Google Hacking Database

Google Hacking Database (GHDB)
Search the Google Hacking Database or browse GHDB categories
Sensitive Directories
Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive
to uber-secret!
DATE Title Summary

2003- What kinds of things might you find in directories marked
private
06-27 "private?" let's find out.....
2003- What kinds of goodies lurk in directories marked as
secret
06-27 "secret?" Find out......
2003- Backup directories are often very interesting places to
Look in my backup directories! Please?
06-24 explore. More than one server has been ...
2004- Adding "inurl:ftp (pub | incoming)" to the "index.of"
intitle:"index of" inurl:ftp (pub | inco...
12-30 searches helps locati...
2004-
allinurl:"/*/_vti_pvt/" | allinurl:"... Frontpage extensions for Unix ? So be it.....
12-29
2004- These directories reveal the configuration file of the abyss
intitle:index.of abyss.conf
12-19 webserver. These files can contain...
2004- With ColdFusion, you can build and deploy powerful web
intitle:"Index of /CFIDE/" administrator
12-19 applications and web services with far l...
2004- Invision Power File Manager is a popular file
"Powered by Invision Power File Manager"...
12-19 management script, written in the popular PHP Scr...
2004- This search uses desktop.ini to track users with a
intitle:"index of" "parent director...
12-05 webserver running on their desktop computers...
2004- TotalIndex v2.0 is an open source script that is designed
intext:"Powered By: TotalIndex" intitle:...
11-28 to replace the simple, and boring def...
2004- This search looks for indexes with the following
"intitle:Index.Of /" stats merchant cgi-...
11-07 subdirectories: stats, merchant, online-store ...
2004- This dork indicates the "Local settings" dir in most cases,
intitle:"index of" intext:"content....
10-31 and browseble server dire...
2004- Yes! I probably have should have told you guys earlier,
intitle:"index of" -inurl:htm -inurl:htm...
10-20 but this is how ive been getting 100% ...
2004- The DCIM directory is the default name for a few brands
index.of.dcim
10-25 of digital camers. This is not a big ne...
2004- The Google Hackers Guide explains how to find Apache
intitle:"Directory Listing For" intext:T...
10-19 directory indexes, which are the most comm...
2004- Webadmin.php is a free simple Web-based file manager.
intitle:"webadmin - /*" filetype:php dir...
09-24 This search finds sites that use this sof...
2004- intitle:index.of (inurl:fileadmin | TYPO3 is a free Open Source content management
09-21 intitle:filead... system for enterprise purposes on the web and in...
2004- These are index pages of "My Shared Folder". Sometimes
intitle:"Index of *" inurl:"my shar...
09-10 they contain juicy stuff like ...
Directories containing commercial
2004-
intitle:index.of /AlbumArt_ music.AlbumArt_{.*}.jpg are download/create by MS-
08-26
Windows Med...
2004- "The YouSendIt team was formed to tackle a common
intext:"d.aspx?id" || inurl:"d.aspx...
08-05 problem: secure transmission of large do...
2004- Picasa is an 'Automated Digital Photo Organizer' recently
"index of" / picasa.ini
07-20 aquired by Google. This search allows...
2004- These directories are named "password." I wonder what
index.of.password
07-16 you might find in here. Warning...
2004- inurl:explorer.cfm inurl:(dirpath|
Filemanager without authentication....
10-31 This_Directory)
2004- phpMyAdmin is a tool written in PHP intended to handle
Index of phpMyAdmin
07-12 the administration of MySQL over the Web...
2004- filetype:cfg ks intext:rootpw -sample -test Anaconda is a linux configuration tool like yast on suse
06-14 -howto linux. The root password is often encr...
2004- Gallery (http://gallery.menalto.com) is software that
intitle:"album permissions" "Users ...
06-02 allows users to create webalbums and uplo...
2004- Many of these directories contain information about the
"Index Of /network" "last modified&...
06-01 network, though an attacker would need ...
2004- According to whatis.com: "An intranet is a private
intitle:intranet inurl:intranet +intext:"huma...
05-13 network that is contained within an ent...
2004- Many times, this search will reveal temporary files and
inurl:/tmp
05-11 directories on the web server. The info...
2004- This is the default name of the Windows recycle bin. The
"index of" inurl:recycler
05-04 files in this directory may contain se...
2004- This is the default installation location of Oracle manuals.
inurl:/pls/sample/admin_/help/
04-28 This helps in footprinting a serve...
2004- This directory contains sample Oracle JSP scripts which
inurl:ojspdemos
04-28 are installed on the server. These prog...
2004- This directory contains sample JSP scripts which are
inurl:j2ee/examples/jsp
04-28 installed on the server. These programs ma...
2004- CGI directories contain scripts which can often be
"index of cgi-bin"
04-23 exploited by attackers. Regardless of the vu...
