├── .gitignore
├── LICENSE
├── README.md
├── dorks
├── advisories_and_vulnerabilities.dorks
├── all_google_dorks.json
├── all_google_dorks.txt
├── error_messages.dorks
├── files_containing_juicy_info.dorks
├── files_containing_passwords.dorks
├── files_containing_usernames.dorks
├── footholds.dorks
├── network_or_vulnerability_data.dorks
├── pages_containing_login_portals.dorks
├── sensitive_directories.dorks
├── sensitive_online_shopping_info.dorks
├── various_online_devices.dorks
├── vulnerable_files.dorks
├── vulnerable_servers.dorks
└── web_server_detection.dorks
├── ghdb_scraper.py
├── pagodo.py
└── requirements.txt
/.gitignore:
--------------------------------------------------------------------------------
1 | *.log
2 | pagodo_results*.json
3 | pagodo_results*.txt
4 | __pycache__/
5 | .venv/
6 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # pagodo - Passive Google Dork
2 |
3 | ## Introduction
4 |
5 | `pagodo` automates Google searching for potentially vulnerable web pages and applications on the Internet. It replaces
6 | manually performing Google dork searches with a web GUI browser.
7 |
8 | There are 2 parts. The first is `ghdb_scraper.py` that retrieves the latest Google dorks and the second portion is
9 | `pagodo.py` that leverages the information gathered by `ghdb_scraper.py`.
10 |
11 | The core Google search library now uses the more flexible [yagooglesearch](https://github.com/opsdisk/yagooglesearch)
12 | instead of [googlesearch](https://github.com/MarioVilas/googlesearch). Check out the [yagooglesearch
13 | README](https://github.com/opsdisk/yagooglesearch/blob/master/README.md) for a more in-depth explanation of the library
14 | differences and capabilities.
15 |
16 | This version of `pagodo` also supports native HTTP(S) and SOCKS5 application support, so no more wrapping it in a tool
17 | like `proxychains4` if you need proxy support. You can specify multiple proxies to use in a round-robin fashion by
18 | providing a comma separated string of proxies using the `-p` switch.
19 |
20 | ## What are Google dorks?
21 |
22 | Offensive Security maintains the Google Hacking Database (GHDB) found here:
23 | . It is a collection of Google searches, called dorks, that can be
24 | used to find potentially vulnerable boxes or other juicy info that is picked up by Google's search bots.
25 |
26 | ## Terms and Conditions
27 |
28 | The terms and conditions for `pagodo` are the same terms and conditions found in
29 | [yagooglesearch](https://github.com/opsdisk/yagooglesearch#terms-and-conditions).
30 |
31 | This code is supplied as-is and you are fully responsible for how it is used. Scraping Google Search results may
32 | violate their [Terms of Service](https://policies.google.com/terms). Another Python Google search library had some
33 | interesting information/discussion on it:
34 |
35 | * [Original issue](https://github.com/aviaryan/python-gsearch/issues/1)
36 | * [A response](https://github.com/aviaryan/python-gsearch/issues/1#issuecomment-365581431>)
37 | * Author created a separate [Terms and Conditions](https://github.com/aviaryan/python-gsearch/blob/master/T_AND_C.md)
38 | * ...that contained link to this [blog](https://benbernardblog.com/web-scraping-and-crawling-are-perfectly-legal-right/)
39 |
40 | Google's preferred method is to use their [API](https://developers.google.com/custom-search/v1/overview).
41 |
42 | ## Installation
43 |
44 | Scripts are written for Python 3.6+. Clone the git repository and install the requirements.
45 |
46 | ```bash
47 | git clone https://github.com/opsdisk/pagodo.git
48 | cd pagodo
49 | virtualenv -p python3.7 .venv # If using a virtual environment.
50 | source .venv/bin/activate # If using a virtual environment.
51 | pip install -r requirements.txt
52 | ```
53 |
54 | ## ghdb_scraper.py
55 |
56 | To start off, `pagodo.py` needs a list of all the current Google dorks. The repo contains a `dorks/` directory with the
57 | current dorks when the `ghdb_scraper.py` was last run. It's advised to run `ghdb_scraper.py` to get the freshest data
58 | before running `pagodo.py`. The `dorks/` directory contains:
59 |
60 | * the `all_google_dorks.txt` file which contains all the Google dorks, one per line
61 | * the `all_google_dorks.json` file which is the JSON response from GHDB
62 | * Individual category dorks
63 |
64 | Dork categories:
65 |
66 | ```python
67 | categories = {
68 | 1: "Footholds",
69 | 2: "File Containing Usernames",
70 | 3: "Sensitives Directories",
71 | 4: "Web Server Detection",
72 | 5: "Vulnerable Files",
73 | 6: "Vulnerable Servers",
74 | 7: "Error Messages",
75 | 8: "File Containing Juicy Info",
76 | 9: "File Containing Passwords",
77 | 10: "Sensitive Online Shopping Info",
78 | 11: "Network or Vulnerability Data",
79 | 12: "Pages Containing Login Portals",
80 | 13: "Various Online devices",
81 | 14: "Advisories and Vulnerabilities",
82 | }
83 | ```
84 |
85 | ### Using ghdb_scraper.py as a script
86 |
87 | Write all dorks to `all_google_dorks.txt`, `all_google_dorks.json`, and individual categories if you want more
88 | contextual data about each dork.
89 |
90 | ```bash
91 | python ghdb_scraper.py -s -j -i
92 | ```
93 |
94 | ### Using ghdb_scraper as a module
95 |
96 | The `ghdb_scraper.retrieve_google_dorks()` function returns a dictionary with the following data structure:
97 |
98 | ```python
99 | ghdb_dict = {
100 | "total_dorks": total_dorks,
101 | "extracted_dorks": extracted_dorks,
102 | "category_dict": category_dict,
103 | }
104 | ```
105 |
106 | Using a Python shell (like `python` or `ipython`) to explore the data:
107 |
108 | ```python
109 | import ghdb_scraper
110 |
111 | dorks = ghdb_scraper.retrieve_google_dorks(save_all_dorks_to_file=True)
112 | dorks.keys()
113 | dorks["total_dorks"]
114 |
115 | dorks["extracted_dorks"]
116 |
117 | dorks["category_dict"].keys()
118 |
119 | dorks["category_dict"][1]["category_name"]
120 | ```
121 |
122 | ## pagodo.py
123 |
124 | ### Using pagodo.py as a script
125 |
126 | ```bash
127 | python pagodo.py -d example.com -g dorks.txt
128 | ```
129 |
130 | ### Using pagodo as a module
131 |
132 | The `pagodo.Pagodo.go()` function returns a dictionary with the data structure below (dorks used are made up examples):
133 |
134 | ```python
135 | {
136 | "dorks": {
137 | "inurl:admin": {
138 | "urls_size": 3,
139 | "urls": [
140 | "https://github.com/marmelab/ng-admin",
141 | "https://github.com/settings/admin",
142 | "https://github.com/akveo/ngx-admin",
143 | ],
144 | },
145 | "inurl:gist": {
146 | "urls_size": 3,
147 | "urls": [
148 | "https://gist.github.com/",
149 | "https://gist.github.com/index",
150 | "https://github.com/defunkt/gist",
151 | ],
152 | },
153 | },
154 | "initiation_timestamp": "2021-08-27T11:35:30.638705",
155 | "completion_timestamp": "2021-08-27T11:36:42.349035",
156 | }
157 | ```
158 |
159 | Using a Python shell (like `python` or `ipython`) to explore the data:
160 |
161 | ```python
162 | import pagodo
163 |
164 | pg = pagodo.Pagodo(
165 | google_dorks_file="dorks.txt",
166 | domain="github.com",
167 | max_search_result_urls_to_return_per_dork=3,
168 | save_pagodo_results_to_json_file=None, # None = Auto-generate file name, otherwise pass a string for path and filename.
169 | save_urls_to_file=None, # None = Auto-generate file name, otherwise pass a string for path and filename.
170 | verbosity=5,
171 | )
172 | pagodo_results_dict = pg.go()
173 |
174 | pagodo_results_dict.keys()
175 |
176 | pagodo_results_dict["initiation_timestamp"]
177 |
178 | pagodo_results_dict["completion_timestamp"]
179 |
180 | for key,value in pagodo_results_dict["dorks"].items():
181 | print(f"dork: {key}")
182 | for url in value["urls"]:
183 | print(url)
184 | ```
185 |
186 | ## Tuning Results
187 |
188 | ## Scope to a specific domain
189 |
190 | The `-d` switch can be used to scope the results to a specific domain and functions as the Google search operator:
191 |
192 | ```none
193 | site:github.com
194 | ```
195 |
196 | ### Wait time between Google dork searchers
197 |
198 | * `-i` - Specify the **minimum** delay between dork searches, in seconds. Don't make this too small, or your IP will
199 | get HTTP 429'd quickly.
200 | * `-x` - Specify the **maximum** delay between dork searches, in seconds. Don't make this too big or the searches will
201 | take a long time.
202 |
203 | The values provided by `-i` and `-x` are used to generate a list of 20 randomly wait times, that are randomly selected
204 | between each different Google dork search.
205 |
206 | ### Number of results to return
207 |
208 | `-m` - The total max search results to return per Google dork. Each Google search request can pull back at most 100
209 | results at a time, so if you pick `-m 500`, 5 separate search queries will have to be made for each Google dork search,
210 | which will increase the amount of time to complete.
211 |
212 | ### Save Output
213 |
214 | `-o [optional/path/to/results.json]` - Save output to a JSON file. If you do not specify a filename, a datetimestamped
215 | one will be generated.
216 |
217 | `-s [optional/path/to/results.txt]` - Save URLs to a text file. If you do not specify a filename, a datetimestamped one
218 | will be generated.
219 |
220 | ## Google is blocking me!
221 |
222 | Performing 7300+ search requests to Google as fast as possible will simply not work. Google will rightfully detect it
223 | as a bot and block your IP for a set period of time. One solution is to use a bank of HTTP(S)/SOCKS proxies and pass
224 | them to `pagodo`
225 |
226 | ### Native proxy support
227 |
228 | Pass a comma separated string of proxies to `pagodo` using the `-p` switch.
229 |
230 | ```bash
231 | python pagodo.py -g dorks.txt -p http://myproxy:8080,socks5h://127.0.0.1:9050,socks5h://127.0.0.1:9051
232 | ```
233 |
234 | You could even decrease the `-i` and `-x` values because you will be leveraging different proxy IPs. The proxies passed
235 | to `pagodo` are selected by round robin.
236 |
237 | ### proxychains4 support
238 |
239 | Another solution is to use `proxychains4` to round robin the lookups.
240 |
241 | Install `proxychains4`
242 |
243 | ```bash
244 | apt install proxychains4 -y
245 | ```
246 |
247 | Edit the `/etc/proxychains4.conf` configuration file to round robin the look ups through different proxy servers. In
248 | the example below, 2 different dynamic socks proxies have been set up with different local listening ports (9050 and
249 | 9051).
250 |
251 | ```bash
252 | vim /etc/proxychains4.conf
253 | ```
254 |
255 | ```ini
256 | round_robin
257 | chain_len = 1
258 | proxy_dns
259 | remote_dns_subnet 224
260 | tcp_read_time_out 15000
261 | tcp_connect_time_out 8000
262 | [ProxyList]
263 | socks4 127.0.0.1 9050
264 | socks4 127.0.0.1 9051
265 | ```
266 |
267 | Throw `proxychains4` in front of the `pagodo.py` script and each *request* lookup will go through a different proxy (and
268 | thus source from a different IP).
269 |
270 | ```bash
271 | proxychains4 python pagodo.py -g dorks/all_google_dorks.txt -o [optional/path/to/results.json] -s [optional/path/to/results.txt]
272 | ```
273 |
274 | Note that this may not appear natural to Google if you:
275 |
276 | 1) Simulate "browsing" to `google.com` from IP #1
277 | 2) Make the first search query from IP #2
278 | 3) Simulate clicking "Next" to make the second search query from IP #3
279 | 4) Simulate clicking "Next to make the third search query from IP #1
280 |
281 | For that reason, using the built in `-p` proxy support is preferred because, as stated in the `yagooglesearch`
282 | documentation, the "provided proxy is used for the entire life cycle of the search to make it look more human, instead
283 | of rotating through various proxies for different portions of the search."
284 |
285 | ## License
286 |
287 | Distributed under the GNU General Public License v3.0. See [LICENSE](./LICENSE) for more information.
288 |
289 | ## Contact
290 |
291 | [@opsdisk](https://twitter.com/opsdisk)
292 |
293 | Project Link: [https://github.com/opsdisk/pagodo](https://github.com/opsdisk/pagodo)
294 |
--------------------------------------------------------------------------------
/dorks/error_messages.dorks:
--------------------------------------------------------------------------------
1 | "ORA-00921: unexpected end of SQL command"
2 | intitle:"the page cannot be found" inetmgr
3 | intitle:"the page cannot be found" "2004 microsoft corporation"
4 | "Fatal error: Call to undefined function" -reply -the -next
5 | filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"
6 | "The script whose uid is " "is not allowed to access"
7 | intitle:Configuration.File inurl:softcart.exe
8 | "Warning: mysql_query()" "invalid query"
9 | "[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" -forum -thread -showthread
10 | "Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php
11 | "There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."
12 | "Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"
13 | "Warning: Division by zero in" "on line" -forum
14 | "Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
15 | "Warning:" "failed to open stream: HTTP request failed" "on line"
16 | "Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
17 | "Unable to jump to row" "on MySQL result index" "on line"
18 | allintext:"fs-admin.php"
19 | inurl:"*.php?*=*.php" intext:"Warning: include" -inurl:.html -site:"php.net" -site:"stackoverflow.com" -inurl:"*forums*"
20 | "[function.getimagesize]: failed to open stream: No such file or directory in"
21 | intitle:Error Page pageWrapper.jsp?
22 | intitle:Content Server Error IdcService=DOC_INFO
23 | inurl:/SAML2/SOAP/ | inurl:/SAML2/POST
24 | inurl:/console-selfservice/common/scripts/calendar/ipopeng.htm
25 | inurl:/smpwservices.fcc | "/lm_private/CkeSetter.aspx"
26 | inurl:/siteminderagent/ | app:"Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /siteminderagent/"
27 | intitle:"DSM Terminator [ ABORT ]" | inurl:"./com.sap.portal.dsm.Terminator"
28 | "Below is a rendering of the page up to the first error." ext:xml
29 | "--- WebView Livescope Http Server Error ---" -git
30 | intitle:"CGIWrap Error"
31 | inurl:".php?id=" "You have an error in your SQL syntax"
32 | "Error Diagnostic Information" intitle:"Error Occurred While"
33 | "supplied argument is not a valid MySQL result resource"
34 | "Chatologica MetaSearch" "stack tracking:"
35 | inurl:sitebuildercontent
36 | inurl:sitebuilderfiles
37 | inurl:sitebuilderpictures
38 | intitle:"the page cannot be found" "internet information services"
39 | intitle:"500 Internal Server Error" "server at"
40 | "mySQL error with query"
41 | "You have an error in your SQL syntax near"
42 | "Supplied argument is not a valid MySQL result resource"
43 | "ORA-00936: missing expression"
44 | "ORA-00921: unexpected end of SQL command"
45 | "ORA-00933: SQL command not properly ended"
46 | "Unclosed quotation mark before the character string"
47 | "Incorrect syntax near"
48 | "Incorrect syntax near" -the
49 | "PostgreSQL query failed: ERROR: parser: parse error"
50 | "Supplied argument is not a valid PostgreSQL result"
51 | "Syntax error in query expression " -the
52 | "An illegal character has been found in the statement" -"previous message"
53 | "A syntax error has occurred" filetype:ihtml
54 | "detected an internal error [IBM][CLI Driver][DB2/6000]"
55 | An unexpected token "END-OF-STATEMENT" was found
56 | "Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
57 | "Warning: Cannot modify header information - headers already sent"
58 | "access denied for user" "using password"
59 | intitle:"Under construction" "does not currently have"
60 | "Can't connect to local" intitle:warning
61 | filetype:asp "Custom Error Message" Category Source
62 | warning "error on line" php sablotron
63 | intitle:"Error Occurred" "The error occurred in" filetype:cfm
64 | intitle:"Execution of this script not permitted"
65 | "error found handling the request" cocoon filetype:xml
66 | "Invision Power Board Database Error"
67 | intitle:"Error using Hypernews" "Server Software"
68 | intitle:"Error Occurred While Processing Request"
69 | intitle:"htsearch error" ht://Dig error
70 | intext:"Warning: Failed opening" "on line" "include_path"
71 | PHP application warnings failing "include_path"
72 | "Internal Server Error" "server at"
73 | filetype:php inurl:"logging.php" "Discuz" error
74 | "ORA-12541: TNS:no listener" intitle:"error occurred"
75 | "ASP.NET_SessionId" "data source="
76 | databasetype. Code : 80004005. Error Description :
77 | intext:"Error Message : Error loading required libraries."
78 | intitle:"404 SC_NOT_FOUND"
79 | intitle:"Default PLESK Page"
80 | "Warning: Supplied argument is not a valid File-Handle resource in"
81 | filetype:asp + "[ODBC SQL"
82 | intitle:"Apache Tomcat" "Error Report"
83 | "plugins/wp-db-backup/wp-db-backup.php"
84 | inurl:"index.php?m=content+c=rss+catid=10"
85 | "CHARACTER_SETS" "COLLATION_CHARACTER_SET_APPLICABILITY"
86 | intext:"Fatal error: Class 'Red_Action' not found in"
87 | inurl:advsearch.php?module= & intext:sql syntax
88 | intext:"Access denied for" intitle:"Shopping cart"
89 | intext:"Unexpected Problem Occurred!" ext:aspx
90 | intitle:Error-javax.el.ELException+error+xhtml
91 | intitle:"Whoops! There was an error."
92 | inurl:index.php?id= intext:"mysql_fetch_array"
93 | inurl:/uniquesig0/ or inurl:/uniquesig0/InternalSite/
94 | inurl:/nesp/app
95 | inurl:"id=" & intext:"MySQL Error: 1064" & "Session halted."
96 | intitle:"Struts Problem Report" intext:"development mode is enabled."
97 | intext:"expects parameter 1 to be resource, boolean given" filetype:php
98 | inurl:index of driver.php?id=
99 | "CakeRoutingException" -site:github.com -site:stackoverflow.com -site:cakephp.org"
100 | inurl:?wp-commentsrss2.php -git
101 | "syd_apply.cfm"
102 | "dispatch=debugger."
103 | inurl:/php-errors.log filetype:log
104 | site:com inurl:jboss filetype:log -github.com
105 | filetype:php "Notice: Undefined variable: data in" -forum
106 | site:*/404/404.html intitle:"404"
107 | site:*/Shibboleth.sso/SAML2/POST
108 | site:*/cgi-sys/suspendedpage.cgi intitle:"Account Suspended"
109 | site:*/cgi-sys/defaultwebpage.cgi intext:"SORRY!"
