├── .github └── FUNDING.yml ├── README.md ├── all-google-dorks.txt ├── best-google-dorks.txt ├── cms ├── google-dorks-contao ├── google-dorks-for-blogengine.txt ├── google-dorks-for-drupal.txt ├── google-dorks-for-joomla.txt ├── google-dorks-for-typo3.txt ├── google-dorks-for-wordpress.txt └── google-dorks-magento.txt ├── finding-username-passwords ├── google-dorks-for-aws-passwords.txt ├── google-dorks-for-mysql-passwords.txt └── google-dorks-for-postgres-passwords.txt ├── google-dorks-best-log.txt ├── google-dorks-for-backups.txt ├── google-dorks-for-bug-bounty-programs.txt ├── google-dorks-for-companys.txt ├── google-dorks-for-conf.txt ├── google-dorks-for-database-files.txt ├── google-dorks-for-excel-files.txt ├── google-dorks-for-finding-aws-s3.txt ├── google-dorks-for-git-files.txt ├── google-dorks-for-grafana.txt ├── google-dorks-for-js-secrets.txt ├── google-dorks-for-kibana.txt ├── google-dorks-for-login.txt ├── google-dorks-for-monitoring.txt ├── google-dorks-for-open-redirect.txt ├── google-dorks-for-presentations ├── google-dorks-for-sql-injection.txt ├── google-dorks-for-stats.txt ├── google-dorks-for-webserver.txt ├── google-dorks-for-wikipedia.txt ├── google-dorks-for-xss.txt ├── technology ├── google-dorks-for-ftp.txt ├── google-dorks-for-java-sites.txt ├── google-dorks-for-jira.txt └── google-dorks-for-php-sites.txt └── web-server ├── best-webserver-google-dorks.txt ├── google-dorks-for-apache.txt ├── google-dorks-for-nginx.txt └── google-dorks-for-phpmyadmin.txt /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | 2 | patreon: proviesec 3 | 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # google-dorks 2 | [![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT) 3 | ![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat) 4 | 5 | 6 | Proviesec logo 7 | 8 | [![Twitter](https://img.shields.io/twitter/follow/proviesec?label=Follow)](https://twitter.com/proviesec) 9 | Buy Me A Coffee 10 | Buy Me A Coffee 11 | Read this, my Medium Blog Space:👩‍💻Proviesec Security Medium Articles - read it 12 | 13 | Table of Contents 14 | ------------ 15 | * [Introduction](#introduction) 16 | * [My love google dork](#my-love-google-dork) 17 | * [Search filters](#search-filters) 18 | * [Operators](#operators) 19 | * [Search Term](#search-term) 20 | * [OR](#or) 21 | * [Ideas](#ideas) 22 | * [Links](#links) 23 | * [Example](#example) 24 | * [Preventing GOOGLE DORKS](#preventin-google-dorks) 25 | 26 | # Introduction 27 | 28 | :star: Star us on GitHub — it motivates a lot! :star: 29 | 30 | **If you have any google dork, just create a PullRequest or wrtie me on twitter.** [![Twitter](https://img.shields.io/twitter/follow/proviesec?label=Follow)](https://twitter.com/proviesec) 31 | 32 | **My medium article about Google Dorks** [How to use google dorks](https://medium.com/@proviesec/google-dork-the-best-one-and-how-do-you-find-bugs-with-it-689c69804b81) 33 | 34 | 35 | # My love google dork 36 | ``` 37 | intext:"index of" "parent directory" 38 | ``` 39 | 40 | ## Search filters 41 | 42 | | Filter | Description | Example | 43 | | :-------------- |:---------------------------------------------------| :------------------------------------| 44 | | allintext | Searches for occurrences of all specified keywords. | `allintext:"keyword"` | 45 | | intext | Searches for the occurrence of keywords at once or consecutively. | `intext:"keyword"` | 46 | | intitle | Searches for occurrences of keywords in the title all or one. | `intitle:"keyword"` | 47 | | allintitle | Searches for all occurrences of keywords at once. | `allintitle:"keyword"` | 48 | | inurl | Searches for a URL that matches one of the keywords. | `inurl:"keyword"` | 49 | | allinurl | Searches for a URL that matches all the keywords in the query. | `allinurl:"keyword"` | 50 | | site | Searches specifically for that particular website and lists all results for that website. | `site:"www.github.com"` | 51 | | filetype | Searches for a specific file type named in the query. | `filetype:"pdf"` | 52 | | link | Searches for external links to pages. | `link:"keyword"` | 53 | | numrange | Used to find specific numbers in your search. | `numrange:33-43` | 54 | | before/after | Used to search within a specified date range. | `filetype:pdf & (before:2021-01-01 after:2021-05-01)` | 55 | | allinanchor (and also inanchor) | This shows the websites that the keywords refer to in links, in order of most links. | `inanchor:rat` | 56 | | allinpostauthor (and also inpostauthor) | Exclusively for the blog search, blog posts written by specific people are picked out. | `allinpostauthor:"keyword"` | 57 | | related | List web pages that are "similar" to a given web page. | `related:www.github.com` | 58 | | cache | Displays the version of the web page that Google has in its cache. | `cache:www.github.com` | 59 | 60 | ## Operators 61 | #### Search Term 62 | 63 | This operator searches only for the exact term inside the quotation marks. You can use this for example if the term you are looking for is ambiguous and could easily be confused with something else, or if you don't get enough relevant results. 64 | 65 | Here is an example: 66 | 67 | ``` 68 | "Admin Loginpage" 69 | ``` 70 | #### OR 71 | This operator searches for a specific search term OR another term. 72 | 73 | ``` 74 | site:instagram.com | site:github.com 75 | ``` 76 | 77 | #### AND 78 | This operator searches for a specific search term and another term. 79 | 80 | ``` 81 | site:github.com & site:twitter.com 82 | ``` 83 | 84 | #### Operators combinaison 85 | This operator combines search terms 86 | ``` 87 | (site:instagram.com | site:twitter.com) (intext:"admin") 88 | (site:instagram.com | site:twitter.com) & intext:"admin" 89 | ``` 90 | 91 | #### Include results 92 | 93 | This will order results by the number of occurrence of the keyword. 94 | 95 | ``` 96 | site:twitter.com +site:twitter.* 97 | ``` 98 | 99 | #### Exclude results 100 | 101 | ``` 102 | site:twitter.* -site:twitter.com 103 | ``` 104 | 105 | ### Better Results (Subdomains) 106 | ``` 107 | site:*.site.com 108 | 109 | site:*.*.site.com 110 | 111 | site:*.*.*.site.com 112 | ``` 113 | #### Synonyms 114 | 115 | ``` 116 | ~set 117 | ``` 118 | 119 | #### Glob pattern (*) 120 | 121 | ``` 122 | site:*.com 123 | ``` 124 | 125 | # Ideas 126 | - [x] Git google dorks 127 | - [x] phpmyadmin google dorks 128 | - [x] phpinfo google dorks 129 | - [x] log file google dorks 130 | - [x] google dorks for excel files 131 | - [ ] Google Dorks for presentations 132 | - [ ] best google dorks reports 133 | - [x] finding aws secrets with google dorks 134 | - [ ] js secrets with google dorks 135 | - [ ] CMS google dorks 136 | - [x] Wordpress 137 | - [x] Typo3 138 | - [x] Magento 139 | - [x] Joomla 140 | - [ ] Drupal 141 | - [ ] Shopify 142 | - [x] Admin google dorks 143 | - [x] Monitoring pages - google dorks 144 | - [ ] Google Dorks - Github page 145 | 146 | 147 | # Links 148 | 149 | - exploit-db.com 150 | - nvd.nist.gov 151 | - cxsecurity.com 152 | - vulnerability-lab.com 153 | 154 | # Writeups 155 | 156 | https://infosecwriteups.com/my-first-reflected-xss-bug-bounty-google-dork-xxx-92ac1180e0d0 157 | https://dewangpanchal98.medium.com/microsoft-bug-bounty-writeup-5ee4a7264dbf 158 | 159 | # Example 160 | 161 | ![image](https://user-images.githubusercontent.com/6010786/152770177-537fbfa2-235e-4951-a885-12c6a90c40a5.png) 162 | 163 | ## Preventing GOOGLE DORKS 164 | 165 | Encoding/encrypting sensitive data such as usernames, passwords and so forth. 166 | Run inquiries against your own site to check whether you can locate any sensitive data. On the off chance that you discover sensitive information, you can remove it from search results by utilizing Google Search Console. 167 | Protect sensitive content by utilizing a robots.txt document situated in your root-level site catalog. 168 | Utilizing robots.txt helps prevent Google from indexing our site, but it can also show an attacker where sensitive data might be located. 169 | User-agent: * 170 | Disallow: / 171 | 172 | You can also block specific directories to be excepted from web crawling. 173 | If you have the /phpinfo site and you need to protect it, just place this code inside: 174 | 175 | User-agent: * 176 | Disallow: /phpinfo/ 177 | 178 | 179 | Restrict access to specific files: 180 | 181 | User-agent: * 182 | Disallow: /member/info.html 183 | 184 | Restrict access to dynamic URLs that contain ? symbol: 185 | 186 | User-agent: * 187 | Disallow: /*? 188 | 189 | 190 | # Disclaimer: DONT BE A JERK! 191 | Needless to mention, please use this tool very very carefully. The authors won't be responsible for any consequences. 