mdb b 2004- inurl:*db filetype:md 08-02
More Microsoft Access databases for your viewing pleasure. Results may vary, but there have bee…
2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This 08-02 “P… search differs f… 2004filetype:ora ora 08-01
Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify…
2004- intitle:”Index Of” -inurl:maillog 07-28 maill…
This google search reveals all maillog files within various directories on a webserver. This se…
2004-
These are Remote Desktop Connection (rdp) files. They contain the settings
filetype:rdp rdp
and sometimes the cr…
09-07 2004inurl:snitz_forums_2000.mdb 09-07
The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: “it is strongl…
2004filetype:bkf bkf 09-06
This search will show backupfiles for xp/2000 machines.Of course these files could contain near…
2004filetype:qbb qbb 09-06
This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so sto…
2004- ( filetype:mail | filetype:eml | 08-26 filetype:mbox | f…
storing emails in your webtree isnt a good idea.with this search google will show files contai…
2004Quicken data files 08-25
The QDATA.QDF file (found sometimes in zipped “QDATA” archives online, sometimes not)…
2004“ address *” &qu… “phone * * *” “address 08-19
This search gives hounderd of existing curriculum vitae with names and adress. An attacker coul…
2004ext:asp inurl:patht inurl:pathto.asp o.asp 08-13
The UBB trial version contains files that are not safe to keep online after going live. The ins…
2004inurl:contactt Microsoft Excel sheets containing contact information…. filetype:xls -site:gov inurl:contac 08-09 2004- mail filetype:csv -site:gov 08-09 intext:name
CSV Exported mail (user) names and such….
2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just 08-09 fil… hours of good clean … Webmasters wanting to exclude search engine robots from certain parts of 2004(inurl:”robot.txt” | inurl:”robots…. their site often choos… 08-09 2004filetype:cfg auto_inst. auto_inst.cfg cfg 08-05
Mandrake auto-install configuration files. These contain information about the installed packag…
2004- filetype:fp7 fp7 08-05
These are Filemaker Pro version 7 databases files….
2004filetype:fp3 fp3 08-05
These are FileMaker Pro version 3 Databases….
2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6)…. 08-02 -“cvs lo… More Microsoft Access databases for your viewing pleasure. Results may vary, but there have bee…
2004inurl:*db filetype:md filetype:mdb b 08-02
2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This 08-02 “P… 2004filetype:ora ora 08-01
search differs f…
2004- intitle:”Index Of” -inurl:maillog 07-28 maill…
This google search reveals all maillog files within various directories on a webserver. This se…
Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify…
2004filetype:mdb db Microsoft Access databases containing (user) profiles ….. inurl:profiles filetype:m 07-26 intext:(password | 2004passcode) 07-26
intext:(username | us… 2004- intitle:”Index Of” 07-26 cookies.txt size
CSV formatted files containing all sorts of user/password combinations. Results may vary, but a… searches for cookies.txt file. On MANY servers this file holds all cookie information, which ma…
2004inurl:forum filetype:mdb Microsoft Access databases containing ‘forum’ information ….. 07-26 2004inurl:backup filetype:md filetype:mdb b Microsoft Access database backups….. 07-26 2004- data filetype:mdb 07-26 site:gov -site:mil
Microsoft Access databases containing all kinds of ‘data’….
2004inurl:email filetype:mdb 07-26
Microsoft Access databases containing email information…..
2004- intitle:”index of” +myd 07-21 size
The MySQL data directory uses subdirectories for each database and common files for table stora…
2004“sets mode: +s” 07-19
This search reveals secret channels on IRC as revealed by IRC chat logs….
2004“sets mode: +p” 07-19
This search reveals private channels on IRC as revealed by IRC chat logs….
filetype:conf f The information contained in these files depends on the actual file itself. SSL.conf 2004- inurl:ssl.conf filetype:con files cont… 07-15 2004private key files (.csr) 07-12
This search will find private key files… Private key files are supposed to be, well… privat…
2004private key files (.key) 07-12
This search will find private key files… Private key files are supposed to be, well… privat…
Loads of user information including email addresses exported in comma separated 2004exported email addresses file format (.c… 07-12 2004-
Welcome to ntop!
Ntop shows the current network usage. It displays a list of hosts that are currently
using the … 2004sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to MySQL tabledata dumps 07-06 think of what e… 07-06
2004- Microsoft Money Data 07-02 Files
Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.m… (http://www.m…
2004- OWA Public Folders 06-25 (direct view)
This search looks for Outlook Web Access Public Folders directly. These links open public folde…
2004Unreal IRCd 07-06
Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was f…
2004MSN Messenger uses the file extension *.ctt when you export the contact list. An filetype:ctt ctt messenger 06-22 attacker could… 2004- 94FBR “ADOBE 06-10 PHOTOSHOP”
94FBR is part of many serials. An malicious user would only have to change the programm name (p…
2004- inurl:forward filetype:forward ard -cvs 05-26 filetype:forw
Users on *nix boxes can forward their mail by placing a .forward file in their home directory. …
2004- intitle:”System Statistics” 05-24 +”Syste…
This search reveals internal network information including network configuratino, ping times, s…
2004- inurl:”cacti” 05-24 +inurl:”graph_view.ph…
This search reveals internal network info including architecture, hosts and services available….
2004This search reveals information information about internal networks, such as configuration, configuration, inurl:”/cricket/grapher.cgi” 05-24 services, bandw… 2004- intitle:”Big Sister” +”OK 05-24 Attention…
This search reveals Internal network status information about services and hosts….
2004- “Mecury Version” 05-18 “Infastructure Gro…
Mecury is a centralized ground control program for research satellites. This query simply loca…
2004- inurl:php.ini inurl:php.ini filetype:ini 05-17
The php.ini file contains all the configuration for how PHP is parsed on a server. It can cont…
intitle:intranet 2004inurl:intranet 05-17
These pages are often private intranet pages which contain phone listings and email addresses. …
2004- filetype:blt blt 05-14 +intext:screenname
Reveals AIM buddy lists, including screenname and who’s on their ‘buddy’ list and their ‘blocke…
+intext:”phon…
2004These are http server access logs which contain all sorts of information ranging filetype:log access.log -CVS 05-14 from usernames… 2004- filetype:log cron.log 05-14
Displays logs from cron, the *nix automation daemon. Can be used to determine backups, full an…
2004filetype:lic lic intext:key 05-13
License files for various software titles that may contain contact info and the product version…
2004- intitle:”index of” 05-13 mysql.conf OR mysql_c…
This file contains port number, version number and path info to MySQL server….
2004- filetype:eml eml 05-12 +intext:”Subject +intext:”Subject”” +inte…
These are oulook express email files which contain emails, with full headers. The information …
2004- filetype:mbx mbx
These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made
05-11 intext:Subject
public on pur…
2004filetype:wab wab 05-10
These are Microsoft Outlook Mail address books. The information contained contained will vary, but at the…
2004- “Request Details” “Control These pages contain a great deal of information including path names, session ID’s, 05-06 Tree&quo… stack trace… 2004- “HTTP_FROM=googlebot” googlebot.com m &qu… 05-06 googlebot.co
These pages contain trace information that was collected when the googlebot crawled a page. The…
2004- filetype:conf inurl:firewall - These are firewall configuration files. Although these are often examples or sample 05-05 intitle:cvs files, in m… 2004- inurl:”smb.conf” 05-04 intext:”workgroup&…
These are samba configuration files. They include information about the network, trust relation…
2004inurl:tdbin 05-03
This is the default directory for TestDirector
(http://www.mercuryinter (http://www .mercuryinteractive.com/produ active.com/products/test… cts/test…
This is the MRTG traffic analysis pages. This page lists information about 2004intext:”Tobias Oetiker” “traffic an… machines on the netw… 05-03
2004- inurl:server-info “Apache Server 04-28 Information&…
This is the Apache server-info program. program. There is so much sensitive stuff listed on this page th…
2004- inurl:perl/printenv 04-28
This is the print environemnts script which lists sensitive information such as path names, ser…
2004inurl:cgi-bin/printenv 04-28
This is the print environemnts script which lists sensitive information such as path names, ser…
2004inurl:fcgi-bin/echo 04-28
This is the fastcgi echo script, which provides a great deal of information including port numb…
2004inurl:server-status “apache” 04-26
This page shows all sort of information about the Apache web server. It can be used to track pr…
2004-
These pages are from Shareaza client programs. Various data is displayed
“This is a Shareaza Node”
04-21
including client versi…
2004“Running in Child mode” 04-21
This is a gnutella client that was picked up by google. There is a lot of data present includin… These pages reveal server information such as port, server software version, server name, full …
2004allinurl:servlet/SnoopServlet 04-20
2004These pages reveal information about the server including path allinurl:/examples/jsp/snp/snoop.jsp 04-20 information, port information, e… These pages generally contain newsletter administration pages. Some of these site are password …
2004inurl:”newsletter/admin/” 04-16
2004These pages generally contain newsletter administration pages. Some of inurl:”newslet inurl:”newsletter/admin/” ter/admin/” intitle:”… 04-16 these site are password …
2004“Index of” / “chat/logs” 04-13
This search reveals chat logs. Depending on the contents of the logs, these files could contain…
This is your typical stats page listing referrers and top ips and such. This 2004inurl:vbstats.php “page generated” information can ce… 04-08
2004#mysql dump” filetype:sql “#mysql 04-05
This reveals mySQL database dumps. These database dumps list the structure and content of datab…
2004intitle:index.of .of cleanup.log 04-05 intitle:index
This search reveals potential location for mailbox files by keying on the Outlook Express clean…
2004intitle:index intitle:index.of .of inbox dbx 04-05
This search reveals potential location for mailbox files. In some cases, the data in this direc…
2004intitle:index.of .of inbox intitle:index 04-05
This search reveals potential location for mailbox files. In some cases, the data in this direc…
2004- “Host Vulnerability 03-30 Summary Report”
This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on ho…
2004- “Network Vulnerability 03-30 Assessment Report”…
This search yeids vulnerability scanner reports, revealing potential vulnerabilities vulnerabilities on hosts a…
2004- “Thank you for your order” After placing an order via the web, many sites provide a page containing the phrase “Thank… 03-29 +receipt 2004- “not for distribution” 03-29 confidential
The terms “not for distribution” and confidential indicate a sensitive document. Resu…
This is a common script for changing passwords. Now, this doesn’t actually reveal 2004inurl:changepassword.asp the password,… 03-24 2004- “Most Submitted Forms 03-22 and Scripts” “…
More www statistics on the web. This one is very nice.. Lots of directory info, and client acce…
2004-
This search can find Excel spreadsheets in an administrative director directoryy or of an
inurl:admin filetype:xl filetype:xlss
03-16
administrative …
2004intitle:admin intitle:login in intitle:admin intitle:log 03-14
This search can find administrati administrative ve login pages. Not a vulnerability in and of itself, this que…
2004inurl:admin intitle:login 03-14
This search can find administrati administrative ve login pages. Not a vulnerability in and of itself, this que…
2004intitle:index.of intitle:index.of ws_ftp.ini 03-04
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) enc…
2004dead.letter contains the contents of unfinished emails created on the UNIX intitle:index.of dead.lett intitle:index.of dead.letter er 03-04 platform. Emails (fi… 2004- intitle:index.of “Apache” 03-04 “server a…
This is a very basic string found on directory listing pag pages es which show the version of the Apac…
2004- intitle:”wbem” compaq 03-04 login “Compaq…
These devices are running HP Insight Management Agents for Servers which “provide device i…
2004- inurl:main.php Welcome to From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ… 03-04 phpMyAdmin 2004- inurl:main.php 03-04 phpMyAdmin
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2004- “phpMyAdmin” “running 03-04 on” inur…
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2004- “robots.txt” “Disallow:” 03-04 filet…
The robots.txt f ile ile serves as a set of instructions for web crawlers. The “disallow “disallow”” …
2004- intitle:”Usage Statistics for” The webalizer program shows web statistics for web servers. This information includes who is vi… 03-04 “Gen… 2004- intitle:”statistics of” 03-04 “advanced w…
the awstats program shows web statistics for web servers. This information includes who is visi…
2004- ipsec.conf 03-04
The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are prote…
2004ipsec.secrets 03-04
from the manpage for ipsec_secrets: “It is vital that these secrets be protected. The file…
2004ipsec.secrets 03-04
ipsec_secrets: ets: “It is vital that these secrets be protected. The from the manpage for ipsec_secr file…
2004cgiirc.conf 03-04
This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC …
2004-
CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options
cgiirc.conf
03-04
for…
2004phpMyAdmin dumps 03-04
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2004phpMyAdmin dumps 03-04
From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle the administ…
2003- mystuff.xml – Trillian 08-19 data files
This particular file contains web links that trillian users have entered into the tool. Trillia…
2003site:edu admin grades 07-10
I never really thought about this until I started coming up with juicy examples for DEFCON 11…..
2003- haccess.ctl (VERY 06-30 reliable)
haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribe…
2003haccess.ctl (one way) 06-30
this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can…
More www statistics on the web. This one is very nice.. Lots of directory info, and 2003“generated by wwwstat” client acce… 06-30 2003“produced by getstats” 06-30
Another web statistics package. This one originated from a google scan of an ivy league college…
2003- “This report was 06-27 generated by WebLog”
These are weblog-generate generated d statistics for web sites… A roadmap of files, referrers, errors, s…
2003robots.txt 06-27
The robots.txt file contains “rules” about where web spiders are allowed (and NOT all…
2004phpinfo() 11-18
this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to …
2003AIM buddy lists 06-24
These searches bring up common names for AOL Instant Messenger “buddylists”. These li…
2003- mt-db-pass.cgi mt-db-pass.cgi files 06-24
manage to …
2003sQL data dumps 06-24
sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to think of what e…
2003- Financial spreadsheets: 06-24 finances.xls
“Hey! I have a great idea! Let’s put our finances on our website in a secret directory so …
2003- Financial spreadsheets: 06-24 finance.xls
“Hey! I have a great idea! Let’s put our finances on our website in a secret directory so …
2003-
ICQ chat logs, please…
These folks had the technical prowess to unpack the movable type fil es, but couldn’t
ICQ (http://www.icq.com) (http://www.icq.com) allows you to store the contents of your online chats into a
file. The…
06-24
These are server cluster reports, great for info gathering. Lesse, what were those 2003Ganglia Cluster Reports server names… 06-24 2003- squid cache server 06-24 reports
These are squid server cache reports. Fairly benign, really except when you consider using them…
2012inurl:finger.cgi 11-02
Finger Submitted by: Christy Philip Mathew…
2012- site*.*.*/webalizer 08-21 intitle:”Usage Statistics…
Shows usage statistics of sites. Includes monthy reports on the IP addresses, user agents, and …
2006- intitle:r57s intitle:r57shell hell +uname 05-04 bbpress
compromised servers… servers… a lot are dead links, but pages cached show interesting info, this is r5…
2006- “The statistics were last 05-03 updated” “…
Results include many varius Network activity logs…
2006- inurl:/counter/index.php 04-06 intitle:”+PHPCounter…
This is an online vulnerable web stat program called PHPCounter 7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, access beyond the p… 03-13 | intitle:&q… 2006- inurl:CrazyWWWBoard.cgi 02-08 intext:”detailed debu…
gives tons of private forum configuration information. information.examples: examples: Global variables installed, wha…
2005inurl:ovcgi/jovw 12-31
An HP Java network management tool. It is a sign that a network may not be configured properly….