110 | site:*/wp-includes/Requests/php_errorlog
111 | site:*/wp-admin/maint/repair.php intext:"define(WP_ALLOW_REPAIR,true);"
112 | inurl:"/errors/report.php" intext:"There has been an error processing your request"
113 | inurl:elmah.axd ext:axd
114 | intitle:"Error log for /LM/"
115 | intext:"sf_app" + "frontend sf_app_base_cache_dir:"
116 | intext:"TCPDFtcpdf.php on line 17778" -stackoverflow -wordpress -github
117 | inurl:("/storage/logs/laravel.log") AND intext:("local.ERROR" | "NULL.ERROR" | "EMERGENCY:")
118 | inurl:"/WebResource.axd?d=" AND intext:Error
119 | inurl:"index.php?id=" intext:"Warning: mysql_num_rows()"
120 | intitle:"index of" errors.log
121 | intitle:"index of" "my-errors.log" OR "my-errors.logs"
122 | intitle:"index of" "stacktrace.log"
123 | intext:"Error Occurred While Processing Request"
124 | "Lucee" "Error (expression)" -lucee.org
125 |
--------------------------------------------------------------------------------
/dorks/files_containing_passwords.dorks:
--------------------------------------------------------------------------------
1 | intitle:index.of people.lst
2 | inurl:passlist.txt
3 | intitle:"index of" intext:globals.inc
4 | filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
5 | filetype:url +inurl:"ftp://" +inurl:"@"
6 | filetype:pem intext:private
7 | inurl:"wvdial.conf" intext:"password"
8 | inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
9 | inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
10 | filetype:netrc password
11 | ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
12 | filetype:ini ServUDaemon
13 | filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
14 | !Host=*.* intext:enc_UserPassword=* ext:pcf
15 | inurl:server.cfg rcon password
16 | intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"
17 | ext:inc "pwd=" "UID="
18 | intitle:rapidshare intext:login
19 | server-dbs "intitle:index of"
20 | ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
21 | filetype:sql "insert into" (pass|passwd|password)
22 | inurl:"calendarscript/users.txt"
23 | ext:php intext:"$dbms""$dbhost""$dbuser""$dbpasswd""$table_prefix""phpbb_installed"
24 | intitle:"Index of" .mysql_history
25 | intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
26 | intitle:index.of passwd passwd.bak
27 | intitle:index.of master.passwd
28 | intitle:"Index of" pwd.db
29 | intitle:"Index of" ".htpasswd" htpasswd.bak
30 | intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c
31 | intitle:"Index of" spwd.db passwd -pam.conf
32 | intitle:"Index of..etc" passwd
33 | inurl:config/databases.yml -trac -trunk -"Google Code" -source -repository
34 | filetype:ini "pdo_mysql" (pass|passwd|password|pwd)
35 | filetype:ini "SavedPasswords" (pass|passwd|password|pwd)
36 | filetype:ini "precurio" (pass|passwd|password|pwd)
37 | filetype:ini "[FFFTP]" (pass|passwd|password|pwd)
38 | filetype:sql "PostgreSQL database dump" (pass|password|passwd|pwd)
39 | filetype:sql "MySQL dump" (pass|password|passwd|pwd)
40 | filetype:sql "phpmyAdmin SQL Dump" (pass|password|passwd|pwd)
41 | inurl:"/Application Data/Filezilla/*" OR inurl:"/AppData/Filezilla/*" filetype:xml
42 | filetype:sql inurl:wp-content/backup-*
43 | (username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log
44 | filetype:cfg "radius" (pass|passwd|password)
45 | inurl:"passes" OR inurl:"passwords" OR inurl:"credentials" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff
46 | intext:charset_test= email= default_persistent=
47 | "BEGIN RSA PRIVATE KEY" filetype:key -github
48 | ext:sql intext:@gmail.com intext:password
49 | inurl:typo3conf/localconf.php
50 | xamppdirpasswd.txt filetype:txt
51 | inurl:ws_ftp.ini "[WS_FTP]" filetype:ini
52 | "automatic teller" "operator manual" "password" filetype:pdf
53 | ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD
54 | intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx
55 | inurl:"ftp" intext:"user" | "username" | "userID" | "user ID" | "logon" | "login" intext:"password" | "passcode" filetype:xls | filetype:xlsx
56 | intext:http | https intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx
57 | intext:"GET http://" ext:txt intext:"password" inurl:log
58 | inurl:wp-content/uploads filetype:xls | filetype:xlsx password
59 | "Password=" inurl:web.config -intext:web.config ext:config
60 | filetype:pcf "cisco" "GroupPwd"
61 | site:github.com ext:csv userid | username | user -example password
62 | "INSERT INTO phpbb_users" ext:sql
63 | "END_FILE" inurl:"/password.log"
64 | "# -FrontPage-" ext:pwd
65 | "-----BEGIN RSA PRIVATE KEY-----" ext:key
66 | inurl:"/zebra.conf" ext:conf -git
67 | "Stealer by W33DY" ext:txt
68 | ext:reg " [HKEY_CURRENT_USER\Software\ORL\WinVNC3]" -git
69 | "resources.db.params.password" ext:ini -git
70 | site:pastebin.com intext:"*@*.com:*"
71 | intext:DB_PASSWORD || intext:"MySQL hostname" ext:txt
72 | inurl:"sitemanager.xml" ext:xml -git
73 | inurl:_vti_pvt/administrators.pwd
74 | intitle:"Index Of" intext:.ftpconfig
75 | intext:connectionString & inurl:web & ext:config
76 | filetype:ini "FtpInBackground" (pass|passwd|password|pwd)
77 | intitle:index.of config.php
78 | index.of passlist
79 | index.of.etc
80 | filetype:xls username password email
81 | allinurl:auth_user_file.txt
82 | inurl:config.php dbuname dbpass
83 | intitle:index.of trillian.ini
84 | filetype:htpasswd htpasswd
85 | intitle:index.of administrators.pwd
86 | inurl:secring ext:skr | ext:pgp | ext:bak
87 | intitle:Index.of etc shadow
88 | allinurl: admin mdb
89 | filetype:cfm "cfapplication name" password
90 | eggdrop filetype:user user
91 | intitle:"index of" intext:connect.inc
92 | inurl:perform filetype:ini
93 | filetype:properties inurl:db intext:password
94 | filetype:inc intext:mysql_connect
95 | filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
96 | inurl:vtund.conf intext:pass -cvs
97 | filetype:log inurl:"password.log"
98 | filetype:dat "password.dat"
99 | filetype:conf slapd.conf
100 | filetype:inc dbconn
101 | filetype:ini ws_ftp pwd
102 | signin filetype:url
103 | filetype:dat wand.dat
104 | filetype:cfg mrtg "target[*]" -sample -cvs -example
105 | filetype:ldb admin
106 | filetype:sql +"IDENTIFIED BY" -cvs
107 | filetype:sql password
108 | filetype:pwd service
109 | inurl:zebra.conf intext:password -sample -test -tutorial -download
110 | inurl:ospfd.conf intext:password -sample -test -tutorial -download
111 | inurl:ccbill filetype:log
112 | filetype:mdb inurl:users.mdb
113 | filetype:conf inurl:psybnc.conf "USER.PASS="
114 | "Your password is * Remember this for later use"
115 | inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
116 | intitle:"Index of" passwords modified
117 | "sets mode: +k"
118 | filetype:pwl pwl
119 | inurl:/wwwboard
120 | "AutoCreate=TRUE password=*"
121 | filetype:pass pass intext:userid
122 | inurl:nuke filetype:sql
123 | inurl:/db/main.mdb
124 | filetype:bak inurl:"htaccess|passwd|shadow|htusers"
125 | "http://*:*@www" bob:bob
126 | filetype:conf oekakibbs
127 | LeapFTP intitle:"index.of./" sites.ini modified
128 | filetype:ini wcx_ftp
129 | filetype:config config intext:appSettings "User ID"
130 | "index of/" "ws_ftp.ini" "parent directory"
131 | filetype:mdb wwforum
132 | "Powered By Elite Forum Version *.*"
133 | filetype:ini inurl:flashFXP.ini
134 | inurl:chap-secrets -cvs
135 | inurl:pap-secrets -cvs
136 | filetype:ini inurl:"serv-u.ini"
137 | "liveice configuration file" ext:cfg -site:sourceforge.net
138 | intext:"enable secret 5 $"
139 | "powered by ducalendar" -site:duware.com
140 | "Powered by Duclassified" -site:duware.com
141 | "Powered by Dudirectory" -site:duware.com
142 | "Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
143 | "powered by duclassmate" -site:duware.com
144 | intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
145 | "powered by dudownload" -site:duware.com
146 | filetype:log "See `ipsec --copyright"
147 | inurl:"GRC.DAT" intext:"password"
148 | inurl:filezilla.xml -cvs
149 | intext:"powered by Web Wiz Journal"
150 | ext:ini eudora.ini
151 | ext:ini Version=4.0.0.4 password
152 | filetype:inc mysql_connect OR mysql_pconnect
153 | "Powered by DUpaypal" -site:duware.com
154 | "Powered by Link Department"
155 | intitle:"Index of" sc_serv.conf sc_serv content
156 | filetype:sql ("passwd values" | "password values" | "pass values" )
157 | ext:txt inurl:unattend.txt
158 | filetype:inf sysprep
159 | wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
160 | intext:"powered by EZGuestbook"
161 | inurl:perform.ini filetype:ini
162 | filetype:dat inurl:pass.dat
163 | inurl:cgi-bin inurl:calendar.cfg
164 | [WFClient] Password= filetype:ica
165 | filetype:dat inurl:Sites.dat
166 | intext:"enable password 7"
167 | "your password is" filetype:log
168 | "admin account info" filetype:log
169 | inurl:/yabb/Members/Admin.dat
170 | inurl:"Sites.dat"+"PASS="
171 | ext:yml database inurl:config
172 | "parent directory" +proftpdpasswd
173 | inurl:ventrilo_srv.ini adminpassword
174 | filetype:bak createobject sa
175 | inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
176 | ext:passwd -intext:the -sample -example
177 | enable password | secret "current configuration" -intext:the
178 | filetype:reg reg +intext:â€ÂÂWINVNC3â€ÂÂ
179 | "login: *" "password= *" filetype:xls
180 | inurl:-cfg intext:"enable password"
181 | inurl:web/frontend_dev.php -trunk
182 | inurl:ftp "password" filetype:xls
183 | filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd)
184 | "My RoboForm Data" "index of"
185 | ext:xml ("mode_passive"|"mode_default")
186 | filetype:xls "username | password"
187 | "parent directory" proftpdpasswd intitle:"index of" -google
188 | inurl:"/dbman/default.pass"
189 | allinurl:"User_info/auth_user_file.txt"
190 | ext:xml ("proto='prpl-'" | "prpl-yahoo" | "prpl-silc" | "prpl-icq")
191 | filetype:inc OR filetype:bak OR filetype:old mysql_connect OR mysql_pconnect
192 | filetype:config inurl:web.config inurl:ftp
193 | ext:sql intext:@hotmail.com intext :password
194 | filetype:sql insite:pass && user
195 | site:github.com inurl:sftp-config.json intext:/wp-content/
196 | site:github.com inurl:sftp-config.json
197 | filetype:password jmxremote
198 | inurl:/backup intitle:index of backup intext:*sql
199 | inurl:yahoo_site_admin/credentials/
200 | inurl:"security/xamppdirpasswd.txt"
201 | ext:sql intext:"alter user" intext:"identified by"
202 | ext:csv intext:"password"
203 | intext:DB_PASSWORD ext:env
204 | site:pastebin.com intext:Username
205 | intext:@pwcache "parent directory"
206 | filetype:log intext:password | pass | pw
207 | inurl:etc -intext:etc ext:passwd
208 | ext:sql intext:username intext:password
209 | inurl:wp-config -intext:wp-config "'DB_PASSWORD'"
210 | intext:"END_FILE" ext:log
211 | site:pastebin.com intext:@gmail.com | @yahoo.com | @hotmail.com daterange:2457388-2457491
212 | intext:"eav" filetype:txt
213 | site:static.ow.ly/docs/ intext:@gmail.com | Password
214 | inurl:"/wp-content/wpclone-temp/wpclone_backup/"
215 | inurl:proftpdpasswd
216 | inurl:github.com intitle:config intext:"/msg nickserv identify"
217 | intitle:"index of/" CCCam.cfg
218 | site:cloudshark.org/captures# password
219 | "your default password is" filetype:pdf
220 | "Index of" "logins.json" "key3.db"
221 | inurl:"-wp13.txt"
222 | filetype:bak inurl:php "mysql_connect"
223 | "[main]" "enc_GroupPwd=" ext:txt
224 | ext:fetchmailrc
225 | "FileZilla" inurl:"recentservers.xml" -git
226 | " End Stealer " ext:txt
227 | "iSpy Keylogger" "Passwords Log" ext:txt
228 | "mysqli_connect" ext:inc
229 | inurl:"gradle.properties" intext:"proxyPassword"
230 | site:trello.com password
231 | "enable secret" ext:cfg -git -cisco.com
232 | ext:inf SetupMgrTag AdminPassword
233 | "password" + ext:conf "Modem Type = USB Modem"
234 | ext:config + " password=" + "
235 | intitle:"Index Of" intext:sftp-config.json
236 | "MAIL_PASSWORD" filetype:env
237 | "database_password" filetype:yml "config/parameters.yml"
238 | "database_password" filetype:yml "config/parameters.yml
239 | intext:password inurl:"/log/production" ext:log
240 | CakePHP inurl:database.php intext:db_password
241 | intitle:"index of /" inanchor:.kdbx
242 | site:pastebin.com "rcon_password"
243 | intitle:"Index Of" intext:".vscode"
244 | inurl:/host.txt + filetype:txt + "password"
245 | inurl:"config.xml" "password" ext:xml -stackoverflow.com -github.com
246 | inurl:"databases.yml" ext:yml password -github
247 | intitle:"index.of" "places.sqlite" "key3.db" -mozilla.org
248 | intitle:"index.of" "places.sqlite" "Mail" thunderbird -mozilla.org -scan
249 | filetype:config "" "password" "web.config" -stackoverflow -youtube.com -github
250 | ext:ini Robust.ini filetype:ini "password"
251 | Codeigniter filetype:sql intext:password | pwd intext:username | uname intext: Insert into users values
252 | inurl:"servlet/ViewFormServlet?" "pwd"
253 | intitle:"Index of" intext:"Login Data"
254 | inurl:"/App.Config" + ext:config + "password=" -github -git
255 | intext:"PuTTY log" ext:log "password" -supportforums -github
256 | filetype:doc inurl:"gov" intext:"default password is"
257 | site:trello.com intext:mysql AND intext:password -site:developers.trello.com -site:help.trello.com
258 | site:showmyhomework.co.uk/school/homeworks/ "password"
259 | intitle:"index.of" inurl:"cvs" login | passwd | password | access | pass -github -pub
260 | filetype:env intext:REDIS_PASSWORD
261 | "password.xlsx" ext:xlsx
262 | inurl:wp-config-backup.txt
263 | intext:define('AUTH_KEY', ' wp-config.php filetype:txt
264 | inurl:/dbcp.properties + filetype:properties -github.com
265 | inurl:configuration.php and intext:"var $password="
266 | intext:"please change your" password |code | login file:pdf | doc | txt | docx -github
267 | intext:"login" department | admin | manager | company | host filetype:xls | xlsx -community -github
268 | intext:"rabbit_password" | "service_password" filetype:conf
269 | "whoops! there was an error." "db_password"
270 | inurl:wp-config.bak
271 | "battlefield" "email" site:pastebin.com
272 | inurl:"wp-license.php?file=../..//wp-config"
273 | inurl:"trello.com" and intext:"username" and intext:"password"
274 | intitle:"index of" intext:login.csv
275 | inurl:"build.xml" intext:"tomcat.manager.password"
276 | /_wpeprivate/config.json
277 | inurl:"standalone.xml" intext:"password>"
278 | filetype:reg reg HKEY_CURRENT_USER intext:password
279 | filetype:txt $9$ JunOS
280 | intext:jdbc:oracle filetype:java
281 | filetype:xml config.xml passwordHash Jenkins
282 | username | password inurl:resources/application.properties -github.com -gitlab
283 | intitle:settings.py intext:EMAIL_HOST_PASSWORD -git -stackoverflow
284 | intitle:settings.py intext:EMAIL_USE_TLS -git -stackoverflow
285 | inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner
286 | inurl:login.txt filetype:txt
287 | s3 site:amazonaws.com filetype:xls password
288 | intext:"wordpress" filetype:xls login & password
289 | inurl:users.json + "username"
290 | intext:"aspx" filetype:txt login & password
291 | "pass" "usuario" filetype:sql
292 | intitle:"index of" "htpasswd.txt"
293 | intitle:"index of" "ftp.passwd"
294 | intext:"@gmail.com" intext:"password" inurl:/files/ ext:txt
295 | "contrasena" filetype:sql -github.com
296 | intitle:"Index of" password.txt
297 | intitle:"index of" "db.conf"
298 | intitle:"index of" share.passwd OR cloud.passwd OR ftp.passwd -public
299 | intitle:index.of "creds.txt"
300 | intext:"username=" AND "password=" ext:log
301 | intext:"WPENGINE_SESSION_DB_USERNAME" || "WPENGINE_SESSION_DB_PASSWORD"
302 | intitle:"index of" "passwords.yml"
303 | intitle:"index of" "credentials.yml"
304 | "enable password" ext:cfg -git -cisco.com
305 | password console-password ext:cfg -git
306 | intext:authentication set encrypted-password ext:cfg
307 | intitle:"Index of" dbconnect.inc
308 | "create account" admin ext:cfg
309 | "configure account user encrypted" ext:cfg
310 | "d-i passwd/root-password-crypted password" ext:cfg
311 | intitle:"index of" "db.connection.js"
312 | intitle:"index of" application.ini
313 | intitle:"index of" "database.ini" OR "database.ini.old"
314 | "admin password irreversible-cipher" ext:txt OR ext:log OR ext:cfg
315 | "super password level 3 cipher" ext:txt OR ext:log
316 | intitle:"index of" "db.ini"
317 | intitle:"index of " "*.passwords.txt"
318 | "MasterUserPassword" ext:cfg OR ext:log OR ext:txt -git
319 | "/etc/shadow root:$" ext:cfg OR ext:log OR ext:txt OR ext:sql -git
320 | inurl:*helpdesk* intext:"your default password is"
321 | intitle:"index of" "passwords.xlsx"
322 | intitle:"index of" "config.neon" OR "config.local.neon"
323 | intext:"Index of /password"
324 | "config.php.bak" intitle:"index of"
325 | "index of" ".env"
326 | filetype:env "DB_PASSWORD"
327 | "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git
328 | intitle:"index of" "/master.passwd"
329 | inurl:logs intext:GET https:// ext:txt intext:password intext:username
330 | allintext:password filetype:log
331 | "Index of" "/yahoo_site_admin/credentials"
332 | intext:"db_database" ext:env intext:"db_password"
333 | allintext:"redis_password" ext:env
334 | "EMAIL_HOST_PASSWORD" ext:yml | ext:env | ext:txt | ext:log
335 | "/** MySQL database password */" ext:txt | ext:cfg | ext:env | ext:ini
336 | "POSTGRES_PASSWORD=" ext:txt | ext:cfg | ext:env | ext:ini | ext:yml | ext:sql -git -gitlab
337 | ext:xls intext:@gmail.com intext:password
338 | intitle:"database.php" inurl:"database.php" intext:"db_password" -git -gitlab
339 | ext:txt intext:@yahoo.com intext:password
340 | "'username' =>" + "'password' =>" ext:log
341 | filetype:log intext:password after:2015 intext:@gmail.com | @yahoo.com | @hotmail.com
342 | "index of" "password.ini"
343 | "admin_password" ext:txt | ext:log | ext:cfg
344 | rootpw --iscrypted ext:cfg
345 | "anaconda-ks.cfg" | "ks.cfg" ext:cfg -git -gitlab
346 | "server.cfg" ext:cfg intext:"rcon_password" -git -gitlab
347 | ext:cfg "g_password" | "sv_privatepassword" | "rcon_password" -git -gitlab
348 | "db.username" + "db.password" ext:properties
349 | site:pastebin.com intext:admin.password
350 | ext:log password END_FILE
351 | "spring.datasource.password=" + "spring.datasource.username=" ext:properties -git -gitlab
352 | jdbc:mysql://localhost:3306/ + username + password ext:yml | ext:javascript -git -gitlab
353 | jdbc:postgresql://localhost: + username + password ext:yml | ext:java -git -gitlab
354 | jdbc:oracle://localhost: + username + password ext:yml | ext:java -git -gitlab
355 | intitle:"index of" "config.exs" | "dev.exs" | "test.exs" | "prod.secret.exs"
356 | "define('DB_USER'," + "define('DB_PASSWORD'," ext:txt
357 | intitle:"index of" "anaconda-ks.cfg" | "anaconda-ks-new.cfg"
358 | "define('SECURE_AUTH_KEY'" + "define('LOGGED_IN_KEY'" + "define('NONCE_KEY'" ext:txt | ext:cfg | ext:env | ext:ini
359 | "keystorePass=" ext:xml | ext:txt -git -gitlab
360 | intext:construct('mysql:host
361 | "mailer_password:" + "mailer_host:" + "mailer_user:" + "secret:" ext:yml
362 | intitle:"index of" "idx_config"
363 | "password 7" ext:txt | ext:log | ext:cfg
364 | "insert into users" "VALUES" ext:sql | ext:txt | ext:log | ext:env
365 | "cpanel username" "cpanel password" ext:txt
366 | intitle:"index of" "application-users.properties" | "mgmt-users.properties" | "*standalone.xml"
367 | "public $user =" | "public $password = " | "public $secret =" | "public $db =" ext:txt | ext:log -git
368 | site:*.blob.core.windows.net ext:xls | ext:xlsx (login | password | username)
369 | "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
370 | inurl:/wp-content/uploads/ ext:txt "username" AND "password" | "pwd" | "pw"
371 | allintext:"*.@gmail.com" OR "password" OR "username" filetype:xlsx
372 | inurl:/wp-content/uploads/data.txt
373 | site:pastebin.com intitle:"password" 2021
374 | filetype:log username admin
375 | "enable secret 5" ext:txt | ext:cfg
376 | inurl:wp-config.php.save
377 | Inurl: "login" Intitle:index of username and pass
378 | intitle: "Index of ftp passwords"
379 | "index of /" +passwd
380 | allintext:password filetype:log after:2018
381 | intitle:"index of" "credentials"
382 | intitle:"index of" "passwrod*"
383 | inurl:password site:shodan.io
384 | site:pastebin.com intext:username | password | SECRET_KEY
385 | inurl:/wp-content/uploads/ ext:txt "username" | "user name" | "uname" | "user" | "userid" | "user id" AND "password" | "pass word" | "pwd" | "pw"
386 | intext:"/pfx-password.txt" "[To Parent Directory]"
387 | intext:"index of" "uploads"
388 | intext:"password" | "passwd" | "pwd" site:ghostbin.com
389 | site:pastebin.com intext:password.txt
390 | intext:"Index of" intext:"password.zip"
391 | site:pastebin.com intext:pass.txt
392 | site:pastebin.com "password"
393 | site:pastebin.com "admin password"
394 | site:controlc.com intext:"password"
395 | site:rentry.co intext:"password"
396 |
--------------------------------------------------------------------------------
/dorks/files_containing_usernames.dorks:
--------------------------------------------------------------------------------
1 | +intext:"webalizer" +intext:"Total Usernames" +intext:"Usage Statistics for"
2 | intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
3 | inurl:"/root/etc/passwd" intext:"home/*:"
4 | intext:"root:x:0:0:root:/root:/bin/bash" inurl:*=/etc/passwd
5 | inurl:/_layouts/mobile/view.aspx?List=
6 | intitle:index.of .sh_history
7 | intitle:index.of .bash_history
8 | inurl:admin inurl:userlist
9 | inurl:admin filetype:asp inurl:userlist
10 | "index of" / lck
11 | index.of perform.ini
12 | inurl:php inurl:hlstats intext:"Server Username"
13 | filetype:reg reg HKEY_CURRENT_USER username
14 | filetype:reg reg +intext:"internet account manager"
15 | filetype:log username putty
16 | filetype:conf inurl:proftpd.conf -sample
17 | inurl:root.asp?acs=anon
18 | site:extremetracking.com inurl:"login="
19 | inurl:/profile.php?lookup=1
20 | "authentication failure; logname=" ext:log
21 | "username.xlsx" ext:xlsx
22 | intitle:index.of "users.db"
23 | intitle:"index of" service.grp
24 | allintext:username filetype:log
25 | intitle:"index of" "users.sql"
26 | intitle:"index of" "/ftpusers"
27 | intitle:"index of" "tomcat-users.xml"
28 | "index of" "users.frm"
29 | File contains Sensitive Information
30 | "CREATE ROLE" + "ENCRYPTED PASSWORD" ext:sql | ext:txt | ext:ini -git -gitlab
31 | intitle:"index of" "/parameters.yml*"
32 | jdbc:mysql://localhost:3306/ + username + password ext:yml | ext:java -git -gitlab
33 | inurl:user intitle:index of ext:sql | xls | xml | json | csv
34 | filetype:csv intext:"Secret access key"
35 | "DefaultPassword" ext:reg "[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]"
36 | intitle:"index of" "filezilla.xml"
37 | intitle:"index of" "sitemanager.xml" | "recentservers.xml"
38 | intitle:"index of" "password.yml
39 | jdbc:sqlserver://localhost:1433 + username + password ext:yml | ext:java
40 | "'dsn: mysql:host=localhost;dbname=" ext:yml | ext:txt "password:"
41 | intitle:"index of" "credentials.xml" | "credentials.inc" | "credentials.txt"
42 | intitle:"index of" "db.properties" | "db.properties.BAK"
43 | intitle:"index of" "contacts.txt"
44 | intext:"-----BEGIN CERTIFICATE-----" ext:txt
45 | intitle:"index of" "/usernames"
46 |
--------------------------------------------------------------------------------
/dorks/footholds.dorks:
--------------------------------------------------------------------------------
1 | intitle:"ERROR: The requested URL could not be retrieved" "While trying to retrieve the URL" "The following error was encountered:"
2 | intitle:MyShell 1.1.0 build 20010923
3 | inurl:polly/CP
4 | "Please re-enter your password It must match exactly"
5 | "index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )
6 | (intitle:"WordPress › Setup Configuration File")|(inurl:"setup-config.php?step=")
7 | inurl:"amfphp/browser/servicebrowser.swf"
8 | intitle:"uploader by ghost-dz" ext:php
9 | intitle:"WSO 2.4" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]
10 | ext:asp intext:Smart.Shell 1.0 BY P0Uy@_$3r\/3R -
11 | intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED
12 | intext:"Thehacker - Agd_Scorp - BLaSTER - Cr@zy_King - KinSize - JeXToXiC - s3f4 - rx5"
13 | intext:"Please select file to upload:" ext:php
14 | crime24 stealer ext:txt
15 | intitle:"WSO " ext:php intext:"server ip" 2015 intext:" [ home ]"
16 | (intitle:"phpshell" OR intitle:"c99shell" OR intitle:"r57shell" OR intitle:"PHP Shell " OR intitle:"phpRemoteView") `rwx` "uname"
17 | intitle: "phpshell" "Php Safe-Mode Bypass"
18 | intitle:"nstview v2.1:: nst.void.ru" | intext:"nsTView v2.1 :: nst.void.ru. Password: Host:"
19 | ( ext:php ) ( inurl:/wp-content/uploads/AAPL/loaders/ )
20 | intitle:"Priv8 Mailer Inbox 2015" ext:php
21 | "El Moujahidin Bypass Shell" ext:php
22 | "WHMCS Auto Xploiter"
23 | intitle:"Authorization" "TF" inurl:"admin.php"
24 | "Sorting Logs:" "Please enter your password" "Powered By" -urlscan -alamy
25 | intitle:admin intitle:login
26 | +htpasswd +WS_FTP.LOG filetype:log
27 | "Powered by PHPFM" filetype:php -username
28 | intitle:"PHP Shell *" "Enable stderr" filetype:php
29 | "adding new user" inurl:addnewuser -"there are no domains"
30 | intitle:"Web Data Administrator - Login"
31 | (inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")
32 | inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
33 | filetype:php HAXPLORER "Server Files Browser"
34 | PHPKonsole PHPShell filetype:php -echo
35 | inurl:"phpOracleAdmin/php" -download -cvs
36 | intitle:"YALA: Yet Another LDAP Administrator"
37 | intitle:"net2ftp" "powered by net2ftp" inurl:ftp OR intext:login OR inurl:login
38 | inurl:"tmtrack.dll?"