2004- This is the top level directory of ColdFusion, a powerful
intitle:"Index of" cfide
04-19 web development environment. This dir...
2004- This directory has various personal documents and
intitle:"index.of.personal"
03-29 pictures....
2004- These pages indicate that they are sharing the
intitle:"Index of c:\Windows"
02-10 C:\WINDOWS directory, which is the system folder...
2003- phpMyAdmin is a widly spread webfrontend used to
"Welcome to phpMyAdmin" " Create ne...
08-12 mantain sql databases. The default security me...
2004- This query reveals backup directories. These directories
inurl:backup intitle:index.of inurl:admin
03-16 can contain various information rangin...
2003- These directories are named "password." I wonder what
index.of.password
06-27 you might find in here. Warning...
2003- protected What could be in a directory marked as "protected?" Let's
06-27 find out......
2003- What could be hiding in directories marked as "secure?"
secure
06-27 let's find out......
2003- The \WINNT directory is the directory that Windows NT
winnt
06-27 is installed into by default. Now just be...
2015- The dork finds misconfigured WordPress sites.
inurl:wp-admin/ intext:css/
05-27 Author:NickiK. ...
2015- This dork finds open ftps. This is a base dork, where you
intitle:"Index of ftp"
05-26 can add intext:"ssh/" for ...
2015-
intitle:index.of.dropbox Sensitive Directories Ariel Anonis - @ariel_anonis ...
04-23
2015-
intitle:index.of.accounts Dork for directory with accounts. By Rootkit. ...
04-03
2015- intitle:index.of +"Indexed by Google dork for finding Private pics ;) :D
04-03 Apache::Gallery... #13lacKDemOn ...
2015- Relates to https://wordpress.org/plugins/wp-backitup/
inurl:/wp-content/wpbackitup_backups
02-27 Sensitive data/site rips/db rips in pu...
2015-
"Config" intitle:"Index of" in... Directory with keys of vpn servers. By Rootkit. ...
02-19
2015- "jos_users" intitle:"Index of" Files of configuration of
"jos_users" intitle:"Index of"
02-11 user Joomla serve...
2015-
inurl:/cgi-bin/.cgi Finds open index of /cgi-bin. ...
01-06
2014- i just found a google dork that is file/path disclosure of
allinurl:/hide_my_wp=
02-05 Hide My WP plugin Google dork -...
2013- Mac OSX directories -- -[Voluntas Vincit Omnia]-
intitle:"index of" intext:".ds_stor...
11-25 website http://www.erisresearch.org/ Go...
2013- Google search for shared HDD directories or shared
intitle:"index of" myshare
09-24 directories on servers. Gives access to oft...
2013- #Summary: Acces to Jenkins Dashboard #Author: g00gl3
inurl:8080 intitle:"Dashboard [Jenkins]"
08-08 5c0u7 ...
2013- the GHDB on subject (intitle:index.of
intitle:index.of intext:.bash_history
08-08 intext:.bash_history) finds all home users directory pat...
2013- intext:xampp-dav-unsecure: # Exploit Title: google dork for apache directory listing
08-08 $apr1$6O9scpDQ$JGw2Tjz0j... by url edit # Google Dork: intext:xa...
2013- Google Dork: "index of" inurl:sym You can Steal the
"index of" inurl:sym
04-09 symlinks of other Servers A...
2013- Google Dork: index of" inurl:root intitle:symlink Steal
"index of" inurl:root intitle:symlink
04-09 Others Symlink Author: Un0wn...
2012- Dork: inurl:ckfinder intext:"ckfinder.html" intitle:"Index
inurl:ckfinder intext:"ckfinder.html" in...
11-02 of /ckfinder" ...
2011-
inurl:/xampp this dork looks for servers with xampp installed...
11-19
2010-
allintext:"WebServerX Server at" Quick and dirty WebserverX HTTP server google dork ...
11-10
2010-
intitle:index.of ios -site:cisco.com Google search for Cisco IOS images Author: fdisk...
11-10
2010-
intitle:index.of cisco asa -site:cisco.com Google search for Pix/Asa images Author: fdisk...
11-10
2006- These directories can give information about a web
intitle:index.of.config
07-14 servers configuration. This should never be ...
2006- allintitle:"FirstClass Login" this is for firstclass directory
allintitle:"FirstClass Login"
02-28 listingsgo to http://[...
2006- Excelent information for foot holds. Everything from OS,
inurl:install.pl intext:"Reading path paramat...
01-16 to forum software, etc. Other exploits...
2005- "Warning: Installation directory exists by this dork you can find fresh installations of Zen-
12-01 at&qu... Cartsee Full Disclosure forums fore detail...
2005-
"Welcome to the directory listing of" &q... this is for NetworkActiv-Web-Server directory listing...
11-28
2005- Linklint is an Open Source Perl program that checks links
log inurl:linklint filetype:txt -"checking&qu...