2005- inurl:proxy | inurl:wpad 12-21 ext:pac | ext:dat findpro…
Information about proxy servers, internal ip addresses and other network sensitive stuff….
2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want your IP spewed acros… 11-21 .gov -.edu -.mil -op… 2005- intitle:”Retina Report” 10-26 “CONFIDENTI…
This googledork finds vulnerability reports produced by eEye Retina Security Scanner. The info…
2005- “Shadow Security Scanner 10-26 performed a vulnerab…
This is a googledork to find vulnerability reports produced by Shadow Security Scanner. They c…
2005- “The following report 10-26 contains confidential i…
This googledork reveals vunerability reports from many different vendors. These reports can co…
2005inurl:status.cgi?host=all 10-04
Nagios Status page. See what ports are being monitored as well as ip addresses.Be addresses.Be sure to check…
2005-
inurl:login.jsp.bak
JSP programmer anyone? You can read this!…
09-30 2005- intitle:”Belarc Advisor 02-15 Current Profile”…
People who have foolishly published an audit of their machine(s) on the net with some server in…
2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See also #198… 03-05 Port *… 2005- “powered | performed by 02-03 Beyond Security’s Aut…
This search finds Beyond Security reports. Beyond Security sells a box which performs automated…
2004- intitle:”PHPBTTracker 12-30 Statistics” | inti…
This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers – all the …
2004intitle:”BNBT Tracker Info” 12-30
This query shows pages which summarise activity on BNBT-powered BitTorrent trackers – including…
2004- intitle:”Azureus : Java BitTorrent 12-30 Client Tra…
This query shows machines using the Azureus BitTorrent client’s built-in tracker – the pages ar…
2004inurl:”install/install.php” 12-29
This searches for the install.php install.php file. Most results will be a Bulletin board like Phpbb etc.T…
2004- intext:”Welcome to the Web 12-07 V.Networks” i…
see and control JVC webcameras, you can move the camera, zoom… change the settings, etc…….
2004- intitle:”start.managing.the.device” MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for 12-10 remo… remote PBX access(MCK…
2004ext:cfg radius.cfg 12-06
“Radiator is a highly configurable and flexible Radius server that supports authentication…
2004- filetype:php inurl:ipinfo.p inurl:ipinfo.php hp 12-07 “Distributed In…
Dshield is a distributed intrusion detection system. The ipinfo.php script includes a whois loo…
Mercury SiteScope designed to ensure the availability and performance of 2004inurl:”sitescope.html” inurl:”sitescope.html” intitle:”sit… distributed IT infrast… 12-03
2004- intitle:”twiki” 12-02 inurl:”TWikiUsers&q…
TWiki has many security problems, problems, depeding on the version installed. TWiki, is a flexible, powe…
2004- “Phorum Admin” “Database 11-28 Connection…
Phorum admin pagesThis either shows Information leakage (path info) or it shows Unprotected Adm…
sysWatch is a CGI to display current information about your UNIX system. It 2004“Output produced by SysWatch *” can display drive p… 11-28
2004inurl:testcgi xitami 11-28
Testpage / webserver environmentThis is the test cgi for xitami webserver. It shows the webserv…
2004- filetype:log
ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip
11-28 intext:”ConnectionManager2″
addresses, phon…
2004- intitle:”sysinfo * ” 11-12 intext:”Genera…
Lots of information leakage on these pages about active network services, server info, network …
2004- inurl:portscan.php inurl:portscan.php “from 11-12 Port”|”Por…
This is general search for online port scanners which accept any IP. It does not find a specifi…
2004inurl:/adm-cfgedit.php 11-07
PhotoPost Pro is photo gallery system. This dork finds its installation page.You can use this p…
2004inurl:webutil.pl 11-07
webutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslo…
Domino is server technology technology which transforms Lotus Notes® into an Internet a…
2004inurl:statrep.nsf -gov inurl:statrep.nsf 10-20
The finger command on unix displays information about the system users. 2004inurl:/cgi-bin/finger? “In real life” This search displays pr… 10-19
2004- inurl:/cgi-bin/finger? Enter 10-19 (account|host|user|us…
The finger command on unix displays information about the system users. This search displays th…
2004- filetype:php inurl:nqt 10-18 intext:”Network Query …
Network Query Tool enables any Internet user to scan network information using:* Resolve/Revers… Resolve/Revers…
2004- inurl:”map.asp?” 10-05 intitle:”WhatsUp G…
“WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily track variables associate…
2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network network data and other resource 09-29 web pa… utilization dat…
((inurl:ifgraph h “Page 2004- ((inurl:ifgrap 09-29 generated at”) OR …
ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RR…
2004- inurl:”/catalog.nsf” 09-10 intitle:catalog
This will return servers which are running versions of Lotus Domino. The catalog.nsf is the ser…
2004- “Powered by phpOpenTracker is a framework solution for the analysis of website traffic and 09-21 phpOpenTracker phpOpenTracker”” Statistics visitor analysis… site:netcraft.com 2004intitle:That.Site.Running 09-21 Apache
Netcraft reports a site’s operating system, web server, and netblock owner together with, if av…
2004- “this proxy is working 08-13 fine!” “ente…
These are test pages for some proxy program. Some have a text field that allows you to use that…
2004“apricot – admin” 00h 07-29
This search shows the webserver access stats as the user “admin”. The language used i…
2006- “by Reimar Hoven. All 04-15 Rights Reserved. Discla…
dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&… inurl:”log/logdb.dta&…
2004- intitle:”Microsoft Site 07-16 Server Analysis”
Microsoft discontinued Site Server and Site Server Commerce Edition on June 1, 2001 with the in…
2004- Analysis Console for 07-12 Incident Databases
ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend f…
2004Looking Glass 06-22
A Looking Glass is a CGI script for viewing results of simple queries executed on remote router…
2004- “Version Info” “Boot
This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved
06-04 Version” … from this … 2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from this page incl… 06-04 page” 2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive 05-13 samples -examples information such a… 2004- filetype:pdf “Assessment 05-03 Report” nessus
These are reports from the Nessus Vulnerability Scanner. These report contain detailed informat…
2004- inurl:phpSysInfo/ inurl:phpSysInfo/ “created This statistics program allows the an admin to view stats about a webserver. Some 04-16 by phpsysinfo”… sites leave t… 2004“SnortSnarf alert page” 04-16
snort is an intrusion detection system. SnorfSnarf creates pretty web pages from intrusion dete…
2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential potential vulnerabilities on hosts and 03-30 Report” “I… networks. … 2004- “This report lists” 03-30 “identified by …
This search yeids ISS scan reports, revealing potential potential vulnerabilities on hosts and networks. …
201 4inurl:typo3conf/localconf.php 04-
typo3 passwords
Bruno Schmid …
07 201 4inurl:/backup intitle:index intitle:index of of 03- backup intext:*sql 31
Google Search:https://www.google.com/search?client=opera&q=admin+username+and +pass&sour…
201 3filetype:password jmxremote 1125
Passwords for Java Management Extensions (JMX Remote) Used by jconsole, Eclipse’s MAT, Java Vi…
201 3intext:@gmail..com ext:sql intext:@gmail 11- intext:password 25
author:haji …
201 site:github.com inurl:sftp311- config.json 25
Find disclosed FTP login credentials in github repositories Credit: RogueCoder… RogueCoder…
201 3site:github.com inurl:sftp11- config.json intext:/wp-…
Finds disclosed ftp FTP for WordPress installs, which have been pushed to a public repo on GitH…
25 201 3“BEGIN RSA PRIVATE KEY” 09- filetype:key -gi… 24 201 3filetype:sql insite:pass && user 0422
To find private RSA Private SSL Keys …
Google Dork: filetype:sql insite:pass && user We Can get login username and password…
201 intext:@hotmail..com 3ext:sql intext:@hotmail 04- intext :password 09
By , NItish Mehta , www.illuminativeworks.com/blog https://www.facebook.com/il https://www. facebook.com/illuminativework luminativework… …
201 filetype:config inurl:web.config 304- inurl:ftp 09
This google dork to find sensitive information of MySqlServer , “uid, and password” …
201 filetype:inc OR filetype:bak OR 302- filetype:old mysql… 05
Aggregates previous mysql_(p)connect google dorks and adds a new filetype. Searches common fil…
201 *Google Search:* 3ext:xml (“proto=’prpl-‘” | “prplhttps://www.google.com https://www. google.com/search?q=ext:x /search?q=ext:xml%20(%2 ml%20(%22proto=’prpl 2proto=’prpl02- ya… ‘%22%20|%20%22prp… 05 201 2allinurl:”User_info/auth_user_fil Google dork for find user info and configuration configuration password of DCForum allinurl:”User_info/… 11- e.txt” 05 201 211- inurl:”/dbman/default.pass” 02
A path to a DES encrypted password for DBMan ( http://www.gossame http://www.gossamerrthreads.com/products/archiv…
201 “parent directory” 211- proftpdpasswd intitle… 02
This dork is based on this: http://www.exploit-db.com/ghdb/1212/ but improved cause that is u…
201 filetype:xls “username | 211- password” 02
filetype:xls “username | password” This search reveals usernames and/or passwords of …
201 ext:xml 2(“mode_passive”|”mode_defau OffSec: So the dork is: ext:xml (“mode_passive”|”mode_default”) (“mode_passive”|”mode_default”) Th… 11… 02 201 2intext:charset_test= email= 08- default_persistent= 21 201 2inurl:”passes” OR 08- inurl:”passwords&… 21
find facebook email and password
…
Hack the $cr1pt kiddies. There are a lot of Phishing pages hosted on internet ,
this dork wi…
201 filetype:cfg “radius” 205- (pass|passwd|passw… 15
Find config files with radius configs and passwords and secrets… Love Bastich …
2011- (username=* | username:* |) | ( 12-27 ((password=* | pas…
Logged username, passwords, hashes Author: GhOsT-PR …
2011-
Search for WordPress MySQL database backup. Author: AngelParrot
12-14 filetype:sql inurl:wp-cont inurl:wp-content/backup-* ent/backup-*
…
2011“My RoboForm Data” “index of” 12-12
This dork looks for fo r Roboform password files. Author: Robert McCurdy …
2011inurl:”/Application on Data/Filezilla/* Data/Filezilla/*”” OR… inurl:”/Applicati 11-19
this dork locates files containing ftp passwords …
2011- filetype:php~ Backup or temp versions of php files containing you guessed it 10-11 (pass|passwd|password|dbpass|db_pass… passwords or other ripe for the… 2011inurl:ftp “password” filetype:xls 09-26
this string may be used to find many low hanging fruit on FTP sites recently indexed by google….
2011- filetype:sql “phpmyAdmin SQL Dump” 06-28 (pass…
phpMyAdmin SQL dump with passwords Bastich …
2011- filetype:sql “MySQL dump” 06-28 (pass|password…
MySQL database dump with passwords Bastich …
2011filetype:sql “PostgreSQL database dump” … PostgreSQL database dump with passwords Bastich … 06-28
Asian FTP software -, run the password hash through John etc. 2011(pass|passwd|pass… ass… filetype:ini “[FFFTP]” (pass|passwd|p Author: Bastich … 04-18
2011- filetype:ini “FtpInBackground” (pass|pas… Total commander wxc_ftp.ini run has through John etc. or even 04-18 better use http://wcxftp.org.ru/… 2011filetype:ini “precurio” (pass|passwd| (pass|passwd|pas… pas… plain text passwods … 04-18 2011filetype:ini “SavedPasswords” (pass|pass… Unreal Tournament config, plain text passwords Author: Bastich … 04-18
2011- filetype:ini “pdo_mysql” 04-18 (pass|passwd|pa… 2011-
full details dbname dbuser dbpass all plain text Author:Bastich …
inurl:web/frontend_dev.php -trunk
Google search for web site build with symfony framework and in
01-09
development environment. In …
2011- inurl:config/databases.yml inurl:config/databases.yml -trac -trunk 01-09 “Goo…
Google search for web site build with symfony framework. This file contains the login / passwo…
2010inurl:-cfg intext:”enable password” 11-10
Google search for Cisco config files (some variants below): inurl:router-confg inurl:routerconfg inurl:-confg…
2006“login: *” “password: *” filet… 09-06
This returns xls files containing login names and passwords. it works by showing all the xls fi…
2006intext:”$dbms””$dbhost”… bhost”… ext:php intext:”$dbms””$d 08-10
Hacking a phpBB forum. Here you can gather the mySQL connection information for their forum dat…
2006- inurl:”calendarscript/users.txt” 03-21
CalenderScript is an overpriced online calender system written in perl. The passwords are encry…
2006- filetype:sql “insert into” 03-06 (pass|passwd|…
Looks for SQL dumps containing cleartext or encrypted passwords….
2006- filetype:reg reg 02-05 +intext:â€Å
This can be used to get encoded vnc passwords which can otherwise be obtained by a local regist…
2006- ext:asa | ext:bak intext:uid 01-02 intext:pwd -“uid…
search for plaintext database credentials in ASA and BAK files….