39 | (intitle:"SHOUTcast Administrator")|(intext:"U SHOUTcast D.N.A.S. Status")
40 | allintext:"fs-admin.php"
41 | Re: intitle:Priv8 SCR
42 | intitle:C0ded By web.sniper
43 | Re: inurl:"r00t.php"
44 | inurl:1337w0rm.php intitle:1337w0rm
45 | filetype:php intext:"!C99Shell v. 1.0 beta"
46 | intitle:"=[ 1n73ct10n privat shell ]="
47 | inurl:sh3llZ/c99/
48 | ext:php intitle:"b374k"
49 | ext:aspx intitle:aspxspy
50 | intext:"Sw Bilgi" ext:php
51 | intext:Developed By Black.Hack3r ext:php
52 | intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd
53 | inurl:revslider inurl:temp inurl:update_extract inurl:sym1
54 | intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army
55 | "Fenix Final Version v2.0" filetype:php
56 | intitle:"Hamdida X_Shell Backd00r"
57 | filetype:php intext:Your Email: intext:Your Name: intext:Reply-To: intext:mailer
58 | "You have selected the following files for upload (0 Files)."
59 | inurl:"html/js/editor/ckeditor/"
60 | "File Manager Version 1.0" "Coded By"
61 | "PHP eMailer is created by" ext:php
62 | "PHP Mailer" "priv8 Mailer" ext:php
63 | Meg4-Mail ext:php
64 | inurl:/\\filesrc=**** ~"Current" ~":/" ~"upload"
65 | inurl:?filesrc=**** ~"Current" ~"asp"
66 | inurl:"go.cgi?url="
67 | intitle:index of intext:wncry
68 | intitle:index of intext:@WanaDecryptor@.exe
69 | ext:php intext:"-rwxr-xr-x" site:.in
70 | ext:jsp intext:"jspspy" intitle:"Jspspy web~shell V1.0"
71 | intitle:"Solr Admin" "Solr Query Syntax"
72 | inurl:/install/stringnames.txt
73 | intitle:"Installing TYPO3 CMS"
74 | intitle:Upload inurl:/cgi-bin/filechucker.cgi
75 | inurl:"/tiny_mce/plugins/ajaxfilemanager/inc/data.php" | inurl:"/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php" -github
76 | inurl: "Mister Spy" | intext:"Mister Spy & Souheyl Bypass Shell"
77 | "File Manager - Current disk free"
78 | "index of" /wp-content/uploads/shell.php
79 | intext:"M3R1C4 SHELL BACKDOOR"
80 | intitle:"FCKeditor - Uploaders Tests"
81 | intitle:"FCKeditor - Connectors Tests"
82 | intitle:"InfluxDB - Admin Interface" -github
83 | inurl:"/sidekiq/busy"
84 | inurl:/phpMyAdmin/setup/index.php?phpMyAdmin=
85 | inurl:wp-login.php?action=register
86 | inurl:"urlstatusgo.html?url=" -intext:"Disallowed by URL filter"
87 | inurl:"cs.html?url="
88 | inurl:/phpmyadmin/index.php?db=
89 | intitle:Administration - Installation - MantisBT
90 | inurl:"index.php?db="
91 | site:*/wp-admin/install.php intitle:WordPress Installation
92 | intitle:"freedom is real - 1945"
93 | inurl:"index of" wso
94 | site:bamboo.*.* ext:action build
95 | intitle:"(SSI Web Shell)" AND intext:"(ls -al)"
96 | intitle:("Mini Shell") AND intext:("Upload File")
97 | intitle:("Index of") AND intext:("c99.txt" OR "c100.txt")
98 | site:linkedin.com employees target.com
99 | inurl:"customer.aspx"
100 | inurl:/servicedesk/customer/user/login
101 | Find Microsoft Lync Server AutoDiscover
102 | inurl:/download_file/ intext:"index of /"
103 | intitle:"index of" "admin/xml"
104 | inurl:logon/LogonPoint/index.html
105 | inurl:"/arcgis/rest/services"
106 | inurl:"/jmx-console/HtmlAdaptor?action"
107 | intitle:"index of" and intext:"vendor" and intext:"phpunit"
108 | "radius-server key" ext:cfg OR ext:log OR ext:txt
109 | intitle:"index of" "nginx.log"
110 | intitle:"Index of /" +.htaccess
111 | intitle:"index of /" +.htdocs
112 | intitle:"index.of" +jmx-console
113 | inurl:CTCWebService
114 | inurl::/app/kibana "Kibana" -discuss -ipaddress -git
115 | inurl:/Dashboard.xhtml intitle:"Dashboard"
116 | inurl:"/plugins/servlet/Wallboard/"
117 | mail/u/0 filetype:pdf
118 | intitle:"index of" "httpd.pid"
119 | inurl:wsnavigator/jsps
120 | inurl:maps.arcgis.com +"City of"
121 | inurl:adminpanel site:gov.*
122 |
--------------------------------------------------------------------------------
/dorks/network_or_vulnerability_data.dorks:
--------------------------------------------------------------------------------
1 | inurl:/cgi-bin/finger? Enter (account|host|user|username)
2 | inurl:portscan.php "from Port"|"Port Range"
3 | intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."
4 | "Phorum Admin" "Database Connection" inurl:forum inurl:admin
5 | inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo
6 | filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"
7 | intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm
8 | "Traffic Analysis for" "RMON Port * on unit *"
9 | intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies."
10 | inurl:login.jsp.bak
11 | inurl:ovcgi/jovw
12 | inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl
13 | inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"
14 | "The statistics were last updated" "Daily"-microsoft.com
15 | inurl:finger.cgi
16 | inurl:"/munin/network-*.html" OR inurl:"/munin/apache-*.html" OR inurl:"/munin/disk-*.html" OR inurl:"/munin/system-*.html" OR inurl:"/munin/munin-*.html" OR inurl:"/munin/problems.html"
17 | intitle:"bandwidthd" "programmed by david hinkle, commissioned by derbytech wireless networking."
18 | intext:"Web Application Report" intext:"This report was created by IBM Security AppScan" ext:pdf
19 | (inurl:"8080/monitorix" & intext:"Hostname") | inurl:"8080/monitorix-cgi"
20 | "generated by Munin" inurl:index -intext:index localhost
21 | inurl:zabbix.php AND intext:"Zabbix SIA"
22 | inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc"
23 | inurl:"/cacti/graph_view.php" OR inurl:"/cacti/graph.php?"
24 | intitle:"Nessus Scan Report" "This file was generated by Nessus"
25 | "This report lists" "identified by Internet Scanner"
26 | "Network Host Assessment Report" "Internet Scanner"
27 | "SnortSnarf alert page"
28 | inurl:phpSysInfo/ "created by phpsysinfo"
29 | filetype:pdf "Assessment Report" nessus
30 | filetype:vsd vsd network -samples -examples
31 | intitle:"ADSL Configuration page"
32 | "Version Info" "Boot Version" "Internet Settings"
33 | "Looking Glass" (inurl:"lg/" | inurl:lookingglass)
34 | ACID "by Roman Danyliw" filetype:php
35 | intitle:"Microsoft Site Server Analysis"
36 | "by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta"
37 | "apricot - admin" 00h
38 | "this proxy is working fine!" "enter *" "URL***" * visit
39 | site:netcraft.com intitle:That.Site.Running Apache
40 | "Powered by phpOpenTracker" Statistics
41 | inurl:"/catalog.nsf" intitle:catalog
42 | ((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))
43 | ext:cgi intext:"nrg-" " This web page was created on "
44 | inurl:"map.asp?" intitle:"WhatsUp Gold"
45 | filetype:php inurl:nqt intext:"Network Query Tool"
46 | inurl:/cgi-bin/finger? "In real life"
47 | inurl:statrep.nsf -gov
48 | inurl:webutil.pl
49 | inurl:/adm-cfgedit.php
50 | filetype:log intext:"ConnectionManager2"
51 | inurl:testcgi xitami
52 | "Output produced by SysWatch *"
53 | intitle:"twiki" inurl:"TWikiUsers"
54 | ext:cfg radius.cfg
55 | intitle:"start.managing.the.device" remote pbx acc
56 | inurl:"install/install.php"
57 | intitle:"Azureus : Java BitTorrent Client Tracker"
58 | intitle:"BNBT Tracker Info"
59 | intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"
60 | "powered | performed by Beyond Security's Automated Scanning" -kazaa -example
61 | inurl:status.cgi?host=all
62 | "The following report contains confidential information" vulnerability -search
63 | "Shadow Security Scanner performed a vulnerability assessment"
64 | intitle:"Retina Report" "CONFIDENTIAL INFORMATION"
65 | inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin
66 | inurl:/counter/index.php intitle:"+PHPCounter 7.*"
67 | intitle:r57shell +uname -bbpress
68 | site*.*.*/webalizer intitle:"Usage Statistics"
69 | "Web Application Assessment Report" ext:pdf
70 | inurl:"/weathermap/weathermap-cacti-plugin.php"
71 | inurl:ipf.conf -intext:ipf.conf ext:conf
72 | intitle:"Nessus Scan Report" ext:html
73 | "[boot loader]" "WINNT" ext:ini
74 | intitle: "Generated by Acunetix WVS Reporter"
75 | intitle:"Burp Scanner Report" | "Report generated by Burp Scanner"
76 | intitle:"netsparker scan report" ext:pdf
77 | "IBM Security AppScan Report" ext:pdf
78 | ":: Arachni Web Application Security Report"
79 | intext:"Powered by Nibbleblog"
80 | intitle:"Statistics Report for HAProxy" + "statistics report for pid"
81 | inurl:/munin/localdomain/localhost.localdomain/open_files.html
82 | inurl:"AllItems.aspx?FolderCTID=" "firewall" | "proxy" | "configuration" | "account"
83 | "index of /ups.com/WebTracking"
84 | intitle:"Malware Analysis Report"
85 | "ansible.log" | "playbook.yaml" | ".ansible.cfg" | "playbook.yml" | host.ini intitle:"index of"
86 | intext:ZAP Scanning Report Summary of Alerts ext:html
87 | inurl:department intext:"hardware inventory" firewall router ext:(doc | pdf | xls| psw | ppt | pps | xml | txt | ps | rtf | odt | sxw )
88 | inurl:/scripts/wgate
89 | inurl:nagios/cgi-bin/status.cgi
90 | allinurl:"/SilverStream/Meta/"
91 | s3 site:amazonaws.com intext:dhcp filetype:txt inurl:apollo
92 | intitle:prometheus time series collection and processing server inurl:/alerts
93 | intitle:Host Report inurl:ganglia
94 | inurl:"/Serviceability?adapter=device.statistics.configuration"
95 | inurl:zabbix/zabbix.php
96 | intitle:"OpenNMS web console" inurl:opennms/index.jsp
97 | intitle:"Dashboards" AND inurl:"/zabbix/zabbix.php?action=dashboard.list"
98 | intitle:"Cacti" AND inurl:"/monitor/monitor.php"
99 | intitle:"netdata dashboard" AND intext:"Costa Tsaousis"
100 | intitle:Grapher AND inurl:sensorlist.htm
101 | intitle:traefik inurl:8080/dashboard
102 | intitle:"Nikto Report" "OSVDB"
103 | intitle:"Skipfish - scan results browser"
104 | -site:"pentest-tools.com" intext:"Scan coverage information" AND "List of tests" ext:PDF
105 | intitle:"ZAP Scanning Report" + "Alert Detail"
106 | intitle:"routeros" "sophia"
107 | intitle:"jaeger UI" inurl:trace
108 | intitle:"NETSurveillance WEB"
109 |
--------------------------------------------------------------------------------
/dorks/sensitive_directories.dorks:
--------------------------------------------------------------------------------
1 | index.of.secret
2 | index.of.private
3 | index.of.secure
4 | index.of.protected
5 | intitle:"index.of.personal"
6 | inurl:explorer.cfm inurl:(dirpath|This_Directory)
7 | intitle:"index of" intext:"content.ie5"
8 | allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"
9 | intitle:upload inurl:upload intext:upload -forum -shop -support -w3c
10 | "Index of" rar r01 nfo Modified 2004
11 | intitle:index.of /maildir/new/
12 | intitle:"Backup-Management (phpMyBackup v.0.4 beta * )" -johnny.ihackstuff
13 | intitle:"Folder Listing" "Folder Listing" Name Size Date/Time File Folder
14 | "Directory Listing for" "Hosted by Xerver"
15 | "Welcome to the directory listing of" "NetworkActiv-Web-Server"
16 | "Warning: Installation directory exists at" "Powered by Zen Cart" -demo
17 | inurl:install.pl intext:"Reading path paramaters" -edu
18 | intitle:index.of cisco asa -site:cisco.com
19 | intitle:index.of ios -site:cisco.com
20 | allintext:"WebServerX Server at"
21 | "Index of /backup"
22 | "index of" inurl:root intitle:symlink
23 | inurl:8080 intitle:"Dashboard [Jenkins]"
24 | inurl:/cgi-bin/.cgi
25 | "Config" intitle:"Index of" intext:vpn
26 | intitle:index.of +"Indexed by Apache::Gallery"
27 | intitle:index.of.accounts
28 | intitle:index.of.dropbox
29 | inurl:private_files
30 | intitle:"Index Of" intext:"iCloud Photos" OR intext:"My Photo Stream" OR intext:"Camera Roll"
31 | intitle:"Index of" "wwwroot"
32 | intitle:"Index of" "DCIM"
33 | intitle:"Index of" "WhatsApp Images"
34 | mail spool intitle:index.of
35 | inurl:.listing intitle:index.of
36 | inurl:.DS_Store intitle:index.of
37 | "sql" "parent" intitle:index.of -injection
38 | intitle:index.of inurl:grades site:edu
39 | inurl:"wp-content/uploads/private"
40 | inurl:pipermail intitle:index.of parent
41 | intitle:index.of.mail
42 | inurl:.ssh intitle:index.of authorized_keys
43 | inurl:"folderview?id=" site:drive.google.com
44 | inurl:"/drive/folders/" site:drive.google.com
45 | -inurl:htm -inurl:html intitle:"index of" 100CANON
46 | -inurl:htm -inurl:html intitle:"index of" NIKON
47 | intitle:"Index of /" "joomla_update.php"
48 | index of /htdocs
49 | "m.zippyshare.com/"
50 | inurl:admin inurl:uploads
51 | intitle:index.of intext:viewvc
52 | inurl:/xampp
53 | index.of.winnt
54 | index.of.password
55 | inurl:backup intitle:index.of inurl:admin
56 | "Welcome to phpMyAdmin" " Create new database"
57 | intitle:"Index of c:\Windows"
58 | intitle:"Index of" cfide
59 | "index of cgi-bin"
60 | inurl:j2ee/examples/jsp
61 | inurl:ojspdemos
62 | inurl:/pls/sample/admin_/help/
63 | "index of" inurl:recycler
64 | inurl:/tmp
65 | intitle:intranet inurl:intranet +intext:"human resources"
66 | "Index Of /network" "last modified"
67 | intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
68 | filetype:cfg ks intext:rootpw -sample -test -howto
69 | intitle:"index of /phpmyadmin" modified
70 | index.of.password
71 | "index of" / picasa.ini
72 | intext:"d.aspx?id" || inurl:"d.aspx?id"
73 | intitle:index.of /AlbumArt_
74 | intitle:"Index of *" inurl:"my shared folder" size modified
75 | intitle:index.of (inurl:fileadmin | intitle:fileadmin)
76 | intitle:"webadmin - /*" filetype:php directory filename permission
77 | intitle:"Directory Listing For" intext:Tomcat -int
78 | index.of.dcim
79 | intitle:"index of" -inurl:htm -inurl:html mp3
80 | "intitle:Index.Of /" stats merchant cgi-* etc
81 | intext:"Powered By: TotalIndex" intitle:"TotalIndex"
82 | intitle:"index of" "parent directory" "desktop.ini" site:dyndns.org
83 | "Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
84 | intitle:"Index of /CFIDE/" administrator
85 | intitle:index.of abyss.conf
86 | intitle:"index of" inurl:ftp (pub | incoming)
87 | intitle:"HFS /" +"HttpFileServer"
88 | "Web File Browser" "Use regular expression"
89 | filetype:torrent torrent
90 | filetype:ini Desktop.iniintext:mydocs.dll
91 | intitle:index.of WEB-INF
92 | intitle:"pictures thumbnails" site:pictures.sprintpcs.com
93 | log inurl:linklint filetype:txt -"checking"
94 | allintitle:"FirstClass Login"
95 | intitle:index.of.config
96 | inurl:ckfinder intext:"ckfinder.html" intitle:"Index of /ckfinder"
97 | "index of" inurl:sym
98 | intitle:"index.of" | inurl:/filemanager/connectors/ intext:uploadtest.html
99 | inurl:"/wp-json/" -wordpress
100 | intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1
101 | intitle:index.of intext:.bash_history
102 | intitle:"index of" myshare
103 | intitle:"index of" intext:".ds_store"
104 | allinurl:/hide_my_wp=
105 | "jos_users" intitle:"Index of"
106 | inurl:/wp-content/wpbackitup_backups
107 | intitle:"Index of ftp"
108 | inurl:wp-admin/ intext:css/
109 | intitle:"index of" "onetoc2" "one"
110 | intitle:"index of" inurl:"no-ip.com"
111 | intitle:index.of.pubs
112 | intext:index of sym
113 | inurl:"/cms/app/webroot"
114 | intitle:"Index of" "WhatsApp Databases"
115 | intitle:"Index.of" "attachments"
116 | inurl:"default.php" intext:"website" "has been successfully installed on the server!"
117 | private parent intitle:index.of
118 | inurl:users intitle:index.of
119 | inurl:/aspnet_client/system_web/
120 | "My Documents" "parent" intitle:index.of
121 | "Desktop" parent intitle:index.of
122 | intitle:index.of parent inurl:repos
123 | inurl:/server/webapps
124 | intitle: Index of /awstats/data
125 | inurl:safm.asp ext:asp
126 | (intext:"index of /.git") ("parent directory")
127 | intitle:Index of /__MACOSX ...