192 | -------------------------------------------------------------------------------- /best-google-dorks.txt: -------------------------------------------------------------------------------- 1 | inurl:config pass 2 | inurl:config secret 3 | inurl:config.php dbpasswd 4 | inurl:config.php pass 5 | inurl:config.php password 6 | inurl:configuration 7 | inurl:env 8 | inurl:setting 9 | filetype:log 10 | intext:"Index of /" +.htaccess 11 | intitle:"index of" 12 | inurl:& intext:admin intext:login 13 | inurl:& intext:search 14 | inurl:config secret 15 | inurl:backup 16 | inurl:backup.zip 17 | inurl:quiz inurl:& 18 | inurl:Makefile.toml 19 | hostname user password filetype:xml 20 | -------------------------------------------------------------------------------- /cms/google-dorks-contao: -------------------------------------------------------------------------------- 1 | inurl:/files/contao 2 | inurl:/contao/main ext:php -community -github 3 | -------------------------------------------------------------------------------- /cms/google-dorks-for-blogengine.txt: -------------------------------------------------------------------------------- 1 | "Powered by BlogEngine.NET 1.4.5.0" 2 | "powered by BlogEngine.NET" 3 | site:com "Powered by BlogEngine.NET 1.4.5.0" 4 | site:com "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" 5 | site:com "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" -"comments closed" -"you must be logged in" 6 | site:com "Powered by BlogEngine.NET 1.4.5.0" "add a comment" 7 | site:com "Powered by BlogEngine.NET 1.4.5.0" "add a comment" -"comments closed" -"you must be logged in" 8 | site:com "Powered by BlogEngine.NET 1.4.5.0" "post a comment" 9 | site:com "Powered by BlogEngine.NET 1.4.5.0" "post a comment" -"comments closed" -"you must be logged in" 10 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" 11 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 12 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" 13 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 14 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" 15 | site:com "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 16 | site:com "powered by BlogEngine.NET" 17 | site:com "powered by BlogEngine.NET" "Leave a comment" 18 | site:com "powered by BlogEngine.NET" "Leave a comment" -"comments closed" -"you must be logged in" 19 | site:com "powered by BlogEngine.NET" "add a comment" 20 | site:com "powered by BlogEngine.NET" "add a comment" -"comments closed" -"you must be logged in" 21 | site:com "powered by BlogEngine.NET" "post a comment" 22 | site:com "powered by BlogEngine.NET" "post a comment" -"comments closed" -"you must be logged in" 23 | site:com "powered by BlogEngine.NET" inurl:blog "Leave a comment" 24 | site:com "powered by BlogEngine.NET" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 25 | site:com "powered by BlogEngine.NET" inurl:blog "add a comment" 26 | site:com "powered by BlogEngine.NET" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 27 | site:com "powered by BlogEngine.NET" inurl:blog "post a comment" 28 | site:com "powered by BlogEngine.NET" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 29 | site:edu "Powered by BlogEngine.NET 1.4.5.0" 30 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" 31 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" -"comments closed" -"you must be logged in" 32 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "add a comment" 33 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "add a comment" -"comments closed" -"you must be logged in" 34 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "post a comment" 35 | site:edu "Powered by BlogEngine.NET 1.4.5.0" "post a comment" -"comments closed" -"you must be logged in" 36 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" 37 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 38 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" 39 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 40 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" 41 | site:edu "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 42 | site:edu "powered by BlogEngine.NET" 43 | site:edu "powered by BlogEngine.NET" "Leave a comment" 44 | site:edu "powered by BlogEngine.NET" "Leave a comment" -"comments closed" -"you must be logged in" 45 | site:edu "powered by BlogEngine.NET" "add a comment" 46 | site:edu "powered by BlogEngine.NET" "add a comment" -"comments closed" -"you must be logged in" 47 | site:edu "powered by BlogEngine.NET" "post a comment" 48 | site:edu "powered by BlogEngine.NET" "post a comment" -"comments closed" -"you must be logged in" 49 | site:edu "powered by BlogEngine.NET" inurl:blog "Leave a comment" 50 | site:edu "powered by BlogEngine.NET" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 51 | site:edu "powered by BlogEngine.NET" inurl:blog "add a comment" 52 | site:edu "powered by BlogEngine.NET" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 53 | site:edu "powered by BlogEngine.NET" inurl:blog "post a comment" 54 | site:edu "powered by BlogEngine.NET" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 55 | site:gov "Powered by BlogEngine.NET 1.4.5.0" 56 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" 57 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" -"comments closed" -"you must be logged in" 58 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "add a comment" 59 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "add a comment" -"comments closed" -"you must be logged in" 60 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "post a comment" 61 | site:gov "Powered by BlogEngine.NET 1.4.5.0" "post a comment" -"comments closed" -"you must be logged in" 62 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" 63 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 64 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" 65 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 66 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" 67 | site:gov "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 68 | site:gov "powered by BlogEngine.NET" 69 | site:gov "powered by BlogEngine.NET" "Leave a comment" 70 | site:gov "powered by BlogEngine.NET" "Leave a comment" -"comments closed" -"you must be logged in" 71 | site:gov "powered by BlogEngine.NET" "add a comment" 72 | site:gov "powered by BlogEngine.NET" "add a comment" -"comments closed" -"you must be logged in" 73 | site:gov "powered by BlogEngine.NET" "post a comment" 74 | site:gov "powered by BlogEngine.NET" "post a comment" -"comments closed" -"you must be logged in" 75 | site:gov "powered by BlogEngine.NET" inurl:blog "Leave a comment" 76 | site:gov "powered by BlogEngine.NET" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 77 | site:gov "powered by BlogEngine.NET" inurl:blog "add a comment" 78 | site:gov "powered by BlogEngine.NET" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 79 | site:gov "powered by BlogEngine.NET" inurl:blog "post a comment" 80 | site:gov "powered by BlogEngine.NET" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 81 | site:org "Powered by BlogEngine.NET 1.4.5.0" 82 | site:org "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" 83 | site:org "Powered by BlogEngine.NET 1.4.5.0" "Leave a comment" -"comments closed" -"you must be logged in" 84 | site:org "Powered by BlogEngine.NET 1.4.5.0" "add a comment" 85 | site:org "Powered by BlogEngine.NET 1.4.5.0" "add a comment" -"comments closed" -"you must be logged in" 86 | site:org "Powered by BlogEngine.NET 1.4.5.0" "post a comment" 87 | site:org "Powered by BlogEngine.NET 1.4.5.0" "post a comment" -"comments closed" -"you must be logged in" 88 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" 89 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 90 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" 91 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 92 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" 93 | site:org "Powered by BlogEngine.NET 1.4.5.0" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 94 | site:org "powered by BlogEngine.NET" 95 | site:org "powered by BlogEngine.NET" "Leave a comment" 96 | site:org "powered by BlogEngine.NET" "Leave a comment" -"comments closed" -"you must be logged in" 97 | site:org "powered by BlogEngine.NET" "add a comment" 98 | site:org "powered by BlogEngine.NET" "add a comment" -"comments closed" -"you must be logged in" 99 | site:org "powered by BlogEngine.NET" "post a comment" 100 | site:org "powered by BlogEngine.NET" "post a comment" -"comments closed" -"you must be logged in" 101 | site:org "powered by BlogEngine.NET" inurl:blog "Leave a comment" 102 | site:org "powered by BlogEngine.NET" inurl:blog "Leave a comment" -"comments closed" -"you must be logged in" 103 | site:org "powered by BlogEngine.NET" inurl:blog "add a comment" 104 | site:org "powered by BlogEngine.NET" inurl:blog "add a comment" -"comments closed" -"you must be logged in" 105 | site:org "powered by BlogEngine.NET" inurl:blog "post a comment" 106 | site:org "powered by BlogEngine.NET" inurl:blog "post a comment" -"comments closed" -"you must be logged in" 107 | -------------------------------------------------------------------------------- /cms/google-dorks-for-drupal.txt: -------------------------------------------------------------------------------- 1 | inurl:"/user/register" "Powered by Drupal" 2 | intitle:"index of " Drupal Author: Coudry hugo 3 | "Powered by Drupal" 4 | -------------------------------------------------------------------------------- /cms/google-dorks-for-joomla.txt: -------------------------------------------------------------------------------- 1 | 2 | "Consola de Joomla! Debug" inurl:index.php 3 | "Joomla! Administration Login" inurl:"/index.php" 4 | "com_joom12pic" 5 | "com_joomlaflashfun" 6 | "index.php?option=com_news_portal" or "Powered by iJoomla News Portal" 7 | "powered by joomla 3.2" OR "powered by joomla 3.3" OR "powered by joomla 3.4" 8 | Joomla Component com_eportfolio Upload Vulnerability 9 | com_ijoomla_rss 10 | index2.php?option=com_joomlaboard 11 | intext:"joomla! 1.6 - Open Source Content Management" 12 | intext:"joomla! 1.7 - Open Source Content Management" 13 | intext:"~~Joomla1.txt" title:"Index of /" 14 | intext:Joomla 1.6 inurl:index.php/login 15 | intext:Joomla 1.6 inurl:index.php/registration 16 | intext:Joomla 1.7 inurl:index.php/login 17 | intext:Joomla 1.7 inurl:index.php/registration 18 | intitle:"Index of /" "joomla_update.php" 19 | intitle:"Joomla - Web Installer" 20 | intitle:"Joomla – Web Installer" 21 | inurl:"com_ijoomla_archive" 22 | inurl:"com_joomlaradiov5" 23 | inurl:"index.php?option=com_bookjoomlas" 24 | inurl:com_joomladate 25 | inurl:com_joomradio 26 | inurl:component/content/ 27 | inurl:component/content/?view=featured&format=feed&type=atom 28 | inurl:index.php/plugins site: 29 | inurl:index.php/rss=feed site: 30 | inurl:index.php/using-joomla/extensions/modules/ intext:joomla! 