2006- enable password | secret
Another Cisco configuration search. This one is cleaner, gives complete
01-02 “current configurati…
configuration files and…
2006- ext:passwd -intext:the -sample - Various encrypted passwords, some plaintext passwords and some private keys are revealed by thi… 01-02 example
inurl:”editor/list.asp” | 2006- inurl:”editor/list.asp” 01-02 inurl:”da… 2006filetype:bak createobject sa 01-01
This search finds CLEARTEXT CLEARTEXT usernames/passwords for the Results Database Editor. The log in po… This query searches for files that have been renamed to a .bak extension (obviously), but inclu…
2005- inurl:ventrilo_srv.ini 12-19 adminpassword
This search reveals the ventrilo (voice communication program used by many online gamers) passw…
2005- “parent directory” 11-30 +proftpdpasswd
User names and password hashes from web server backups generated by cpanel for ProFTPd. Passwo…
2005ext:yml database inurl:config 11-14
Ruby on Rails is a MVC full-stack framework for development of web applications. There’s a conf…
2005inurl:”Sites.dat”+”PASS=” 11-03
FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file, using this…
2005server-dbs “intitle:index of” 10-30
Yes, people actually post their teamspeak servers on websites. Just look for the words superadm…
This search will show you the Administrator password (very first line) on YaBB 2005inurl:/yabb/Members/Admin.dat forums whose own… 09-28
2005- “admin account info” 09-25 filetype:log
searches for logs containing admin server account information such as username and password….
2005“your password is” filetype:log 09-24
This search finds log files containing the phrase (Your password is). These files often contain…
2005intitle:rapidshare intext:login 09-18
Rapidshare login passwords….
2005- intext:”enable password 7″ 09-13
some people are that stupid to keep their Cisco routers config files on site. You can easly fin…
2005filetype:dat inurl:Sites inurl:Sites.dat .dat 09-13
If you want to find out FTP passwords from FlashFXP Client, just type this query in google and …
2005ext:inc “pwd=” “UID=” 08-31
Database connection strings including passwords…
2005- [WFClient] Password= 07-27 filetype:ica
The WinFrame-Client infos needed by users to connect toCitrix Application Application Servers (e.g. Metafra…
2005- inurl:cgi-bin
CGI Calendar (Perl) configuration file reveals information including passwords for
06-24 inurl:calendar.cfg
the program….
2005- intitle:”phpinfo()” 06-05 +”mysql.default…
This will look throught default phpinfo pages for ones that have a default mysql password….
2005inurl:pass.dat 06-04
Accesses passwords mostly in cgibin but not all the timeCan find passwords + usernames (sometim…
2005mIRC Passwords For Nicks & Channels in channel\[chanfolder] section of mirc.ini inurl:perform.ini filetype:ini inurl:perform.ini you can fin… 06-06
2005- intext:”powered by 05-11 EZGuestbook”
HTMLJunction EZGuestbook EZGuestbook is prone to a database disclosure vulnerability. Remote users may down…
2005- inurl:server.cfg rcon 05-06 password
Counter strike rcon passwords, saved in the server.cfg….
!Host=*.* some people actually keep their VPN profiles on the internet…omg… internet…omg… Simply 2005intext:enc_UserPassword=* donwload the pcf f… 05-02 ext:pcf wwwboard WebAdmin 2005inurl:passwd.txt 03-28
This is a filtered version of previous ‘inurl:passwd’ searches, focusing on WWWBoard [1]. Ther…
2005-
sysprep is used to drive unanttended MS Windows installations. The files contain
wwwboard|webad… filetype:inf sysprep
03-20
all informatio…
2005ext:txt inurl:unattend.txt 03-20
the unattend.txt is used to drive unanttended MS Windows installations. The files contain all i…
2005- filetype:sql ("passwd Find insert statements where the field (or table name) preceding the operator 02-23 values" | … VALUES will be ‘… 2005- filetype:sql (“values * MD5” Locate insert statements making use of some builtin function to encrypt a password. PASSWORD(),… 02-23 | “val… 2005- intitle:”Index of” 02-10 sc_serv.conf sc_serv …
This dork lists sc_serv.conf files. These files contain information for Shoutcast servers and o…
2005- “Powered by Link 02-15 Department”
Link management script with advanced yet easy to use admin control panel, fully template driven…
"Powered by 2005DUpaypal" DUpaypal" 02-07
Here is another DUware product, DUpaypal. Once you get hold of the database it contains the adm…
site:duwa…
mysql_connect ct INC files have PHP code within them that contain unencrypted usernames, 2005- filetype:inc mysql_conne passwords, and addresse… 02-09 OR mysql_pconnect 2005- ext:ini Version=4.0.0.4 01-27 password
The servU FTP Daemon ini file contains setting and session information including usernames, pas…
2004- ext:ini eudora.ini 12-19
like pop se…
2004- intext:”powered by Web 12-13 Wiz Journal”
Web Wiz Journal ASP Blog. The MDB database is mostly unprotected and can be downloaded directly…
2004inurl:filezilla.xml inurl:filezilla.xml -cvs 12-02
filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open…
2004- inurl:”GRC.DAT” 11-28 intext:”password&qu…
passwords…. …. symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords
2004- filetype:log “See `ipsec –
BARF log filesMan page:Barf outputs (on standard output) a collection of debugging inform
11-28 copyright”
…
Well, this is the configuration configuration file for Eudora…may contain sensitive information
2004- “powered by dudownload” Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 -site:duware.com 2004- intitle:dupic intitle:dupicss inurl:(add.asp Most duware products use Microsoft Access databases in default locations without instructi 11-23 | default.asp | view… th… 2004- “powered by duclassmate” Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 -site:duware.co… 2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 site:duware.c… 2004- “Powered by Dudirectory” - Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 site:duware.co…
2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi 11-23 site:duware.c… th… 2004- “powered by ducalendar” - Most duware products use Microsoft Access databases in default locations without instructi th… 11-23 site:duware.com 2004intext:”enable secret 5 $” 11-16
sometimes people make mistakes and post their cisco configs on “help sites” and don’t…
2004- “liveice configuration file” 11-08 ext:cfg -si…
This finds the liveice.cfg liveice.cfg file which contains all configuration data for an Icecast server. P…
2004filetype:ini inurl:”serv-u.ini” serv-U is a ftp/administration server for Windows. This file leaks info about the version, use 11-06 2004inurl:pap-secrets ets -cvs inurl:pap-secr 11-06
linux vpns store there usernames and passwords for PAP authentification in a file called “…
2004inurl:chap-secrets -cvs inurl:chap-secrets 11-06
linux vpns store their usernames and passwords for CHAP authentification authentification in a file called “…
2004-
inurl:flashFXP.ini P.ini FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an excep filetype:ini inurl:flashFX
10-10 2004- “Powered By Elite Forum 09-24 Version *.*”
Elite forums is one of those t hose Microsoft Access .mdb file based forums. This one is particularly
2004filetype:mdb wwforum 09-24
Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access databa…
2004“index of/” “ws_ftp.ini” “… This search is a cleanup of a previous entry by J0hnny. It uses “parent directory” to… 09-17 filetype:config ig config 2004- filetype:conf 09-16 intext:appSettings “Us…
These files generally contain configuration information for a .Net Web Application. Things li
2004filetype:ini wcx_ftp 08-25
This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. O
2004- LeapFTP intitle:”index.of./” sites.ini 08-20 m…
The LeapFTP client configuration file “sites.ini” holds the login credentials for tho…
2004filetype:conf oekakibbs 08-16
Oekakibss is a japanese anime creation application. The config file tells an attacker the encry…
2004“http://*:*@www” domainname 08-14
This is a query to get inline passwords from search engines engines (not just Google), you must type in…
This will search for backup files (*.bak) created by some editors or even by 2004- filetype:bak 08-14 inurl:”htaccess|passwd|shadow|ht… the administrator …
2004inurl:/db/main.mdb 08-13
ASP-Nuke database file containing passwords.This search goes for the direct location and has fe…
2004inurl:nuke filetype:sql 08-10
This search reveals database dumps that most likely relate to the phpnuke or postnuke content …
2004filetype:ini ServUDae ServUDaemon mon 08-06
The servU FTP Daemon ini file contains setting and session information including usernames, pas…
2004- filetype:pass pass intext:user intext:userid id 08-06
Generally, these are dbman password files. They are not cleartext, but still allow an attacker …
2004“AutoCreate=TRUE password=* password=*”” 08-05
This searches the password for “Website “ Website Access Analyzer”, a Japanese software that cr…
2004inurl:/wwwboard 08-01
The software wwwboard stores its passwords in a file called “passwd.txt”.An attacker …
2004filetype:pwl pwl 07-29
These are Windows Password List files and have been known to be easy to crack since the release…
2004- “# -FrontPage- ” ext:pwd
Frontpage.. very nice clean search results listing !!No further comments
07-26 inurl:(service |…
required..changelog:22…
2004“sets mode: +k” 07-19
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs….
2004- intitle:”Index of” passwords 07-16 modified
These directories are named “password.” I wonder what you might find in here. Warning…
2004- inurl:lilo.conf filetype:conf password LILO is a general purpose boot manager that can be used to boot multiple operating systems, inc… 07-16 -tatercount… 2004NickServ registration passwords 07-12
NickServ allows you to “register” a nickname (on some IRC networks) and prevent other…
2004psyBNC config files 07-06
psyBNC is an IRC-Bouncer with many features. It compiles on Linux, FreeBSD, SunOs and Solaris. …
2004filetype:mdb inurl:users.mdb 06-16
Everyone has this problem, we need to remember many passwords to access the resources we use. S…
2004inurl:ccbill filetype:log 06-18
CCBill.com sells E-tickets to online entertainment and subscription-based websites. CCBill.com …
2004- inurl:ospfd.conf intext:pass intext:password word 06-10 sample -test -tu…
GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 proto…
inurl:zebra.conf 2004- intext:password intext:password -sample - GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 prot… 06-10 test -tu…
2004filetype:pwd service 06-10
Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90’s peop…
2004filetype:sql password 06-04
Database maintenance is often automated by use of .sql files that contain many lines of batched…
2004- filetype:sql +”IDENTIFI +”IDENTIFIED ED Database maintenance is often automated by use of .sql files wich may contain 06-04 BY” -cvs many lines of bat… 2004- filetype:ldb admin 06-02
According to filext.com, the ldb file is “A lock file is used to keep muti -user databases …
2004- filetype:cfg mrtg 06-02 “target[*]” -sample -c…
Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community string (ofte…
2004filetype:dat wand.dat 05-27
The world-famous web-browser web-browser Opera has the ability to save the password for you, and it call th…
2004signin filetype:url 05-26
Javascript for user validation is a bad idea as it shows cleartext user/pass combos. There is …
2004-
The .netrc file is used for automatic login to servers. The passwords are stored in
filetype:netrc filetype:netrc password
cleartext….
05-26 2004filetype:ini ws_ftp pwd 05-26
The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the &qu…
2004- inurl:”slapd.conf” 05-25 intext:”rootpw&q…
slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can view a clea…
2004- inurl:”slapd.conf” 05-25 intext:”credenti…
slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key “crede…
2004filetype:inc dbconn 05-26
This file contains the username and password the website uses to connect to the db. Lots of th…
2004- inurl:”wvdial.conf” 05-24 intext:”passwor…
The wvdial.conf is used for dialup connections.it contains contains phone numbers, n umbers, usernames and passwor…
2004- filetype:pem 05-17 intext:private
This search will find private key files… Private key files are supposed to be, well… privat…
2004filetype:conf slapd.conf 05-17
slapd.conf is the file that contains all the configuration for OpenLDAP, including the root pas…
2004- filetype:dat 05-17 “password.dat”
This file contains plaintext usernames and password. Deadly information in the hands of an atta…
2004- filetype:log 05-13 inurl:”password.log”
These files contain cleartext usernames and passwords, as well as the sites associated with tho…
2004- filetype:url +inurl:”ftp:// +inurl:”ftp://”” These are FTP Bookmarks, some of which contain plaintext login names and 05-12 +inurl:&qu… passwords….
2004- inurl:vtund.conf 05-12 intext:pass -cvs
Theses are vtund configuration files (http://vt (http://vtun.sourceforg un.sourceforge.net). e.net). Vtund is an encrypted tunne…
filetype:reg reg 2004HKEY_CURRENT_USER 05-11 SSHHOSTKEYS
This search reveals SSH host key fro the Windows Registry. These files contain information abou…
2004- filetype:reg reg These pages display windows registry keys which reveal passwords and/or 05-07 +intext:”defaultusername&quo… usernames…. 2004- filetype:inc 05-05 intext:mysql_connect
INC files have PHP code within them that contain unencrypted usernames, passwords, and addresse…
2004- filetype:properties filetype:properties inurl:db 05-04 intext:password
The db.properties file contains usernames, decrypted passwords and even hostnames and ip addres…
2004- intitle:”index of” 05-03 intext:globals.inc
contains plaintext user/pass for mysql database…
2004inurl:perform filetype:ini 05-03
Displays the perform.ini file used by the popular irc client mIRC. Often times has channel pass…
2004- intitle:”index of” 04-26 intext:connect.inc
These files often contain usernames and passwords for connection to mysql databases. In many ca…
2004eggdrop filetype:user user 04-26
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, s…
2004- filetype:cfm “cfapplication 04-19 name” passwo…
These files contain ColdFusion source code. In some cases, the pages are examples that are foun…
2004allinurl: admin mdb 04-16
Not all of these pages are administrator’s access databases containing usernames, passwords and…
2004-
This file contains usernames and (lame) encrypted passwords! Armed with
intitle:Index.of etc shadow intitle:Index.of
03-04
this file and a decent …
2004- inurl:secring ext:skr | ext:pgp | 03-04 ext:bak
This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphr…
2004- intitle:index.of 03-04 administrators.pwd
This file contains administrative administrative user names and (weakly) encrypted password for Microsoft Fron…
2004htpasswd 03-04
This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable pass…
2004passlist.txt (a better way) 01-23
Cleartext passwords. No decryption required!… required!…
2003trillian.ini 08-19
Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC, ICQ, etc. The v…
2003- inurl:config.p inurl:config.php hp dbuname 07-29 dbpass
The old config.php script. This puppy should be held very closely. It should never be viewable …
2003auth_user_file.txt 07-11
DCForum’s password file. This file gives a list of (crackable) passwords, usernames and email a…
2003- filetype:xls username password This search shows Microsoft Excel spreadsheets containing the words 06-30 email username, password and emai… This search gets you access to the etc directory, where many many many types of password files …
2003- etc (index.of) 06-27 2003passlist 06-27
I’m not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEAR…
2003config.php 06-24
This search brings up sites with “config.php” files. To skip the technical discussion…
2003passwd / etc (reliable) 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003-
There’s nothing that defines a googleDork more than getting your PASSWORDS
spwd.db / passwd
06-24
grabbed by Google fo…
2003htpasswd / htgroup 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003htpasswd / htpasswd.bak 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003pwd.db 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003master.passwd 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003passwd 06-24
There’s nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google fo…
2003people.lst 06-24
*sigh*…
2003- intitle:index.of 06-24 intext:”secring.skr”|&q…
PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the he…
2003mysql history files 06-24
The .mysql_history file contains commands that were performed against a mysql database. A “…
2014- intitle:”Zimbra Web Client Log In” 04-21
Open Source Zimbra Webmail Login pages …
2014intitle:”Zimbra Web Client Sign In” 04-21
Open Source Zimbra Webmail Login pages …
2014inurl:typo3/install/inde x.php?mode= inurl:typo3/install/index.php?mode= 04-07
typo3 install logins Bruno Schmid …
2014inurl:”Citrix/XenApp/auth/login.aspx” 03-31
Finds login portals for Citrix XenApp. – Andy G – twitter.com/vxhexx … twitter.com/vxhe
2014intitle:Admin inurl:login.php hp site:.co.in intitle:Admin inurl:login.p 02-28
dork submitted by M4RKM3N aka Osama Mahmood revels
2014allinurl:”zimbra/?zinitmode=http” -googl… 02-05
zimbra webmail login page lookup
2014allinurl:”/main/auth/profile.php” -githu… 01-03
[+] This dork will help you find Chamilo login portals. Depending on the version, the site co…
2013inurl:/administrator/index.php?autologin=1 12-03
admin login panels of sites
…
allinurl:”zimbra/?zinitmode=http” -google -github …
Title: google hacking username and password of joomla Google Dork: inurl:/administrator/index…. inurl:/administrator/index….