128 | inurl:/sites/default/files/webform/
129 | inurl:trash intitle:index.of
130 | inurl:pictures intitle:index.of
131 | inurl:/FCKeditor/editor/filemanager/upload/
132 | index:"html/js/editor/fckeditor/editor/filemanager/connectors"
133 | inurl:".esy.es/default.php"
134 | Hostinger © 2016. All rights reserved inurl:default.php
135 | inurl:/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
136 | "Powered by AutoIndex PHP Script" ext:php
137 | site:onedrive.live.com shared by
138 | powered by h5ai
139 | "Index of" inurl:"/$Recycle.Bin/"
140 | intext:"Index of /.git"
141 | intext:"Index of /database"
142 | inurl:/sym/root/ intitle:index.of
143 | intext:/wp-content/plugins/woocommerce/templates/emails/plain/
144 | inurl:/wp-content/plugins/seo-pressor/classes/
145 | intext:"index of /userfiles/file/"
146 | intitle:index.of .bashrc
147 | inurl:"nfs://www." "index of /"
148 | intext:"/wp-content/uploads/wpsc/"
149 | "lv_poweredBy"
150 | inurl:/openwebmail/cgi-bin/openwebmail/etc/
151 | intext:"Powered by ViewVC" | intitle:"ViewVC Repository Listing"
152 | inurl:"apps/backend/config/"
153 | intitle:CV+index of
154 | intitle:"Index Of" intext:".Trash"
155 | intitle:index.of home/000~root~000/
156 | intitle:"Index.Of.Applications (Parallels)" -stackoverflow -quora
157 | intitle:index.of inurl:/websendmail/
158 | :DIR | intitle:index of inurl://whatsapp/
159 | index of /node_modules/ -github -stackoverflow
160 | inurl:"/wp-content/uploads/db-backup"
161 | "Powered by Apache Subversion version"
162 | inurl:"paypal" intitle:"index of" backup | db | access -github
163 | inurl:revslider inurl:'/revslider+port'
164 | inurl:"RootFolder=" Allitems "confidential" | "classified" | "passwords" | username
165 | inurl:'listprojects.spr'
166 | allintext:'HttpFileServer 2.3k'
167 | intitle:"index of /bins" arm
168 | inurl:/wp-includes/certificates/
169 | intitle:index.of id_rsa -id_rsa.pub
170 | "Index of" "database.sql"
171 | "index of" "database_log"
172 | "index of" "database.sql.zip"
173 | intitle:backup+index of
174 | inurl:/typo3/typo3conf
175 | intext:"KRAB-DECRYPT.txt" intitle:"index of"
176 | intext:pure-ftpd.conf intitle:index of
177 | intext:my.cnf intitle:index of
178 | intext:"paytm" intitle:"index of"
179 | inurl:filebrowser.wcgp?subDir Communigate
180 | intitle:"docker" intitle:"index of" config
181 | intitle:" - Revision" + "subversion version"
182 | Index of /.svn
183 | intitle:index of /.sql.gz intext:/backup/
184 | inurl:/proc/tty/ index of
185 | intitle:"index of /" intext:/descargas/
186 | intitle:"index of /" intext:/Download/
187 | index of kcfinder/
188 | index of /ckeditor
189 | intitle:"index of /" authorized_keys
190 | inurl:/wp-content/uploads/wp-backup-plus/
191 | intitle:'index of' "error_log"
192 | intitle:'index of' "access_log"
193 | intitle:"index of /" intext:/backup
194 | index of /etc/certs/
195 | intitle:"Index of /private/"
196 | inurl:"ai1wm-backups"
197 | inurl:"/irj/go/km/docs/"
198 | inurl:"/irj/go/km/" intext:navigation
199 | inurl:"/webdynpro/resources/sap.com/"
200 | intitle:"Index of /" inurl:passport
201 | intitle:"index of /" ssh
202 | allintitle:"Index of /ThinkPHP" | inurl: "/ThinkPHP/"
203 | allintitle:"Index of /Admin/Common" | allintext:"Parent Directory"
204 | allinurl:"wp-content/plugins/wordpress-popup/views/admin/"
205 | "sasl_passwd" | smtpd.conf intitle:"index of"
206 | intitle:"index of" "/user" | "/users"
207 | intitle:"index of" inurl:documents backup
208 | inurl:"/cgi-bin/CVS/"
209 | inurl:"/.Trash" intitle:"index of" ~
210 | intitle:"index of" $Recycle.bin
211 | intitle:"index of" "/Windows/Recent" | "/Windows/History/"
212 | intitle:"index of" "WindowsCookies"
213 | intitle:"index of" "Application Data/Microsoft/Credentials"
214 | "Last modified" intitle:"index of" "dropbox"
215 | "description" & "size" intitle:"index of" "owncloud"
216 | intitle:"index of" "/bitcoin/"
217 | intitle:"index of" ".pem"
218 | intitle:"index of" ".dockerignore"
219 | intitle:"index of" "/aws.s3/"
220 | inurl:typo3conf/l10n/
221 | inurl:/files/contao
222 | inurl:/uploads/wc-logs/
223 | intitle:"index of" "db"
224 | intitle: "index of" "includes"
225 | intitle: "index of" "./" "./bitcoin"
226 | intitle:"index of" ".cpanel/caches/config/"
227 | intitle: "Index of" intext:log
228 | intitle:"Directory Listing For" "Filename" intext:Tomcat/5.0.28
229 | allintitle: "index of/admin"
230 | type:mil inurl:ftp ext:pdf | ps
231 | "/var/cache/registry/"
232 | intitle:"index of" scada
233 | inurl:bc.googleusercontent.com intitle:index of
234 | filetype:git -github.com inurl:"/.git"
235 | filetype:svn -gitlab -github inurl:"/.svn"
236 | intitle:"index of" intext:"Includes
237 | intitle:"index of" intext:"Includes wordpress"
238 | "To Parent Directory" AND "dir>" AND "web.config"
239 | Inurl : /list/hdd1
240 | Index of / *.ovpn
241 | "Index of" inurl:config inurl:production
242 | intitle:"Index of" phpinfo.php
243 | intitle:"Index of" public
244 | intitle:"Index of" portal
245 | intitle:"Index of" wp-config
246 | intitle:"Index of" wp-content
247 | intitle:index.of.?.sql
248 | inurl: /filemanager/dialog.php
249 | "Index of" inurl:webalizer
250 | "Index of" inurl:phpmyadmin
251 | "Index of" inurl:htdocs inurl:xampp
252 | intitle:"Index of" inurl:wp-json/oembed
253 | intitle:"Index of" phpmyadmin
254 | intitle:"Index of" wp-admin
255 | intitle:"index of" drupal
256 | intitle:"index of" admin
257 | inurl:/sites/default/private
258 | intitle:"index of" sql inurl:./db/
259 | intitle:index.of./.sql
260 | intitle:"Index of" login.php
261 | intitle:"Index of" wp-config.php
262 | intitle:index.of.?.bak
263 | intitle:index.of./.db
264 | intitle:"index of" /php4/
265 | intitle:"index of" mysqli.ini
266 | intitle:"index of" ssh2.ini
267 | intitle:index.of.?.mysql
268 | site:*/wp-includes/ inurl:/wp-includes/
269 | site:*/wp-contents/ inurl:/wp-contents/
270 | intitle:"index of" /content/admin/
271 | intitle:"index of" /content/uploads/ -inurl:/wp-content/uploads/
272 | intitle:index.of.?.database
273 | index of /cache
274 | intitle:index.of.?.login
275 | site:*/wordpress/wordpress.bak/
276 | intitle:"index of" /config.ini
277 | inurl:/wp/wp-admin/
278 | inurl:/admin/ intitle:index.of
279 | inurl:admin/data* intext:index of
280 | inurl:/database* ext:sql intext:index of -site:github.com
281 | inurl: /upload.php intitle:index of
282 | inurl:/scgi-bin*
283 | inurl:/wp-admin/includes/plugin-install.php
284 | site:ftp.* index of /ftp/backup
285 | inurl:wp-content intext:backup-db
286 | inurl:/_vti_txt*
287 | intitle:index.of./.htaccess
288 | indexof:.htaccess
289 | indexof:backup/mysql
290 | intitle:index.of "admin.db"
291 | intitle:index.of "admin" filetype:sql
292 | indexof:backup/web.config
293 | site:* index of: *.exe
294 | intitle:"Index of" secret
295 | intitle:"index of" "/etc/mysql/"
296 | inurl:/wp-content/uploads/ninja-forms/ intitle:"index of"
297 | site:* index of: /config
298 | site:*/logs/default.htm
299 | intitle:"Index of" wp-upload
300 | intitle:index.of "database.db"
301 | intitle:index.of "system.db"
302 | site:* index.of: /android/manifest.xml
303 | intext:"index of" intext:..bak intext:config
304 | intitle:index.of "htaccess.txt"
305 | intitle:"index of" "ws_ftp.log"
306 | intitle:index.of "chroot.conf"
307 | intitle:index of "uploads"
308 | index of /storage/logs/
309 | "key" OR key.jar intitle:"index of" webstart
310 | intitle:"index of" .zshrc~ OR .zshrc OR .zshenv OR .zshenv~ -pool -public
311 | intitle:"index of" .oracle_jre_usage/
312 | -pub -pool intitle:"index of" squirrelmail/
313 | -pub -pool intitle:"index of" vagrantfile -"How to"
314 | intitle:"index of" api_key OR "api key" OR apiKey -pool
315 | intitle:"index of" domain.key -public
316 | intitle:"index of" "ftp.log"
317 | intitle:"index of" "sms.log"
318 | -pool intitle:"index of" wget-log -pub
319 | intitle:"index of" "/Cloudflare-CPanel-7.0.1"
320 | intitle:index.of "backwpup"
321 | intitle:index.of "db.zip"
322 | intitle:"index of" "*php.swp"
323 | intitle:"index of" "htdocs.zip"
324 | inurl:concrete/config/
325 | inurl:"/includes/api/" intext:"index of /"
326 | inurl:"/includes/OAuth2" intext:"index of /"
327 | intext:"index of /" ".composer-auth.json"
328 | intitle:"index of" "config.py"
329 | intitle:"index of" "metadata"
330 | intitle:"index of" inurl:wp-json embedurl?
331 | intitle:"index of" "apache-log-parser" "Port 80"
332 | intitle:"index of" "maven-metadata.xml" "Port 80"
333 | intitle:"index of" "jwt-auth"
334 | intitle:"index of" "/concrete/Authentication"
335 | intitle:"index of" cvsroot
336 | intitle:"index of" "cctv"
337 | intitle:"index of" "owncloud/config/*"
338 | intitle:"index of" "iredadmin/*"
339 | intitle: "index of" "MySQL-Router"
340 | intitle:"index of" "common.crt" OR "ca.crt"
341 | intitle:"index of" "proxy.pac" OR "proxy.pac.bak"
342 | intitle:"index of" "global.asa"
343 | intitle:"index of" "/db_backups/"
344 | intitle:"index of" db.frm
345 | intitle:"index of" "git-jira-log"
346 | intitle:"index of" "/admin_backup"
347 | intitle:"index of" "admin/json"
348 | intitle:"index of" "/admin/backup"
349 | intitle:"index of" "graphql/subscription"
350 | intitle:"index of" "symfony/config"
351 | intitle:"index of" "test/storage/framework/sessions/"
352 | intitle:"index of" "tinyfilemanager.php"
353 | intitle:"index of" "api/admin"
354 | "index of" "/config/sql"
355 | intitle:"index of" "admin/config"
356 | intitle:"index of" "system/config"
357 | intitle:"index of" inurl:ftp intext:admin
358 | allintitle: sensitive ext:doc OR ext:xls OR ext:xlsx
359 | intitle:"index of" "uploads.old"
360 | intitle:"Dashboard [Jenkins]"
361 | "index of" "fileadmin"
362 | "index of" "svg"
363 | intitle:"index of" "survey.cgi"
364 | index of logs.tar
365 | "Index of" "sass-cache"
366 | intitle:"index of" "admin/sql/"
367 | intext:"INTERNAL USE ONLY" ext:doc OR ext:pdf OR ext:xls OR ext:xlsx
368 | inurl:admin/data* intext:index of
369 | inurl:_vti_pvt/service.pwd
370 | intitle:"index of" "oauth-private.key"
371 | inurl:member filetype:xls
372 | Index of: /services/pancard/
373 | intitle:"index of" "ssh_host_ecdsa_key"
374 | Google Dork : Index of: /services/aadhar card/
375 | intitle:"index of" "app.log"
376 | "Index of" "/monitoring"
377 | intitle:"index of" "/home/ROOT_PATH/"
378 | intitle:"Index of c:xampp"
379 | intitle:"index of" "/root/etc/security/"
380 | intitle:"Index of /" +.htaccess.old
381 | intitle:"index of" /var/logs filetype:'"log | txt | csv"
382 | Index: /wp-includes/Text/Diff
383 | intitle:"index of" /lsass.exe
384 | "Share Link" inurl:/share.cgi?ssid=
385 | intitle:"index of" "/000~ROOT~000/"
386 | intitle:"index of" "firewall.log" | "firewall.logs"
387 | "-- Dump completed" ext:sql | ext:txt | ext:log
388 | "ws_ftp.log" ext:log
389 | "-- PostgreSQL database dump complete" ext:sql | ext:txt | ext:log | ext:env
390 | "index of" "users.ibd"
391 | "index of" "performance_schema"
392 | ext:reg [HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys]
393 | GitLab ssh.log ext:log
394 | "-- Dumping data for table `users` | `people` | `member`" ext:sql | ext:txt | ext:log | ext:env
395 | "-- Dumping data for table * " ext:sql | ext:xls intext:db | intext:database | intext:password | username
396 | intitle:"index of" "/app.log" | "/app.logs"
397 | "index of" "email.ini"
398 | intitle:"Everything" inurl:C:Windows
399 | intitle:"index of" "/system.log" | "/system.logs"
400 | intitle:"index of" "slapd.conf"
401 | "index of" "mysql.sh"
402 | intitle:"index of" "/CFIDE/" intext:"administrator"
403 | intitle: "Index of" inurl:admin/uploads
404 | intitle:"index of" "server.crt" | "server.csr"
405 | inurl:node_modules/mqtt/test/helpers/
406 | inurl:8080 + intext:"httpfileserver 2.3"
407 | inurl: /.git
408 | intitle:"index of" "WebServers.xml"
409 | "-- Dumping data for table `admin`" | "-- INSERT INTO `admin`" "VALUES" ext:sql | ext:txt | ext:log | ext:env
410 | intitle:index of .git/hooks/
411 | intitle:"index of" "*.cert.pem" | "*.key.pem"
412 | ssh_host_dsa_key.pub + ssh_host_key + ssh_config = "index of / "
413 | "index of" inurl:database ext:sql | xls | xml | json | csv
414 | intitle:"index of" "dump.sql"
415 | intitle:"index of" inurl:admin/download
416 | /etc/certs + "index of /" */*
417 | /etc/config + "index of /" /
418 | "-- Dumped from database version" + "-- Dumped by pg_dump version" ext:txt | ext:sql | ext:env | ext:log
419 | intitle:("Index of" AND "wp-content/plugins/boldgrid-backup/=")
420 | intitle:"index of" "*Maildir/new"
421 | inurl:/jsps/testoperation.jsp "Test Operation"
422 | inurl:/certs/server.key
423 | inurl:print.htm intext:"Domain Name:" + "Open printable report"
424 | inurl:tcpconfig.html
425 | "-----BEGIN PGP PRIVATE KEY BLOCK-----" ext:pem | ext:key | ext:txt -git
426 | "-----BEGIN EC PRIVATE KEY-----" | " -----BEGIN EC PARAMETERS-----" ext:pem | ext:key | ext:txt
427 | inurl:/wp-content/uploads/wp-file-manager-pro
428 | inurl:wp-content/uploads/ intitle:logs
429 | inurl:/wp-content/uploads/wp-file-manager-pro/fm_backup
430 | intitle:"index of" intext:"client.key.pem"
431 | intitle:"index of" "/.vscode"
432 | intext:"CAD Media Log"
433 | intitle:"index of" "/configs"
434 | inurl:filemanager/upload/asp/ "index of"
435 | intitle:"index of" "contacts.vcf"
436 | intitle:index.of (inurl:admin | intitle:admin)
437 | intitle: "Index of" inurl:fileadmin
438 | intitle:"index of" "private/log"
439 | Google Dork: intitle: "index of" "payment"
440 | intitle:"index of SCADA"
441 | intitle: "index of backup.php"
442 | intitle: "index of backup.xml"
443 | intitle:" index of "/Invoices*"
444 | intitle:"index of" ".env"
445 |
--------------------------------------------------------------------------------
/dorks/sensitive_online_shopping_info.dorks:
--------------------------------------------------------------------------------
1 | site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #"
2 | intext:"powered by Hosting Controller" intitle:Hosting.Controller
3 | intext:"Dumping data for table `orders`"
4 | POWERED BY HIT JAMMER 1.0!
5 | inurl:"shopadmin.asp" "Shop Administrators only"
6 | inurl:"/database/comersus.mdb"
7 | inurl:shopdbtest.asp
8 | "More Info about MetaCart Free"
9 | inurl:midicart.mdb
10 | intext:"Powered by X-Cart: shopping cart software" -site:x-cart.com
11 | dcid= bn= pin code=
12 | intext:" Design & Developed by Antique Touch - INDIA"
13 | inurl:/commodities.php?id=
14 | inurl:product-list.php?id=
15 | site:mail.* intitle:Dashboard
16 |
--------------------------------------------------------------------------------
/dorks/various_online_devices.dorks:
--------------------------------------------------------------------------------
1 | intitle:"remote ui:top page"
2 | inurl:hp/device/this.LCDispatcher
3 | intitle:webeye inurl:login.ml
4 | intitle:"DEFAULT_CONFIG - HP"
5 | camera linksys inurl:main.cgi
6 | intitle:"my webcamXP server!" inurl:":8080"
7 | intitle:"toshiba network camera - User Login"
8 | "please visit" intitle:"i-Catcher Console" Copyright "iCode Systems"
9 | intext:"Ready with 10/100T Ethernet"
10 | intext:"UAA (MSB)" Lexmark -ext:pdf
11 | "Starting SiteZAP 6.0"
12 | intitle:"EvoCam" inurl:"webcam.html"
13 | intext:"Videoconference Management System" ext:htm
14 | "Copyright (c) Tektronix, Inc." "printer status"
15 | intext:"MaiLinX Alert (Notify)" -site:networkprinters.com
16 | inurl:"printer/main.html" intext:"settings"
17 | intitle:"Live NetSnap Cam-Server feed"
18 | intitle:"V-Gear BEE"
19 | intitle:"iVISTA.Main.Page"
20 | intitle:"SpeedStream * Management Interface"
21 | inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
22 | intitle:"Network Print Server" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )
23 | intitle:"Network Print Server" intext:"http://www.axis.com" filetype:shtm
24 | intitle:"Browser Launch Page"
25 | intitle:"EpsonNet WebAssist Rev"
26 | intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."
27 | intitle:"switch login" "IBM Fast Ethernet Desktop"
28 | intitle:Linksys site:ourlinksys.com
29 | intext:"Please enter correct password for Administrator Access. Thank you" "Copyright © 2003 SMC Networks, Inc. All rights reserved."
30 | inurl:camctrl.cgi
31 | intitle:"active webcam page"
32 | intitle:HomeSeer.Web.Control | Home.Status.Events.Log
33 | intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
34 | intitle:"Service Managed Gateway Login"
35 | intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc"
36 | "Webthru User Login"
37 | intitle:"OfficeConnect Wireless 11g Access Point" "Checking your browser"
38 | intitle:"Lexmark *" inurl:port_0
39 | inurl:/en/help.cgi "ID=*"
40 | intitle:jdewshlp "Welcome to the Embedded Web Server!"
41 | "display printer status" intitle:"Home"
42 | inurl:JPGLogin.htm
43 | "Please use Netscape 2.0 or enhance !!" -site:dlink.com -site:ovislink.com.tw
44 | ext:dhtml intitle:"document centre|(home)" OR intitle:"xerox"
45 | intitle:"SWW link" "Please wait....."