1.7 31 | inurl:index.php/using-joomla/extensions/modules/19-sample-data-articles/joomla/50-upgraders 32 | inurl:index.php/using-joomla/extensions/plugins?format=feed&type=rss 33 | inurl:index.php/using/joomla site:com 34 | inurl:index.php?format=feed&type=atom 35 | inurl:index.php?format=feed&type=rss 36 | inurl:index.php?option=com_joomlaconnect_be 37 | inurl:index.php?option=com_joomradio 38 | inurl:using-joomla/extensions/templates/beez5/home-page-beez5 39 | inurl:~~joomla3.txt filetype:txt 40 | -------------------------------------------------------------------------------- /cms/google-dorks-for-typo3.txt: -------------------------------------------------------------------------------- 1 | intitle:"Installing TYPO3 CMS" 2 | intitle:"TYPO3 CMS" 3 | inurl:"/typo3conf/ext/pw_highslide_gallery/" 4 | inurl:"typo3" 5 | inurl:"typo3/index.php?u=" -demo 6 | inurl:'/typo3conf/ext/yag_themepack_jquery/' 7 | inurl:/typo3/typo3conf 8 | inurl:index.php?id= "TYPO3 CMS" 9 | inurl:typo3conf 10 | inurl:typo3conf/localconf.php 11 | "TYPO3 CMS login" 12 | -------------------------------------------------------------------------------- /cms/google-dorks-for-wordpress.txt: -------------------------------------------------------------------------------- 1 | "is proudly powered by WordPress" 2 | "plugins/wp-db-backup/wp-db-backup.php" 3 | filetype:sql inurl:wp-content/backup-* 4 | filetype:sql inurl:wp-content/* 5 | filetype:txt inurl:wp-config.txt 6 | intext:"the WordPress" inurl:wp-config ext:txt 7 | intitle:"Index of" wp-admin 8 | intitle:"Index of" wp-config 9 | intitle:"Index of" wp-config.php 10 | intitle:"Index of" wp-content 11 | intitle:"Index of" wp-upload 12 | inurl:"/wp-admin/setup-config.php" intitle:"Setup Configuration File" 13 | inurl:"/wp-content/plugins/wp-mobile-detector/" ext:php 14 | inurl:"/wp-content/plugins/wp-shopping-cart/" 15 | inurl:"/wp-content/uploads/db-backup" 16 | inurl:"/wp-content/uploads/levoslideshow/" 17 | inurl:"/wp-content/wpclone-temp/wpclone_backup/" 18 | inurl:"/wp-json/" -wordpress 19 | inurl:"/wp-login.php?action=lostpassword" 20 | inurl:"wp-content/uploads/file-manager/log.txt" 21 | inurl:"wp-content/uploads/private" 22 | inurl:"wp-contentpluginsall-in-one-seo-pack" 23 | inurl:"wp-download.php?dl_id=" 24 | inurl:"wp-license.php?file=../..//wp-config" 25 | inurl:"wp-security-audit-log" ext:log 26 | inurl:/wp-admin/admin-ajax.php?action=revslider_ajax_action 27 | inurl:/wp-admin/admin.php intitle:"Log In" 28 | inurl:/wp-admin/includes/plugin-install.php 29 | inurl:/wp-admin/post.php?post= 30 | inurl:/wp-content/ai1wm-backups + wpress 31 | inurl:/wp-content/plugins/fgallery/ 32 | inurl:/wp-content/plugins/inboundio-marketing/ 33 | inurl:/wp-content/plugins/seo-pressor/classes/ 34 | inurl:/wp-content/plugins/video-synchro-pdf 35 | inurl:/wp-content/plugins/wpSS/ 36 | inurl:/wp-content/themes/tigin/ 37 | inurl:/wp-content/themes/xunjin/ 38 | inurl:/wp-content/uploads/ filetype:sql 39 | inurl:/wp-content/uploads/ninja-forms/ intitle:"index of" 40 | inurl:/wp-content/uploads/wp-backup-plus/ 41 | inurl:/wp-content/w3tc/dbcache/ 42 | inurl:/wp-content/wpbackitup_backups 43 | inurl:/wp-includes/certificates/ 44 | inurl:/wp-json/wp/v2/users/ "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com 45 | inurl:/wp/ + "Login" 46 | inurl:/wp/wp-admin/ 47 | inurl:log -intext:log ext:log inurl:wp- 48 | inurl:wp-admin/ intext:css/ 49 | inurl:wp-admin/admin-ajax.php inurl:wp-config.php 50 | inurl:wp-config -intext:wp-config "'DB_PASSWORD'" 51 | inurl:wp-config-backup.txt 52 | inurl:wp-config.bak 53 | inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner 54 | inurl:wp-content intext:backup-db 55 | inurl:wp-content/debug.log 56 | inurl:wp-content/plugins/age-verification/age-verification.php 57 | inurl:wp-content/uploads filetype:xls | filetype:xlsx password 58 | inurl:wp-content/uploads/dump.sql 59 | inurl:wp-links-opml.php 60 | inurl:wp-login.php +Register Username Password "remember me" -echo -trac -footwear 61 | inurl:wp-login.php Register Username Password -echo 62 | inurl:wp-login.php?action=register 63 | inurl:wp-mail.php + "There doesn't seem to be any new mail." 64 | inurl:wp-mail.php + "There doesn't seem to be any new mail." 65 | inurl:wp-mail.php + “There doesn’t seem to be any new mail.” 66 | inurl:wp/wp-login.php 67 | site:*/wordpress/wordpress.bak/ 68 | site:*/wp-admin/install.php intitle:WordPress Installation 69 | site:*/wp-admin/maint/repair.php intext:"define(WP_ALLOW_REPAIR,true);" 70 | site:*/wp-admin/user-edit.php 71 | site:*/wp-contents/ inurl:/wp-contents/ 72 | site:*/wp-includes/ inurl:/wp-includes/ 73 | site:*/wp-includes/Requests/php_errorlog 74 | site:*/wp-login?redirect_to= intitle:"login" 75 | site:*/wp-settings.php 76 | inurl:wp-content/ inurl:backups 77 | Index:Index of /wp-content/uploads 78 | -------------------------------------------------------------------------------- /cms/google-dorks-magento.txt: -------------------------------------------------------------------------------- 1 | "Log in" "Magento is a trademark of Magento Inc." 2 | php jembut.php "/account/create/" 3 | php jembut.php "/account/forgotpassword" 4 | php jembut.php "/account/login/" 5 | php jembut.php "/adminhtml/default/default/" 6 | php jembut.php "/catalog/seo_sitemap/category/" 7 | php jembut.php "/catalogsearch/advanced" 8 | php jembut.php "/catalogsearch/result/" 9 | php jembut.php "/catalogsearch/result?q=" 10 | php jembut.php "/catalogsearch/term/popular/" 11 | php jembut.php "/customer/account/" 12 | php jembut.php "/customer/account/login/referer/" 13 | php jembut.php "/default/sales/" 14 | php jembut.php "/firecheckout/" 15 | php jembut.php "/frontend/enterprise/" 16 | php jembut.php "/index.php/catalog/seo_sitemap/category/" 17 | php jembut.php "/index.php/catalogsearch/term/popular/" 18 | php jembut.php "/js/mage/" 19 | php jembut.php "/sales/guest/form/" 20 | php jembut.php "/skin/adminhtml/default/" 21 | php jembut.php "/skin/frontend/" 22 | php jembut.php "Login or Create an Account. Registered Customers. If you have an account with us, log in using your email address. *Email Address. *Password. Login" 23 | php jembut.php "index.php/account/create/" 24 | php jembut.php "index.php/account/create/" 25 | php jembut.php "index.php/account/forgotpassword" 26 | php jembut.php "index.php/account/login/" 27 | php jembut.php "index.php/adminhtml/default/default 28 | php jembut.php "index.php/catalogsearch/advanced" 29 | php jembut.php "index.php/catalogsearch/result/" 30 | php jembut.php "index.php/catalogsearch/result?q=" 31 | php jembut.php "index.php/customer/account/" 32 | php jembut.php "index.php/customer/account/login/referer/" 33 | php jembut.php "index.php/default/sales/" 34 | php jembut.php "index.php/sales/guest/" 35 | php jembut.php "index.php/sales/guest/form/" 36 | php jembut.php "inurl:/account/create/" 37 | php jembut.php "inurl:/account/create/" 38 | php jembut.php "inurl:/account/forgotpassword" 39 | php jembut.php "inurl:/account/login/" 40 | php jembut.php "inurl:/adminhtml/default/default/" 41 | php jembut.php "inurl:/catalogsearch/advanced" 42 | php jembut.php "inurl:/catalogsearch/result/" 43 | php jembut.php "inurl:/catalogsearch/result?q=" 44 | php jembut.php "inurl:/customer/account/" 45 | php jembut.php "inurl:/customer/account/login/referer/" 46 | php jembut.php "inurl:/default/sales/" 47 | php jembut.php "inurl:/sales/guest/form/" 48 | php jembut.php "inurl:lib/3Dsecure/" 49 | php jembut.php "inurl:lib/LinLibertineFont/" 50 | php jembut.php "inurl:lib/LinLibertineFont/" 51 | php jembut.php "inurl:lib/flex/" 52 | php jembut.php "inurl:lib/googlecheckout/" 53 | php jembut.php "inurl:skin/frontend/base/" 54 | php jembut.php "inurl:skin/frontend/default/blank/" 55 | php jembut.php "inurl:skin/frontend/default/blue/" 56 | php jembut.php "inurl:skin/frontend/default/default/" 57 | php jembut.php "inurl:skin/frontend/default/french/" 58 | php jembut.php "inurl:skin/frontend/default/german/" 59 | php jembut.php "inurl:skin/frontend/default/iphone/" 60 | php jembut.php "inurl:skin/frontend/default/modern/" 61 | php jembut.php "lib/3Dsecure/" 62 | php jembut.php "lib/LinLibertineFont/" 63 | php jembut.php "lib/LinLibertineFont/" 64 | php jembut.php "lib/flex/" 65 | php jembut.php "lib/googlecheckout/" 66 | php jembut.php "skin/frontend/base/" 67 | php jembut.php "skin/frontend/default/" 68 | php jembut.php "skin/frontend/default/blank/" 69 | php jembut.php "skin/frontend/default/blue/" 70 | php jembut.php "skin/frontend/default/default/" 71 | php jembut.php "skin/frontend/default/french/" 72 | php jembut.php "skin/frontend/default/german/" 73 | php jembut.php "skin/frontend/default/iphone/" 74 | php jembut.php "skin/frontend/default/modern/" 75 | -------------------------------------------------------------------------------- /finding-username-passwords/google-dorks-for-aws-passwords.txt: -------------------------------------------------------------------------------- 1 | aws-secret 2 | s3 site:amazonaws.com filetype:sql 3 | aws SECRET_KEY 4 | aws session_token access_key 5 | aws_access_key_id 6 | aws_secret_access_key 7 | AWS_SECURITY_TOKEN 8 | AWS_S3_SECRET_ACCESS_KEY 9 | s3-secret-access-key 10 | ARTIFACTS_AWS_ACCESS_KEY_ID= 11 | ARTIFACTS_AWS_SECRET_ACCESS_KEY= 12 | AWSSECRETKEY= 13 | AWS_SES_SECRET_ACCESS_KEY= 14 | AWS_SES_ACCESS_KEY_ID= 15 | 16 | -------------------------------------------------------------------------------- /finding-username-passwords/google-dorks-for-mysql-passwords.txt: -------------------------------------------------------------------------------- 1 | mysql history files 2 | mysql intext:passwords filetype:txt 3 | mysql history files filetype:txt 4 | mysql root filetype:txt 5 | mysql filetype:xml 6 | mysql settings filetype:xml 7 | mysql secrect password 8 | -------------------------------------------------------------------------------- /finding-username-passwords/google-dorks-for-postgres-passwords.txt: -------------------------------------------------------------------------------- 1 | "POSTGRES_PASSWORD=" ext:txt | ext:cfg | ext:env | ext:ini | ext:yml | ext:sql -git -gitlab 2 | jdbc:postgresql://localhost: + username + password ext:yml | ext:java -git -gitlab 3 | "PostgreSQL query failed: ERROR: parser: parse error" 4 | "Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" 5 | Supplied argument is not a valid PostgreSQL result 6 | -------------------------------------------------------------------------------- /google-dorks-best-log.txt: -------------------------------------------------------------------------------- 1 | filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error" 2 | filetype:log "See `ipsec --copyright" 3 | filetype:log access.log -CVS 4 | filetype:log cron.log 5 | filetype:log intext:"ConnectionManager2" 6 | filetype:log inurl:"password.log" 7 | filetype:log inurl:password.log 8 | intitle:index.of cleanup.log 9 | intitle:index.of filetype:log 10 | intitle:index.of log 11 | filetype:log inurl:nginx 12 | filetype:log inurl:database 13 | filetype:log inurl:bin 14 | filetype:syslog 15 | allintext:username filetype:log 16 | inurl:error filetype:log 17 | inurl:nginx filetype:log 18 | -------------------------------------------------------------------------------- /google-dorks-for-backups.txt: -------------------------------------------------------------------------------- 1 | inurl:backup 2 | inurl:backup.zip 3 | inurl:backup.rar 4 | inurl:backup.sql 5 | inurl:backup filetype:sql 6 | inurl:save filetype:sql 7 | inurl:web.zip 8 | inurl:website.zip 9 | filetype:bak 10 | filetype:abk 11 | inurl:backup "Parent Directory" 12 | -------------------------------------------------------------------------------- /google-dorks-for-bug-bounty-programs.txt: -------------------------------------------------------------------------------- 1 | "If you believe you've found a security vulnerability" 2 | "If you find a security issue" "reward" 3 | "Report a Vulnerability" 4 | "cms" bug bounty 5 | "powered by bugcrowd" -site:bugcrowd.com 6 | "powered by synack" 7 | "responsible disclosure" intext:"you may be eligible for monetary compensation" 8 | "responsible disclosure" university 9 | "security vulnerability" "report" 10 | "submit vulnerability report" 11 | "van de melding met een minimum van een" -site:responsibledisclosure.nl 12 | "vulnerability reporting policy" 13 | /trust/report-a-vulnerability 14 | buy bitcoins "bug bounty" 15 | insite:"responsible disclosure" -inurl:nl 16 | intext responsible disclosure 17 | intext:"BugBounty" and intext:"BTC" and intext:"reward" 18 | intext:"we take security very seriously" 19 | intext:Vulnerability Disclosure site:eu 20 | intext:Vulnerability Disclosure site:nl 21 | intext:bounty inurl:/security 22 | intext:responsible disclosure bounty 23 | intext:security report monetary inurl:security 24 | intext:security report reward inurl:report 25 | intext:security hackerone 26 | inurl /bug bounty 27 | inurl : / responsible-disclosure/ bounty 28 | inurl : / responsible-disclosure/ swag 29 | inurl : / security 30 | inurl : /responsible disclosure 31 | inurl : /responsible-disclosure/ reward 32 | inurl"security report" 33 | inurl: "responsible disclosure", "bug bounty", "bugbounty" 34 | inurl: private bugbountyprogram 35 | inurl:"bug bounty" and intext:"$" and inurl:/security 36 | inurl:"bug bounty" and intext:"INR" and inurl:/security 37 | inurl:"bug bounty" and intext:"€" and inurl:/security 38 | inurl:'/responsible disclosure' hoodie 39 | inurl:'vulnerability-disclosure-policy' reward 40 | inurl:/.well-known/security ext:txt 41 | inurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbounty 42 | inurl:/.well-known/security ext:txt intext:hackerone 43 | inurl:/responsible-disclosure/ university 44 | inurl:/security ext:txt "contact" 45 | inurl:/security ext:txt "contact" 46 | inurl:/security.txt "mailto*" -github.com -wikipedia.org -portswigger.net -magento 47 | inurl:reporting-security-issues 48 | inurl:responsible-disclosure-policy 49 | inurl:security "reward" 50 | inurl:security-policy.txt ext:txt 51 | inurl:security.txt 52 | responsible disclosure bounty r=h:eu 53 | responsible disclosure bounty r=h:nl 54 | responsible disclosure bounty r=h:uk 55 | responsible disclosure europe 56 | responsible disclosure hall of fame 57 | responsible disclosure inurl:in 58 | responsible disclosure r=h:eu 59 | responsible disclosure r=h:nl 60 | responsible disclosure r=h:uk 61 | responsible disclosure reward r=h:eu 62 | responsible disclosure reward r=h:nl 63 | responsible disclosure reward r=h:uk 64 | responsible disclosure swag r=h:com 65 | responsible disclosure swag r=h:eu 66 | responsible disclosure swag r=h:nl 67 | responsible disclosure swag r=h:uk 68 | responsible disclosure white hat 69 | responsible disclosure:sites 70 | site .nl responsible disclosure 71 | site eu responsible disclosure 72 | site responsible disclosure 73 | site:*.*.* inurl:bug inurl:bounty 74 | site:*.*.cn intext:security report reward 75 | site:*.*.de inurl:bug inurl:bounty 76 | site:*.*.nl intext:responsible disclosure reward 77 | site:*.*.nl intext:security report reward 78 | site:*.*.uk intext:security report reward 79 | site:*.at responsible disclosure 80 | site:*.au responsible disclosure 81 | site:*.be responsible disclosure 82 | site:*.br responsible disclosure 83 | site:*.edu intext:security report vulnerability 84 | site:*.gov.* "responsible disclosure" 85 | site:help.*.* inurl:bounty 86 | site:responsibledisclosure.com 87 | site:security.*.* inurl: bounty 88 | site:support.*.* intext:security report reward 89 | white hat program 90 | -------------------------------------------------------------------------------- /google-dorks-for-companys.txt: -------------------------------------------------------------------------------- 1 | inurl:amazonaws.com inurl:company 2 | site:amazonaws.com inurl:company 3 | site:http://atlassian.net inurl:company 4 | site:atlassian.net intext:company 5 | site:http://github.com intext:company 6 | site:http://gitlab.com intext:company 7 | site:http://pastebin.com inurl:company 8 | site:http://repl.it intext:company 9 | site:http://s3.amazonaws.com inurl:company 10 | site:http://scribd.com intext:company 11 | site:http://zoom.us inurl:company 12 | site:https://docs.google.com/document/d/ password intext:company 13 | site:https://docs.google.com/forms responses intext:company 14 | site:https://docs.google.com/forms viewanalytics intext:company 15 | site:https://docs.google.com/spreadsheets edit intext:company 16 | site:https://docs.google.com/spreadsheets responses intext:company 17 | site:https://docs.google.com/spreadsheets/d/ password intext:company 18 | -------------------------------------------------------------------------------- /google-dorks-for-conf.txt: -------------------------------------------------------------------------------- 1 | intitle:"index of" inurl:app.conf 2 | intitle:"index of" inurl:conf 3 | Name Last modified Size Description inurl:conf 4 | filetype:conf 5 | configuration filetype:txt 6 | inurl:config.inc 7 | password host inurl:config filetype:txt 8 | inurl:config password host 9 | filetype:conf 10 | inurl:conf.xml 11 | inurl:conf.ini 12 | inurl:conf.js 13 | inurl:conf.json 14 | inurl:configuration.json 15 | inurl:configuration.js 16 | inurl:configuration.xml 17 | inurl:config secret host 18 | inurl:secret filetype:yaml 19 | inurl:conf filetype:xml 20 | inurl:Makefile.toml 21 | inurl:Makefile 22 | inurl:conf.yaml 23 | -------------------------------------------------------------------------------- /google-dorks-for-database-files.txt: -------------------------------------------------------------------------------- 1 | inurl:db.sql 2 | inurl:db.sqlite 3 | inurl:setup.sql 4 | inurl:mysql.sql 5 | inurl:users.sql 6 | inurl:backup.sql 7 | inurl:db filetype:sql 8 | inurl:backup filetype:sql 9 | create table filetype:sql 10 | "-- MySQL dump" "Server version" "Table structure for table" 11 | inurl:/db/websql/ 12 | filetype:sql 13 | inurl:backup filetype:sql 14 | -------------------------------------------------------------------------------- /google-dorks-for-excel-files.txt: -------------------------------------------------------------------------------- 1 | company filetype:xls 2 | company filetype:cvs 3 | -------------------------------------------------------------------------------- /google-dorks-for-finding-aws-s3.txt: -------------------------------------------------------------------------------- 1 | site:http://s3.amazonaws.com intitle:index.of.bucket 2 | site:http://amazonaws.com inurl:".s3.amazonaws.com/" 3 | site:.s3.amazonaws.com "Company" 4 | intitle:index.of.bucket 5 | site:http://s3.amazonaws.com intitle:Bucket loading 6 | site:*.amazonaws.com inurl:index.html 7 | Bucket Date Modified 8 | -------------------------------------------------------------------------------- /google-dorks-for-git-files.txt: -------------------------------------------------------------------------------- 1 | inurl:.git-credentials 2 | inurl:.gitconfig 3 | intext:"index of /.git" "parent directory" 4 | filetype:git -github.com inurl:"/.git" 5 | (intext:"index of /.git") ("parent directory") 6 | inurl:ORIG_HEAD 7 | intitle:"index of" ".gitignore" 8 | ".git" intitle:"Index of" 9 | (intext:"index of /.git") ("parent directory") 10 | "Parent Directory" "Last modified" git 11 | inurl:git 12 | -------------------------------------------------------------------------------- /google-dorks-for-grafana.txt: -------------------------------------------------------------------------------- 1 | intitle:"grafana" inurl:"/grafana/login" "Forgot your password" 2 | intitle:"Grafana - Home" inurl:/orgid 3 | intitle:Grafana inurl:orgid 4 | inurl:login "Welcome to Grafana" 5 | "Welcome to Grafana" inurl:/orgid 6 | intitle:"Welcome to Grafana" 7 | -------------------------------------------------------------------------------- /google-dorks-for-js-secrets.txt: -------------------------------------------------------------------------------- 1 | secret inurl:js filetype:txt 2 | -------------------------------------------------------------------------------- /google-dorks-for-kibana.txt: -------------------------------------------------------------------------------- 1 | inurl:"/app/kibana#" 2 | -------------------------------------------------------------------------------- /google-dorks-for-login.txt: -------------------------------------------------------------------------------- 1 | site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login 2 | inurl:wp-login 3 | inurl:login 4 | inurl:user-login 5 | inurl:"/wp-login.php?action=lostpassword" 6 | inurl:& intext:admin intext:login 7 | site:password.