2013- “inurl:/data/nanoadmin.php” 11-25
Hi, I would like to submit this GHDB which allow to find out nanoCMS administration pages :…
2013inurl:”/jenkins/login” “Page genera… 11-25
Finds login pages for Jenkins continuous integration servers. – Andy G – twitter.com/ twitter.com/vxhex vxhex …
Finds SimpleSAMLphp login pages. – Andy G – 2013inurl:”/module.php/core/l .php/core/loginuserpass.ph oginuserpass.php&quo… p&quo… inurl:”/module twitter.com/vxhex … 11-25
2013allinurl:”owa/auth/logon.aspx” -google -… 11-25
[+] Descripti Description on – Find OWA login portals Regards, necrodamus http://www.twitter.com/n http://www.twitter.com/ne… e…
2013-
IP Codecs offering “studio quality audio and video over
intitle:”Comrex ACCESS Rack”
09-24
wired and wireless IP circuits&qu…
2013- inurl:phpmyadmin/index.php & (intext:username 08-08 …
#Summary: PHP Admin login portals #Summary: portals #Author #Author:: g00gl3 5c0u7 …
2013intitle:”::: Login :::” & intext:&qu… 08-08
#Summary #Summary:: Surveillance login portals portals #Author: #Author: g00gl3 5c0u7 …
2013inurl:8080 intitle:”login” intext:”… 08-08
#Summary:: VoIP login portals portals #Category: #Category : Pages containing #Summary login portals portals #Author: g00gl3 5c0u7 …
2013intitle:”WebMail | Powered by Winmail Server … 08-08 2013intitle:”Login – OTRS” inurl:pl 08-08
#Summary #Summary:: Winmail login portals portals #Author: g00gl3 5c0u7 …
#Summary: #Summary: OTRS login portals portals #Author: g00gl3 5c0u7 …
2013inurl:”/secure/login.aspx” 08-08
#Summary #Summary:: Several Web Pages Login Portal Portal #Category: #Category: Pages containing login portals portals #Author: g…
2013intext:”I’m using a public or shared computer… 08-08
#Summary: Windows Business Server 2003 Login portal #Summary: #Category: Pages containing login portals …
2013- intitle:”.:: Welcome to the 08-08 Web-Based Configu…
#Summary: ZyXEL router login portal #Summary: portal #Category: #Category: Pages containing login portals #Author: g00gl3…
2013- intitle:”Internet Security 08-08 Appliance” &a…
#Summary: ZyWall Firewall login portal #Summary: portal #Category: #Category : Various Online Devices #Author: g00gl3 5c0u…
2013inurl:5000/webman/index.cgi Synology nas login … 08-08
2013- “Welcome to phpMyAdmin” + Finds cPanel login pages. – Andy G – twitter.com/vxhe twitter.com/vxhexx … 08-08 “Username… 2013- inurl:/secure/Dashboard.jspa Finds login pages and system dashboards for Atlassian’s JIRA. – Andy G – twitter.com/vxhex … 08-08 intitle:”System … 2013- intitle:”Cisco Integrated
intitle:”Cisco Integrated Management Controller Login” The Cisco Integrated
08-08 Management Controll…
Manage…
2013inurl:”dasdec/dasdec.csp” 08-08
inurl:”dasdec/dasdec.csp” DASDEC II Emergency Alert System User Manual: inurl:”dasdec/dasdec.csp” http://www….
2013intitle:”VNC Viewer for Java” VNC Viewer for Java ~4N6 Security~ … 08-08
2013- Serv-U (c) Copyright 199504-22 2013 Rhino Software, Inc…
# Category: FTP Login Portals # Description : Dork for finding FTP Login portals # Google Dor…
2013- intext:Computer Misuse Act 04-09 inurl:login.aspx
Category : Pages containing login portals Description : Dork for finding sensitive login porta…
intext:YOU ARE ACCESSING A 2013Category : Pages containing login portals Description : Dork for finding GOVERNMENT INFORMATION government login port… 04-09
…
intext:THIS IS A PRIVATE Category : Pages containing login portals Description : Dork for finding sensitive 2013SYSTEM AUTHORISED ACCESS login porta… 04-09
…
2013- allintext: “Please login to 04-09 continue…”…
Reported by: Jasper Briels…
2013-
DORK:site:login.*.* Description: Allow User To View Login Panel Of Many
site:login.*.*
02-05
WebSites.. Author:MT…
2012- you really should fix this 12-31 security hole by settin…
Gives sites with default username root and no password — nitish mehta …
2012inurl:phpliteadmin.php 11-02
The default password is ‘admin’ …
2012inurl:”InfoViewApp/logon.jsp” Google Hacking *SAP Business Object 3.1 XI* inurl:”InfoViewApp/logon. inurl:”InfoViewApp/logon.jsp” jsp” tw… 11-02 2012intitle:”DVR+Web+Client” 08-21
This dork will find most Linux-based DVR web clients that are accessible to the web and throug…
2012- Please-logon “intitle:zarafa 08-21 webaccess “
Zarafa Webaccess logon pages. Greetings, Alrik. …
2012- intitle:”Log In” “Access 08-21 unsecured …
iOmega Storcenter login page: intitle:”Log In” “Access unsecured content with…
2012- inurl:/app_dev.php/login 08-21 “Environment”
Search for login screen in web aplications developed with Symfony2 in a development environment…
2012inurl:”cgi-bin/webcgi/main” 08-21
inurl:”cgi-bin/webcgi bin/webcgi/main” /main” This dork finds indexed public facing Dell Remote Acce…
2012-
“mailing list memberships reminder”
Hi, By default, while subscribing to a mailing list on a website, running
Mailman (GNU) for…
05-15
2012“Welcome to Sitecore” + “License Ho… Sitecore CMS detection. … 05-15
2011intitle:”cyber recruiter” “User ID&… 05-11
Search for login screen of default instance: Cyber Recruiter (applicant tracking and recruitin…
2011- intitle:”Enabling Self -Service -Service 05-11 Procurement&qu…
Search for login screen of default instance: Puridiom (A Procurement Web Application) …
2011- “Login Name” Repository Webtop 05-11 intitle:l…
Search for login screen of default instance: Documentum Webtop by EMC …
2011intitle:”cascade server” inurl:login.ac inurl:login.actt 03-15
Search for login screen of default instance: Cascade Server CMS by Hannon Author: Erik Horton …
2010inurl:src/login.php 11-13
Locates SquirrelMail Login Pages Author: 0daydevilz…
2010inurl:/dana-na/auth/ 11-12
Juniper SSL Author: bugbear…
2010- “Remote Supervisor Adapter II” 11-10 inurl:use…
IBM e-server’s login pages. Author: DigiP…
201011-10 ||Powered by [ClipBucket 2.0.91]
This search identifies installations. They frequently have an admin/admin default clpbpucket pa…
2006- intitle:ARI “Phone System 10-02 Administrator”
Login page for “Asterisk “ Asterisk Recording Interface” Interface” (ARI)….
2006- intitle:”AdventNet ManageEngine 10-02 ServiceDesk P…
serviceDesk Plus is a 100 % web-based Help Desk and Asset Management software.vendor: h**p://ma… h**p://ma…
2006inurl:”/?pagename=CustomerLogin” 09-20
Customer login pages for what looks like an inhouse eshop. More information here:h**p://catalin… here:h**p://catalin…
2006- inurl:”/?pagename=AdministratorLogin” Powered by Bariatric AdvantageAdmin Login:Admin login pages for what looks like an inhouse esho… 09-20
2006inurl:+:8443/login.php3 09-27
Plesk is a multi platform control panel solution for hosting.More inf ormation: ormation: hxxp://www.swsof… hxxp://www.swsof…
2006- (intitle:”SilkyMail by Cyrusoft 08-03 International…
silkyMail is a free internet email client, from www.cyrusoft.com, that runs in your browser. Th…
2006Webmail is a http based email server made by atmail.com. To get to intitle:”Login to @Mail” (ext:pl | inurl… 08-03 the admin login instead of t… 2006-
surgemail is an email server from netwinsite.com that can be accessed
“SurgeMAIL” inurl:/cgi/user.cgi inurl:/cgi/user.cgi ext:cgi
by a web browser. This do…
08-03 2006intitle:”love of music” … intitle:Ampache intitle:”love 06-29
Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A manager. It allows you to view, edit, and play y…
2006FlashChat v4.5.7 07-29
This simple search brings up lots of online Flash Chat clients. Flash Chat’s administration dir…
Login Pages “eXist is an Open Source native XML database featuring efficient, index-based …
2006intitle:”eXist Database Administration” … 05-03
2006(intitle:”WmSC e-Cart Administration”)|( Administration”)|(… … 05-03
Login Pages for WebMyStyle.”WebMyStyle offers a full range of web hosting and dedicated se…
2006(intitle:”Please login – Forums powered by UB… Logins for Forums powered by UBB.threads… UBB.threads… 05-03 2006intitle:”SHOUTcast intitle:”SHOUTcast Administrator” inurl:… 05-03
Login pages for SHOUTcast”SHOUTcast is a free-of-charge audio homesteading solution. It pe…
2006intitle:IMP inurl:imp/index.php3 05-03
Webmail Login pages for IMP”IMP is a set of PHP scripts that implement an IMAP based webma…
“TWIG is a Web-based groupware suite written in PHP, compatible with both PHP3 and PHP4. I…
2006intitle:”TWIG Login” 05-03 200605-03 “SquirrelMail version” “By the Squi…
More SquirrelMail Logins…
2006intitle:(“TrackerCam Live Video”)|(“… intitle:(“TrackerCam 05-03
“TrackerCam® is a software application that lets you “TrackerCam® put your webcam on…
2006Login”)|(intext:”We… e… (intitle:”rymo Login”)|(intext:”W 05-03
“rymo is a small but reliable webmail gateway. It contacts a POP3-server POP3-ser ver for mail reading …
2006- (intitle:”Please login – Forums powered by 05-03 WW…
“WWWthreads is a high powered, full scalable, customizable open source bulletin board pack…
2006- inurl:”/slxweb.dll/external?n ame=(custportal|… … Customer login pages”SalesLogix is the Customer Relationship inurl:”/slxweb.dll/external?name=(custportal| 05-03 Management Solution that driv…
2006intitle:”Employee Intranet Login” 05-03
Intranet login pages by decentrix.com… decentrix.com…
“PHP121 is a free web based instant messenger – written entirely in PHP. This means that i…
2006inurl:”php121login.php” 05-03 2006Please enter a valid password! inurl:polladmin 04-25 2006-
intitle:”EZPartner” -netpond
The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script PHP-Script for creating and managing polls… EZPartner is a great marketing tool that will help you increase
03-21
your sales by sending webmaster…
2006intitle:”Login to @Mail” (ext:pl | inurl… 03-21
Webmail is a http based email server made by atmail.com. To get to the admin login instead of r…
2006inurl:”vsadmin/login” inurl:”vsadmin/login” | inurl:”vsad… 03-21
Ecommerce templates makes a online shopping cart solution. This search finds the admin login….
2006“Web-Based Management” “Please inpu… 03-21
This dork finds firewall/vpn firewall/vpn products from fiber logic. They only require a one-factor authent…
inurl:2000 2006RemotelyAnywhere is a program that enables remote control, in the same matter intitle:RemotelyAnywhere 03-21 as VNC. Once Log…
site:realvnc…. 2006- inurl:”/admin/configuration. simply google inurl trick for Oscommerce for open administrator page.If no .htpassword is set f… 03-07 php?” Mysto… 2006inurl:ids5web 02-09
EasyAccess Web is a application to view radiological images online.Like online.Like in hospitals or univers…
2006- intext:”Fill out the form 02-08 below completely to…
The page to change admin passwords. Minor threat but the place to start an attack….
2006- “Powered by Midmart 01-16 Messageboard” “…
Midmart Messageboard lets you run a highly customizable bulletin board with a very nice user in…
2006- intitle:Ovislink 01-16 inurl:private/login
Ovislink vpn login page….
2006- “intitle:3300 Integrated 01-14 Communications Platf…
logon portal to the mitel 330 integrated communications platform.[Mitel® platform.[Mitelƚ® 330…
2006- “bp blog admin” intitle:login betaparticle (bp) blog is blog software coded in asp. This google dork finds the admin logins…. 01-02 | intitle:…
“Emergisoft web
2005applications are a part of 12-31
Hospital patient management system, in theory it could be dangerous….
ou…
2005- intitle:”b2evo > Login form” b2evolution is a free open-source blogging system from b2evolution.net. This dork finds the ad… 12-19 “Lo… 2005- intitle:”Admin login” “Web 12-19 Site Adm…
sift Group makes a web site administration product which can be accessed via a web browser. Th…
2005- inurl:/Merchant2/admin.mv Miva Merchant is a product that helps buisnesses get into e-commerce. This dork 12-19 | inurl:/Merchant2/admin… locates their …
2005- “site info for” “Enter Admin This will take you to the cash crusader admin login screen. It is my first google hack.. also t… 11-21 Passwo… 2005- “Establishing a secure 11-16 Integrated Lights Out …
iLo and related login pages !? Whoops…..
