Google hacking for penetration testers

For site
site:csdn.netwww.csdn.netblog.csdn.net/cnasp
inurl:nqt.php intitle: "network query tool"
inurl:"/cgi-bin/userreg.cgi"
filetype:asp "custom error message"
"asp.net_sessionid" "data source="
Intext: "warning:failed opening" include_path
"http_from=googlebot" googlebot.com "server_software"
intitle:"lantronix web-managerintitle:"lantronix web-manager"
intitle:"index of " back files
inurl:admin backup
allinurl:admin backup
filetype:doc doc
info:blog.csdn.net
related:www.sina.com
define:ironic
site:blog.csdn.net inurl:csdn
intitle:index.of "parent directory"
intitle:index.of inurl:admin
intitle:index.of ws_ftp.log
intitle:index.of "server at"
intitle:index.of inurl:"admin/*"

For Web Servers
"AnWeb/1.42h" intitle:index.of
"Apache Tomcat/" intitle:index.of
"Apche-AdvancedExtranetServer/" intitle:index.of
"Apach/df-ets" intitle:index.of
"Apach/" "server at" intitle:index.of
"Apache/AmEuro" intitle:index.of
"Apache/Blast" intitle:index.of
"Apache/WWW" intitle:index.of
"Apache/df-exts" intitle:index.of
"CERN httpd 3.0B (VAX VMS)" intitle:index.of
fitweb-wwws * server at intitle:index.of
HP Apache-based Web "Server/" intitle:index.of
OpenSSL/0.9g intitle:index.of
"httpd+ssl/kttd" * server at intitle:index.of
"JRun Web Server" intitle:index.of
"MaXX/3.1" intitle:index.of
"Microsoft-ISS/
" server at intitle:index.of
"Microsoft-ISS/" intitle:index.of
"OmniHTTPd/2.10" intitle:index.of
"OpenSA/1.0.4" intitle:index.of
"Oracle HTTP Server Powered by Apache" intitle:index.of
"Red Hat Secure/
" server at intitle:index.of
SEDWebserver * server at intitle:index.of
"Apache/" intitle:index.of
"Apache/
" server at intitle:index.of
filetype:pst pst(contacts | address | inbox)
filetype:reg reg +intext: "internet account manager"

For E-Mail Address
"Internal server error" "server at"
Intitle:"execution of this script not permitted"
e-mail address filetype:csv csv
intitle:index.of dead.letter
inurl:fcgi-bin/echo
filetype:pst pst –from –to –data
intitle:inde.of inbox
intitle: "index of " –inurl:maillog maillog size
inurl:email filetype:mdb
filetype:xls inrul: "email.xls"
filetype:xls username password email
intitle:index.of inbox dbx
filetype:eml eml eml +intext: "subject" +intext: "from"
intitle:index.of inbox dbx
filetype:wab wab
filetype:pst inrul: "outlook.pst"
filetype:mbx mbx intext:subject
inurl:cgi-bin/printenv
inurl:forward filetype:forward –cvs
filetype:mail intext:password subject
filetype:eml intext:password subject
filetype:mbx intext:password subject
filetype:mbx intext:password subject

For network devices
inurl:indexframe.shtml axis
intitle: "live view / -axis"
intitle: "live view/ -axis"
inurl:view/view.sht
intitle: "the axis 200 home page"
intitle:liveapplet inurl:lvappl
intext: "mobotix m1" intext: "open menu"
intitle; "viewerframe?mode="
snc-rz30 home
intitle:flexwatch intext: "home page ver"
intitle:snc-z20 inurl:home/
"powered by webcamxp" "pro/broadcast"
Intitle: "remote ui:top page"
("fiery webtools" inurl:index2.html)
"webtools enable observe, , flow print jobs"
Intitle: "network administration" inurl: "nic"
Inurl:sts_index.cgi
Intitle:ricoh intitle: "network administration"
Intitle: "view and configure phaserlink"
Inurl:live_status.html
"phaser 6250" "printer neighborhood"
"phaser® 740 color printer" "printer named:" phaserlink
"phaser 8200" "© xerox" "refresh" "email alerts"
phaser® 840 color printer
intext:centreware inurl:status
intitle: "Xerox workcentre pro -index"

For usernames
"your username is"
Inurl:admin inurl:userlist
Inurl:admin filetype:asp
Inurl:userlist
Inurl:php inurl:hlstats intext;server username
Filetype:ctl inurl:haccess.ctl basic
Filetype:reg reg intext: "internet account manager"
Filetype:wab wab
Filetype:mdb inurl:profiles
Index.of perform.ini
Inurl:root.asp?acs=anon
Filetype:conf inurl:proftpd.conf –sample
Filetype:log username putty
Filetype:rdp rdp
Intitle:index.of .bash_history
Intitle:index.of .sh_history
"index of " lck
+intext:webalizer +intext:total usernames +intext: "usage statistics for"
Filetype:reg reg hkey_current_user username