46 | intitle:"InterJak Web Manager"
47 | intitle:"Netopia Router (*.)""to view this site"
48 | "To view the Web interface of the SpeedTouch, Java
49 | intitle:"Dell *" inurl:port_0
50 | intitle:"PacketShaper Customer Login"
51 | ( intitle:"PacketShaper Login")|(intitle:"PacketShaper Customer Login")
52 | (cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp
53 | inurl:"CgiStart?page="
54 | printers/printman.html
55 | intitle:"configuration" inurl:port_0
56 | intitle:"Dell Laser Printer M5200" port_0
57 | "RICOH Network Printer D model-Restore Factory"
58 | intitle:"GCC WebAdmin" -gcc.ru
59 | tilt intitle:"Live View / - AXIS" | inurl:view/view.shtml
60 | http://www.google.com/search?q=intitle:%22Network+Storage+Link+for+USB+2.0+Disks%22+Firmware#=100&hl=en&lr=&c2coff=1&safe=off&filter=0
61 | intitle:iDVR -intitle:"com | net | shop" -inurl:"asp | htm | pdf | html | php | shtml | com | at | cgi | tv"
62 | intitle:"Orite IC301" | intitle:"ORITE Audio IP-Camera IC-301" -the -a
63 | intitle:"Netcam" intitle:"user login"
64 | intitle:"Biromsoft WebCam" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000
65 | (intitle:"VisionGS Webcam Software")|(intext:"Powered by VisionGS Webcam") -showthread.php -showpost.php -"Search Engine" -computersglobal.com -site:g
66 | intitle:"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603" intitle:"Live Images"
67 | ("port_255/home")|(inurl:"home?port=255")
68 | "This page is for configuring Samsung Network Printer" | printerDetails.htm
69 | intitle:"SNOIE Intel Web Netport Manager" OR intitle:"Intel Web Netport Manager Setup/Status"
70 | intitle:"Summit Management Interface" -georgewbush.org.uk
71 | intitle:Cisco "You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator"
72 | intitle:"Iomega NAS Manager" -ihackstuff.com
73 | intitle:"Sony SNT-V304 Video Network Station" inurl:hsrindex.shtml
74 | inurl:Printers/ipp_0001.asp
75 | intitle:Axis inurl:"/admin/admin.shtml"
76 | inurl:/img/vr.htm
77 | DCS inurl:"/web/login.asp"
78 | intitle:"Dell Laser Printer *" port_0 -johnny.ihackstuff
79 | intitle:"::::: INTELLINET IP Camera Homepage :::::
80 | intitle:"AR-*" "browser of frame dealing is necessary"
81 | intext:"you to handle frequent configuration jobs easily and quickly" | intitle:"Show/Search other devices"
82 | intitle:"NAS" inurl:indexeng.html
83 | intitle:"Skystream Networks Edge Media Router" -securitytracker.com
84 | intitle:"Ethernet Network Attached Storage Utility"
85 | intitle:"GigaDrive Utility"
86 | intitle:"DVR Client" -the -free -pdf -downloads -blog -download -dvrtop
87 | "OK logout" inurl:vb.htm?logout=1
88 | intitle:"Edr1680 remote viewer"
89 | intitle:"IVC Control Panel"
90 | (intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)
91 | intitle:"Veo Observer XT" -inurl:shtml|pl|php|htm|asp|aspx|pdf|cfm -intext:observer
92 | (intitle:(EyeSpyFX|OptiCamFX) "go to camera")|(inurl:servlet/DetectBrowser)
93 | inurl:cgi-bin/guestimage.html
94 | allintitle: EverFocus | EDSR | EDSR400 Applet
95 | allintitle:Edr1680 remote viewer
96 | allintitle: EDR1600 login | Welcome
97 | allintitle: EDR400 login | Welcome
98 | intitle:"Divar Web Client"
99 | intitle:"Live View / - AXIS" | inurl:view/view.shtml OR inurl:view/indexFrame.shtml | intitle:"MJPG Live Demo" | "intext:Select preset position"
100 | allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR 2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43 "Network Camera "
101 | inurl:wrcontrollite
102 | "LANCOM DSL/*-* Office *" "Entry Page"
103 | allintitle:"SyncThru Web Service"
104 | inurl:/level/15/exec/-/configure/http
105 | inurl:/exec/show/tech-support/cr
106 | inurl:/level/15/exec/-
107 | intitle:"HtmlAnvView:D7B039C1"
108 | inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inurl:RgMacFiltering.asp | inurl:RgConnect.asp | inurl:RgEventLog.asp | inurl:RgSecurity.asp | inurl:RgContentFilter.asp | inurl:wlanRadio.asp
109 | inurl:cgi-bin/cosmobdf.cgi?
110 | intitle:"hp laserjet" inurl:info_configuration.htm
111 | intext:"You may also donate through the Moneybookers account mb@dd-wrt"
112 | inurl:/control/userimage.html
113 | inurl:/voice/advanced/ intitle:Linksys SPA configuration
114 | inurl:*/graphs* intitle:"Traffic and system resource graphing"
115 | intitle:not accepted inurl:"union+select" inurl:"id?="
116 | intext:"Hikvision" inurl:"login.asp"
117 | dorks:SiteScope inurl:/SiteScope/cgi/go.exe/SiteScope?page=
118 | inurl:cgi-bin/mailgraph.cgi
119 | ".git" intitle:"Index of"
120 | inurl:.cgi-bin/luci
121 | intitle:"AP Router New Generation" intext:"Status do AP Router"
122 | inurl:upsstats.cgi?host
123 | inurl:/graphs/ intitle:RouterOs
124 | allinurl:foldercontent.html?folder=
125 | inurl:/set_config_password.html
126 | intitle:"Solr Admin" "Core Admin" "Thread Dump"
127 | intitle:index.of inurl:openwebmail -site:openwebmail.org
128 | intext:"This is Apache Hadoop release" "Local Logs"
129 | intitle:"router"inurl:"home.asp"
130 | inurl:trafficcams -intext:trafficcams ext:asp OR ext:htm
131 | inurl:httpmon.php
132 | intitle:"CPPLUS DVR -Web View"
133 | inurl:"cgi-bin" "No password set!" " There is no password set on this router."
134 | inurl:/tcpipv4.htm
135 | inurl:phpPgAdmin/browser.php intitle:"phpPgAdmin"
136 | inurl:"info_deviceStatus.html" | inurl:"info_suppliesStatus.html" | inurl:"info_configuration.html" | inurl:"info_config_network.html" | inurl:"info_specialPages.html" | inurl:"info_colorUsageJobLog.html" | inurl:"info_eventLog.html"
137 | inurl:"/owncloud/public.php" -github -forum
138 | intext:"Powered by BOMGAR"
139 | intitle:"StrongLoop API Explorer" intext:"Token Not Set"
140 | intitle:"open webif" "Linux set-top-box"
141 | intitle:Leaf PHP Mailer by [leafmailer.pw] ext:php
142 | inurl:/mjpg/video.mjpg
143 | inurl:"lvappl.htm"
144 | inurl:"multimon.cgi" intitle:"UPS"
145 | inurl:"this.LCDispatcher?nav="
146 | inurl:"http://voicemail."
147 | (site:onion.link | site:onion.cab | site:tor2web.org | site:onion.sh | site:tor2web.fi | site:onion.direct)
148 | intitle:"Welcome to ZyXEL" -zyxel.com
149 | inurl:"/view/view.shtml?id="
150 | inurl:"http://ftp.dlink"
151 | intitle:"webcamXP 5" -download
152 | inurl:"8080/jmx-console"
153 | inurl:"ftp://www." "Index of /"
154 | intitle:"Setup Home" "Internet Status" -belkin
155 | inurl:"g2_view=webdav.WebDavMount"
156 | inurl:"/ADVANCED/COMMON/TOP"
157 | intitle:"Namenode information"
158 | inurl:"/ap/recuperadocumentossql.aspx"
159 | inurl:login.cgi intitle:NETGEAR
160 | intitle:"cuckoo sandbox" "failed_reporting"
161 | intitle:"GitBucket" intext:"Recent updated repositories" intext:"Sign In"
162 | intitle:"Namenode information" AND inurl:":50070/dfshealth.html"
163 | inurl:"/api/index.php" intitle:UniFi
164 | intitle:"twonky server" inurl:"9000" -intext:"9000"
165 | inurl:scgi-bin intitle:"NETGEAR ProSafe"
166 | inurl:"img/main.cgi?next_file"
167 | inurl:share.cgi?ssid=
168 | inurl:browse.php inurl:kcfinder -github.com
169 | inurl:autodiscover/autodiscover ext:xml
170 | inurl:indexFrame.shtml Axis
171 | intitle:"View and Configure PhaserLink"
172 | inurl:"ViewerFrame?Mode="
173 | sNC-RZ30 HOME
174 | intitle:flexwatch intext:"Home page ver"
175 | intitle:snc-z20 inurl:home/
176 | (intext:"MOBOTIX M1" | intext:"MOBOTIX M10") intext:"Open Menu" Shift-Reload
177 | intitle:"WJ-NT104 Main Page"
178 | "powered by webcamXP" "Pro|Broadcast"
179 | intitle:"Live View / - AXIS"
180 | intitle:"BorderManager Information alert"
181 | "Phaser 6250" "Printer Neighborhood" "XEROX CORPORATION"
182 | "Phaser® 740 Color Printer" "printer named: "
183 | "Phaser 8200" "© Xerox" "refresh" " Email Alerts"
184 | "Phaser® 840 Color Printer" "Current Status" "printer named:"
185 | intitle:liveapplet inurl:LvAppl
186 | intext:centreware inurl:status
187 | intitle:"dreambox web"
188 | intitle:"Live View / - AXIS" | inurl:view/view.sht
189 | intitle:"The AXIS 200 Home Page"
190 | ("Fiery WebTools" inurl:index2.html) | "WebTools enable * * observe, *, * * * flow * print jobs"
191 | intitle:"network administration" inurl:"nic"
192 | inurl:sts_index.cgi
193 | intitle:RICOH intitle:"Network Administration"
194 | intitle:"lantronix web-manager"
195 | intitle:"axis storpoint CD" intitle:"ip address"
196 | intitle:"switch home page" "cisco systems" "Telnet - to"
197 | (inurl:webArch/mainFrame.cgi ) | (intitle:"web image monitor" -htm -solutions)
198 | inurl:netw_tcp.shtml
199 | inurl:TiVoConnect?Command=QueryServer
200 | intitle:"DVR Web client"
201 | site:.viewnetcam.com -www.viewnetcam.com
202 | inurl:"level/15/exec/-/show"
203 | WebControl intitle:"AMX NetLinx"
204 | intitle:"Home" "Xerox Corporation" "Refresh Status"
205 | "intitle:Cisco Systems, Inc. VPN 3000 Concentrator"
206 | inurl:axis-cgi
207 | intitle:"ipcop - main"
208 | intitle:"Smoothwall Express" inurl:cgi-bin "up * days"
209 | inurl:"ipp/pdisplay.htm"
210 | axis storpoint "file view" inurl:/volumes/
211 | intitle:"AudioReQuest.web.server"
212 | inurl:":631/printers" -php -demo
213 | intitle:"Spam Firewall" inurl:"8000/cgi-bin/index.cgi"
214 | intitle:"Cayman-DSL.home"
215 | Axis Video Manual
216 | intitle:"Sipura.SPA.Configuration" -.pdf
217 | filetype:cgi transcoder.cgi
218 | intitle:"Setup Home" "You will need * log in before * * change * settings"
219 | allinurl:index.htm?cus?audio
220 | inurl:"8003/Display?what="
221 | intitle:"EverFocus.EDSR.applet"
222 | inurl:na_admin
223 | intitle:"Connection Status" intext:"Current login"
224 | intitle:"DEFAULT_CONFIG - HP"
225 | intitle:"supervisioncam protocol"
226 | allintitle:Brains, Corp. camera
227 | intitle:"Dell Laser Printer" ews
228 | intitle:asterisk.management.portal web-access
229 | intitle:"BorderWare MXtreme Mail Firewall Login"
230 | intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser"
231 | "About Winamp Web Interface" intitle:"Winamp Web Interface"
232 | intitle:"NeroNET - burning online"
233 | intitle:"Freifunk.Net - Status" -site:commando.de
234 | inurl:"port_255" -htm
235 | intext:"Powered by: Adobe PrintGear" inurl:admin
236 | intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password
237 | inurl:start.htm?scrw=
238 | inurl:"S=320x240" | inurl:"S=160x120" inurl:"Q=Mob
239 | intitle:"AXIS 240 Camera Server" intext:"server push" -help
240 | intitle:"TANDBERG" "This page requires a frame capable browser!"
241 | intitle:"Middle frame of Videoconference Management System" ext:htm
242 | intitle:"Veo Observer Web Client"
243 | intitle:"Java Applet Page" inurl:ml
244 | intitle:"WEBDVR" -inurl:product -inurl:demo
245 | intitle:"V1" "welcome to phone settings" password
246 | intitle:"HP ProCurve Switch *" "This product requi
247 | "Summary View of Sensors" | "sensorProbe8 v *" | "
248 | intitle:"INTELLINET" intitle:"IP Camera Homepage"
249 | intitle:"NetCam Live Image" -.edu -.gov -johnny.ihackstuff.com
250 | intitle:"netbotz appliance" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces
251 | Phaser numrange:100-100000 Name DNS IP "More Printers" index help filetype:html | filetype:shtml
252 | Display Cameras intitle:"Express6 Live Image"
253 | intitle:"Snap Server" intitle:"Home" "Active Users"
254 | intext:"Welcome to Taurus" "The Taurus Server Appliance" intitle:"The Taurus Server Appliance"
255 | inurl:setdo.cgi intext:"Set DO OK"
256 | http://www.google.com/search?q=intitle:%22Webview+Logon+Page%22&filter=0
257 | intitle:"WxGoos-" ("Camera image"|"60 seconds" )
258 | intitle:"Device Status Summary Page" -demo
259 | intitle:"iGuard Fingerprint Security System"
260 | intitle:"SNC-RZ30" -demo
261 | intitle:"BlueNet Video Viewer"
262 | intitle:"stingray fts login" | ( login.jsp intitle:StingRay )
263 | allintitle:"DVR login"
264 | "Welcome to the CyberGuard unit!"
265 | "SnapGear Management Console" "Welcome to the SnapGear Unit!" -pdf
266 | intitle:"Your Network Device" Status (LAN | WAN)
267 | intitle:"Net2Phone Init Page"
268 | intitle:Top "Vantage Service Gateway" -inurl:zyxel
269 | intitle:"EvoCam" inurl:"webcam.html"
270 | inurl:":9000" PacketVideo corporation
271 | allintitle:"UniMep Station Controller"
272 | inurl:/cgi-bin/makecgi-pro
273 | intitle:SpectraIV-IP
274 | inurl:Settings.aspx intitle:Beyond TV
275 | 'apc info' 'apc.php?SCOPE='
276 | intitle:"Pyxis Mobile Test Page" inurl:"mpTest.aspx"
277 | inurl:32400/web/index.html
278 | intitle:"dd-wrt info" intext:"Firmware: DD-WRT"
279 | inurl:"/level/13|14|15/exec/"
280 | inurl:"Orion/SummaryView.aspx" intext:"Orion Core"
281 | inurl:/Portal/Portal.mwsl?PriNav=FileBrowser
282 | intitle:"Weather Wing WS-2"
283 | intitle:"NetBotz Network Monitoring Appliance"
284 | intitle:"Transponder/EOL Configuration:" inurl:asp
285 | intitle:"Web Image Monitor" & inurl:"/mainFrame.cgi"
286 | intitle:"SPA504G Configuration"
287 | inurl:"/cgi-mod/index.cgi"
288 | intitle:"RouterOS router configuration page"
289 | inurl:"/webcm?getpage="
290 | intitle:"Web Client for EDVS"
291 | intitle:"IPCam Client"
292 | intitle:"RT at a glance" intext:"quick search"
293 | filetype:jnlp
294 | inurl:"/public.php?service=files"
295 | inurl:dfshealth.jsp
296 | inurl:"phy.htm" intitle:"Touchstone Status"
297 | inurl:dyn_sensors.htm
298 | inurl:.cgi-bin/webproc
299 | inurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive
300 | inurl:"/certsrv" intext:"Select a task"
301 | allinurl:awstats.pl ext:pl
302 | inurl:"/squid-reports/" AND intitle:"SARG reports"
303 | intitle:"hp laserjet" inurl:SSI/Auth/set_config_deviceinfo.htm
304 | intitle:"IPCam" inurl:monitor2.htm
305 | intitle:"WebService Web Service" ext:asmx
306 | inurl:printer/main.html
307 | intitle:Global Traffic Statistics "Ntop"
308 | inurl:axis.cgi ext:cgi
309 | inurl:webvisu.htm ext:htm
310 | "Build ref: 26"
311 | inurl:net/net/airprint.html
312 | inurl:/net/net/protocol.html
313 | intitle:(build 13064) - Info
314 | inurl:/tcpipv6.htm
315 | inurl:/cgi-bin/luci/freifunk/graph/olsrd/topology/
316 | inurl:/hp/device/supply_status.htm
317 | inurl:/index.htm?cat=info&pagesRemaining
318 | inurl:/index.htm?cat=info&printerInfo
319 | "IPSentry - Device Statistics Information"
320 | "Web page sent by InterMapper"
321 | intitle:"homematic webui"
322 | intitle:webcam 7 inurl:8080 -intext:8080
323 | inurl:login inurl:user inurl:pass -intext:pass -intext:user
324 | inurl:"topPage.cgi" | inurl:"mainFrame.cgi" intext:"Web Image Monitor"
325 | intitle:"SyncThru Web Service" inurl:"sws"
326 | inurl:"home.htm?cat=home" | inurl:"index.htm?cat=info" | inurl:"index.htm?cat=settings" | inurl:"index.htm?cat=network" | inurl:"index.htm?cat=bluetooth"
327 | inurl:"cgi-bin/dynamic/" inurl:"html" intitle:"Printer Status"
328 | intitle:"TRENDnet" (inurl:"top.htm"| inurl:"STSSYS.HTM"| inurl:"AVIEW.HTM"| inurl:"JPlug.htm" | inurl:"JVIEW.HTM")
329 | intitle:Tenda ADSL2/2+ Modem inurl:main.html
330 | intitle:"Residential Gateway Configuration:" intext:"Cable Modem Information."
331 | intext:"powered by webcamXP 5"
332 | inurl:lg intitle:"Looking Glass"
333 | inurl:/view/viewer_index.shtml
334 | inurl:userRpm inurl:LoginRpm.htm
335 | /@fmb80_encoder.htm
336 | inurl:/awcuser/cgi-bin/
337 | inurl:top.htm inurl:currenttime
338 | inurl:/Portal/Portal.mwsl
339 | inurl:/mjpgmain.asp
340 | inurl:"-/monitoring" "statistics of JavaMelody"
341 | "Upload" inurl:"https://webfiles"
342 | inurl:"apc.php" intitle:"APC INFO"
343 | intext:SOAP 1.1 intext:SOAP 1.2 intext:UPLOAD intext:GET intext:POST inurl:op
344 | intitle:"Login" inurl:"/doc/page/login.asp"
345 | site:webex.com inurl:tc3000
346 | intitle:"Log In to AR Web"
347 | inurl:"/html/modeminfo.asp?
348 | "All site content" ext:aspx
349 | inurl:"/viewlsts.aspx?BaseType="
350 | inurl:cgi-bin "ARRIS Enterprises"
351 | inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html'
352 | inurl:"/graphs" intext:"Traffic and system resource graphing"
353 | inurl:cgi-bin/lsnodes_web?node
354 | inurl:"/HtmlAdaptor?action="
355 | intext:VIEWS · Server: - Database: information_schema - Table: SCHEMA_PRIVILEGES · Browse · Structure · SQL · Search · Export
356 | inurl:guestimage.html
357 | inurl:"set_config_networkIPv6.html"
358 | "Use these fields to set or change the Administrator Password. When set, the Administrator Password is required before you can access and change configuration parameters. To disable the Administrator Password, leave the entries blank."
359 | inurl:"ews/setting/setews.htm"
360 | inurl:"/address/speeddial.html?start" and intext:"Please configure the password" and intitle:"Brother"
361 | inurl:"/websys/webArch/mainFrame.cgi" -hatana
362 | inurl:"apps/console/sepm"
363 | intitle:"Status & Control" + "Thermostat Status" +"HVAC Settings" +"Zone Temperature"
364 | inurl:embed.html inurl:dvr
365 | intitle:Armstrong Hot Water System Monitoring
366 | inurl:"/cgi-bin/filemanager/Manager.pl"
367 | inurl:/add_vhost.php?lang=
368 | "ADS-B Receiver Live Dump1090 Map "
369 | inurl:public "Powered by SecureW2"
370 | inurl:cloud_main.asp
371 | inurl::5601/app/kibana
372 | inurl:control/camerainfo
373 | intitle:"Yawcam" inurl:8081
374 | ext:php + inurl:"ajaxfilemanager.php" + intext:"Current Folder Path"
375 | intext:"https://chat.whatsapp.com/invite/" intitle:"Your Search For Company/Subject/Whatever"
376 | inurl:":2083/login/?user="
377 | inurl:report.cgi?dashboard=
378 | intext:build:SVNTag= JBoss intitle:Administration Console inurl:web-console
379 | inurl:"mjpg/video.cgi?resolution="
380 | intitle:Munin :: overview
381 | inurl:jpegpull.htm
382 | intitle:'System Web Interface: WATTrouter M'
383 | intext:"default values: admin/1234"
384 | inurl:'/SSI/Auth/ip_configuration.htm'
385 | intext:"Powered by www.yawcam.com"
386 | intitle:"UltraDNS Client Redirection Service"
387 | (intitle:"plexpy - home" OR "intitle:tautulli - home") AND intext:"libraries"
388 | inurl:"/gitweb.cgi?"
389 | intext:"Build dashboard" intext:"Project" intext:"Plan" intext:"Build"
390 | site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
391 | inurl:home.tcl intitle:gaia
392 | inurl:phpPgAdmin intext:"Cappuccino" | intext:"Blue/Green"
393 | intitle:"SQLiteManager" + intext:"Welcome to SQLiteManager version "
394 | inurl:"swagger-ui/index.html"
395 | intitle:"Swagger UI - " + "Show/Hide"
396 | inurl:/sample/LvAppl/lvappl.htm
397 | allinurl:control/multiview
398 | allinurl:DialogHandler.aspx
399 | intitle:"VertrigoServ" + "Welcome to VertrigoServ"
400 | inurl:/certsrv/certrqus.asp
401 | inurl:/help/lang/en/help
402 | inurl:public.php inurl:service ext:php
403 | intitle:ProFTPD Admin - V1.04
404 | intitle:"VB Viewer"
405 | intitle: "Nexus Repository Manager"
406 | inurl:/setup.cgi@next_file=
407 | "Please click here to download and install the latest plug-in. Close your browser before installation."