2005- inurl:webvpn.h inurl:webvpn.html tml “login” 11-16 “Please e…
The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN ser…
2005- “This is a restricted Access 11-16 Server” &qu…
Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic mail program …
2005- intitle:”Merak Mail Server 11-16 Web Administration…
User login pages for Merak Email Server Suite which consists of Merak Email Server core and opt…
2005- “Powered by Merak Mail
Webmail login portals for Merak Email ServerMerak Email Server Suite consists of
11-13 Server Software” …
multiple award…
2005“iCONECT 4.1 :: Login” 11-12
2005- intitle:”Novell Web 11-12 Services” “Grou…
This search finds the login page for iCONECTnxt, it enables firms to search, organize, and revi… Novell GroupWise is a complete collaboration software solution that provides information worker…
2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the user interface and fu… 11-12 | “You a… 2005- intitle:”EXTRANET login” 11-12 .edu -.mil -.g…
This search finds many different Extranet login pages….
2005- intitle:”EXTRANET * – 11-12 Identification”
WorkZone Extranet Solution login page. All portals are in french or spanish I belive….
2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment 11-12 Program – Login&q… Solution implemen… 2005- intitle:”Docutek ERes – 10-26 Admin Login” -ed…
Docutek Eres is software that helps libaries get an internet end to them. This dork finds the a…
2005inurl:ocw_login_username 10-13
WEBppliance is a software application designed to automate the deployment and management of Web…
2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info: http://www.supermicro…. 09-26 inurl:super… 2005- intitle:”iDevAffiliate – 09-25 admin” -demo
Affiliate Tracking Software Adding affiliate tracking software to your site is one of the most…
2005- “Please login with admin 09-25 pass” -“le…
PHPsFTPd is a web based administrat administration ion and configuration interface for the SLimFTPd ftp serverI…
2005- intitle:”Admin Login” 09-25 “admin login&…
Blogware Login Portal: “An exciting and innovative tool for creating or enhancing your web…
2005- intitle:”Login Forum
Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula
09-23 Powered By AnyBoard”…
Anyboard 9.x &…
2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides 09-23 – @www.aimoo.com… one of the m… 2005intitle:”i-secure v1.1″ -edu I-Secure Login Pages… 09-23 2005- inurl:/modcp/ there have been several dorks for vBulletin, but I could not find one in the search 09-23 intext:Moderator+vBulletin that target… 2005- intitle:”PHProjekt – login” 09-21 login passwo…
PHProjekt is a group managing software for online calenders, chat, forums, etc. I looked aroun…
2005GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure “login prompt” inurl:GM.c inurl:GM.cgi gi 09-13 in the a…
2005- “Powered by Monster Top 09-13 List” MTL numran…
2 Step dork – Change url to add filename “admin.php” (just remove index.php&stuff…
2005- intext:”Master Account” 09-13 “Domain Na…
There seems to be several vulns for qmail….
intitle:”Content
2005Management System” 09-13
iCMS – Content Management System…Create dynamic interactive websites in minutes without knowi…
2005- “Please authenticate 08-30 yourself to get access t…
Photo gallery managment system login…
&quo…
2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the user interface and fu… 11-12 | “You a… 2005- intitle:”EXTRANET login” 11-12 .edu -.mil -.g…
This search finds many different Extranet login pages….
2005- intitle:”EXTRANET * – 11-12 Identification”
WorkZone Extranet Solution login page. All portals are in french or spanish I belive….
2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment Solution implemen… 11-12 Program – Login&q… 2005- intitle:”Docutek ERes – 10-26 Admin Login” -ed…
Docutek Eres is software that helps libaries get an internet end to them. This dork finds the a…
2005inurl:ocw_login_username 10-13
WEBppliance is a software application designed to automate the deployment and management of Web…
2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info: 09-26 inurl:super… http://www.supermicro…. 2005- intitle:”iDevAffiliate –
Affiliate Tracking Software Adding affiliate tracking software to your site is one of
09-25 admin” -demo
the most…
2005- “Please login with admin 09-25 pass” -“le…
PHPsFTPd is a web based administrat administration ion and configuration interface for the SLimFTPd ftp serverI…
2005- intitle:”Admin Login” 09-25 “admin login&…
Blogware Login Portal: “An exciting and innovative tool for creating or enhancing your web…
2005- intitle:”Login Forum 09-23 Powered By AnyBoard”…
Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula Anyboard 9.x &…
2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides one of the m… 09-23 – @www.aimoo.com… 2005intitle:”i-secure v1.1″ -edu I-Secure Login Pages… 09-23 there have been several dorks for vBulletin, but I could not find one in the search 2005- inurl:/modcp/ 09-23 intext:Moderator+vBulletin that target… 2005- intitle:”PHProjekt – login” 09-21 login passwo…
PHProjekt is a group managing software for online calenders, chat, forums, etc. I looked aroun…
2005GreyMatter is prone to an HTML injection vulnerability. GreyMatter vulnerability. This issue is due to a failure “login prompt” inurl:GM.c inurl:GM.cgi gi in the a… 09-13
2005by Monster Top List” MTL numran… 09-13 “Powered
2 Step dork – Change index.php&stuff… url to add filename “admin.php” (just remove
2005- intext:”Master Account” 09-13 “Domain Na…
There seems to be several vulns for qmail….
intitle:”Content 2005Management System” 09-13
iCMS – Content Management System…Create dynamic interactive websites in minutes without knowi…
2005- “Please authenticate 08-30 yourself to get access t…
Photo gallery managment system login…
2005- “You have requested to 08-30 access the management …
Terracotta web manager admin login portal….
2005- intitle:”web-cyradm”|”by 08-30 Luc de Lou…
Web-cyradm is a software that glues topnotch mailing technologies together. The focus is on adm…
2005- intext:”Master Account” 08-30 “Domain Nam…
qmail mail admin login pages.There are several vulnerabilities relating to this software…
&quo…
intitle:”Content
2005Management System” 08-30
iCMS – Content Management System…Create websites without knowing HTML or web programming….
2005inurl:csCreatePro.cgi 08-28
Create Pro logon pages….
2005- intitle:”xams 0.0.0..15 – 08-14 Login”
This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being the latest version as …
2005- “HostingAccelerator” 08-14 intitle:”login…
This will find the login portal for HostingAccelerat HostingAccelerator or ControlPanel I have not looked for explo…
2005- “inspanel” intitle:”login” 08-15 &q…
This finds all versions of the inspanel login page….
&quo…
2005- intitle:”communigate pro * Just reveals the login for Communigate Pro webmail. A brute force attack could be attempted. Th… 08-11 *” intitle:&q… 2005intitle:”AlternC Desktop” 08-15
This finds the login page for AlternC Desktop I dont know what versions….
2005intitle:phpnews.login 08-10
Vulnerable script auth.php (SQL injection) — from rst.void.ru —Possible scenario of attack:[…
2005- intitle:”Cisco CallManager 08-08 User Options Log O…
[quote]Cisco CallManagerCallManager CallManagerCallManager is a FREE web application/interface included with your VoIP…
2005- inurl:”default/login.php”
This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-of-
07-26 intitle:”…
the-art gro…
2005- intitle:”Member Login” 07-24 “NOTE: Your …
Pretty standered login pages, they all have various differences but it appears that they use th…
2005- “This section is for 07-24 Administrators only. If …
Nothing special, just one more set of login pages, but the “Administrators only” line…
2005- intitle:”Welcome to 07-22 Mailtraq WebMail”
Mailtraq WebMail is just another a web-based e-mail client. This is the login page….
2005- intitle:”TOPdesk 07-22 ApplicationServer”
Topdesk is some kind of incident ticket system with a webinterface. It requires: Windows 98 and…
2005- “You have requested access BackgroundEasySite is a Content Management System (CMS) build on PHP and 07-20 to a restricted ar… MySQL. Many easysite s… 2005inurl:textpattern/index.php Login portal for textpattern a CMS/Blogger tool…. 06-09
2005intitle:”Login to Cacti” 06-24
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data s…
2005- intitle:”XMail Web Administration 06-09 Interface&q…
This search will find the Web Administration Interface for servers running XMail.”XMail is…
2005-
This gives results for hosting plans that don’t have associated fees,
intext:”Welcome to” inurl:”cp”…
so anyone can sign up wit…
06-05 2005intitle:”XcAuctionLite” intitle:”XcAuctionLite” | “DRIVEN B… 06-07
This query reveals login pages for the administration of XcAuction and XcClassified Lite..”…
2005allintitle:”Welcome to the Cyclades” allintitle:”Welcome 06-02
This search reveals the login page for the Cyclades TS1000 and TS2000 Web Management Service. T…
2005intitle:”VisNetic WebMail” inurl:”/… 06-06
VisNetic WebMail is a built-in web mail server that allows VisNetic Mail Server account holders…
2005- inurl:/SUSA inurl:/SUSAdmin dmin intitle:”Micros intitle:”Microsoft oft Software Microsoft SUS Server is a Patch Management Tool for Windows 05-23 U… 2000, XP and 2003 systems.It can be… 2005inurl:exchw inurl:exchweb/bin/auth/ eb/bin/auth/owalogon.asp owalogon.asp 05-15
Outlook Web Access Login POrtal…
2005inurl:Citrix/MetaFrame/default/default.aspx MetaFrame Presentation Server… 05-15 2005inurl::2082/frontend -demo 05-11
This allows you access to CPanel login dialogues/screens….
2005intitle:”WorldC intitle:”WorldClient” lient” intext:”à �… 05-02
MDaemon , Windows-based email server software, contains full mail server functionality and cont…
2005- intitle:open-xchange inurl:login.pl 05-02
Open-Xchange Open-Xchang e 5 is a high performance substitute for costly and inflexible Microsoft Exchange de…
2005- intitle:”site administration: please log 05-02 in&q…
Real Estate software package, with the admin login screen…
2005inurl:gnatsweb.pl 05-02
GNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows pr…
2005- “Powered by DWMail” password 05-02 intitle:dwm…
What is DWmailâ„¢?: DWmailâ„¢ is an ‘…
2005- intitle:”SFXAdmin – sfx_global” | intitl… 04-27
Just another logon page search, this one is for fo r SFX®, a link server from Ex …
2005intitle:”Zope Help System” inurl:HelpSys 04-27
By itself, this returns Zope’s help pages. Manipulation of the URL, changing ‘HelpSys’ to ‘mana…
2005intitle:ilohamail “Powered by IlohaMail” 04-17
IlohaMail is a light-weight yet feature rich multilingual webmail system designed for ease of u…
2005intitle:ilohamail intext:”Version 0.8.10″ 0.8.10″… … 04-11
some version of ilohamail are vulnerable….
2005- intitle:"inc. vpn 3000
This search will show the login page for Cisco VPN 3000
04-11 concentrator&q…
concentrators. Since the default user …
2005intext:"vbulletin" inurl:admincp vBulletin Admin Control Panel… 04-09
Dell OpenManage enables remote execution of tasks such as system configuration, configuration, 2005inurl:”usysinfo?login=true” imaging, applic… 01-25
2005- intext:”Mail admins login 01-24 here to administrat…
Another way to locate Postfix admin logon pages….
2005PhotoPost PHP Upload 01-13
PhotoPost was designed to help you give your users exactly what they want. Your users will be t…
2005PHPhotoalbum Statistics 01-13
PHPhotoalbum PHPhotoalbu m is a picturegallery script. You can upload pictures directly from your webbrowser….
2005PHPhotoalbum Upload 01-13
Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a picturegallery script. You can…
2005- inurl:”631/admin” 01-18 (inurl:”op=*”…
Administration pages for CUPS, The Common UNIX Printing System. Most are password protected….
2005- intitle:”VNC viewer for 01-15 Java”
VNC (Virtual Network Computing) allows a pc to be controlled remotely over the Internet. These …
2005- inurl:”Activex/default.htm” This search will reveal the active X plugin page that allows someone to access PC 01-15 “Demo&q… Anywhere from…
2005- “pcANYWHERE EXPRESS 01-15 Java Client”
This search will reveal the java script program that allows someone to access PC Anywhere from,…
2004- intext:””BiTBOARD v2.0″ 12-19 BiTSHiFTERS…
The bitboard2 is a board that need no database to work. So it is useful for webmaster that have…
2004- intitle:Login intext:”RT is 12-19 ÂÂ�…
RT is an enterprise-grade ticketing system which enables a group of people to intelligently and…
2004- intitle:”Athens 12-19 Authentication Point”
Athens is an Access Management Management system for controlling access to web based subscription services…
2004- intitle:”Novell Web 12-19 Services” intext:&qu…
“Novell® GroupWise GroupWise is an enterprise collaboration system that provides …
2004- inurl:1810 “Oracle 12-19 Enterprise Manager”
Enterprise Manager 10g Grid Control provides a single tool that can monitor and manage not only…
2004- intitle:”WebLogic Server” 12-19 intitle:”…
BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure for developi…
2004- intitle:”MX Control
MX Logic’s customizable and easy-to-use MX Control
12-19 Console” “If yo…
Console…
Quicktime streaming server is uhhhhh…..well it’s a streaming server and it can be 2004inurl:”1220/parse_xml.cgi?” managed via… 12-10
2004- intitle:”vhost” intext:”vHost vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD 12-13 . 200… server with … 2004- intitle:”VitalQIP IP 12-07 Management System”
The VitalQIP Web Client Interface provides a World Wide Web interface for the VitalQIP IP Manag…
2004- intext:”Storage These pages can reveal information about the operating system and patch level, as 11-30 Management Server for” i… well as provi… 2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate 11-28 inurl:&q… PHP download … intitle:Login in 2004- inurl:coranto.cgi inurl:coranto.cgi intitle:Log 11-28 (Authorized Users …
Coranto is one of the most powerful Content Management System (CMS) available on the market. It…
2004- inurl:/webedit.* intext:WebEdit WebEdit is a content management system. This is the login portal search…. 11-18 Professional -html 2005- intitle:”phpPgAdmin – Login” 03-03 Language
phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs…
2004- inurl:postfixadmin intitle:”postfix Postfix Admin login pages. Duh…. 11-16 admin&quo…
2004- intitle:”Icecast Administration 11-07 Admin Page&qu…
Icecast streaming audio server web admin.This gives you a list of connected clients. Interestin…
2004inurl:irc filetype:cgi cgi:irc 11-04
CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate a…
2004- intitle:”php icalendar 10-31 administration” -…
This is the adminstration adminstration login portal search for PHP iCalendar. It is compatible with Evolutio…
2004- intitle:”php icalendar 10-31 administration” -…
PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays …
2004- inurl:login.php inurl:login.php “SquirrelMai “SquirrelMaill 10-20 version”
squirrelMail is a standards-based standards-based webmail package written in PHP4. It includes built-in pure PH…
2004- inurl:/dana10-20 na/auth/welcome.html
Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site scripting vulne…
2004intitle:plesk inurl:login inurl:login.php3 .php3 10-20
Plesk is server management software developed for the Hosting Service Industry. Various vulnera…
2004- “OPENSRS Domain
OpenSRS Domain Management SystemNo vulnerabilities are reported to
10-19 Management” inurl:manage inurl:manage… …
security focus….