For password information
Inurl:/db/main.mdb
Filetype:cfm "cfapplication name" password
Filetype:pass pass intext:userid
Allinurl:auth_user_file.txt
Eggdrop filetype:user user
Filetype:ini inurl:flashfxp.ini
Filetype:url +inurl: ftp:// +inurl: "@"
Inurl:zebra.conf intext:password –sample –test –tutorial –download
Filetype:htpasswd htpasswd
Intitle: "index of" ".htpasswd" "htgroup" –intitle: "dist" –apache –htpasswd.c
Intitle: "index of" ".htpasswd" htpasswd.bak
http://.@www bob:bob "sets mode: +k"
"your password if * remember this for later use"
Signin filetype:url
Leapftp intile: "index.of./" sites.ini modified
Inurl:lilo.conf filetype:conf password –tatercounter2000 –bootpwd –man
Filetype:config config intext:appsettings "user id"
Filetype:pwd service
Intitle:index.of administrators.pwd
"# -frontpage-"inurl:service.pwd ext:pwd inurl:_vti_pvt inurl:(service|authos|administrators)
Inurl: "index of "intext:globals.inc/.bak
Filetype:confoekakibbs
Filetype:dat wand.dat
Inurl:ospfd.conf intext:password –sample –test –tutorial –download
Index.of passlist
Inurl:passlist.txt
Filetype:dat "password.dat"
Inurl:password.log filetype:log
Filetype:log inurl: "password.log"
Inurl:people.lst filetype:lst
Intitle:index.of config.php
Inurl:config.php dbuname dbpass
Inurlnuke filetype:sql
Filetype:conf inurl:psybnc.conf "user.pass="
Filetype:ini servudaemon
Filetype:conf slapd.conf
Inurl: "slapd.conf" intext: "credentials" –manpage -"manual page" –man: -sample
Inurl: "slapd.conf" intext: "rootpw" –manpage -"manual page" –man: -sample
Filetype:sql "identified by" –cvs
Filetype:sql password
Filetype:ini wcx_ftp
Filetype:netrc password
Index.of.etc tial files
Intitle: "index of ..etc" passwd
Intitle:index.of passwd passwd.bak
Intitle: "index of" pwd.db
Intitle:index.of etc shadow
Intitle:index.of master.passwd
Intitle: "index of" spwd.db passwd –pam.conf
Filetype:bak inurl: "htaccess| passwd |shadow |htusers"
Filetype:inc dbconn
Filetype:inc intext:mysql_connect
Filetype:properties inurl:db
Intext:password
Inurl:vtund.conf intext:pass –cvs
Inurl: "wvdial.conf" intext; "password"
Filetype:mdb wwforum
"autocreate=true password=*"
Filetype:pwl pwl
Filetype:reg reg +intext; "defaultusername" intext: "defaultpassword"
Filetype:reg reg +intext: "internet account manager"
"index of/" "ws_ftp.ini" "parent directory"
Filetype:ini ws_ftp pwd
Inurl:/wwwboard

FOR documents
Filetype:xls username password email
Filetype:xls inurl: "password.xls"
Filetype;xls private
Inurl:admin filetype:xls
Filetype:xls inurl:contact
Filetype:xls inurl: "email.xls"
Allinurl:admin mdb
Filetype:mdb inurl:users.mdb
Inurl:email filetype:mdb
Inurl:backup filetype:mdb
Inurl:profiles filetype:mdb
Inurl:*db filetype:mdb

For sql database dumps
Inurl:nuke filetype:sql
Filetype:sql password
Filetype:sql "indetified by" –cvs
"#dumping data for table username user users password"
"#mysql dump" filetype:sql
"#phpmyadmin mysql-dump" filetype:txt
"#phpmyadmin mysql-dump"
"insert into" –"the

For database files
Filetype:cfm "cfapplication name " password
Filetype:mdb inurl:user.mdb
Inurl:email filetype:mdb
Inurl:forum filetype:mdb
Inurl:/db/main.mdb
Inurl:profiles filetype:mdb
Filetype:asp dbq="* server.mappath("mdb")"
Allinurl;admin mdb

最后也要说明一下,这本书不但讲了使用google搜索的基本技巧还进一步针对网络安全方面的东西细化了,比如里面有一整章说的就是怎样去保护自己在这个网络开放的时代,也叫知彼知己,防患于未然,安全意识的提高很有帮助。现在网络安全问题绝大部分是因为安全意识问题,你时时想到,就会督促你时时去做,你时时去做,你的网络安全性能就会时时改进,不是说么,没有绝对的安全,只有不断提高的安全防范意识。简单,但实用。

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 202,980评论 5 476
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 85,178评论 2 380
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 149,868评论 0 336
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,498评论 1 273
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,492评论 5 364
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,521评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 37,910评论 3 395
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,569评论 0 256
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 40,793评论 1 296
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,559评论 2 319
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,639评论 1 329
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,342评论 4 318
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 38,931评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,904评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,144评论 1 259
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 42,833评论 2 349
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,350评论 2 342

推荐阅读更多精彩内容

  • http://www.google.com/microsoft 微软...
    __Objc阅读 634评论 0 0
  • Spring Cloud为开发人员提供了快速构建分布式系统中一些常见模式的工具(例如配置管理,服务发现,断路器,智...
    卡卡罗2017阅读 134,580评论 18 139
  • 一、Nagios简介 Nagios是一款开源的电脑系统和网络监视工具,能有效监控Windows、Linux和Uni...
    1b3bd36d9d21阅读 8,140评论 3 13
  • site:可以限制你搜索范围的域名. inurl:用于搜索网页上包含的URL,这个语法对寻找网页上的搜索,帮助之类...
    傻傻笨笨宝宝阅读 19,129评论 0 9
  • 我把天空和大地 扫的干净 归还给 陌生的你 你从远方归来 面容憔悴 我不言 你不语 然后 相拥 流泪 天空正好下起了雨
    灿7阅读 229评论 1 2