408 | intitle:QueryService Web Service
409 | intitle:"Device(" AND intext:"Network Camera" AND "language:" AND "Password"
410 | intext:"Any time & Any where" AND "Customer Login"
411 | intitle:"Screenly OSE" intext:"Schedule Overview" AND "Active Assets" AND "Inactive Assets"
412 | inurl:"fhem.cfg" AND 'fhem.cfg' -github
413 | intitle:"webcam 7" inurl:'/gallery.html'
414 | intitle:"Login - Xfinity" AND "Gateway > Login"
415 | intitle:"Home-CUPS" intext:printers -mugs
416 | inurl:/snap.cgi?&-getpic
417 | allinurl:asdm.jnlp
418 | intitle:"NetcamSC IP Address"
419 | "/1000/system_information.asp"
420 | inurl:8000/portal/
421 | inurl:/portal/apis/fileExplorer/
422 | intitle:'Welcome to JBoss AS'
423 | "Powered by Trac 1.0.2"
424 | Find 3cx Phone System Management Console
425 | site:azurewebsites.net inurl:.gov | .mil | .edu
426 | "This service is powered by a copy of ZendTo"
427 | inurl:/signin.php?ret=
428 | "Powered by ViewVC 1.0.3"
429 | inurl:/pages/default.aspx | inurl:/páginas/default.aspx
430 | inurl:TOP/PRTINFO.HTML
431 | inurl:/clusters intitle:"kafka Manager"
432 | intext:"series Network Configuration" AND intext:"canon"
433 | inurl:/web-console/ServerInfo.jsp | inurl:/status?full=true
434 | inurl:/CFIDE/administrator/index.cfm | inurl:/CFIDE/componentutils/login.cfm | inurl:/CFIDE/main/ide.cfm | inurl:/CFIDE/wizards/
435 | intitle:"LaserJet" "Device status" "Supplies summary"
436 | intitle:"Pi-hole Admin Console"
437 | intext:" Welcome to DSL-2730B Web Management"
438 | inurl:/_cat/indices/
439 | inurl:8443 AND -intitle:8443 AND -intext:8443 prohibited|restricted|unauthorized
440 | inurl:app/kibana intext:Loading Kibana
441 | inurl:ftp://ftp
442 | inurl:ftp://ftp robots.txt
443 | intitle:Grafana - Home inurl:/orgid
444 | intitle:apache couchdb - futon: overview inurl:/_utils
445 | site:member.*.*/auth/login
446 | intitle:"VideoEdge Admin Interface"
447 | inurl:webArch/mainFrame filetype:cgi intext:"Web Image Monitor"
448 | inurl:"/hp_login.html"
449 | intitle:"openshift web console" inurl:console inurl:/console
450 | intext:{{szErrorTip}} inurl:/doc/page/login.asp
451 | intitle:"Marshall VS Server"
452 | inurl:CGI/Java/Serviceability?adapter=device.statistics.device
453 | inurl:"/index.php?enter=guest"
454 | inurl:"8080/dashboard/" intitle:"Dashboard"
455 | intitle:"Home - Mongo Express"
456 | intitle:"WSO2 Management Console"
457 | intitle:rsview32 ext:asp
458 | "Firmware Version" intitle:"iLO" ProLiant Login -hpe.com -update
459 | intext:"Security is Off" intitle:"Namenode information"
460 | inurl:/swagger/index.html
461 | site:*/cgi-bin/webproc intext:"username"
462 | inurl:"nobody/loginQuick.htm"
463 | intitle:"IP CAMERA Viewer" intext:"setting | Client setting"
464 | "VB Viewer" inurl:/viewer/live/ja/live.html
465 | inurl:"MultiCameraFrame?Mode=Motion"
466 | inurl:"view/index.shtml"
467 | filetype:psp intitle:"Motorola - FX9500"
468 | intitle:ThingsBoard inurl:8080/dashboard
469 | intext:"EWS Data Collection and Use"
470 | inurl:hp/device/deviceinformation
471 | inurl:cgistart
472 | intitle:NetworkCamera intext:"Pan / Tilt" inurl:ViewerFrame
473 | inurl:axis-cgi/mjpg/video.cgi
474 | inurl:view.shtml
475 | inurl:/live.htm intext:"M-JPEG"|"System Log"|"Camera-1"|"View Control"
476 | inurl:/HDDReplay.html
477 | inurl:8000 intext:"Copyright CANON INC. 2012"
478 | intitle:"webcamXP 5" inurl:8080 'Live'
479 | intitle:("Solr Admin") AND intext:("Dashboard" AND "Corporation")
480 | intitle:("Solr admin page") AND intext:("Make a Query")
481 | intitle:"Printer Status" AND inurl:"/PrinterStatus.html"
482 | inurl:"/English/pages_WinUS/" AND intitle:"Top page"
483 | inurl:/dana-cached/sc/
484 | inurl:/dana/home/ filetype:cgi
485 | intitle:"index of" "cvsweb.cgi"
486 | inurl:./sws/index.sws
487 | inurl:SSI/index.htm
488 | inurl:/frameprop.htm
489 | inurl:sws/index.html AND intext:"Model Name" AND intext:"Serial Number"
490 | inurl:/?MAIN=DEVICE intitle:TopAccess intext:Device
491 | inurl:/main.html intext:SHARP AND intext:MX-*
492 | inurl:mainFrame.cgi intext:"RICOH"
493 | inurl:/index.htm intext:"Oki Data Corporation"
494 | inurl:8080/dashboard intitle:Graphite Dashboard
495 | inurl:8080/dashboard.php
496 | intitle:"Kyocera Command Center" inurl:index.htm
497 | intitle:"Internet Services" inurl:default.htm intext:"FUJI XEROX"
498 | intitle:"WeatherLinkIP Configuration"
499 | inurl:/db.php?path_local=
500 | inurl:/gmap.php?id=
501 | site:*/EWS/Exchange.asmx
502 | intitle:"WEBCAM 7 " -inurl:/admin.html
503 | intitle:"HP ALM" "Application Lifecycle Management" inurl:/qcbin/ -ext:PDF
504 | allinurl:top.htm?Currenttime
505 | inurl:index.shtml
506 | inurl:/sws/index.html
507 | inurl:/base/main_login.html intext:"Login"
508 | inurl:/jobq.htm AND intext:"ApeosPort-V"
509 | inurl /view.shtml intext:"Airport"
510 | intitle:"SFXAdmin - sfx_global" intext:"Login Form"
511 | inurl:/ViewerFrame? intitle:"Network Camera NetworkCamera"
512 | inurl:"/general/status.html"
513 | inurl:axis-cgi/jpg
514 | intext:"Frame rate" inurl:/home/homej.html
515 | intext:"Device Name" | intext:"Host Name" inurl:mainFrame.cgi
516 | inurl:axis-cgi/mjpg/video swf
517 | inurl:/home/homej.html
518 | inurl:8081/ "Pan, Tilt & Zoom"
519 | "HP LaserJet" inurl:"SSI/index.htm"
520 | intitle:"webcam" inurl:login
521 | "Camera Live Image" inurl:"guestimage.html"
522 | intitle:"UPS Status" "Status" inurl:/host
523 | inurl:.*eservices/login
524 | intitle:"Tuxedo Connected Controller"
525 | inurl:/config/cam_portal.cgi "Panasonic"
526 | inurl:"view.shtml" "Network Camera"
527 | allintitle:"Welcome to the Web-Based Configurator"
528 | inurl:/presentation/html/top/index.html
529 | intitle:"Miniweb Start Page"
530 | inurl:8080/view/viewer_index.shtml?id= -site:*.com
531 | intitle:"Rockwell Automation" inurl:"index.html" "Device Name"
532 | inurl:"/viewer/live/index.html"
533 | inurl:/CgiStart?page
534 | inurl:"/viewer/live.html"
535 | inurl:"live/cam.html"
536 | "Pop-up" + "Live Image" inurl:index.html
537 | inurl:"webArch/mainFrame.cgi" + "Web Image Monitor"
538 | inurl:/8080 "windows" "live view"
539 | inurl:set_config_password.html
540 | intitle:"NetCamSC*" | intitle:"NetCamXL*" inurl:index.html
541 | inurl:/index.html?size=2&mode=4
542 | inurl: 1051/viewer/live/index.html?lang=en
543 | inurl:/homej.html?
544 | inurl:/Jview.htm + "View Video - Java Mode"
545 | inurl:"view.shtml" "Network"
546 | inurl:"view.shtml" "camera"
547 | inurl:"/cgi-bin/guestimage.html" "Menu"
548 | "change the Administrator Password." intitle:"HP LaserJet" -pdf
549 | inurl: inurl:"view.shtml" ext:shtml
550 | intext:"Connection" AND "Network name" AND " Cisco Meraki cloud" AND "Security Appliance details"
551 | inurl:/Jview.htm + intext:"Zoom :"
552 | intitle:"Agent web client: Phone Login"
553 | "System" + "Toner" + "Input Tray" + "Output Tray" inurl:cgi
554 | intitle:"NetCamXL*"
555 | intitle:"NetCamSC*"
556 | AXIS Camera exploit
557 | inurl:/Jview "zoom"
558 | site:*/dyn_sensors.htm "ID"
559 | inurl:dtm.html intitle:1747-L551
560 | inurl:login.html intitle:"Archer C7"
561 | intitle:"IP Webcam" inurl:"/greet.html"
562 | "Account" "Password" "All rights reserved" intitle:"HG8245"
563 | intitle:"D-LINK SYSTEMS, INC. | Web File Access : Login"
564 | inurl:login.html intitle:"GPON Home Gateway"
565 | inurl:"portal.mwsl" "Status"
566 | intitle:"Intelbras" inurl:cgi-bin/firmware.cgi?formNumber=200
567 | intitle:("WebRTU z2" | "WebRTU z1") -pdf
568 | intitle:("OnCell Web Console" | "Series Web Console" | "-HSPA Series Web" | "-HSDPA Series Web") "MOXA OnCell" "Username :" "Password :" -pdf
569 | intitle:"PowerLogic ION" + "Control" + "Diagnostic" + "Home" + "Maintenance" + "Monitoring"
570 | intitle:"Total Web Solutions" + "Meter Name"
571 | "Copyright(C) CONTEC CO.LTD"
572 | intitle:"Remote UI: Login:" "System Manager ID:"
573 | intitle:"Nordex Control" + "Wind Farm Total Summary"
574 | intitle:"Keenetic Web"
575 | inurl:/main/main.html "Administrator Settings"
576 | intitle:"Advanced Setup - Security - Admin User Name & Password"
577 | site:*.*/level/15/exec/-/ "Exec Configure"
578 | intitle:"ePMP 2000" "notifications" "Menu" -pdf
579 | intitle:"ContaCam" "Snapshot Image"
580 | site:*/tcpipv4.htm
581 | intitle:"HD IP Camera" "Remember me" "User name" -.com -pdf
582 | inurl:set_config_security.htm
583 | intitle:"webcamxp 5" intext: "live stream"
584 | inurl:"userimage.html" "Live" "Open"
585 | inurl:/view/viewer_index.shtml
586 | inurl:set_config_networkIP.html
587 | site:*/tcpipv6.htm
588 | inurl:/guestimage.html
589 | inurl:plc/webvisu.htm intitle:"CoDeSys WebVisualization"
590 | intitle:"openHAB" intext:"Welcome to openHAB" "Basic UI" "Paper UI"
591 | intext:"Inserire il proprio codice per accedere al sistema" "Inserire codice"
592 | inurl:m_login.htm "Somfy"
593 | inurl:"/intouch-base/rest/nlogin" intitle:"InTouch"
594 | inurl:"/index.html" intitle:"Unitronics PLC"
595 | intitle:"Vodafone Vox UI" | intitle:"Residential Gateway Login"
596 | intitle:"Properties - Xerox WorkCentre" "Machine Model:" "Machine Name" -.com
597 | intitle:"Polycom Login" -.com
598 | intitle:"Saia PCD Web-Server"
599 | intitle:"NETSuveillance WEB"
600 | inurl:pas_set_menu.html
601 | intitle:"Sys Name" System Summary Sensors
602 | intitle:"Epson Web Control" "OSD Control Pad"
603 | site:*/net/net/protocol.html
604 | intitle:"HD-Network Real Time Monitoring System" inurl:"/login.asp"
605 | intitle:"Milesight Network Camera" intext:"Language"
606 | inurl:ip_snmp.htm
607 | intitle:"Bosch Security Systems" "LIVEPAGE" + "SETTINGS" -.net -.com
608 | intitle:"DD-WRT (build 21061) - Info"
609 | inurl:ip_password.htm
610 | intitle:"DSM mobile" intext:"Loading..."
611 | intitle:"Web Client" inurl:"webcamera.html"
612 | inurl:/DeviceInformation/View "Device Name"
613 | intitle:"NodeCore PoW Mining Pool" "NETWORK" "TYPE" "POOL ADDRESS" "FEE"
614 | intitle:"Login" inurl:"/simple/view/login.html"
615 | intitle:"LK IHC controller" intext:"LK IHC"
616 | intitle:"Openstage IP Phone User" "IPv4" "DNS"
617 | "USB Port 1 (Public Data)" + "USB Port 2 (Public Data)" "Status" -pdf
618 | inurl:/PRESENTATION/HTML/TOP/PRTINFO.HTML
619 | inurl:/PRESENTATION/EPSONCONNECT
620 | intext:@print.epsonconnect.com intitle:series
621 | Google Dork: intitle:"ZM - Console"
622 | Google Dork: intitle:"ZM - System Log"
623 | inurl:/login/?referer=/admin/ intext:cradlepoint
624 | allintext:"Copyright CANON INC" "iR-ADV"
625 | inurl:"/cgi-bin/luci" intext:"Authorization Required" intitle:"LuCI"
626 | "Name" "Password" intitle:"LANCOM 1790VA"
627 | intitle:series "Note: It is recommended to communicate via HTTPS for entering an administrator password."
628 | inurl:/PRESENTATION/PSWD
629 | inurl:/PRESENTATION/BONJOUR intitle:Series
630 | intitle:"Yealink" inurl:"servlet?m="
631 | intitle:HP LASERJET PRO MFP inurl:/SSI/index.htm
632 | intitle:"Device(" intext:"ActiveX Mode (For IE Browser)"
633 | intext:"LANCOM 1781VA (over ISDN)"
634 | intitle:"Web Client for DVR"
635 | intitle:"Intelbras" site:*/index.html
636 | inurl:/portal/indicate intitle:Remote UI
637 | inurl:mobile.html intitle:webcamXP
638 | intitle:"supra IPC"
639 | intitle:"Dell OpenManage Switch Administrator" intext:"Type in Username and Password, then click OK"
640 | intitle:"Alarm Panel" intext:"Climax Tech. Co., Ltd."
641 | intitle:"webcamxp" "Flash JPEG Stream"
642 | "Username" "Password" "ZTE Corporation. All rights reserved."
643 | intitle:"WF Series" inurl:PRTINFO.html
644 | "NETGEAR, Inc. All rights reserved" intitle:"Netgear Prosafe Plus Switch"
645 | intitle:"Remote UI" intext:"Printer status"
646 | intitle:"::: ACEmanager :::"
647 | intitle:"Camera Status" inurl:/control/
648 | intitle:"Solar-Log™" intext:"Build Revision"
649 | intitle:"3CX Phone System Management Console"
650 | inurl:"/web/guest/en/websys/webArch/mainFrame.cgi"
651 | intitle:"myhome" intext:"Tilgin. All rights reserved. Copyright and Trademark."
652 | intitle:LANCOM "A webbrowser with active JavaScript support is required."
653 | intitle:("Canon" + "series Network Configuration" "Basic Information") + "JavaScript is not enabled"
654 | inurl:"serverpush.htm" "IP Camera" intext:"Foscam"
655 | intitle:"CPU-Modul TROVIS 6610"
656 | intitle:"Cambium" inurl:top.cgi
657 | inurl:top.cgi intitle:"Motorola ptp"
658 | intitle:"vood Residential gateway" inurl:vood/cgi-bin/
659 | intext:"Egardia & WoonVeilig" -site:"linkedin.*" -"data-lead.com" -"getemail.io" -"holaconnect.com" -"kzhead.info"
660 | intext:"Live View" inurl:ui3.htm
661 | intitle:"lg smart ip device" -.com
662 | intitle:"7100 login" "lancom"
663 | inurl:/multi.html intitle:webcam
664 | inurl:/hp/device/SignIn/
665 | inurl:/view.htm?mode=l
666 | intitle:"Blue Iris Remote View"
667 | inurl:"jpegpush.htm"
668 | intitle:"xerox" inurl:i_index
669 | intitle:"Cisco ASDM" inurl:"admin/public/index.html"
670 | "IPECS" inurl:a_index.html
671 | intitle:"Welcome to" intext:"configuration interface"
672 | intext:"2009 PLANET Technology Corporation"
673 | intitle:"PRTG Network Monitor" inurl:index.htm intext:"Password" -inurl:prtg
674 | intitle:"Netgear System Login" intext:"system name"
675 | intitle:"Hello! Welcome to Synology Web Station!"
676 | inurl:/nphMotionJpeg?Resolution=
677 | inurl:hp/device/webAccess
678 | intitle:"setup" "Network setup" "DHCP Client ID" -.com
679 | intitle:"Welcome-netis Wireless"
680 | "Router Name" "Router Model" "LAN MAC" "WAN MAC"
681 | intitle:"D-LINK CORPORATION, INC" intext:"D-Link Corporation, Inc." -dlink.ca
682 | intitle:"Login" intext:"PLANET Technology Corporation. All rights reserved."
683 | intitle:"JUNG KNX Smart-Panel" "JUNG Single Regular"
684 | intext:"This page displays the general system information of the print server."
685 | "Language" "SIM NUM" "DEV NUM" intitle:"mdvr"
686 | intitle:"Device(Foscam)" "Real-time IP Camera Monitoring System"
687 | intitle:"SoundTouch Access Point Setup"
688 | intitle:"Bose SoundTouch Wi-Fi Music System Setup" inurl:"/setup/index.asp"
689 | intitle:"ACEmanager" "ALEOS Version"
690 | "Datamanager" "Devices" "Reports" "Alarm" "Log" "Service" "Gp Run-On"
691 | intitle:"yawcam" "It's a webcam!" "user" "pass"
692 | intitle:"ipMonitor - Log in"
693 | intitle:"Codian MCU" "MCU" "Home Streaming Conferences"
694 | intext:"amcrest" "Invalid login credentials"
695 | inurl:/controlmenu.htm
696 | intitle:"Pyramid Debug Toolbar" inurl:_debug_toolbar
697 | intitle:"CirCarLife Scada" inurl:/html/index.html
698 | intext:"amcrest" "LDAP User"
699 | intitle:"Youless energy monitor" "Model" "Firmware" "www.youless.nl"
700 | inurl:/cgi-bin/login.html "qnap turbo nas"
701 | intitle:"C-more -- the best HMI presented by AutomationDirect"
702 | intitle:"OS-ZuKon" "SSS Siedle"
703 | intitle:"EnvisionGateway" "scheduler" "control"
704 | intitle:"IPC CHIP Main Page" "Beck IPC GmbH"
705 | inurl:/admin/public/asdm.jnlp "ASDM on"
706 | intitle:"SPC4300" "ID"
707 | ©20 "Copyright Yamaha Corporation Visit"
708 | Fwd: intitle:"Codian MCU - Home Page"
709 | Fwd: intitle:"SPC4300" "ID"
710 | Fwd: intitle:"OS-ZuKon" "SSS Siedle"
711 | Fwd: intitle:"Heatmiser Wifi Thermostat" "username" -.com
712 | intitle:"webcamXP 5" inurl:admin.html
713 | intitle:"ADSL Router" inurl:"/login.htm"
714 | intitle:"Microseven M7CAM IP Camera"
715 | intitle:" - General Status [none]"
716 | intitle:"webcamXP" inurl:8080
717 | intext:"Real-time IP Camera Monitoring System" intext:"ActiveX Mode (For IE Browser)"
718 | intitle:"Secure Access Service" inurl:"/dana-na/auth/url_default/welcome.cgi"
719 | intitle:"MODBUS TCP RS485 Converter" intext:"Module Name: MMTCPBCONV" "powered by Atmel ARM."