2004“Login – Sun Cobalt RaQ” 10-19
The famous Sun linux appliance. Nice clean portal search.Various search.Various vulnerabilities are reported t…
2004- intitle:”ISPMan : Unauthorized 10-19 Access prohibi…
ISPMan is a distributed system to manage components of ISP from a central management interface….
2004“SysCP – login” 10-19
sysCP: Open Source server management tool for Debian LinuxNo vulnerabilities are reported to se…
2004- intitle:”Virtual Server 10-19 Administration System…
VISAS, German control panel software like confixx.No vulnerabilities are reported to security f…
2004“VHCS Pro ver” -demo 10-19
VHCS is professional Control Panel Software for Shared, Reseller, vServer and Dedicated Servers…
2004- inurl:confixx 10-19 inurl:login|anmeldung
Confixx is a webhosting management tool and has the following features: * create resellers, * e…
aspWebCalendar is a browser based software package that runs over a 2004inurl:”calendar.asp?action=login” standard web browser, such … 10-06
2004- “IMail Server Web 10-19 Messaging” intitle:log…
IMail Server from Ipswitch is a messaging solution with 60 million users worldwide. It contains…
2004- intitle:”remote assessment” OpenAanval 10-16
The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting …
C…
2004- “WebExplorer Server – 10-16 Login” “Welco…
WebExplorer Server is a web-based file management system for sharing files with user permission…
2004- intitle:”Philex 0.2*” -script - Philex (phile ‘file’ explorer) is a web content manager based php what philex can do ? – eas… 10-14 site:free… 2004- inurl:default.asp 10-14 intitle:”WebCommander”
Polycom WebCommander gives you control over all aspects of setting up conferences on Polycom MG…
2004- intitle:”MailMan Login” 10-11
MailMan is a product by Endymion corporation that provides a web based interface to email via P…
2004- intitle:”oMail-admin oMail-webmail is a Webmail solution for mail servers based on qmail and 10-05 Administration – Login&q… optionally vmailmgr or … 2004- intitle:”microsoft certificate Microsoft Certificate Services Authority (CA) software can be used to issue digital certificate… 09-24 services”… 2004inurl:mewebmail 09-23
MailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 …
2005-
What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses
W-Nailer Upload Area
a graphica…
01-13
2004- inurl:”typo3/index.php?u=” TYPO3 is a free Open Source content management system for enterprise purposes 09-21 -demo on the web and in… 2004- inurl:administrator 09-21 “welcome to mambo”
Mambo is a full-featured content management system that can be used for everything from simple …
2004ez Publish administr administration ation 09-21
Thousands of enterprises, enterprises, governmental offices, non-profit organizations, small and middle size…
2004- intitle:”Tomcat Server 09-18 Administration”
This finds login portals for Apache Tomcat, an open source Java servlet container which can run…
2004- intitle:”Login – powered by Easy File Sharing Web Server is a file sharing software that allows visitors to 09-18 Easy File Sharing… upload/download… 2004- “Login to Usermin” 09-18 inurl:20000
Usermin is a web interface that can be used by any user on a Unix system to easily perform task…
2004intitle:”TUTOS Login” 09-18
TUTOS stands for “The Ultimate Team Organization Software.” This search finds the log…
2004- filetype:pl “Download: SuSE this search will get you on the web administration portal of linux open exchange 09-10 Linux Openexchang… servers…. 2004Administration Control Panel 08-25 4images
4images administr… Gallery – 4images is a web-based image gallery management system. The 4images
intitle:Novell 2004intitle:WebAccess 08-21
search to show online Novell Groupwise web access portals….
“Copyright *…
2004inurl:”gs/adminlogin.aspx” 08-20
GradeSpeed seems to be a .NET application to administer school results for several schools usin…
2004intitle:Login * Webmailer 08-20
1&1 Webmail login portals. This is made by a german company called Internet United active i…
2004- Login (“Powered by Jetbox 08-20 One CMS âÃ�…
Jetbox is a content management systems (CMS) that uses MySQL or equivalent databases. There is …
2004- intitle:”ITS System 08-16 Information” “P…
Frontend for SAP Internet Transaction Server webgui service….
Novell NetWare 2004intext:”netware 08-16
Netware servers ( v5 and up ) use a web-based management utility called Portal services, which …
2004- “powered by CuteNews” 08-16 “2003..2005 C…
This finds sites powered by various CuteNews versions. An attacker use this list and search the…
management por…
These are login pages for Infopop’s message board UBB.classic. For the 2004- inurl:cgiUBB.threadss you can use … 08-13 bin/ultimatebb.cgi?ubb=login UBB.thread 2004- intitle:”please login” “your 08-13 passwo…
These administrators were friendly enough to give hints about the password….
2004Ultima Online loginservers 08-09
This one finds login servers for the Ultima Online game….
2004- “WebSTAR Mail – Please Log @stake, Inc. advisory: “4D WebSTAR is a software product that provides Web, 08-09 In” FTP, and Mail …
2004- intitle:”teamspeak server08-09 administration 2004- inurl:/cgi08-06 bin/sqwebmail?noframes=1
TeamSpeak is an application which allows its users to talk to each other over the internet and …
sQWebmail login portals….
2004- (inurl:”ars/cgibin/arweb?O=0″ 0″ | inurl:a… 08-05 bin/arweb?O=
From the vendor site: “Remedy’s “Remedy’s Action Request System…
2004- intitle:Node.List 08-05 Win32.Version.3.11
synchronet Bulletin Board System Software is a free software package that can turn your persona…
2004-
inurl:”utilities/TreeView.asp”
From the marketing brochure: “UltiPro Workforce Management offers you the
07-29
most comprehensi… comprehensi…
2004- ASP.login_aspx 07-26 “ASP.NET SessionId”
.NET based login pages serving the whole environment and process trace for your viewing pleasur…
2004Powered by INDEXU 07-22
From the sales department: “INDEXU is a portal solution software that allows you to build …
2004phpWebMail 07-12
PhpWebMail is a php webmail system that supports imap or pop3. It has been reported that PHP…
2004- filetype:php 07-09 inurl:”webeditor.php”
This is a standard login portal for the webadmin program….
2004- CGI:IRC Login 06-22
CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate a…
2004Outlook Web Access (a better way) 06-18
According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Acti…
2004“ttawlogin.cgi/?action=” 06-04
Tarantella is a family of enterprise-class secure remote access software products. This Google-…
intitle:”Welcomee Site/User 2004- intitle:”Welcom 06-10 Administrator”…
service providers worldwide worldwide use Ensim’s products to automate the management of their hosting s…
2004
06-04 intitle:”ZyXEL Prestige Router” “En… This is the main authentication screen for the ZyXEL Prestige Router…. 2004filetype:r2w r2w 06-04
WRQ Reflection gives you a standard desktop that includes web- and Windows-based terminal emula…
2004inurl:search/admin.php 05-30
phpMySearch is a personal search engine that one can use to provide a search feature for one’s …
2004inurl:/eprise/ 05-26
silkRoad Eprise is a dynamic content management product that simplifies the flow of content to …
2004- intitle:”Dell Remote Access 05-17 Controller”
This is the Dell Remote Access Controller that allows remote administration of a Dell server….
2004“please log in” 05-13
This is a simple search for a login page. Attackers view login pages as the “front door&qu…
2004inurl:login filetype:swf swf 05-12
This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site….
2004inurl:”webadmin”” filetype:nsf inurl:”webadmin 05-11
This is a standard login page for Domino Web Administration….
2004This iks the login page for eMule, the p2p file-sharing program. These intitle:”eMule *” intitle:”- Web Co… 05-11 pages forego the login n… 2004- inurl:/Citrix/Nfuse17/ 05-10
These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use…
2004- inurl:metaframexp/default/login.asp These are Citrix Metaframe login portals. Attackers can use these to profile 05-10 | intitle:&quo… a site and can use… 2004inurl:names.nsf?opendatabase 05-04
A Login portal for Lotus Domino servers. Attackers can attack this page or use it to gather inf…
2004- intitle:”Remote Desktop Web 04-28 Connection” …
This is the login page for Microsoft’s Remote Desktop Web Connection, which allows remote users…
2004- intitle:”MikroTik RouterOS 04-26 Managing Webpage&q…
This is the front page entry point to a “Mikro Tik” Router….
2004“VNC Desktop” inurl:580 inurl:58000 04-21
VNC is a remote-controlled desktop product. Depending on the configuration, remote users may no…
2004inurl:/admin/login.asp 04-21
This is a typical login page. It has recently become become a target for SQL injection. Comsec’s artic…
2004inurl:login.asp 04-21
This is a typical login page. It has recently become become a target for SQL injection. Comsec’s artic…
2004-
Webmin is a html admin interface for Unix boxes. It is run on a proprietary proprietary web
04-20 inurl:”:1000 inurl:”:10000″ 0″ intext:webmin server listenin… 2004inurl:login.cfm 04-19
This is the default login page for ColdFusion. Although many of these are secured, this is an i…
2004- intitle:”ColdFusion 04-19 Administrator Login”
This is the default login page for ColdFusion administration. Although many of these are secure…
According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a Microsoft 2004allinurl:”exchange/logon.asp” Exchange Acti… 04-16 2014- intitle:not accepted 02-05 inurl:”union+select”…
Find IDS and Mod security dork: intitle:not accepted inurl:”union+select” inurl:…
2013filetype:jnlp 11-25
Java Web Start (Java Network Launch Protocol) — -[Voluntas Vincit Omnia]website http:/…
2013- intitle:”RT at a glance” 11-25 intext:”qu…
RT Request Tracker Ticket Database http://www.bestpractical.com/rt/ — [Voluntas Vincit …
2013intitle:”IPCam Client” 11-25
Foscam IPCam By default these cameras attach to the myfoscam.org DDNS. So you could add sit…
intitle:”Traffic fic inurl:*/graphs* intitle:”Traf 2013- inurl:*/graphs* 09-24 and system r…
With this search you can view results for mikrotik graphics interfaces *Obrigado,*…
2013- intitle:”Web Client for EDVS” 09-24
Yet another DVR system. Probably requires Java to display. 4N6 Security …
2013inurl:”/webcm?getpage=” 09-24
Returns various Actiontec (and often Qwest) branded routers’ login pages. 4N6 Security …
2013- intitle:”RouterOS router 09-24 configuration page&q…
Returns login portals for Microtik routers running RouterOS version 5 and up. 4N6 Security …
2013inurl:”/cgi-mod/index.cgi” 09-24
Returns login pages for various Barracuda Networks branded hardware spam filters and mail arch…
2013- intitle:”SPA504G Configuration” tion” Dork : intitle:”SPA504G Configuration” Result : Gives access to Cisco SPA504G intitle:”SPA504G Configura Config… 09-24
2013- intitle:”Web Image Monitor” & 08-08 inurl:…
#Summary: Several printers that use “Web Image Monitor” control panel ( http://ricoh…
2013- intitle:”Transponder/EOL 08-08 Configuration:”…
#Summary:: Cheeta Technologies Transponder Configuration Portal (* #Summary http://www.cheetahtech.com)….
2013- intitle:”NetBotz Network 08-08 Monitoring Appliance…
#Summary:Various Online Divices #Summary: Divices #Category #Category:: Pages containing login portals #Author: g00gl3 5c0… #Author:
2013-
#Summary::Weather Wing (http://www.meteo-system.com/ws2.php) Portal. #Summary
intitle:”Weather Wing WS-2″
08-08
#Category: Various Online …
2013- inurl:/voice/advanced/ 04-22 intitle:Linksys SPA configu…
This allows you to look at linksys VOIP Router Config pages. …
2013inurl:/control/userimage.html 02-05
Mobotix webcam search. yet another newer search …
2012- inurl:”Orion/SummaryView.aspx” Hello, Enumerate Solarwinds Orion network monitoring portals. In some 11-02 intext:&q… cases, the portal ca… 2012inurl:”/level/13|14|15/exec/” 11-02
inurl:”/level/13|14|15/exec/” inurl:”/level/13|14|1 5/exec/” Cisco IOS HTTP Auth Vulnerability .. Command before …
2012- intitle:”dd-wrt info” 11-02 intext:”Firmw…
This dork finds web interfaces of various routers using custom firmware DDWRT. Default login…
2012inurl:32400/web/index.html 11-02
Submitting this for the GHDB. These are web accessible Plex Media Servers where you can watch…
2012- intitle:”Pyxis Mobile Test Page” 11-02 inurl:&…
Pyxis Mobile Test Page intitle:”Pyxis Mobile Test Page” inurl:”mpTest.aspx&qu…
2012‘apc info’ ‘apc.php?SCOPE= ‘apc.php?SCOPE=’’ 08-21
This dork will locate Unsecured PHP APC Installations. With regards, Shubham Mittal (Hack …
2012- intext:”You may also donate 08-21 through the Money…
Still find alot of equipment running v24 sp1 …
2012- intitle:”hp laserjet” 08-21 inurl:info_configu…
HP LaserJet printers …
2012- inurl:Settings.aspx intitle:Beyond Beyond TV gives you the capability to turn your PC into a high quality, digital video recorder… 05-15 TV 2012This dork finds Wireless Security/Webcams that are accessible from the web. intitle:”HtmlAnvView:D7B039C1″ 05-15 The interesting p…
2011- inurl:cgi-bin/cosmobdf.cgi? 12-28
COSMOView for building management. Author: GhOsT-PR …
2011- inurl:RgFirewallRL.asp | 12-27 inurl:RgDmzHost.asp | inu…
Gateway Routers Author: GhOsT-PR …
2011intitle:SpectraIV-IP 12-26
Google dork for pelco SpectraIV-IP Dome Series cameras Default username/password username/pass word “admin/a…
2011inurl:/cgi-bin/makecgi-pro 12-12
Brings up listings for Iomgea NAS devices. Password protected folders are susceptible to authe…
2011- allintitle:”UniM allintitle:”UniMep ep Station
UniMep is a device for managing fuel station. You can see process of fueling
12-10 Controller”
cars and you can …
2011- inurl:”:9000″ inurl:”:9000″ PacketVideo 07-26 corporation
inurl:”:9000″ PacketVideo corporation About: This provides Twonky Server inurl:”:9000″ Media int…
2010inurl:/level/15/exec/11-21
Default Cisco 2800 Series page…
2010- inurl:/exec/show/tech11-21 support/cr
Default Cisco 2800 Series page…
2010- inurl:/level/15/exec/11-21 /configure/http
Default Cisco 2800 Series page…
2010allintitle:”SyncThru Web Service” This search finds Internet-connected Samsung printer control panels…. allintitle:”SyncThru 11-11
2010- intitle:”EvoCam” 11-10 inurl:”webcam.html”
This search identifies EvoCam cameras accessible over the Internet. There are also public explo…
2006- intitle:Top “Vantage Service 10-02 Gateway” -i…
VSG1200 Vantage Service Gateway (topframe), go up one level for the login page. Vendor page at …
2006intitle:”Net2Phon intitle:”Net2Phonee Init Page” 10-02
2006- intitle:”Your Network Device” 10-02 Status (LA…
Net2Phone CommCenter® CommCenter® is software that allows you to make phone calls and se… Login page for the Solwise Sar715+ ADSL Router from solwise.co.uk. Thanks to jeffball55 for the…
2006- “SnapGear Management 10-02 Console” “Welc…
“Welcome to the SnapGear Unit! To begin configuring your SnapGear unit now, use the menu t…
2006- “Welcome to the CyberGuard “Welcome to the CyberGuard unit! To begin configuring your CyberGuard unit now, use the me… 10-02 unit!” 2006- “LANCOM DSL/*-* Office *” 10-02 “Entry Pa…
h**p://www.lancom-systems.de/Login page for these Lancom online DSL devices….