*.* intitle:"login" 8 | site:portal.*.* intitle:"login" 9 | site:sftp.*.*/ intext:"login" intitle:"server login" 10 | site:user.*.* intitle:"login" 11 | "Joomla! Administration Login" inurl:"/index.php" 12 | intext:Joomla 1.6 inurl:index.php/login 13 | intitle:"grafana" inurl:"/grafana/login" "Forgot your password" 14 | inurl:login "Welcome to Grafana" 15 | php jembut.php "/account/login/" 16 | php jembut.php "/customer/account/login/referer/" 17 | intext:"HostingAccelerator" intitle:"login" +"Username" -"news" -demo 18 | intext:"IMail Server Web Messaging" intitle:login 19 | inurl:/eftclient/account/login.htm 20 | inurl:/pro_users/login 21 | inurl:"servicedesk/customer/user/login" 22 | inurl:"/phpmyadmin/user_password.php 23 | inurl:"/?q=user/password/" 24 | "Login Pages":"site:target.com inurl:login | inurl:signin | intitle:Login | intitle: signin | inurl:auth" 25 | inurl:"/carbon/admin/login.jsp" 26 | inurl:webvpn.html "login" "Please enter your" 27 | inurl:/administrator/index.php?autologin=1 28 | "login" "user" "password" 29 | -------------------------------------------------------------------------------- /google-dorks-for-monitoring.txt: -------------------------------------------------------------------------------- 1 | inurl:awstats 2 | inurl:monitoring 3 | inurl:monitoring1 4 | inurl:monitoring2 5 | inurl:stats 6 | inurl:monitor 7 | inurl:monitor2 8 | inurl:monitor1 9 | inurl:monitor01 10 | inurl:monitor02 11 | inurl:monitoramento 12 | inurl:ipmonitor 13 | inurl:webstats 14 | inurl:netstats 15 | inurl:labstats 16 | inurl:logtstats 17 | inurl:log 18 | inurl:livestats 19 | inurl:livemonitoring 20 | "Parent Directory" "Last modified" monitoring 21 | inurl:nagios/side.php 22 | inurl:kibana 23 | inurl:grafana 24 | inurl:cacti 25 | inurl:munin 26 | -------------------------------------------------------------------------------- /google-dorks-for-open-redirect.txt: -------------------------------------------------------------------------------- 1 | site:*.redacted.com AND (inurl:url OR inurl:continue OR inurl:returnto OR inurl:redirect OR inurl:return OR inurl:target OR inurl:site OR inurl:view OR inurl:path) 2 | inurl:url OR inurl:continue OR inurl:returnto OR inurl:redirect OR inurl:return OR inurl:target OR inurl:site OR inurl:view OR inurl:path 3 | inurl:url 4 | inurl:ret 5 | inurl:url inurl:& 6 | inurl:return inurl:& 7 | inurl:continue 8 | inurl:next 9 | inurl:returnto 10 | inurl:redirect 11 | inurl:/cgi-bin/redirect.cgi 12 | inurl:/out/ 13 | inurl:view 14 | inurl:/login?to= 15 | inurl:url inurl:& 16 | inurl:redirect inurl:& 17 | inurl:continue inurl:& 18 | inurl:next inurl:& 19 | inurl:target 20 | inurl:http 21 | inurl:=www 22 | inurl:.com inurl:& 23 | inurl:site 24 | inurl:rurl 25 | inurl:next inurl:& 26 | inurl:link 27 | inurl:go inurl:& 28 | inurl:target inurl:& 29 | inurl:dest inurl:& 30 | inurl:destination inurl:& 31 | inurl:redir inurl:& 32 | inurl:redirect_uri inurl:& 33 | inurl:redirect inurl:& 34 | inurl:view inurl:& 35 | inurl:image_url inurl:& 36 | inurl:return inurl:& 37 | inurl:returnTo inurl:& 38 | inurl:return_to inurl:& 39 | inurl:return_path inurl:& 40 | inurl:path inurl:& 41 | inurl:dest 42 | inurl:destination 43 | inurl:redir 44 | inurl:redirect_uri 45 | inurl:redirect 46 | inurl:view 47 | inurl:image_url 48 | inurl:return 49 | inurl:returnTo 50 | inurl:return_to 51 | inurl:return_path 52 | inurl:path 53 | .php?redirect=" 54 | all.php?redirect= 55 | gallery.php?redirect= 56 | include.php?redirect= 57 | -------------------------------------------------------------------------------- /google-dorks-for-presentations: -------------------------------------------------------------------------------- 1 | filetype:pptx 2 | inurl:presentation filetype:pdf 3 | presentation filetype:pdf 4 | -------------------------------------------------------------------------------- /google-dorks-for-sql-injection.txt: -------------------------------------------------------------------------------- 1 | .php?module= 2 | ?action= 3 | ?page= 4 | ?pid= 5 | ?search= 6 | Book.php?bookID= 7 | BookDetails.php?ID= 8 | Browse_Item_Details.php?Store_Id= 9 | StoreRedirect.php?ID= 10 | ViewProduct.php?misc= 11 | WsAncillary.php?ID= 12 | WsPages.php?ID=noticiasDetalle.php?xid= 13 | about.php?cartID= 14 | abroad/page.php?cid= 15 | accinfo.php?cartId= 16 | acclogin.php?cartID= 17 | add-to-cart.php?ID= 18 | add.php?bookid= 19 | addItem.php 20 | addToCart.php?idProduct= 21 | add_cart.php?num= 22 | addcart.php? 23 | addtomylist.php?ProdId= 24 | adminEditProductFields.php?intProdID= 25 | advSearch_h.php?idCategory= 26 | affiliate-agreement.cfm?storeid= 27 | affiliate.php?ID= 28 | affiliates.php?id= 29 | aktuelles/meldungen-detail.php?id= 30 | ancillary.php?ID= 31 | archive.php?id= 32 | archive/get.php?message_id= 33 | article.php?id= 34 | basket.php?id= 35 | bayer/dtnews.php?id= 36 | bbs/bbsView.php?id= 37 | bbs/view.php?no= 38 | beitrag_D.php?id= 39 | beitrag_F.php?id= 40 | board/board.html?table= 41 | board/view.php?no= 42 | boardView.php?bbs= 43 | book.php?ID= 44 | book.php?id= 45 | book/bookcover.php?bookid= 46 | book_detail.php?BookID= 47 | book_list.php?bookid= 48 | book_view.php?bookid= 49 | bookmark/mybook/bookmark.php?bookPageNo= 50 | bookpage.php?id= 51 | books/book.php?proj_nr= 52 | browse.php?catid= 53 | browse_item_details.php 54 | buy.php? 55 | buy.php?bookid= 56 | bycategory.php?id= 57 | cardinfo.php?card= 58 | cart.php?action= 59 | cart.php?cart_id= 60 | catalog/main.php?cat_id= 61 | catalog/product.php?cat_id= 62 | catalog/product.php?pid= 63 | categories.php?cat= 64 | category.php?catid= 65 | category.php?id= 66 | cats.php?cat= 67 | cbmer/congres/page.php?LAN= 68 | cloudbank/detail.php?ID= 69 | community/calendar-event-fr.php?id= 70 | content.php?ID= 71 | content.php?PID= 72 | content.php?id= 73 | content.php?p= 74 | content/detail.php?id= 75 | content/index.php?id= 76 | county-facts/diary/vcsgen.php?id= 77 | cryolab/content.php?cid= 78 | customer/board.htm?mode= 79 | de/content.php?page_id= 80 | default.php?cPath= 81 | detail.php?id= 82 | detail.php?prodID= 83 | detail.php?prodid= 84 | details.php?ProdID= 85 | details.php?prodId= 86 | docDetail.aspx?chnum= 87 | e_board/modifyform.html?code= 88 | els_/product/product.php?id= 89 | en/publications.php?id= 90 | eng/rgboard/view.php?&bbs_id= 91 | eng_board/view.php?T****= 92 | english/fonction/print.php?id= 93 | english/publicproducts.php?groupid= 94 | events/detail.php?ID= 95 | forum/profile.php?id= 96 | gallery.php?id= 97 | gallerysort.php?iid= 98 | garden_equipment/Fruit-Cage/product.php?pr= 99 | general.php?id= 100 | gig.php?id= 101 | global/product/product.php?gubun= 102 | gnu/?doc= 103 | goboard/front/board_view.php?code= 104 | goods_detail.php?data= 105 | help/com_view.html?code= 106 | hm/inside.php?id= 107 | home.php?cat= 108 | idlechat/message.php?id= 109 | index.php/en/component/pvm/?view= 110 | index.php?area_id= 111 | index.php?i= 112 | index.php?id= 113 | index.php?modus= 114 | index.php?page= 115 | index.php?pageid= 116 | index.php?section= 117 | index.php?site= 118 | index.php?url= 119 | index.php?w= 120 | item.php?id= 121 | item_book.php?CAT= 122 | kboard/kboard.php?board= 123 | ls.php?id= 124 | m_view.php?ps_db= 125 | magazines/adult_magazine_full_year.php?magid= 126 | magazines/adult_magazine_single_page.php?magid= 127 | main.php?id= 128 | mall/more.php?ProdID= 129 | media/pr.php?id= 130 | modules.php?bookid= 131 | more_detail.php?id= 132 | more_details.php?id= 133 | n_replyboard.php?typeboard= 134 | naboard/memo.php?bd= 135 | news.php?ID= 136 | news.php?id= 137 | news.php?t= 138 | news/news/title_show.php?id= 139 | news/temp.php?id= 140 | news_and_notices.php?news_id= 141 | news_item.php?id= 142 | nyheder.htm?show= 143 | obio/detail.php?id= 144 | onlinesales/product.php?product_id= 145 | order.asp?lotid= 146 | ourblog.php?categoryid= 147 | packages_display.php?ref= 148 | page.php?modul= 149 | page.php?module= 150 | page/de/produkte/produkte.php?prodID= 151 | pages.php?id= 152 | photogallery.php?id= 153 | phpx?PageID 154 | podcast/item.php?pid= 155 | prev_results.php?prodID= 156 | print.php?id= 157 | print.php?sid= 158 | product-list.php?id= 159 | product.php?id= 160 | product.php?pid= 161 | product.php?shopprodid= 162 | product.php?sku= 163 | product/list.php?pid= 164 | product/product.php?cate= 165 | product/product.php?product_no= 166 | productList.php?cat= 167 | product_detail.php?product_id= 168 | product_details.php?prodid= 169 | product_info.php?products_id= 170 | productlist.php?fid= 171 | productlist.php?tid= 172 | products.php?act= 173 | products.php?cat= 174 | products.php?p= 175 | products/card.php?prodID= 176 | products/product.php?id= 177 | products/product.php?pid= 178 | rating.php?id= 179 | review/review_form.php?item_id= 180 | rounds-detail.php?id= 181 | rss.php?cat= 182 | s.php?w= 183 | schule/termine.php?view= 184 | shop/index.php?cPath= 185 | showsub.php?id= 186 | sitio/item.php?idcd= 187 | socsci/events/full_details.php?id= 188 | socsci/news_items/full_story.php?id= 189 | software_categories.php?cat_id= 190 | store/description.php?iddesc= 191 | store/product.php?productid= 192 | storemanager/contents/item.php?page_code= 193 | subcategories.php?id= 194 | tek9.php? 195 | template.php?Action=Item&pid= 196 | templet.php?acticle_id= 197 | topic.php?ID= 198 | tuangou.php?bookid= 199 | type.php?iType= 200 | updatebasket.php?bookid= 201 | updates.php?ID= 202 | usb/devices/showdev.php?id= 203 | view.php?cid= 204 | view/7/9628/1.html?reply= 205 | viewCart.php?userID= 206 | viewCat_h.php?idCategory= 207 | viewPrd.php?idcategory= 208 | view_author.php?id= 209 | view_cart.php?title= 210 | view_detail.php?ID= 211 | view_items.php?id= 212 | viewcart.php?CartId= 213 | viewevent.php?EventID= 214 | viewitem.php?recor= 215 | voteList.php?item_ID= 216 | whatsnew.php?idCategory= 217 | www/index.php?page= 218 | zb/view.php?uid= 219 | -------------------------------------------------------------------------------- /google-dorks-for-stats.txt: -------------------------------------------------------------------------------- 1 | inurl:/awstats 2 | inurl:/awstats.