720 |
--------------------------------------------------------------------------------
/dorks/vulnerable_files.dorks:
--------------------------------------------------------------------------------
1 | "File Upload Manager v1.3" "rename to"
2 | filetype:pl -intext:"/usr/bin/perl" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)
3 | inurl:cgi-bin inurl:bigate.cgi
4 | intitle:"SSHVnc Applet"OR intitle:"SSHTerm Applet"
5 | filetype:mdb "standard jet" (password | username | user | pass)
6 | inurl:updown.php | intext:"Powered by PHP Uploader Downloader"
7 | inurl:"simplenews/admin"
8 | TOO MANY
9 | intitle:"Index of /" modified php.exe
10 | filetype:php inurl:"viewfile" -"index.php" -"idfil
11 | filetype:cnf my.cnf -cvs -example
12 | filetype:wsdl wsdl
13 | filetype:inc inc intext:setcookie
14 | ext:cgi inurl:ubb6_test.cgi
15 | intitle:"PHP Explorer" ext:php (inurl:phpexplorer.php | inurl:list.php | inurl:browse.php)
16 | inurl:robpoll.cgi filetype:cgi
17 | inurl:"plog/register.php"
18 | link:http://www.toastforums.com/
19 | inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"
20 | intitle:gallery inurl:setup "Gallery configuration"
21 | "create the Super User" "now by clicking here"
22 | filetype:lit lit (books|ebooks)
23 | inurl:cgi.asx?StoreID
24 | inurl:" WWWADMIN.PL" intitle:"wwwadmin"
25 | inurl:changepassword.cgi -cvs
26 | intitle:"Directory Listing" "tree view"
27 | intitle:mywebftp "Please enter your password"
28 | ezBOO "Administrator Panel" -cvs
29 | intitle:"ASP FileMan" Resend -site:iisworks.com
30 | intitle:"phpremoteview" filetype:php "Name, Size,
31 | inurl:click.php intext:PHPClickLog
32 | "powered by YellDL"
33 | filetype:cgi inurl:cachemgr.cgi
34 | ext:asp inurl:DUgallery intitle:"3.0" -site:dugall
35 | ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com
36 | "Powered by Land Down Under 601"
37 | inurl:php.exe filetype:exe -example.com
38 | filetype:mdb inurl:"news/news"
39 | intitle:"PHPstat" intext:"Browser" intext:"PHPstat setup"
40 | "Powered by Gravity Board"
41 | "Powered by SilverNews"
42 | PHPFreeNews inurl:Admin.php
43 | inurl:nquser.php filetype:php
44 | "Powered By: Simplicity oF Upload" inurl:download.php | inurl:upload.php
45 | "Powered by FlexPHPNews" inurl:news | inurl:press
46 | "Powered by FunkBoard"
47 | "Powered by Xcomic"
48 | "Warning:" "Cannot execute a blank command in"
49 | "Mail-it Now!" intitle:"Contact form" | inurl:contact.php
50 | "maxwebportal" inurl:"default" "snitz forums" +"homepage" -intitle:maxwebportal
51 | "e107.org 2002/2003" inurl:forum_post.php?nt
52 | inurl:cartwiz/store/index.asp
53 | intitle:"Control panel" "Control Panel Login" ArticleLive inurl:admin -demo
54 | "powered by my little forum"
55 | "powered by mailgust"
56 | intitle:"CJ Link Out V1"
57 | inurl:guestbook/guestbooklist.asp "Post Date" From
58 | vBulletin Install Page Detection
59 | ionCube Loader Wizard information disclosure
60 | allinurl:forcedownload.php?file=
61 | -site:simplemachines.org "These are the paths and URLs to your SMF installation"
62 | inurl:demo.browse.php intitle:getid3
63 | index of admin/fckeditor/editor/filemanager/
64 | intitle:"index of" "nrpe.cfg"
65 | Dork: "Index of" "upload_image.php"
66 | Dork: "index of" "Production.json"
67 | index.of.?.frm
68 | intitle:"index of" "schema.sql"
69 | "index of /" intext:wp-config "zip"
70 | intitle: Index of /assets/admin/system
71 | inurl:/supportboard
72 | Google Dork: intitle:"index of" "/sql" "admin"
73 | intitle:"index of" "/cgi-bin" "admin"
74 | intext:"powered by BlueCMS v1.6"
75 | intitle:"index of" "master03.xml"
76 | intitle:"index of" "stylesheet.css"
77 | intitle:"index of" "pres.xml"
78 | intitle:"Index of" site:.in
79 | inurl:*gov intitle:"index of" "docker-compose"
80 | intitle:"index of" "*.pl"
81 | intitle:"index of" "*.phtml"
82 | intitle:"index of" "*.php"
83 |
--------------------------------------------------------------------------------
/dorks/vulnerable_servers.dorks:
--------------------------------------------------------------------------------
1 | intitle:"Samba Web Administration Tool" intext:"Help Workgroup"
2 | "ftp://" "www.eastgame.net"
3 | intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
4 | "you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
5 | "Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
6 | inurl:rpSys.html
7 | filetype:pl intitle:"Ultraboard Setup"
8 | intitle:"Horde :: My Portal" -"[Tickets"
9 | intitle:"Uploader - Uploader v6" -pixloads.com
10 | http://www.google.com/search?q=inurl%3Aindex.php%3Fpagedb%3Drss
11 | "[ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ]"
12 | "r57shell 1.4"
13 | "r57shell"
14 | "safe_mode: * PHP version: * cURL: * MySQL: * MSSQL: * PostgreSQL: * Oracle: *"
15 | "www.*.com - c99shell" OR "www.*.net - c99shell" OR "www.*.org - c99shell"
16 | "CGI-Telnet Unit-x Team Connected to *.com" OR "CGI-Telnet Unit-x Team Connected to"
17 | inurl:/vb/install/upgrade.php
18 | intitle:cyber anarchy shell
19 | MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: OFF Perl: ON
20 | inurl:view.php?board1_sn=
21 | inurl:php intitle:"Cpanel , FTP CraCkeR"
22 | filetype:php inurl:tiki-index.php +sirius +1.9.*
23 | inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ]
24 | intitle:"-N3t" filetype:php undetectable
25 | inurl:/wp-content/w3tc/dbcache/
26 | ext:cgi inurl:cgi-bin intext:#!/bin/bash
27 | inurl:/proc/self/cwd
28 | inurl:/elfinder/elfinder.html+intitle:"elFinder 2.0"
29 | inurl:shop "Hassan Consulting's Shopping Cart Version 1.18"
30 | "YaBB SE Dev Team"
31 | intitle:"Gallery in Configuration mode"
32 | intitle:osCommerce inurl:admin intext:"redistributable under the GNU"intext:"Online Catalog" -demo -site:oscommerce.com
33 | inurl:ManyServers.htm
34 | intitle:"Terminal Services Web Connection"
35 | intitle:"Remote Desktop Web Connection"
36 | "Welcome to Intranet"
37 | inurl:search.php vbulletin
38 | inurl:footer.inc.php
39 | inurl:info.inc.php
40 | "Welcome to PHP-Nuke" congratulations
41 | "Select a database to view" intitle:"filemaker pro"
42 | allinurl:intranet admin
43 | allinurl:install/install.php
44 | inurl:pls/admin_/gateway.htm
45 | intitle:"Gateway Configuration Menu"
46 | filetype:php inurl:vAuthenticate
47 | "Welcome to the Prestige Web-Based Configurator"
48 | ("Indexed.By"|"Monitored.By") hAcxFtpScan
49 | filetype:cgi inurl:"Web_Store.cgi"
50 | filetype:cgi inurl:"fileman.cgi"
51 | inurl:"index.php?module=ew_filemanager"
52 | allinurl:"index.php" "site=sglinks"
53 | intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -Forums
54 | intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
55 | natterchat inurl:home.asp -site:natterchat.co.uk
56 | inurl:aol*/_do/rss_popup?blogID=
57 | (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
58 | inurl:newsdesk.cgi? inurl:"t="
59 | intitle:"Mail Server CMailServer Webmail" "5.2"
60 | "There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
61 | inurl:servlet/webacc
62 | inurl:"/NSearch/AdminServlet"
63 | "Powered by: vBulletin Version 1.1.5"
64 | "html allowed" guestbook
65 | "set up the administrator user" inurl:pivot
66 | XOOPS Custom Installation
67 | intitle:"MvBlog powered"
68 | inurl:"read.php?datespan="
69 | intitle:"A Better ASP User Gallery"
70 | allinurl: In YoUr Dream Lamerz
71 | allinurl: op=viewslink&sid=
72 | "intitle:t3al shmeh"
73 | : inurll ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
74 | inurl:/vb/install/install.php
75 | intitle:"[EasyPHP] - Administration"
76 | intitle:Locus7shell intext:"Software:"
77 | intitle:m1n1 1.01
78 | intitle:#k4raeL - sh3LL
79 | filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana
80 | intitle:awen+intitle:asp.net
81 | intext: intext: intext: intext: intext:
82 | intext:SQL syntax & inurl:index.php?=id & inurl:gov & inurl:gov
83 | inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin
84 | inurl:"struts" filetype:action
85 | inurl:"/reports/rwservlet" intext:"Oracle"
86 | "OpenSSL" AND "1.0.1 Server at" OR "1.0.1a Server at" OR "1.0.1b Server at" OR "1.0.1c Server at" OR "1.0.1d Server at" OR "1.0.1e Server at" OR "1.0.1f Server at"
87 | inurl:CHANGELOG.txt intext:drupal intext:"SA-CORE" -intext:7.32 -site:github.com -site:drupal.org
88 | inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com
89 | allinurl:moadmin.php -google -github
90 | allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit
91 | "dirLIST - PHP Directory Lister" "Banned files: php | php3 | php4 | php5 | htaccess | htpasswd | asp | aspx" "index of" ext:php
92 | inurl:"index.php?option=com_joomanager"
93 | inurl:"/user/register" "Powered by Drupal" -CAPTCHA -"Access denied"
94 | inurl:"q=user/password"
95 | "Powered by vBulletin Version 5.5.4"
96 | "Powered by Jira Service Desk"
97 | intitle:"index of" "AT-admin.cgi"
98 | intext:"(c) GUnet 2003-2007"
99 | inurl:/+CSCOE+/logon.html
100 | intitle:"index of" "filemail.pl"
101 | intitle:"index of" "shell.php"
102 | site: target.com ext:action | ext:struts | ext:do
103 | intext:"Powered By Gila CMS"
104 | intitle:"Wing FTP Server - Web"
105 | intitle:"Vulnerability Report" "Critical" ext:pdf
106 | inurl:RichWidgets/Popup_Upload.aspx
107 | intext:"user name" intext:"orion core" -solarwinds.com
108 | inurl /editor/filemanager/connectors/uploadtest.html
109 | intitle:"Icecast Streaming Media Server" "Icecast2 Status" -.com
110 | intitle:"index of" "/views/auth/passwords"
111 | intitle:"TileServer GL - Server for vector and raster maps with GL styles"
112 | inurl:adm/login.jsp.bak
113 |
--------------------------------------------------------------------------------
/dorks/web_server_detection.dorks:
--------------------------------------------------------------------------------
1 | "Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide
2 | intext:"404 Object Not Found" Microsoft-IIS/5.0
3 | intitle:"Object not found" netware "apache 1.."
4 | intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)"
5 | intitle:"Welcome to Your New Home Page!" "by the Debian release"
6 | (inurl:81-cobalt | inurl:cgi-bin/.cobalt)
7 | intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page"
8 | intitle:"Welcome to Windows Small Business Server 2003"
9 | intitle:"Welcome To Your WebSTAR Home Page"
10 | intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page"
11 | intitle:"Welcome to 602LAN SUITE *"
12 | (intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.co
13 | inurl:nnls_brand.html OR inurl:nnls_nav.html
14 | intitle:"Apache Status" "Apache Server Status for"
15 | intitle:"BadBlue: the file-sharing web server anyone can use"
16 | intitle:"Welcome to IIS 4.0"
17 | "powered by openbsd" +"powered by apache"
18 | filetype:asmx inurl:(_vti_bin|api|webservice)
19 | inurl:"/web-console/" intitle:"Administration Console"
20 | intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /"
21 | intitle:"Index of /" "Proudly Served by Surftown at"
22 | intitle:"Index of" "Apache/2.4.7 (Ubuntu) Server"
23 | inurl:readme.rst intext:"CodeIgniter"
24 | intext:"Welcome to CodeIgniter!"
25 | intitle:"Welcome to Windows 2000 Internet Services"
26 | intitle:"Apache HTTP Server" intitle:"documentation"
27 | inurl:tech-support inurl:show Cisco
28 | i_index.shtml Ready
29 | aboutprinter.shtml
30 | "seeing this instead" intitle:"test page for apache"
31 | intitle:"Test Page for Apache" "It Worked!"
32 | intitle:"Test Page for Apache" "It Worked!" "on this web"
33 | allintitle:Netscape FastTrack Server Home Page
34 | intitle:"Test Page for Apache"
35 | intitle:Snap.Server inurl:Func=
36 | intitle:"300 multiple choices"
37 | inurl:domcfg.nsf
38 | allinurl:".nsconfig" -sample -howto -tutorial
39 | HTTP_USER_AGENT=Googlebot
40 | intitle:"Page rev */*/*" inurl:"admin
41 | "AnWeb/1.42h" intitle:index.of
42 | "CERN httpd 3.0B (VAX VMS)"
43 | "JRun Web Server" intitle:index.of
44 | "MaXX/3.1" intitle:index.of
45 | "Microsoft-IIS/* server at" intitle:index.of
46 | "Microsoft-IIS/4.0" intitle:index.of
47 | "Microsoft-IIS/5.0 server at"
48 | "Microsoft-IIS/6.0" intitle:index.of
49 | "OmniHTTPd/2.10" intitle:index.of
50 | "OpenSA/1.0.4" intitle:index.of
51 | "Red Hat Secure/2.0"
52 | "Red Hat Secure/3.0 server at"
53 | sEDWebserver * server +at intitle:index.of
54 | fitweb-wwws * server at intitle:index.of
55 | "httpd+ssl/kttd" * server at intitle:index.of
56 | "powered by" "shoutstats" hourly daily
57 | intitle:"Shoutcast Administrator"
58 | intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)
59 | intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com
60 | intitle:"Directory Listing, Index of /*/"
61 | intitle:"error 404" "From RFC 2068 "
62 | intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) "
63 | "Switch to table format" inurl:table|plain
64 | "About Mac OS Personal Web Sharing"
65 | intitle:"Welcome To Xitami" -site:xitami.com
66 | intitle:"Resin Default Home Page"
67 | allintext:"Powered by LionMax Software" "WWW File Share"
68 | inurl:2506/jana-admin
69 | XAMPP "inurl:xampp/index"
70 | "Netware * Home" inurl:nav.html
71 | inurl:oraweb -site:oraweb.org
72 | intitle:"welcome to mono xsp"
73 | Powered.by.RaidenHTTPD intitle:index.of
74 | yaws.*.server.at
75 | intitle:"IPC@CHIP Infopage"
76 | intitle:"Index of *" mode links bytes last-changed name
77 | intitle:"Welcome to the Advanced Extranet Server, ADVX!"
78 | inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil
79 | intext:"Target Multicast Group" "beacon"
80 | intitle:"Apache Status" | intext:"Apache Server Status"
81 | inurl:phpsysinfo/index.php?disp=dynamic
82 | intitle:"HFS" "Server Uptime" "Server time"
83 | inurl:/php/info.php
84 | "PHP Credits" "Configuration" "PHP Core" ext:php inurl:info
85 | inurl:user_guide intext:"CodeIgniter User Guide"
86 | ext:svc inurl:wsdl
87 | inurl:/pub/ inurl:_ri_
88 | inurl:/_catalogs
89 | inurl:phpmyadmin/themes intext:"pmahomme"
90 | inurl:readme.md intext:"Laravel"
91 | "Application Blocked!" "Google bot"
92 | inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:"
93 | "var miner = new CoinHive" intext:document.domain
94 | intitle:"Axis Happiness Page" "Examining webapp configuration"
95 | intitle:"miniProxy"
96 | inurl:rvsindex.php & /rvsindex.php?/user/login
97 | intitle:"Apache2 Debian Default Page: It works"
98 | intitle:"apache tomcat/" + "Find additional important configuration information in:"
99 | "RDServer Product information" | inurl:"/rdagent.jsp"
100 | inurl:composer.json codeigniter -site:github.com
101 | intitle:"apache tomcat/" "Apache Tomcat examples"
102 | intitle:HTTP Server Test Page powered by CentOS
103 | inurl:tests/mocks intext:autoloader
104 | inurl:/_hcms/
105 | intext:"Powered by Sentora" -github.com
106 | intext:"Powered by Nesta"
107 | Coldbox | contentbox | commandbox "Powered by ContentBox"
108 | intext:"Powered by Typesetter"
109 | intext:"Powered by (Quantum | Quantum CMS | CMS)
110 | "This server is operated by OpenX."
111 | intitle:"Sucuri WebSite Firewall - Access Denied"
112 | intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS"
113 | intitle:livezilla "Server Time"
114 | intitle: "Welcome to nginx!" + "Thank you for using nginx."
115 | intext:"Powered by Abyss Web Server"
116 | "Powered by vShare"
117 | intitle:Test Page for the Nginx HTTP Server on Fedora
118 | intext:" - 2019 Cott Systems, Inc."
119 | "I have been invoked by servletToJSP"
120 | "Proudly created with Wix.com"
121 | "Powered by BOINC"
122 | intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"
123 | inurl:jsmol.php
124 | intext:"Powered by GetSimple" -site:get-simple.info
125 | inurl:OrganizationChart.cc
126 | intext:"Brought to you by eVetSites"
127 | inurl:phpinfo.php intext:build 2600
128 | inurl:/server-status + "Server MPM:"
129 | intitle:"IIS Windows Server" -inurl:"IIS Windows Server"
130 | intitle:"Apache2 Ubuntu Default Page: It works"
131 | inurl:"WebPortal?bankid"
132 | inurl:/phpmyadmin/changelog.php -github -gitlab
133 | inurl:/iisstart.htm intitle:"IIS7"
134 | site:*/server-status intext:"Apache server status for"
135 | intitle:"index of" "server at"
136 | -pub -pool intitle:"index of" "Served by" "Web Server"
137 | intitle:"index of" "Served by Sun-ONE"
138 | intitle:"Welcome to nginx!" intext:"Welcome to nginx on Debian!" intext:"Thank you for"
139 | intitle:"Welcome to JBoss"
140 | site:ftp.*.com "Web File Manager"
141 | intitle:"Web Server's Default Page" intext:"hosting using Plesk" -www
142 | intitle:"index of" "powered by apache " "port 80"
143 | "Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style"
144 | intext:"This is the default welcome page used to test the correct operation of the Apache2 server"
145 | intitle:"index of" "debug.log" OR "debug-log"
146 | intitle:"index of" "docker.yml"
147 | inurl:":8088/cluster/apps"
148 | "index of /private" -site:net -site:com -site:org
149 | inurl:"id=*" & intext:"warning mysql_fetch_array()"
150 | intext:"index of /" "Index of" access_log
151 | intitle:"Microsoft Internet Information Services 8" -IIS
152 | intitle:"Monsta ftp" intext:"Lock session to IP"
153 | intitle:"Lists Web Service"
154 | allintitle:"Pi-hole Admin Console"
155 | intitle:Snoop Servlet
156 | "Powered by 123LogAnalyzer"
157 | inurl:_vti_bin/Authentication.asmx
158 | allintext:"Index Of" "sftp-config.json"
159 | ext:php | intitle:phpinfo "published by the PHP Group"
160 | inurl:/phpPgAdmin/browser.php
161 | intext:"Healthy" + "Product model" + " Client IP" + "Ethernet"
162 | intext:"SonarQube" + "by SonarSource SA." + "LGPL v3"
163 | inurl:/xprober ext:php
164 | inurl:"/phpmyadmin/user_password.php
165 | inurl:/config/device/wcd
166 | inurl:?XDEBUG_SESSION_START=phpstorm
167 | inurl:/uploads/affwp-debug.log
168 | inurl:CFIDE/adminapi
169 | inurl:/javax.faces.resource/
170 | intitle:"GlassFish Server - Server Running"
171 | intitle:"Accueil WAMPSERVER" intext:"Configuration Serveur"
172 | inurl:"/domcfg.nsf" " Web Server Configuration"
173 | intitle:"Miniweb Start Page" | "/CSS/Miniweb.css"
174 | inurl:/Portal0000.htm
175 | intitle:"Current Network Status" "Nagios"
176 | filetype:axd inurl:/elmah.axd
177 | "Cisco Systems, Inc. All Rights Reserved." -cisco.com filetype:jsp
178 | intitle:"SOGo" site:webmail.*
179 | intitle:"Server Backup Manager SE"
180 | inurl:"web/database/selector"
181 | intitle:"Test Page for the HTTP Server on Fedora"
182 | intitle:"Icecast Streaming Media Server"
183 | intitle:"Welcome to WildFly" intext:"Administration Console"
184 | intitle:"Index of" site:.gov intext:"Server at"
185 | intitle:"Welcome" intext:"LiteSpeed Technologies, Inc. All Rights Reserved."
186 | intitle:"web server login" intext:"site ip"
187 | inurl: /ftp intitle:"office"
188 | intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report"
189 | intitle:"nPerfServer"
190 | intitle:"Domain Default page" "Parallels IP Holdings GmbH"
191 | intitle:"index of" "/homedir/etc/"
192 | intitle:"index of" AND inurl:magento AND inurl:/dev
193 | "Wowza Streaming Engine 4 Developer Edition"
194 | intitle:"index of" site:.gov.in
195 | intitle:"WATASHI SERVICE"
196 | intitle:"Success!" intext:"Your new web server is ready to use."
197 | intitle:"Welcome to OpenResty!"
198 | intitle:"Shoutcast server" inurl:"/index.html" "SHOUTcast Server"
199 | "NTRIP Caster Table Contents" "This is a SNIP NTRIP Caster"
200 | inurl:"/app/kibana#"
201 | Fwd: intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report"
202 | site:*/*.asp
203 | inurl *:8080/login.php
204 | site:vps-*.vps.ovh.net
205 |
--------------------------------------------------------------------------------
/ghdb_scraper.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Standard Python libraries.
4 | import argparse
5 | import json
6 |
7 | # Third party Python libraries.
8 | from bs4 import BeautifulSoup
9 | import requests
10 |
11 | # Custom Python libraries.
12 |
13 |
14 | __version__ = "1.0.0"
15 |
16 | """
17 | Dork dictionary example:
18 |
19 | {
20 | "id": "2",
21 | "date": "2003-06-24",
22 | "url_title": "intitle: 'Ganglia 'Cluster Report for'",
23 | "cat_id": [
24 | "8",
25 | "Files Containing Juicy Info"
26 | ],
27 | "author_id": [
28 | "2168",
29 | "anonymous"
30 | ],
31 | "author": {
32 | "id": "2168",
33 | "name": "anonymous"
34 | },
35 | "category": {
36 | "cat_id": "8",
37 | "cat_title": "Files Containing Juicy Info",
38 | "cat_description": "No usernames or passwords, but interesting stuff none the less.",
39 | "last_update": "2020-06-12",
40 | "records_count": "845",
41 | "porder": 0
42 | }
43 | }
44 | """
45 |
46 |
47 | def retrieve_google_dorks(
48 | save_json_response_to_file=False, save_all_dorks_to_file=False, save_individual_categories_to_files=False
49 | ):
50 | """Retrieves all google dorks from https://www.exploit-db.com/google-hacking-database and optionally, writes the
51 | entire json response to a .json file, all the dorks to a file, and/or the individual dork categories to a file. A
52 | dictionary is returned containing the total_dorks, a list of extracteddorks, and a category dictionary.
53 | """
54 |
55 | url = "https://www.exploit-db.com/google-hacking-database"
56 |
57 | headers = {
58 | "Accept": "application/json, text/javascript, */*; q=0.01",
59 | "Accept-Encoding": "deflate, gzip, br",
60 | "Accept-Language": "en-US",
61 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0",
62 | "X-Requested-With": "XMLHttpRequest",
63 | }
64 |
65 | print(f"[+] Requesting URL: {url}")
66 | response = requests.get(url, headers=headers, timeout=10)
67 |
68 | if response.status_code != 200:
69 | print(f"[-] Error retrieving google dorks from: {url}")
70 | return
71 |
72 | # Extract json data.
73 | json_response = response.json()
74 |
75 | # Extract recordsTotal and data.
76 | total_dorks = json_response["recordsTotal"]
77 | json_dorks = json_response["data"]
78 |
79 | # List to track all the dorks.
80 | extracted_dorks = []
81 |
82 | # Dictionary to organize the dorks by category.
83 | category_dict = {}
84 |
85 | # Loop through dorks, collecting and organizing them.