2006inurl:wrcontrollite 09-11
Browse up to 16 security cameras at one time :)…
2006allintitle:”DVR login” 06-30
softwell Technology “Wit-Eye” DVR.Default user/pass is admin:adminRequires admin:adminRequires ActiveX…
2006- intitle:”stingray fts login” | ( 06-29 login.j…
The Stingray File Transfer Server: Open communication regardless of platform, protocol or locat…
Near broadcast quality video over the internet. A full 30fps at the 320 X 240 size. 2006intitle:”BlueNet intitle:”BlueNet Video Viewer” 12fps at th… 06-25
2006- allintitle: Axis 2.10 OR 2.12 OR
s. This is a variant for the 2xxx series….
06-25 2.30 OR 2.31 OR 2…
No one search will reveal all Axis camera
2006- intitle:”Live View / – AXIS” | 06-25 inurl:vie…
No one search will reveal all Axis cameras. This is my mod of one of the queries. It usualy ret…
2006intitle:”Divar Web Client” 06-25
Boshe/Divar Net Cameras. Uses ActiveX – IE only….
2006- allintitle: EDR400 login | 06-25 Welcome
Everfocus EDR400…
2006- allintitle: EDR1600 login | 06-25 Welcome
Everfocus EDR1600…
2006- allintitle:Edr1680 remote 06-25 viewer
Everfocus EDR1680. Only returns 2 or 3 results, but submitted for completeness sake….
2006- allintitle: EverFocus | EDSR | 06-25 EDSR400 Applet
Modified Everfocus search, pulls in EDSR400’s as well s a few strays missed by original query….
2006- intitle:”SNC-RZ30 HOME” 06-22 demo
This search will reveal Sony’s SNC -RZ30 IP camera’s web interface. Quite a few of these camera…
2006MOBOTIX’s… inurl:cgi-bin/guestimage.html just more more MOBOTIX’s… 05-04 vendor site: http://ww http://www.eyesp w.eyespyfx.com/… 2006- (intitle:(EyeSpyFX|OptiCamFX) just more cameras vendor 05-04 “go to camera&q…
2006- intitle:”Veo Observer XT” 05-04 inurl:shtml|p…
just more results for
2006- intitle:”iGuard Fingerprint 05-04 Security System&q…
vendor:http://www.iguardus.com/dome information disclosure: employeers list & free camera a…
2006- intitle:”Device Status 05-03 Summary Page” -de…
hxxp://www.netbotz.com/products/index.htmlNetwork/server/room security and enviromental alarm d…
this:http://johnny.ihackstuff.com/in this:http://johnny.i hackstuff.com/index.php?module dex.php?module=prodreview =prodreviews&func=s… s&func=s…
(intitle:MOBOTIX 2006intitle:PDAS) | 04-19
more cams…vendor site: http://www.mobotix.com/layou http://www. mobotix.com/layout/set/index/lang t/set/index/language/ind uage/index… ex…
2006intitle:”IVC Control Panel” 04-18
this searches for security cameras, vendor site:http://www.ivcco.com/…
2006- intitle:”Edr1680 intitle:”Edr1680 remote 03-21 viewer”
This search finds the 1680 series digital video recorder from EverFocus….
2006- “OK logout” 03-21 inurl:vb.htm?logout=1
This is a google dork for Hunt Electronics web cams. To get to the cameras remove the vb.htm?l…
2006- intitle:”DVR Client” -the 03-21 free -pdf -do…
This dork finds digital video v ideo recording client from Nuvico….
2006intitle:”GigaDrive Utility” 03-18
Linksys GigaDrive network storage utility….
2006- intitle:”Ethernet Network 03-18 Attached Storage U…
Linksys network storage utility….
(intitle:MOBOTIX …
2006- intitle:”Skystream Networks skystream Networks Edge Media Router…. 03-18 Edge Media Router… 2006- intitle:”NAS”
Disk Online Server NAS device….
03-18 inurl:indexeng.html 2006- intext:”you to handle 03-18 frequent configuration …
ELSA DSL lan modems….
2006- intitle:”WxGoos-” (“Camera This is used in serverrooms and such where climate conditions are crucial to 03-18 image&qu… hardware health. I… 2006- intitle:”AR-*” “browser of 03-18 frame de…
A few Sharp printers …..
2006- intitle:”Webview Logon 03-18 Page”
This is the web interface for Alcatel’s Omniswitch. Default login is: admin/switch…. admin/switch….
2006- inurl:setdo.cgi intext:”Set 02-08 DO OK”
Dcs-2100 camerasBy removing “intext:Set DO OK” you will get more hits but they will r…
2006- intext:”Welcome to Taurus” Celestix Networks, Inc., the premier supplier of network server appliance, 02-08 “The Tau… announces the Taurus… 2006- intitle:”::::: INTELLINET IP 01-16 Camera Homepage …
A variation on Jeffball55’s original Intellinet Ip Camera.This search finds several more web ca…
2006- intitle:”Dell Laser Printer *” Dell laser printers. This search finds different results that dork id 1077…. 01-02 port_0 - j… j… 2005- DCS inurl:”/web inurl:”/web/login.asp” /login.asp” Login pages for the DCS-950 Web Camera. Even comes with a built in microphone…. 12-31
similar searchs exist. This search finds a few more results as well as access to the 2005- intitle:Axis 12-31 inurl:”/admin/admin.shtml” Admin area…
2005inurl:/img/vr.htm 12-31
Linksys wireless G Camera….
2005inurl:Printers/ipp_0001.asp 12-08
Thanks to Windows 2003 Remote Printing…
2005-
This an online device, you can search for unpassworded shares on
11-28 intitle:”Snap Server” intitle:”Home…
Snap Appliance Server.Moderato…
2005- intitle:”Sony SNT-V304 Video Network 11-21 Station&…
The SNT-V304 Video Network Station.Sony’s network camera control station….
title:”Express66 Live 2005- Display Cameras intitle:”Express 11-21 Image&…
Express6 live video controller.Displays video from “Netlive Cameras” found in this se…
2005- intitle:”Iomega NAS Manager” 11-16 ihackstuff…
Login page dork for Iomega NAS Manager.. There’s only 1 result for it now, but this could chang…
2005- intitle:Cisco “You are using an old 11-16 browser o…
Login pages for Ciso VPN Concentrator stuff…
2005- intitle:”Summit Management Interface” Extreme Networks Summit Switches Web admin pages. Server: Allegro-Software- RomPager/2.10… 11-16 -g…
2005- intitle:”SNOIE Intel Web Netport 11-16 Manager”…
Intel Netport Express Print Server….
2005- “This page is for configuring Samsung 11-11 Network…
several different samsung printers…
2005(“port_255/home”)|(inurl:”home?port… standered printer search. Moderator note: see also dork id=1221… id=1221… 11-05
2005- intitle:”IQeye302 intitle:”IQeye302 | IQeye303 | 10-03 IQeye601 | IQe…
This is a googledork for IQeye netcams. Some of which you can control how they tilt/zoom. The …
2005- (intitle:”VisionGS Webcam 09-29 Software”)|(in…
I don’t know if the google query got submitted right because it looks truncated. here it is ag…
2005- intitle:”Biromsoft WebCam” -4.0 -serial Brimsoft webcam software enables anyone with a webcam to easily create a webcam http server. T… 09-29 … 2005intitle:”Netcam” intitle:”user logi… 09-26
just yet other online cam…. cam….
2005- intitle:”Orite IC301″ | intitle:”OR… 09-21
This search finds orite 301 netcam s with audio capabilities….
2005- Phaser numrange:100-100000 Name 09-21 DNS IP “More …
This is a search for various phaser network printers. With this search you can look for printe…
Netbotz devices are made to monitor video, temperature, electricity 2005intitle:”netbotz appliance” -inurl:.php … and door access in server r… 09-16
2005- intitle:”NetCam Live Image” -.edu -.gov This is a googledork for StarDot netcams. You can watch these cams and if you have the admin p… 09-06 … 2005-
This googledork finds INTELLINET ip cameras. They are used to monitor
intitle:”INTELLINET” intitle:”INTELLINET” intitle:”IP Ca…
things and have a web in…
08-27
2005Online camera. Default login is administrator administrator and password blank. intitle:iDVR -intitle:”com | net | shop”… 08-17 Video server runs default on …
2005intitle:”Network Storage Link for USB 2.0 Dis… 08-12
Networked USB hard drives (NSLU2). Be sure to disable Google’s filter (&filters=0) as that…
2005“Summary View of Sensors” | “sensor… 08-07
sensorProbe is a SNMP enabled and Web based Environmental Environment al Monitoring Device. The sensors attach…
2005-
HP ProCurve Switch web management pages, found by
08-07 intitle:”HP ProCurve Switch *” “Thi… 2005intitle:”V1″ “welcome to phone sett… 08-07
their [noscript] html tags. Please note: this… This is a small search for the Italk BB899 Phone Adaptor login page. iTalkBB is a local and lon…
2005intitle:”WEBDVR” -inurl:produ -inurl:product ct -inurl:d… 07-22
DVR is a generic name used to describe the recording process with a digital cam (digitial video…
2005intitle:”Java Applet Page” inurl:ml 07-22
Another Standalone Network Camera.Default Camera.Default Login: remove wg_jwebeye.ml to get a nice clue ..Serv…
2005intitle:”Veo Observer Web Client” 07-22
Another online camera search. This one uses ActiveX thingies, so you need a M$ browser. Append …
2005intitle:”Middle frame of Videoconferen Videoconference ce Mana… 07-22
Tandberg is a manufacturer manufacturer of videoconferencing videoconferencing A videoconferencee (also known as a video teleco… videoconferenc
2005intitle:”TANDBERG” “This page requi… 07-22
Tandberg is a manufacturer manufacturer of videoconferencing videoconferencing A videoconferencee (also known as a video teleco… videoconferenc
2005tilt intitle:”Live View / – AXIS” | inur… 07-07
A small modification to the AXIS camera search – it now returns cameras with pan / tilt, which …
2005intitle:”AXIS 240 Camera Server” intext:… 06-10
This search finds AXIS 240 Camera Servers (as opposed to just the cameras) which can host many …
2005- intitle:”GCC WebAdmin” -gcc.ru 06-08
All sorts of various printer status information…
2005“RICOH Network Printer D model -Restore Factor… 06-07
Not a whole lot here…. some interesting information on printer status
2005printers/printman.html 06-07
including Name, Location, Model, Pagecount, Acti…
2005intitle:”Dell Laser Printer M5200″ port_… 06-07 2005-
intitle:”configuration” ation” inurl:port_ inurl:port_00 intitle:”configur
Dell Laser Printer M5200…
More dell and lexmark printers, The usual things
06-07
included….
2005inurl:”CgiStart?page=” 06-08
This search reveals even more Panasonic IP cameras!…
2005inurl:”S=320×240″ | inurl:”S=160×12… 06-07
Mobile cameras? Not sure what camera type this is for but they are all from Asia and no passwor…
2005Kpix Java Based Traffic Cameras. Based at CBS (cam1jav a)|(cam2java) a)|(cam2java)|(cam3java)|( |(cam3java)|(cam4java)|(ca cam4java)|(cam5j… m5j… 06-01 broadcasting for San Fransisco, Oakland, and San…
2005intitle:”Netopia Router (*.)””to vi… 06-03
Web admin for netopia routersThis routersThis Web tool provides access to information about the current sta…
intitle:”PacketShaperr 2005- ( intitle:”PacketShape 05-20 Login”)|(intitle…
Packeteer’s PacketShaper is an application traffic management system that monitors, controls, a…
2005- intitle:”PacketShaper 05-19 Customer Login”
PacketShaper Login.Provides login access for PacketShape r Customers….
2005oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual.. intitle:”Dell *” inurl:port_0 (Lexmark and De… 05-31
“To view the Web
2005interface of the 05-20
speedtouch 510 DSL modem devices that were once unprotected. That may have changed by now….