**?amp;output=;1 3 | inurl:/awstats.**?amp;lang=;1 4 | inurl:/awstats.**?...&output=;1 5 | inurl:/webalizer.current;1 6 | inurl:/xmlrpc.php;1 7 | inurl:/awstats.**?year=;1 8 | inurl:/webalizer 9 | inurl:/stats/usage 10 | inurl:/awstats -github 11 | inurl:system-day.html 12 | inurl:disk-day.html 13 | inurl:stats.html 14 | "Welcome to Grafana" intitle:Grafana 15 | inurl:/stats 16 | -------------------------------------------------------------------------------- /google-dorks-for-webserver.txt: -------------------------------------------------------------------------------- 1 | "About Mac OS Personal Web Sharing" 2 | "AnWeb/1.42h" intitle:index.of 3 | "Application Blocked!" "Google bot" 4 | "CERN httpd 3.0B (VAX VMS)" 5 | "Cisco Systems, Inc. All Rights Reserved." -cisco.com filetype:jsp 6 | "I have been invoked by servletToJSP" 7 | "JRun Web Server" intitle:index.of 8 | "MaXX/3.1" intitle:index.of 9 | "Microsoft-IIS/* server at" intitle:index.of 10 | "Microsoft-IIS/4.0" intitle:index.of 11 | "Microsoft-IIS/5.0 server at" 12 | "Microsoft-IIS/6.0" intitle:index.of 13 | "NTRIP Caster Table Contents" "This is a SNIP NTRIP Caster" 14 | "Netware * Home" inurl:nav.html 15 | "Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide 16 | "OmniHTTPd/2.10" intitle:index.of 17 | "OpenSA/1.0.4" intitle:index.of 18 | "PHP Credits" "Configuration" "PHP Core" ext:php inurl:info 19 | "Powered by 123LogAnalyzer" 20 | "Powered by BOINC" 21 | "Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style" 22 | "Powered by vShare" 23 | "Powered by" 24 | "Proudly created with Wix.com" 25 | "RDServer Product information" | inurl:"/rdagent.jsp" 26 | "Red Hat Secure/2.0" 27 | "Red Hat Secure/3.0 server at" 28 | "Switch to table format" inurl:table|plain 29 | "This server is operated by OpenX." 30 | "Wowza Streaming Engine 4 Developer Edition" 31 | "httpd+ssl/kttd" * server at intitle:index.of 32 | "index of /private" -site:net -site:com -site:org 33 | "powered by openbsd" +"powered by apache" 34 | "powered by" "shoutstats" hourly daily 35 | "seeing this instead" intitle:"test page for apache" 36 | "var miner = new CoinHive" intext:document.domain 37 | (intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.co 38 | (inurl:81-cobalt | inurl:cgi-bin/.cobalt) 39 | -pub -pool intitle:"index of" "Served by" "Web Server" 40 | Coldbox | contentbox | commandbox "Powered by ContentBox" 41 | Fwd: intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report" 42 | HTTP_USER_AGENT=Googlebot 43 | Powered.by.RaidenHTTPD intitle:index.of 44 | XAMPP "inurl:xampp/index" 45 | aboutprinter.shtml 46 | allintext:"Index Of" "sftp-config.json" 47 | allintext:"Powered by LionMax Software" "WWW File Share" 48 | allintitle:"Pi-hole Admin Console" 49 | allintitle:Netscape FastTrack Server Home Page 50 | allinurl:".nsconfig" -sample -howto -tutorial 51 | ext:php | intitle:phpinfo "published by the PHP Group" 52 | ext:svc inurl:wsdl 53 | filetype:asmx inurl:(_vti_bin|api|webservice) 54 | filetype:axd inurl:/elmah.axd 55 | fitweb-wwws * server at intitle:index.of 56 | i_index.shtml Ready 57 | intext:" - 2019 Cott Systems, Inc." 58 | intext:"404 Object Not Found" Microsoft-IIS/5.0 59 | intext:"Brought to you by eVetSites" 60 | intext:"Healthy" + "Product model" + " Client IP" + "Ethernet" 61 | intext:"Powered by (Quantum | Quantum CMS | CMS) 62 | intext:"Powered by Abyss Web Server" 63 | intext:"Powered by GetSimple" -site:get-simple.info 64 | intext:"Powered by Nesta" 65 | intext:"Powered by Sentora" -github.com 66 | intext:"Powered by Typesetter" 67 | intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS" 68 | intext:"SonarQube" + "by SonarSource SA." + "LGPL v3" 69 | intext:"Target Multicast Group" "beacon" 70 | intext:"This is the default welcome page used to test the correct operation of the Apache2 server" 71 | intext:"Welcome to CodeIgniter!" 72 | intext:"index of /" "Index of" access_log 73 | intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /" 74 | intitle: "Welcome to nginx!" + "Thank you for using nginx." 75 | intitle:"300 multiple choices" 76 | intitle:"Accueil WAMPSERVER" intext:"Configuration Serveur" 77 | intitle:"Apache HTTP Server" intitle:"documentation" 78 | intitle:"Apache Status" "Apache Server Status for" 79 | intitle:"Apache Status" | intext:"Apache Server Status" 80 | intitle:"Apache2 Debian Default Page: It works" 81 | intitle:"Apache2 Ubuntu Default Page: It works" 82 | intitle:"Axis Happiness Page" "Examining webapp configuration" 83 | intitle:"BadBlue: the file-sharing web server anyone can use" 84 | intitle:"Current Network Status" "Nagios" 85 | intitle:"Directory Listing, Index of /*/" 86 | intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page" 87 | intitle:"Domain Default page" "Parallels IP Holdings GmbH" 88 | intitle:"GlassFish Server - Server Running" 89 | intitle:"HFS" "Server Uptime" "Server time" 90 | intitle:"IIS Windows Server" -inurl:"IIS Windows Server" 91 | intitle:"IPC@CHIP Infopage" 92 | intitle:"Icecast Streaming Media Server" 93 | intitle:"Index of *" mode links bytes last-changed name 94 | intitle:"Index of /" "Proudly Served by Surftown at" 95 | intitle:"Index of" "Apache/2.4.7 (Ubuntu) Server" 96 | intitle:"Index of" site:.gov intext:"Server at" 97 | intitle:"Lists Web Service" 98 | intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com 99 | intitle:"Microsoft Internet Information Services 8" -IIS 100 | intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" 101 | intitle:"Monsta ftp" intext:"Lock session to IP" 102 | intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)" 103 | intitle:"Object not found" netware "apache 1.." 104 | intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) " 105 | intitle:"Page rev */*/*" inurl:"admin 106 | intitle:"Resin Default Home Page" 107 | intitle:"SOGo" site:webmail.* 108 | intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report" 109 | intitle:"Server Backup Manager SE" 110 | intitle:"Shoutcast Administrator" 111 | intitle:"Shoutcast server" inurl:"/index.html" "SHOUTcast Server" 112 | intitle:"Success!" intext:"Your new web server is ready to use." 113 | intitle:"Sucuri WebSite Firewall - Access Denied" 114 | intitle:"Test Page for Apache" 115 | intitle:"Test Page for Apache" "It Worked!" 116 | intitle:"Test Page for Apache" "It Worked!" "on this web" 117 | intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page" 118 | intitle:"Test Page for the HTTP Server on Fedora" 119 | intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version" 120 | intitle:"WATASHI SERVICE" 121 | intitle:"Web Server's Default Page" intext:"hosting using Plesk" -www 122 | intitle:"Welcome To Xitami" -site:xitami.com 123 | intitle:"Welcome To Your WebSTAR Home Page" 124 | intitle:"Welcome to 602LAN SUITE *" 125 | intitle:"Welcome to IIS 4.0" 126 | intitle:"Welcome to JBoss" 127 | intitle:"Welcome to OpenResty!" 128 | intitle:"Welcome to WildFly" intext:"Administration Console" 129 | intitle:"Welcome to Windows 2000 Internet Services" 130 | intitle:"Welcome to Windows Small Business Server 2003" 131 | intitle:"Welcome to Your New Home Page!" "by the Debian release" 132 | intitle:"Welcome to nginx!" intext:"Welcome to nginx on Debian!" intext:"Thank you for" 133 | intitle:"Welcome to the Advanced Extranet Server, ADVX!" 134 | intitle:"Welcome" intext:"LiteSpeed Technologies, Inc. All Rights Reserved." 135 | intitle:"apache tomcat/" "Apache Tomcat examples" 136 | intitle:"apache tomcat/" + "Find additional important configuration information in:" 137 | intitle:"error 404" "From RFC 2068 " 138 | intitle:"index of" "/homedir/etc/" 139 | intitle:"index of" "Served by Sun-ONE" 140 | intitle:"index of" "debug.log" OR "debug-log" 141 | intitle:"index of" "docker.yml" 142 | intitle:"index of" "powered by apache " "port 80" 143 | intitle:"index of" "server at" 144 | intitle:"index of" AND inurl:magento AND inurl:/dev 145 | intitle:"index of" site:.gov.in 146 | intitle:"miniProxy" 147 | intitle:"nPerfServer" 148 | intitle:”PHP Version” intext:”PHP Version” 149 | intitle:"web server login" intext:"site ip" 150 | intitle:"welcome to mono xsp" 151 | intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889) 152 | intitle:HTTP Server Test Page powered by CentOS 153 | intitle:Snap.Server inurl:Func= 154 | intitle:Snoop Servlet 155 | intitle:Test Page for the Nginx HTTP Server on Fedora 156 | intitle:livezilla "Server Time" 157 | inurl *:8080/login.php 158 | inurl: /ftp intitle:"office" 159 | inurl:"/app/kibana#" 160 | inurl:"/domcfg.nsf" " Web Server Configuration" 161 | inurl:"/phpmyadmin/user_password.php 162 | inurl:"/web-console/" intitle:"Administration Console" 163 | inurl:":8088/cluster/apps" 164 | inurl:"WebPortal?bankid" 165 | inurl:"id=*" & intext:"warning mysql_fetch_array()" 166 | inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:" 167 | inurl:"web/database/selector" 168 | inurl:/Portal0000.htm 169 | inurl:/_catalogs 170 | inurl:/_hcms/ 171 | inurl:/config/device/wcd 172 | inurl:/iisstart.htm intitle:"IIS7" 173 | inurl:/javax.faces.resource/ 174 | inurl:/php/info.php 175 | inurl:/phpPgAdmin/browser.php 176 | inurl:/phpmyadmin/changelog.php -github -gitlab 177 | inurl:/pub/ inurl:_ri_ 178 | inurl:/server-status + "Server MPM:" 179 | inurl:/uploads/affwp-debug.log 180 | inurl:/xprober ext:php 181 | inurl:2506/jana-admin 182 | inurl:?XDEBUG_SESSION_START=phpstorm 183 | inurl:CFIDE/adminapi 184 | inurl:OrganizationChart.cc 185 | inurl:_vti_bin/Authentication.asmx 186 | inurl:composer.json codeigniter -site:github.com 187 | inurl:domcfg.nsf 188 | inurl:jsmol.php 189 | inurl:nnls_brand.html OR inurl:nnls_nav.html 190 | inurl:oraweb -site:oraweb.org 191 | inurl:phpinfo.php intext:build 2600 192 | inurl:phpmyadmin/themes intext:"pmahomme" 193 | inurl:phpsysinfo/index.php?disp=dynamic 194 | inurl:readme.md intext:"Laravel" 195 | inurl:readme.md intext:"typo3" 196 | inurl:readme.rst intext:"CodeIgniter" 197 | inurl:rvsindex.php & /rvsindex.php?