86 | for dork in json_dorks:
87 |
88 | # Extract dork from using BeautifulSoup.
89 | # "inurl:_cpanel/forgotpwd"
90 | soup = BeautifulSoup(dork["url_title"], "html.parser")
91 | # Some of the URL titles have trailing tabs, remove them.
92 | extracted_dork = soup.find("a").contents[0].strip()
93 | extracted_dorks.append(extracted_dork)
94 |
95 | # For individual categories.
96 | # Cast numeric_category_id as integer for sorting later.
97 | numeric_category_id = int(dork["category"]["cat_id"])
98 | category_name = dork["category"]["cat_title"]
99 |
100 | # Create an empty list for each category if it doesn't already exist.
101 | if numeric_category_id not in category_dict:
102 |
103 | category_dict[numeric_category_id] = {"category_name": category_name, "dorks": []}
104 |
105 | # Some of the URL titles have trailing tabs, use replace() to remove it in place. The strip() method cannot be
106 | # used because the tab is not at the end of the string, but between the tags instead:
107 | # "Powered by Rock Band CMS 0.10"
108 | dork["url_title"] = dork["url_title"].replace("\t", "")
109 | category_dict[numeric_category_id]["dorks"].append(dork)
110 |
111 | # If requested, break up dorks into individual files based off category.
112 | if save_individual_categories_to_files:
113 |
114 | # Sort category_dict based off the numeric keys.
115 | category_dict = dict(sorted(category_dict.items()))
116 |
117 | for key, value in category_dict.items():
118 |
119 | # Provide some category metrics.
120 | print(f"[*] Category {key} ('{value['category_name']}') has {len(value['dorks'])} dorks")
121 |
122 | dork_file_name = value["category_name"].lower().replace(" ", "_")
123 | full_dork_file_name = f"dorks/{dork_file_name}.dorks"
124 |
125 | print(f"[*] Writing dork category '{value['category_name']}' to file: {full_dork_file_name}")
126 |
127 | with open(f"{full_dork_file_name}", "w", encoding="utf-8") as fh:
128 | for dork in value["dorks"]:
129 | # Extract dork from using BeautifulSoup.
130 | # "inurl:_cpanel/forgotpwd"
131 | soup = BeautifulSoup(dork["url_title"], "html.parser")
132 | # Some of the URL titles have trailing tabs, remove them.
133 | extracted_dork = soup.find("a").contents[0].strip()
134 | fh.write(f"{extracted_dork}\n")
135 |
136 | # Save GHDB json object to all_google_dorks.json.
137 | if save_json_response_to_file:
138 | google_dork_json_file = "all_google_dorks.json"
139 | print(f"[*] Writing all dorks to JSON file: {google_dork_json_file}")
140 | with open(f"dorks/{google_dork_json_file}", "w", encoding="utf-8") as json_file:
141 | json.dump(json_dorks, json_file)
142 |
143 | # Save all dorks to all_google_dorks.txt.
144 | if save_all_dorks_to_file:
145 | google_dork_file = "all_google_dorks.txt"
146 | print(f"[*] Writing all dorks to txt file: dorks/{google_dork_file}")
147 | with open(f"dorks/{google_dork_file}", "w", encoding="utf-8") as fh:
148 | for dork in extracted_dorks:
149 | fh.write(f"{dork}\n")
150 |
151 | print(f"[*] Total Google dorks retrieved: {total_dorks}")
152 |
153 | # Package up a nice dictionary to return.
154 | # fmt: off
155 | ghdb_dict = {
156 | "total_dorks": total_dorks,
157 | "extracted_dorks": extracted_dorks,
158 | "category_dict": category_dict,
159 | }
160 | # fmt: on
161 |
162 | return ghdb_dict
163 |
164 |
165 | if __name__ == "__main__":
166 |
167 | categories = {
168 | 1: "Footholds",
169 | 2: "File Containing Usernames",
170 | 3: "Sensitives Directories",
171 | 4: "Web Server Detection",
172 | 5: "Vulnerable Files",
173 | 6: "Vulnerable Servers",
174 | 7: "Error Messages",
175 | 8: "File Containing Juicy Info",
176 | 9: "File Containing Passwords",
177 | 10: "Sensitive Online Shopping Info",
178 | 11: "Network or Vulnerability Data",
179 | 12: "Pages Containing Login Portals",
180 | 13: "Various Online devices",
181 | 14: "Advisories and Vulnerabilities",
182 | }
183 |
184 | epilog = f"Dork categories:\n\n{json.dumps(categories, indent=4)}"
185 |
186 | parser = argparse.ArgumentParser(
187 | formatter_class=argparse.RawDescriptionHelpFormatter,
188 | description=(
189 | f"GHDB Scraper v{__version__} - Retrieve Google Hacking Database dorks from "
190 | "https://www.exploit-db.com/google-hacking-database."
191 | ),
192 | epilog=epilog,
193 | )
194 |
195 | parser.add_argument(
196 | "-i",
197 | dest="save_individual_categories_to_files",
198 | action="store_true",
199 | default=False,
200 | help="Write all the individual dork categories types to separate files.",
201 | )
202 |
203 | parser.add_argument(
204 | "-j",
205 | dest="save_json_response_to_file",
206 | action="store_true",
207 | default=False,
208 | help="Save GHDB json response to all_google_dorks.json",
209 | )
210 |
211 | parser.add_argument(
212 | "-s",
213 | dest="save_all_dorks_to_file",
214 | action="store_true",
215 | default=False,
216 | help="Save all the Google dorks to all_google_dorks.txt",
217 | )
218 |
219 | args = parser.parse_args()
220 |
221 | retrieve_google_dorks(**vars(args))
222 |
--------------------------------------------------------------------------------
/pagodo.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Standard Python libraries.
4 | import argparse
5 | import datetime
6 | import json
7 | import logging
8 | import os
9 | import random
10 | import re
11 | import sys
12 | import time
13 |
14 | # Third party Python libraries.
15 | import yagooglesearch
16 |
17 | # Custom Python libraries.
18 |
19 | __version__ = "2.3.1"
20 |
21 | # Logging
22 | ROOT_LOGGER = logging.getLogger("pagodo")
23 | # ISO 8601 datetime format by default.
24 | LOG_FORMATTER = logging.Formatter("%(asctime)s [%(threadName)-12.12s] [%(levelname)s] %(message)s")
25 |
26 | # Setup file logging.
27 | log_file_handler = logging.FileHandler("pagodo.py.log")
28 | log_file_handler.setFormatter(LOG_FORMATTER)
29 | ROOT_LOGGER.addHandler(log_file_handler)
30 |
31 | # Setup console logging.
32 | console_handler = logging.StreamHandler()
33 | console_handler.setFormatter(LOG_FORMATTER)
34 | ROOT_LOGGER.addHandler(console_handler)
35 |
36 |
37 | class Pagodo:
38 | """Pagodo class object"""
39 |
40 | def __init__(
41 | self,
42 | google_dorks_file,
43 | domain="",
44 | max_search_result_urls_to_return_per_dork=100,
45 | save_pagodo_results_to_json_file=None, # None = Auto-generate file name, otherwise pass a string for path and filename.
46 | proxies="",
47 | save_urls_to_file=None, # None = Auto-generate file name, otherwise pass a string for path and filename.
48 | minimum_delay_between_dork_searches_in_seconds=37,
49 | maximum_delay_between_dork_searches_in_seconds=60,
50 | disable_verify_ssl=False,
51 | verbosity=4,
52 | ):
53 | """Initialize Pagodo class object."""
54 |
55 | # Run parameter checks.
56 | if not os.path.exists(google_dorks_file):
57 | print("Specify a valid file containing Google dorks with -g")
58 | sys.exit(0)
59 |
60 | if minimum_delay_between_dork_searches_in_seconds < 0:
61 | print("Minimum delay between dork searches (-i) must be greater than 0")
62 | sys.exit(0)
63 |
64 | if maximum_delay_between_dork_searches_in_seconds < 0:
65 | print("maximum_delay_between_dork_searches_in_seconds (-x) must be greater than 0")
66 | sys.exit(0)
67 |
68 | if maximum_delay_between_dork_searches_in_seconds <= minimum_delay_between_dork_searches_in_seconds:
69 | print(
70 | "maximum_delay_between_dork_searches_in_seconds (-x) must be greater than "
71 | "minimum_delay_between_dork_searches_in_seconds (-i)"
72 | )
73 | sys.exit(0)
74 |
75 | if max_search_result_urls_to_return_per_dork < 0:
76 | print("max_search_result_urls_to_return_per_dork (-m) must be greater than 0")
77 | sys.exit(0)
78 |
79 | # All passed paramters look good, assign to the class object.
80 | self.google_dorks_file = google_dorks_file
81 | self.google_dorks = []
82 | with open(google_dorks_file, "r", encoding="utf-8") as fh:
83 | for line in fh.read().splitlines():
84 | if line.strip():
85 | self.google_dorks.append(line)
86 | self.domain = domain
87 | self.max_search_result_urls_to_return_per_dork = max_search_result_urls_to_return_per_dork
88 | self.save_pagodo_results_to_json_file = save_pagodo_results_to_json_file
89 | self.proxies = proxies.strip().strip(",").split(",")
90 | self.save_urls_to_file = save_urls_to_file
91 | self.minimum_delay_between_dork_searches_in_seconds = minimum_delay_between_dork_searches_in_seconds
92 | self.maximum_delay_between_dork_searches_in_seconds = maximum_delay_between_dork_searches_in_seconds
93 | self.disable_verify_ssl = disable_verify_ssl
94 | self.verbosity = verbosity
95 |
96 | # Fancy way of generating a list of 20 random values between minimum_delay_between_dork_searches_in_seconds and
97 | # maximum_delay_between_dork_searches_in_seconds. A random value is selected between each different Google
98 | # dork search.
99 | """
100 | 1) Generate a random list of values between minimum_delay_between_dork_searches_in_seconds and
101 | maximum_delay_between_dork_searches_in_seconds
102 | 2) Round those values to the tenths place
103 | 3) Re-case as a list
104 | 4) Sort the list
105 | """
106 | self.delay_between_dork_searches_list = sorted(
107 | list(
108 | map(
109 | lambda x: round(x, 1),
110 | [
111 | random.uniform(
112 | minimum_delay_between_dork_searches_in_seconds,
113 | maximum_delay_between_dork_searches_in_seconds,
114 | )
115 | for _ in range(20)
116 | ],
117 | )
118 | )
119 | )
120 |
121 | self.base_file_name = f'pagodo_results_{datetime.datetime.now().strftime("%Y%m%d_%H%M%S")}'
122 | self.total_urls_found = 0
123 | self.proxy_rotation_index = 0
124 |
125 | # -o with no filename. Desire to save results, don't care about the file name.
126 | if self.save_pagodo_results_to_json_file is None:
127 | self.save_pagodo_results_to_json_file = f"{self.base_file_name}.json"
128 |
129 | # -s with no filename. Desire to save results, don't care about the file name.
130 | if self.save_urls_to_file is None:
131 | self.save_urls_to_file = f"{self.base_file_name}.txt"
132 |
133 | # Assign log level.
134 | ROOT_LOGGER.setLevel((6 - self.verbosity) * 10)
135 |
136 | def go(self):
137 | """Start pagodo Google dork search."""
138 |
139 | initiation_timestamp = datetime.datetime.now().isoformat()
140 |
141 | ROOT_LOGGER.info(f"Initiation timestamp: {initiation_timestamp}")
142 |
143 | # Initialize starting dork number.
144 | dork_counter = 1
145 |
146 | total_dorks_to_search = len(self.google_dorks)
147 |
148 | # Initialize dictionary to track dork results.
149 | self.pagodo_results_dict = {
150 | "dorks": {},
151 | "initiation_timestamp": initiation_timestamp,
152 | "completion_timestamp": "",
153 | }
154 |
155 | for dork in self.google_dorks:
156 |
157 | self.pagodo_results_dict["dorks"][dork] = {
158 | "urls_size": 0,
159 | "urls": [],
160 | }
161 |
162 | try:
163 | dork = dork.strip()
164 |
165 | # Search for the URLs to collect.
166 | if self.domain:
167 | query = f"site:{self.domain} {dork}"
168 | else:
169 | query = dork
170 |
171 | """
172 | Google search web GUI message for large search string queries:
173 | "the" (and any subsequent words) was ignored because we limit queries to 32 words.
174 | """
175 | # Search string is longer than 32 words.
176 | if len(query.split(" ")) > 32:
177 | ignored_string = " ".join(query.split(" ")[32:])
178 | ROOT_LOGGER.warning(
179 | "Google limits queries to 32 words (separated by spaces): Removing from search query: "
180 | f"'{ignored_string}'"
181 | )
182 |
183 | # Update query variable.
184 | updated_query = " ".join(query.split(" ")[0:32])
185 |
186 | # If original query is in quotes, append a double quote to new truncated updated_query.
187 | if query.endswith('"'):
188 | updated_query = f'{updated_query}"'
189 |
190 | ROOT_LOGGER.info(f"New search query: {updated_query}")
191 |
192 | query = updated_query
193 |
194 | # Rotate through the list of proxies using modulus to ensure the index is in the self.proxies list.
195 | proxy_index = self.proxy_rotation_index % len(self.proxies)
196 | proxy = self.proxies[proxy_index]
197 | self.proxy_rotation_index += 1
198 |
199 | # Instantiate a new yagooglesearch.SearchClient object for each Google dork.
200 | client = yagooglesearch.SearchClient(
201 | query,
202 | tbs="li:1", # Verbatim search.
203 | num=100, # Retrieve up to 100 Google search results at time.
204 | # Max desired valid URLs to collect per dork.
205 | max_search_result_urls_to_return=self.max_search_result_urls_to_return_per_dork,
206 | proxy=proxy,
207 | verify_ssl=not self.disable_verify_ssl,
208 | verbosity=self.verbosity,
209 | )
210 |
211 | # Randomize the user agent for best results.
212 | client.assign_random_user_agent()
213 |
214 | ROOT_LOGGER.info(
215 | f"Search ( {dork_counter} / {total_dorks_to_search} ) for Google dork [ {query} ] using "
216 | f"User-Agent '{client.user_agent}' through proxy '{proxy}'"
217 | )
218 |
219 | dork_urls_list = client.search()
220 |
221 | # Remove any exploit-db.com URLs.
222 | for url in dork_urls_list:
223 | # Ignore results from specific URLs like exploit-db.com, cert.org, and GHDB's Twitter account that
224 | # may just be providing information about the vulnerability. Keeping it simple with regex.
225 | ignore_url_list = [
226 | "https://www.kb.cert.org",
227 | "https://www.exploit-db.com/",
228 | "https://twitter.com/googlehacking/",
229 | ]
230 | for ignore_url in ignore_url_list:
231 | if re.search(ignore_url, url, re.IGNORECASE):
232 | ROOT_LOGGER.warning(f"Removing {ignore_url} URL: {url}")
233 | dork_urls_list.remove(url)
234 |
235 | dork_urls_list_size = len(dork_urls_list)
236 |
237 | # Google dork results found.
238 | if dork_urls_list:
239 |
240 | ROOT_LOGGER.info(f"Results: {dork_urls_list_size} URLs found for Google dork: {dork}")
241 |
242 | dork_urls_list_as_string = "\n".join(dork_urls_list)
243 | ROOT_LOGGER.info(f"dork_urls_list:\n{dork_urls_list_as_string}")
244 |
245 | self.total_urls_found += dork_urls_list_size
246 |
247 | # Save URLs with valid results to an .txt file.
248 | if self.save_urls_to_file:
249 | with open(self.save_urls_to_file, "a") as fh:
250 | fh.write(f"# {dork}\n")
251 | for url in dork_urls_list:
252 | fh.write(f"{url}\n")
253 | fh.write("#" * 50 + "\n")
254 |
255 | self.pagodo_results_dict["dorks"][dork] = {
256 | "urls_size": dork_urls_list_size,
257 | "urls": dork_urls_list,
258 | }
259 |
260 | # No Google dork results found.
261 | else:
262 | ROOT_LOGGER.info(f"Results: {dork_urls_list_size} URLs found for Google dork: {dork}")
263 |
264 | except KeyboardInterrupt:
265 | sys.exit(0)
266 |
267 | except Exception as e:
268 | ROOT_LOGGER.error(f"Error with dork: {dork}")
269 | ROOT_LOGGER.error(f"EXCEPTION: {e}")
270 | if type(e).__name__ == "SSLError" and (not self.disable_verify_ssl):
271 | ROOT_LOGGER.info(
272 | "If you are using self-signed certificates for an HTTPS proxy, try-rerunning with the -l "
273 | "switch to disable verifying SSL/TLS certificates. Exiting..."
274 | )
275 | sys.exit(1)
276 |
277 | dork_counter += 1
278 |
279 | # Only sleep if there are more dorks to search.
280 | if dork != self.google_dorks[-1]:
281 | pause_time = random.choice(self.delay_between_dork_searches_list)
282 | ROOT_LOGGER.info(f"Sleeping {pause_time} seconds before executing the next dork search...")
283 | time.sleep(pause_time)
284 |
285 | ROOT_LOGGER.info(
286 | f"Total URLs found for the {total_dorks_to_search} total dorks searched: {self.total_urls_found}"
287 | )
288 |
289 | completion_timestamp = datetime.datetime.now().isoformat()
290 |
291 | ROOT_LOGGER.info(f"Completion timestamp: {completion_timestamp}")
292 | self.pagodo_results_dict["completion_timestamp"] = completion_timestamp
293 |
294 | # Save pagodo_results_dict to a .json file.
295 | if self.save_pagodo_results_to_json_file:
296 | with open(self.save_pagodo_results_to_json_file, "w") as fh:
297 | json.dump(self.pagodo_results_dict, fh, indent=4)
298 |
299 | return self.pagodo_results_dict
300 |
301 |
302 | # http://stackoverflow.com/questions/3853722/python-argparse-how-to-insert-newline-in-the-help-text
303 | class SmartFormatter(argparse.HelpFormatter):
304 | def _split_lines(self, text, width):
305 | if text.startswith("R|"):
306 | return text[2:].splitlines()
307 | # This is the RawTextHelpFormatter._split_lines
308 | return argparse.HelpFormatter._split_lines(self, text, width)
309 |
310 |
311 | if __name__ == "__main__":
312 |
313 | parser = argparse.ArgumentParser(
314 | description=f"pagodo - Passive Google Dork v{__version__}",
315 | formatter_class=SmartFormatter,
316 | )
317 | parser.add_argument(
318 | "-g", dest="google_dorks_file", action="store", required=True, help="File containing Google dorks, 1 per line."
319 | )
320 | parser.add_argument(
321 | "-d",
322 | dest="domain",
323 | action="store",
324 | required=False,
325 | help="Domain to scope the Google dork searches. Not required.",
326 | )
327 | parser.add_argument(
328 | "-i",
329 | dest="minimum_delay_between_dork_searches_in_seconds",
330 | action="store",
331 | required=False,
332 | type=int,
333 | default=37,
334 | help="Minimum delay (in seconds) between a Google dork search. Default: 37",
335 | )
336 | parser.add_argument(
337 | "-x",
338 | dest="maximum_delay_between_dork_searches_in_seconds",
339 | action="store",
340 | required=False,
341 | type=int,
342 | default=60,
343 | help="Maximum delay (in seconds) between a Google dork search. Default: 60",
344 | )
345 | parser.add_argument(
346 | "-l",
347 | dest="disable_verify_ssl",
348 | action="store_true",
349 | required=False,
350 | default=False,
351 | help="Disable SSL/TLS validation. Sometimes required if using an HTTPS proxy with self-signed certificates.",
352 | )
353 | parser.add_argument(
354 | "-m",
355 | dest="max_search_result_urls_to_return_per_dork",
356 | action="store",
357 | required=False,
358 | type=int,
359 | default=100,
360 | help="Maximum results to return per dork. Default 100.",
361 | )
362 | parser.add_argument(
363 | "-p",
364 | dest="proxies",
365 | action="store",
366 | required=False,
367 | type=str,
368 | default="",
369 | help=(
370 | "Comma separated string of proxies to round-robin through. Example: "
371 | "https://myproxy:8080,socks5h://127.0.0.1:9050,socks5h://127.0.0.1:9051 - The proxy scheme must confrom "
372 | "per the Python requests library: https://docs.python-requests.org/en/master/user/advanced/#proxies See "
373 | "https://github.com/opsdisk/yagooglesearch for more information."
374 | ),
375 | )
376 | parser.add_argument(
377 | "-o",
378 | nargs="?",
379 | metavar="JSON_FILE",
380 | dest="save_pagodo_results_to_json_file",
381 | action="store",
382 | default=False,
383 | help="R|Save URL dork data to a JSON file. Contains more information than .txt version\n"
384 | "no -o = Do not save dork data to a JSON file\n"
385 | "-o = Save dork data to pagodo_results_.json\n"
386 | "-o JSON_FILE = Save dork data to JSON_FILE",
387 | )
388 | parser.add_argument(
389 | "-s",
390 | nargs="?",
391 | metavar="URL_FILE",
392 | dest="save_urls_to_file",
393 | action="store",
394 | default=False,
395 | help="R|Save URL dork data to a text file.\n"
396 | "no -s = Do not save dork data to a file\n"
397 | "-s = Save dork data to pagodo_results_.txt\n"
398 | "-s URL_FILE = Save dork data to URL_FILE",
399 | )
400 | parser.add_argument(
401 | "-v",
402 | dest="verbosity",
403 | action="store",
404 | type=int,
405 | default=4,
406 | help="Verbosity level (0=NOTSET, 1=CRITICAL, 2=ERROR, 3=WARNING, 4=INFO, 5=DEBUG). Default: 4",
407 | )
408 |
409 | args = parser.parse_args()
410 |
411 | pagodo = Pagodo(**vars(args))
412 | pagodo.go()
413 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | beautifulsoup4==4.11.1
2 | requests==2.27.1
3 | yagooglesearch==1.6.0
4 |
--------------------------------------------------------------------------------