2005inurl:start.htm?scrw= 05-14
VPON (Video Picture On Net) is a video surveillance setup which seems to be used by a lot of bu…
SpeedTouch,…
2005- intitle:”— VIDEO WEB 05-14 SERVER —” intex…
AVTech Video Web Server is a surveillance producted that is directly connected to the internet …
technologyAdobe’s obe’s PrintGear technology 2005- intext:”Powered by: Adobe Printers equipped with Adobe’s PrintGear technologyAd is a new printi… 05-14 PrintGear” inu… 2005- intitle:”InterJak Web 05-20 Manager”
A router device by Uroam (formerly FilaNet), with email and VPN possibilities….
2005- intitle:”SWW link” “Please Zyxel Zywall… 05-02 wait……. 2005inurl:”port_255″ -htm 05-02
Another way to dig up some not yet dorked Lexmark and a couple of Dell printers.http://johnny.i…
2005- intitle:”Freifunk.Net intitle:”Freifunk.Net – 05-02 Status” -site:co…
Hacked WRT54G Freifunk firmware. firmware. The router is based on Linux so after the GPL the source code …
ext:dhtml 2005intitle:"document 05-02
Various Online Devices>Xerox Devices>Xerox (*Centre)…
2005- “Please use Netscape 2.0 04-27 or enhance !!” …
A search for some HTML code used in a variety of D-link network devices (webcams and such)….
centre|(home)…
yo u’ll get a 2005- intitle:”NeroNET – burning NeroNet is an online burning device by Nero. Basically with this query you’ll listing of … 04-20 online” 2005Winamp Web Interface 04-11
Just a bit of fun, should reveal a few instances of a Winamp HTTP control program. Without logi…
2005- intitle:”OfficeConnect 04-16 Cable/DSL Gateway”…
This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the browser- check p…
2005-
webserver detection for GeoHttpServer, the page is the login page or guest cam.
inurl:JPGLogin.htm
04-12
Don’t ask why t…
2005- “display printer status” 04-16 intitle:”H…
Xerox Phaser printers….
2005- intitle:jdewshlp “Welcome HP Officejet help page. Remove “help.html” “ help.html” for main page…. 04-12 to the Embedded Web… 2005inurl:/en/he inurl:/en/help.cgi lp.cgi “ID=*” 04-12
Aficio printers (this search locates the help pages)..
2005intitle:”Lexmark *” inurl:port_0 04-12
Lexmark printers (4 models)…
2005- intitle:”OfficeConnect intitle:”OfficeConnect Wireless 04-12 11g Access Po…
OfficeConnect Wireless 11g Access Point…
2005“Webthru User Login” 03-20
samsung webthru cameras…
2005- intitle:”actiontec” main setup 03-20 status &q…
Actiontec Routers….
2005- intitle:”BorderWare intitle:”BorderWare MXtreme 03-20 Mail Firewall Log…
BorderWare MXtreme Mail firewallMXtreme is a hardened appliance with a highly robust mail trans…
2005- intitle:”Service Managed Gateway service Managed Gateway from VirtualAccess login page… 03-20 Login” 2005- intitle:”Flash Operator Panel” 03-20 ext:php …
Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web b…
2005- intitle:asterisk.management.portal Coalescent Systems Inc. launched The Asterisk Management Portal project to bring together best-… 03-20 web-access 2005- intitle:HomeSeer.Web.Control | 03-18 Home.Status.Events….
HomeSeer (http://www.homeseer.com/) provides a well known home automation solution (software + …
2005-
searches for “Active Webcam” feeds on websites, a popular USB webcam
02-15 intitle:”active webcam page”
interface….
2005intitle:”Dell Laser Printer” ews 03-04
Finds Dell’s printers with EWS.EWS : Embedded Web Server technology enables the usage of a stan… st an…
2005allintitle:Brains, Corp. camera 03-05
mmEye webcam / cam servermmEye is a multifunction multimedia server equipped with 32bit RISC CP…
2005inurl:camctrl.cgi 03-05
Vivotec web cams…
2005- intext:”Please enter correct 02-12 password for Adm…
Finds SMC Routers….
“SupervisionCam captures and compares images from video cameras, “SupervisionCam 2005intitle:”supervisioncam protocol” intitle:”supervisioncam 02-22 (internet) image files or… 2005intitle:Linksys site:ourlin intitle:Linksys site:ourlinksys.com ksys.com Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras… 02-15 2005intitle:”DEFAULT_CONFIG CONFIG – HP” intitle:”DEFAULT_ 02-15
High scalable Ethernet switches by HP running in the default configuration…
2005- intitle:”switch login” “IBM Fast 02-15 Et…
IBM 8275 Model 416 High Performance Ethernet Workgroup Switch…
2005- intitle:"Brother" 02-04 intext:&qu…
Finds a real bunch of Brother printers…
2005- intitle:"Connection 02-02 Status" inte…
This is an intriguing way of finding various ‘5861 DMT Routers’ – the presence of a web-interfa…
2005inurl:na_admin 02-01
This searches for the admin pages for a “Network Appliance” box. An authenticated use…
2005intitle:”EpsonNet WebAssist Rev” This reveals the Epson Web Assist page (internal to the machine)… 01-28
2005intitle:”EverFocus.EDSR.applet” 01-27
The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6channel) digital video rec…
2005inurl:”8003/Display?what=” 01-27
Norton AntiVirus for GatewaysEasily administered from anywhere via an HTML interface, it scans …
2005allinurl:index.htm?cus?audio 01-27
This will find webcams made by Sweex, Orite and others. Supports motion detection, ftp, smtp an…
2005intitle:”Browserr Launch L aunch Page” intitle:”Browse 01-21
An ActiveX based webcam – so use MS IE…
2005- intitle:”Network Print Server” 01-12 intext:&q…
Axis Network Print Server devices (a better shorter search)….
2005- intitle:”Network Print Server” 01-12 filetype:…
Axis Network Print Server devices. This search has all the possible urls (more than strictly ne…
2005- intitle:”Setup Home” “You will 01-10 need…
This should reveal Belkin routers. Interestingly, Belkin routers by default have remote adminis…
2005transcoder.cgi cgi filetype:cgi transcoder. 01-11
Digital Video Recorder by SnapStream. It is possible on misconfigured machines to stream video …
2004- inurl:”next_file=main_fs.htm” 12-30 inurl:img …
Linksys Wireless-G web cams….
2005- intitle:”SpeedStream intitle:”SpeedStream * 01-08 Management Interface&q…
a lot of Speed stream routers :)…
2004- intitle:”Sipura.SPA.Configuration” Query returns configuration pages for online Voice over IP devices. Discloses an obscene amount… 12-30 -.pdf
200412-08
some of the sites are very, very interesting – try a search substituting
2004intitle:”Cayman-DSL.home” 12-19
Cayman DSL modems. Many Cayman units have a weakness where even if remote administration is dis…
2004- intitle:”Spam Firewall” 12-13 inurl:”8000…
The Barracuda Spam Firewall is an integrated hardware and software solution for complete protec…
site:gov instead of si…
2004intitle:”iVISTA.Main.Page” 12-13
And again another webcam search. MOst of these cams seem to be security cams…
2004inurl:”:631/printers” -php -demo 12-13
CUPS provides a portable printing layer for UNIX®-based operating systems. I…
2004Audio ReQuest home CD/MP3 player. Various information about the intitle:”AudioReQuest.web.server” 12-06 configuration of the host and s…
2004intitle:”V-Gear BEE” 12-06
V-Gear Bee Web Cameras…
2004- intitle:”Live NetSnap CamNetsnap Online Cameras… 12-06 Server feed” 2004- axis storpoint “file view” 12-04 inurl:/volume…
The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or writers) into …
2004- inurl:”printer/main.html” 12-03 intext:”s…
Brother HL Printers….
2004- intext:”MaiLinX Alert 12-03 (Notify)” -site:ne…
Xerox DocuPrint printer models….
2004- “Copyright (c) Tektronix, 12-03 Inc.” “pr…
Captain, the Phasers are online :)…
2004inurl:”ipp/pdisplay.htm” 11-30
Providing a standout printing solution, Novell iPrint offers secure print services that extend …
intext:”Videoconference
2004Management 11-28
Tandberg video conferencing appliancesThe webinterface webinterface enables you to drop calls and to browse …
2004- intitle:”Smoothwall
smoothwall is a firewall operating system distribution based on Linux. (Not many
11-24 Express” inurl:cgi-b…
results for th…
2004intitle:”ipcop – main” 11-23
IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed from a simple …
2004- intitle:”EvoCam” 11-18 inurl:”webcam.html…
Evocams !…
2004“Starting SiteZAP 6.0” 11-16
siteZap webcams !…
2004inurl:axis-cgi 11-16
Just another search string to detect the infamous Axis netcams. This company actually changed t…
System&quo…
2004- “intitle:Cisco Systems, Inc. The Cisco VPN 3000 Concentrator is a remote access VPN. The ‘Concentrator’ is a piece of hardw… 11-09 VPN 3000 Concent…
2004- intext:”UAA (MSB)” 11-13 Lexmark -ext:pdf
Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616, T520 and Optra S …
10/100TT 2004- intext:”Ready with 10/100 Xerox 860 and 8200 Printers…. 11-13 Ethernet” 2004- intitle:”Home” “Xerox 11-07 Corporation&q…
CentreWare Internet Services is an interactive service that uses Internet technology to extend …
2004- WebControl intitle:”AMX 11-06 NetLinx”
AMX Netlink is a server appliance which connects various devices like a beamer, laptop or video…
2004- “please visit” intitle:”i11-03 Catcher C…
CCTV webcams by ICode….
2004- intitle:”toshiba network 10-25 camera – User Login&…
Web interface of Toshiba network cameras….
2004- inurl:”level/15/exec/10-20 /show”
This search finds Cisco devices which have level 15 access open via webinterface. webinterface. If an attacke…
2004- site:.viewnetcam.com 10-19 www.viewnetcam.com
The FREE viewnetcam.com service allows you to create a personal web address (e.g., http://bob.v… http://bob.v…
2004intitle:”DVR Web client” 10-19
This embedded DVR is quick plug and play. Just plug it in and it will start recording. You can …
Tivo is a the t he digital replacement for your analog videorecorder. videorecorder. It’s a 2004inurl:TiVoConnect?Command=QueryServer 10-18 digital media system th… 2004inurl:netw_tcp.shtml 10-12
An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN…
2004- (inurl:webArch/mainFrame.cgi ) | 10-11 (intitle:”we…
The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may read faxes and can get informat…
2004- intitle:”my webcamXP server!” 10-11 inurl:&quo…
“my webcamXP server!”Is there really an explantation needed?…
2004camera linksys inurl:main.cgi 10-10
Another webcam, Linksys style….
2004intitle:”DEFAULT_CONFIG ONFIG – HP” intitle:”DEFAULT_C 10-09 2004intitle:”switch home page” “cisco s… 10-09
searches for the web interface of HP switches….
2004- intitle:”axis storpoint CD” intitle:&quo… 10-05
Most cisco switches are shipped with a web administration interface. If a switch is reachable f…
Axis’ network CD/DVD servers are faster, less costly and easier to manage than using full-blown…
2004intitle:webeye inurl:login.ml 10-05
This one gets you on the w ebinterface of Webeye webcams….
2004inurl:hp/device/this.LCDispatcher 10-05
This one gets you on the web interface of some more HP Printers….
2004Canon ImageReady machines 09-29
The “large” Canon ImageReady machines with model versions 3300, 5000 & 60000….
2004intitle:”lantronix web-manager” 09-29
The Lantronix web manager home pages show the print server configuration (Server Name, Boot Cod…
2004- intitle:RICOH intitle:”Netw intitle:”Network ork 09-29 Administration…
Network Administration pages for several Ricoh Afficio printer models, for example the Aficio 1…
2004Aficio 1022 09-29
The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily upgraded to include n…
2004Konica Network Printer Administration 09-29
This finds Konica Network Printer Administration pages. There is one result at the time of writ…
2004-
Fiery WebTools offers many of the same capabilities of the
09-29 (“Fiery WebTools” inurl:index2.html) | &… Command WorkStationââ₅ WorkStationââ₅ 2004intitle:”The AXIS 200 Home Page” 09-29 2004More Axis netcams ! 09-29
The Axis 200 HOME pages reside within the AXIS 200 device and hold information about the curre… More Axis Netcams, this search combines the cams with the default title (Live View) and extends…
2004intitle:”dreambox web” 09-10
this search will show web administration interfaces of linux dream boxes.The Dreambox is one of…
2004- Phasers 08-05 4500/6250/8200/8400
More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the webinterface with…
Canon has a series of netcams that all use the “WebView LiveScope” software. They 2004Canon Webview netcams are… 07-29 2004- Xerox Phaser® 07-22 840 Color Printer
This product is supported but no longer sold by Xerox in the United States. Support and supplie…
2004Xerox Phaser 8200 07-22
Brochure info: “The Phaser 8200 uses solid ink, an alternative technology to laser printin…
2004- Xerox Phaser® 07-22 740 Color Printer
This product is supported but no longer sold by Xerox in the United States. Replacement Product…
2004- Xerox Phaser 6250 07-22
Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm Color/B&W (24…
2004- intitle:”BorderManager 07-19 Information alert”…
This is an Informational message message produced by the Novell BorderManag BorderManager er firewall/proxy server. At…
These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button 2004intitle:”Live View / – AXIS” can be hidden… 07-19 2004- “powered by webcamXP” webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most 07-16 “Pro|Broadcas… advanced version of the s… 2004- Panasonic WJ-NT104 07-10 netcams
The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More vendor informat…
2004Mobotix netcams 07-10
Mobotix netcams use the thttpd-2.x. server (http://www. acme.com/so acme.com/software/thttpd/). ftware/thttpd/). The latest v…
2004- sony SNC-RZ20 network 07-10 cameras
sony NC RZ20 cameras, only one result for this cam at the moment, a nice street view from a sky…
2004- seyeon FlexWATCH 07-10 cameras
seyeon provides various type of products and software to build up a remote video monitoring and…
2004- sony SNC-RZ30 Network
sony NC RZ30 camera’s require a java capable browser. The admin panel is found at
07-10 Cameras
http://[siten…
2004- Panasonic Network 07-10 Cameras
Panasonic Network Cameras can be viewed and controlled from a standard web browser. These camer…
2004- intitle:”View and 07-08 Configure PhaserLink”
These printer’s configuration is wide open. Attackers can change just about any value through t…
2004Axis Network Cameras 06-06
The AXIS 2400 is a Web server of its own. This means that the server is secured like any other …
from http://www.exploit-db.com/google-dorks/ http://www.exploit-db.com/google-dorks/ all categories in 1 Taken from
View more...
Comments