/user/login 198 | inurl:tech-support inurl:show Cisco 199 | inurl:tests/mocks intext:autoloader 200 | inurl:user_guide intext:"CodeIgniter User Guide" 201 | inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil 202 | sEDWebserver * server +at intitle:index.of 203 | site:*/*.asp 204 | site:*/server-status intext:"Apache server status for" 205 | site:ftp.*.com "Web File Manager" 206 | site:vps-*.vps.ovh.net 207 | yaws.*.server.at 208 | intitle:"index of" "debian.cnf" 209 | intitle:"index of" "debian.conf" 210 | intitle:\"Welcome to nginx!\" intext:\"Welcome to nginx on Debian!\" intext:\"Thank you for\" 211 | -------------------------------------------------------------------------------- /google-dorks-for-wikipedia.txt: -------------------------------------------------------------------------------- 1 | This page was last modified on "wiki" 2 | "This page was last modified on" 3 | "This page has been accessed" 4 | "There is currently no text in this page, you can search for this page title in other pages or edit this page" 5 | allinurl:".edu/mediawiki/index.php" 6 | allinurl:".com/mediawiki/index.php" 7 | allinurl:".net/mediawiki/index.php" 8 | allinurl:".org/mediawiki/index.php" 9 | allinurl:".info/mediawiki/index.php" 10 | allinurl:".com/wiki/index.php" 11 | allinurl:".net/wiki/index.php" 12 | allinurl:".org/wiki/index.php" 13 | allinurl:".info/wiki/index.php" 14 | allinurl:".edu/wiki/index.php" 15 | allinurl:"http://wiki." 16 | allinurl:"http://mediawiki." 17 | allinurl:"http://wikka." 18 | Keyword inurl:wiki 19 | inurl:MediaWiki_talk 20 | keyword "wiki" (site:.edu) 21 | site:.edu inurl:wiki 22 | site:.edu inurl:MediaWiki_talk 23 | site:.edu "Log in / create account" 24 | site:.edu wiki 25 | inurl:wiki 26 | "Log in / createaccount" 27 | "isa registered trademark of the Wikimedia Foundation, Inc.," 28 | "wiki inurl:.edu" 29 | wiki inurl:.edu 30 | "Toolbox""This page was last modified 31 | inurl:"wiki/index.php?title=" 32 | "Login required to edit" 33 | "wiki/index.php?title=Special:Userlogin&returnto" 34 | inurl:wiki/index.php?title=Special:Userlogin&returnto 35 | "Main Page""discussion""edit" 36 | "This page has beenaccessed""Privacy policy" 37 | "This page has beenaccessed""Privacy policy""wiki" 38 | "Wiki:About" 39 | "Parent Directory" "Last modified" wikipedia 40 | -------------------------------------------------------------------------------- /google-dorks-for-xss.txt: -------------------------------------------------------------------------------- 1 | inurl:& inurl:test 2 | inurl:& inurl:quiz 3 | inurl:& inurl:survey 4 | inurl:& inurl:game 5 | inurl:& inurl:competition 6 | inurl:& inurl:form 7 | inurl:& inurl:title 8 | inurl:& inurl:search 9 | inurl:& inurl:city 10 | inurl:& inurl:date 11 | inurl:& inurl:topic 12 | inurl:& inurl:search inurl:q 13 | inurl:& inurl:search inurl:s 14 | index.php? inurl:& 15 | inurl:search 16 | inurl:suche 17 | inurl:page 18 | inurl:& inurl:query 19 | inurl:& inurl:suche 20 | inurl:& inurl:input 21 | inurl:& inurl:next 22 | inurl:& inurl:target 23 | inurl:search inurl:page 24 | inurl:search inurl:p 25 | inurl:query filetype:html inurl:page 26 | inurl:query filetype:html inurl:sort 27 | inurl:query filetype:php 28 | -------------------------------------------------------------------------------- /technology/google-dorks-for-ftp.txt: -------------------------------------------------------------------------------- 1 | intitle:"index of" inurl:ftp 2 | filetype:url +inurl:"ftp://" +inurl:";@" 3 | intitle:"FTP root at" 4 | inurl:FTP "ftp root at" 5 | name size "Last modified" inurl:ftp 6 | "Parent Directory" "Last modified" ftp 7 | -------------------------------------------------------------------------------- /technology/google-dorks-for-java-sites.txt: -------------------------------------------------------------------------------- 1 | intitle:Error-javax.el.ELException+error+xhtml 2 | intitle:"Java Applet Page" inurl:ml 3 | -------------------------------------------------------------------------------- /technology/google-dorks-for-jira.txt: -------------------------------------------------------------------------------- 1 | inurl:jira 2 | inurl:/secure/ContactAdministrators!default.jspa intext:"Request Details" -intext:"Your Jira administrator has not yet configured this contact form" 3 | "Parent Directory" "Last modified" jira 4 | -------------------------------------------------------------------------------- /technology/google-dorks-for-php-sites.txt: -------------------------------------------------------------------------------- 1 | product.php?id= 2 | viewshowdetail.php?id= 3 | clubpage.php?id= 4 | memberInfo.php?id= 5 | tradeCategory.php?id= 6 | transcript.php?id= 7 | index.php?id= 8 | search.php?id= 9 | search.php 10 | index.php 11 | filetyp:php 12 | -------------------------------------------------------------------------------- /web-server/best-webserver-google-dorks.txt: -------------------------------------------------------------------------------- 1 | "About Mac OS Personal Web Sharing" 2 | "AnWeb/1.42h" intitle:index.of 3 | "Application Blocked!" "Google bot" 4 | "CERN httpd 3.0B (VAX VMS)" 5 | "Cisco Systems, Inc. All Rights Reserved." -cisco.com filetype:jsp 6 | "I have been invoked by servletToJSP" 7 | "JRun Web Server" intitle:index.of 8 | "MaXX/3.1" intitle:index.of 9 | "Microsoft-IIS/* server at" intitle:index.of 10 | "Microsoft-IIS/4.0" intitle:index.of 11 | "Microsoft-IIS/5.0 server at" 12 | "Microsoft-IIS/6.0" intitle:index.of 13 | "NTRIP Caster Table Contents" "This is a SNIP NTRIP Caster" 14 | "Netware * Home" inurl:nav.html 15 | "Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide 16 | "OmniHTTPd/2.10" intitle:index.of 17 | "OpenSA/1.0.4" intitle:index.of 18 | "PHP Credits" "Configuration" "PHP Core" ext:php inurl:info 19 | "Powered by 123LogAnalyzer" 20 | "Powered by BOINC" 21 | "Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style" 22 | "Powered by vShare" 23 | "Proudly created with Wix.com" 24 | "RDServer Product information" | inurl:"/rdagent.jsp" 25 | "Red Hat Secure/2.0" 26 | "Red Hat Secure/3.0 server at" 27 | "Switch to table format" inurl:table|plain 28 | "This server is operated by OpenX." 29 | "Wowza Streaming Engine 4 Developer Edition" 30 | "httpd+ssl/kttd" * server at intitle:index.of 31 | "index of /private" -site:net -site:com -site:org 32 | "powered by openbsd" +"powered by apache" 33 | "powered by" "shoutstats" hourly daily 34 | "seeing this instead" intitle:"test page for apache" 35 | "var miner = new CoinHive" intext:document.domain 36 | (intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.co 37 | (inurl:81-cobalt | inurl:cgi-bin/.cobalt) 38 | -pub -pool intitle:"index of" "Served by" "Web Server" 39 | Coldbox | contentbox | commandbox "Powered by ContentBox" 40 | Fwd: intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report" 41 | HTTP_USER_AGENT=Googlebot 42 | Powered.by.RaidenHTTPD intitle:index.of 43 | XAMPP "inurl:xampp/index" 44 | aboutprinter.shtml 45 | allintext:"Index Of" "sftp-config.json" 46 | allintext:"Powered by LionMax Software" "WWW File Share" 47 | allintitle:"Pi-hole Admin Console" 48 | allintitle:Netscape FastTrack Server Home Page 49 | allinurl:".nsconfig" -sample -howto -tutorial 50 | ext:php | intitle:phpinfo "published by the PHP Group" 51 | ext:svc inurl:wsdl 52 | filetype:asmx inurl:(_vti_bin|api|webservice) 53 | filetype:axd inurl:/elmah.axd 54 | fitweb-wwws * server at intitle:index.of 55 | i_index.shtml Ready 56 | intext:" - 2019 Cott Systems, Inc." 57 | intext:"404 Object Not Found" Microsoft-IIS/5.0 58 | intext:"Brought to you by eVetSites" 59 | intext:"Healthy" + "Product model" + " Client IP" + "Ethernet" 60 | intext:"Powered by (Quantum | Quantum CMS | CMS) 61 | intext:"Powered by Abyss Web Server" 62 | intext:"Powered by GetSimple" -site:get-simple.info 63 | intext:"Powered by Nesta" 64 | intext:"Powered by Sentora" -github.com 65 | intext:"Powered by Typesetter" 66 | intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS" 67 | intext:"SonarQube" + "by SonarSource SA." + "LGPL v3" 68 | intext:"Target Multicast Group" "beacon" 69 | intext:"This is the default welcome page used to test the correct operation of the Apache2 server" 70 | intext:"Welcome to CodeIgniter!" 71 | intext:"index of /" "Index of" access_log 72 | intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /" 73 | intitle: "Welcome to nginx!" + "Thank you for using nginx." 74 | intitle:"300 multiple choices" 75 | intitle:"Accueil WAMPSERVER" intext:"Configuration Serveur" 76 | intitle:"Apache HTTP Server" intitle:"documentation" 77 | intitle:"Apache Status" "Apache Server Status for" 78 | intitle:"Apache Status" | intext:"Apache Server Status" 79 | intitle:"Apache2 Debian Default Page: It works" 80 | intitle:"Apache2 Ubuntu Default Page: It works" 81 | intitle:"Axis Happiness Page" "Examining webapp configuration" 82 | intitle:"BadBlue: the file-sharing web server anyone can use" 83 | intitle:"Current Network Status" "Nagios" 84 | intitle:"Directory Listing, Index of /*/" 85 | intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page" 86 | intitle:"Domain Default page" "Parallels IP Holdings GmbH" 87 | intitle:"GlassFish Server - Server Running" 88 | intitle:"HFS" "Server Uptime" "Server time" 89 | intitle:"IIS Windows Server" -inurl:"IIS Windows Server" 90 | intitle:"IPC@CHIP Infopage" 91 | intitle:"Icecast Streaming Media Server" 92 | intitle:"Index of *" mode links bytes last-changed name 93 | intitle:"Index of /" "Proudly Served by Surftown at" 94 | intitle:"Index of" "Apache/2.4.7 (Ubuntu) Server" 95 | intitle:"Index of" site:.gov intext:"Server at" 96 | intitle:"Lists Web Service" 97 | intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com 98 | intitle:"Microsoft Internet Information Services 8" -IIS 99 | intitle:"Miniweb Start Page" | "/CSS/Miniweb.css" 100 | intitle:"Monsta ftp" intext:"Lock session to IP" 101 | intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)" 102 | intitle:"Object not found" netware "apache 1.." 103 | intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) " 104 | intitle:"Page rev */*/*" inurl:"admin 105 | intitle:"Resin Default Home Page" 106 | intitle:"SOGo" site:webmail.* 107 | intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report" 108 | intitle:"Server Backup Manager SE" 109 | intitle:"Shoutcast Administrator" 110 | intitle:"Shoutcast server" inurl:"/index.html" "SHOUTcast Server" 111 | intitle:"Success!" intext:"Your new web server is ready to use." 112 | intitle:"Sucuri WebSite Firewall - Access Denied" 113 | intitle:"Test Page for Apache" 114 | intitle:"Test Page for Apache" "It Worked!" 115 | intitle:"Test Page for Apache" "It Worked!" "on this web" 116 | intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page" 117 | intitle:"Test Page for the HTTP Server on Fedora" 118 | intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version" 119 | intitle:"WATASHI SERVICE" 120 | intitle:"Web Server's Default Page" intext:"hosting using Plesk" -www 121 | intitle:"Welcome To Xitami" -site:xitami.com 122 | intitle:"Welcome To Your WebSTAR Home Page" 123 | intitle:"Welcome to 602LAN SUITE *" 124 | intitle:"Welcome to IIS 4.0" 125 | intitle:"Welcome to JBoss" 126 | intitle:"Welcome to OpenResty!" 127 | intitle:"Welcome to WildFly" intext:"Administration Console" 128 | intitle:"Welcome to Windows 2000 Internet Services" 129 | intitle:"Welcome to Windows Small Business Server 2003" 130 | intitle:"Welcome to Your New Home Page!" "by the Debian release" 131 | intitle:"Welcome to nginx!" intext:"Welcome to nginx on Debian!" intext:"Thank you for" 132 | intitle:"Welcome to the Advanced Extranet Server, ADVX!" 133 | intitle:"Welcome" intext:"LiteSpeed Technologies, Inc. All Rights Reserved." 134 | intitle:"apache tomcat/" "Apache Tomcat examples" 135 | intitle:"apache tomcat/" + "Find additional important configuration information in:" 136 | intitle:"error 404" "From RFC 2068 " 137 | intitle:"index of" "/homedir/etc/" 138 | intitle:"index of" "Served by Sun-ONE" 139 | intitle:"index of" "debug.log" OR "debug-log" 140 | intitle:"index of" "docker.yml" 141 | intitle:"index of" "powered by apache " "port 80" 142 | intitle:"index of" "server at" 143 | intitle:"index of" AND inurl:magento AND inurl:/dev 144 | intitle:"index of" site:.gov.in 145 | intitle:"miniProxy" 146 | intitle:"nPerfServer" 147 | intitle:"web server login" intext:"site ip" 148 | intitle:"welcome to mono xsp" 149 | intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889) 150 | intitle:HTTP Server Test Page powered by CentOS 151 | intitle:Snap.Server inurl:Func= 152 | intitle:Snoop Servlet 153 | intitle:Test Page for the Nginx HTTP Server on Fedora 154 | intitle:livezilla "Server Time" 155 | inurl *:8080/login.php 156 | inurl: /ftp intitle:"office" 157 | inurl:"/app/kibana#" 158 | inurl:"/domcfg.nsf" " Web Server Configuration" 159 | inurl:"/phpmyadmin/user_password.php 160 | inurl:"/web-console/" intitle:"Administration Console" 161 | inurl:":8088/cluster/apps" 162 | inurl:"WebPortal?bankid" 163 | inurl:"id=*" & intext:"warning mysql_fetch_array()" 164 | inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:" 165 | inurl:"web/database/selector" 166 | inurl:/Portal0000.htm 167 | inurl:/_catalogs 168 | inurl:/_hcms/ 169 | inurl:/config/device/wcd 170 | inurl:/iisstart.htm intitle:"IIS7" 171 | inurl:/javax.faces.resource/ 172 | inurl:/php/info.php 173 | inurl:/phpPgAdmin/browser.php 174 | inurl:/phpmyadmin/changelog.php -github -gitlab 175 | inurl:/pub/ inurl:_ri_ 176 | inurl:/server-status + "Server MPM:" 177 | inurl:/uploads/affwp-debug.log 178 | inurl:/xprober ext:php 179 | inurl:2506/jana-admin 180 | inurl:?XDEBUG_SESSION_START=phpstorm 181 | inurl:CFIDE/adminapi 182 | inurl:OrganizationChart.cc 183 | inurl:_vti_bin/Authentication.asmx 184 | inurl:composer.json codeigniter -site:github.com 185 | inurl:domcfg.nsf 186 | inurl:jsmol.php 187 | inurl:nnls_brand.html OR inurl:nnls_nav.html 188 | inurl:oraweb -site:oraweb.org 189 | inurl:phpinfo.php intext:build 2600 190 | inurl:phpmyadmin/themes intext:"pmahomme" 191 | inurl:phpsysinfo/index.php?disp=dynamic 192 | inurl:readme.md intext:"Laravel" 193 | inurl:readme.rst intext:"CodeIgniter" 194 | inurl:rvsindex.php & /rvsindex.php?/user/login 195 | inurl:tech-support inurl:show Cisco 196 | inurl:tests/mocks intext:autoloader 197 | inurl:user_guide intext:"CodeIgniter User Guide" 198 | inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil 199 | sEDWebserver * server +at intitle:index.of 200 | site:*/*.asp 201 | site:*/server-status intext:"Apache server status for" 202 | site:ftp.*.com "Web File Manager" 203 | site:vps-*.vps.ovh.net 204 | yaws.*.server.at 205 | -------------------------------------------------------------------------------- /web-server/google-dorks-for-apache.txt: -------------------------------------------------------------------------------- 1 | filetype:log intext:org.apache.hadoop.hdfs 2 | intext:"This is Apache Hadoop release" "Local Logs" 3 | intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /" 4 | intitle:"Apache HTTP Server" intitle:"documentation" 5 | intitle:"Apache Status" "Apache Server Status for" 6 | intitle:"Apache Status" | intext:"Apache Server Status" 7 | intitle:"Apache Tomcat" "Error Report" 8 | intitle:"Apache2 Debian Default Page: It works" 9 | intitle:"Apache2 Ubuntu Default Page: It works" 10 | intitle:"Apache2 Ubuntu Default Page: It works" 11 | intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) 12 | intitle:"Object not found" netware "apache 1.." 13 | intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)" 14 | intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /" 15 | "seeing this instead" intitle:"test page for apache" 16 | intitle:"Test Page for Apache" "It Worked!" 17 | intitle:"Test Page for Apache" "It Worked!" "on this web" 18 | intitle:"Apache2 Debian Default Page: It works" 19 | -------------------------------------------------------------------------------- /web-server/google-dorks-for-nginx.txt: -------------------------------------------------------------------------------- 1 | intitle:"index of" "nginx.log" 2 | intitle:"index of" "nginx" 3 | intitle:Test Page for the Nginx HTTP Server on Fedora 4 | intitle:\"Welcome to nginx!\" intext:\"Welcome to nginx on Debian!\" intext:\"Thank you for\" 5 | intitle: "Welcome to nginx!" + "Thank you for using nginx." 6 | inurl:nginx_status 7 | inurl:nginx.conf nginx site:github.com 8 | -------------------------------------------------------------------------------- /web-server/google-dorks-for-phpmyadmin.txt: -------------------------------------------------------------------------------- 1 | 2 | " phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" 3 | " phpMyAdmin MySQL-Dump" filetype:txt 4 | "# phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" 5 | "# phpMyAdmin MySQL-Dump" filetype:txt 6 | "Index of" inurl:phpmyadmin 7 | "Welcome to phpMyAdmin" " Create new database" 8 | "Welcome to phpMyAdmin" + "Username:" + "Password:" + "Language:" + "Afrikaans" 9 | "Welcome to phpMyAdmin" AND " Create new database" 10 | "phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" 11 | "phpMyAdmin MySQL-Dump" filetype:txt 12 | "phpMyAdmin" "running on" inurl:"main.php" 13 | ext:sql intext:"-- phpMyAdmin SQL Dump" -site:github.* 14 | filetype:sql "phpmyAdmin SQL Dump" (pass|password|passwd|pwd) 15 | filetype:sql intext:wp_users phpmyadmin 16 | intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" 17 | intext:"phpMyAdmin MySQL-Dump" filetype:txt 18 | intext:"phpMyAdmin" "running on" inurl:"main.php" 19 | intitle:"Index of" phpmyadmin 20 | intitle:"index of /phpmyadmin" modified 21 | intitle:phpMyAdmin 22 | intitle:phpMyAdmin "Welcome to phpMyAdmin *" "running on as root@" 23 | intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" 24 | inurl:"/phpmyadmin/user_password.php 25 | inurl:"/phpmyadmin/user_password.php" -inurl:git 26 | inurl:"phpmyadmin/index.php" intext:"[ Edit ] [ Create PHP Code ] [ Refresh ]" 27 | inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin 28 | inurl:/phpMyAdmin/setup/index.php?phpMyAdmin= 29 | inurl:/phpmyadmin/changelog.php -github -gitlab 30 | inurl:/phpmyadmin/index.php?db= 31 | inurl:\"/phpmyadmin/user_password.php 32 | inurl:main.php Welcome to phpMyAdmin 33 | inurl:main.php phpMyAdmin 34 | inurl:phpmyadmin/index.php & (intext:username & password & "Welcome to") 35 | inurl:phpmyadmin/themes intext:"pmahomme" 36 | phpMyAdmin SQL Dump 37 | phpMyAdmin dumps 38 | phpldapadmin/ 39 | phpmyadmin/ 40 | phppgadmin/ 41 | site:*/phpMyAdmin/robots.txt 42 | you really should fix this security hole by setting a password for user '.root'. inurl:/phpmyadmin intitle:localhost 43 | --------------------------------------------------------------------------------