11-11 on web sites. This search finds the L...
2005-
"Directory Listing for" "Hosted by ... directory listing for Xerver web server...
09-26
2005-
intitle:"Folder Listing" "Folder Li... directory listing for Fastream NETFile Web Server...
09-26
2005- intitle:"Backup-Management (phpMyBackup phpMyBackup is an mySQL backup tool, with features
09-13 v.0.4... like copying backups to a different server u...
2005- This search reveals the photo albums taken by Sprint PCS
intitle:"pictures thumbnails" site:pictu...
07-21 customers. Pictures taken with Sprint'...
2005- Finds java powered web servers which have indexing
intitle:index.of WEB-INF
05-02 enabled on their config directory...
2005-
intitle:index.of /maildir/new/ search gives you a mailbox dir. Contains a lot of mails....
03-26
2005- This dork finds any webshared windows folder inside my
filetype:ini Desktop.ini intext:mydocs.dll
02-17 docs. You can change the end bit "i...
2005- Torrent files .. don't expect to find spectacular stuff with
filetype:torrent torrent
01-16 this kind of string, this just to ...
2005-
"Index of" rar r01 nfo Modified 2004 New Warez Directory Lists...
01-09
2005- This will ask google to search for a php script used to
"Web File Browser" "Use regular exp...
01-07 manage files on a server. The script &q...
2005- "The HttpFileServer is a Java based mechanism for
intitle:"HFS /" +"HttpFileServer&qu...
01-05 providing web access to a set of files o...
2005- intitle:upload inurl:upload intext:upload The search reveals server upload portals.An attacker can
01-01 -forum -... use server space for his own benefit....
2016- Hostinger © 2016. All rights reserved Google Dork: Hostinger © 2016. All rights reserved
11-29 inurl:defaul... inurl:default.php Hostinger web hosting c...
2016- Dork: inurl:".esy.es/default.php" You can add “Here is a
inurl:".esy.es/default.php"
11-29 list of files in your pub...
2016- name =find liferay file page Google dork Description:
index:"html/js/editor/fckeditor/editor/filema...
10-04 index:"html/js/editor/fckeditor/ed...
2016- inurl:/FCKeditor/editor/filemanager/upload/ Let's you go
inurl:/FCKeditor/editor/filemanager/upload/
08-08 through unprotected files in the FC...
2016- inurl:pictures intitle:index.of Loads of personal pictures
inurl:pictures intitle:index.of
07-27 and what not Sent from trump t...
2016- One man's trash is another man's treasure. inurl:trash
inurl:trash intitle:index.of
06-06 intitle:index.of Decoy ...
2016- inurl:.ssh intitle:index.of authorized_keys SSH Keys inurl:.ssh intitle:index.of authorized_keys
06-06 Decoy ...
2016- Description: Drupal default web-forms' storage path,
inurl:/sites/default/files/webform/
05-10 usually a lot of files there contains juic...
2016- MAC OS X. Parent Directory Wordpress information.
intitle:Index of /__MACOSX ...
04-21 -Xploit ...
2016- This dork will find git repository's which may have
(intext:"index of /.git") ("parent ...
03-22 sensitive information. (intext:"ind...
inurl:safm.asp ext:asp
2016-
inurl:safm.asp ext:asp http://atawho.blogspot.com.tr/2016/03/simple-asp-
03-07
filemanager.html ...
2016- Awstats Log file's directory can reveal file/directory
intitle: Index of /awstats/data
01-06 location These logs file may also revea...
2015- Google Search: inurl:/server/webapps Submission Date:
inurl:/server/webapps
12-21 12/19/2015 Description: Apache Tomcat...
2015- Dork with juicy info. Enjoy xD. Dork by Rootkit
intitle:index.of.mail
11-13 Pentester. ...
2015-
inurl:pipermail intitle:index.of parent Pipermail Archives Decoy ...
11-11
2015-
inurl:"wp-content/uploads/private" Directories with juicy data. Dork by Rootkit Pentester. ...
11-11
2015-
intitle:index.of inurl:grades site:edu Directories containing grades. Decoy ...
11-02
2015- http://www.google.com/search?q=intitle:index.of parent
intitle:index.of parent inurl:repos
10-30 inurl:repos Shared repositories. Very...
2015- http://www.google.com/search?q="Desktop" parent
"Desktop" parent intitle:index.of
10-22 intitle:index.of Desktops shared o...
2015- http://www.google.com/search?q="My Documents"
"My Documents" "parent" intitl...
10-22 "parent" intitle:index.of ...
2015- Directories containing SQL Installs and/or SQL
"sql" "parent" intitle:index.o...
10-20 databases... Decoy ...
2015- Google dork Description: Juice Directory "ASP" Google
inurl:/aspnet_client/system_web/
10-19 search: inurl:/aspnet_client/s...
2015-
inurl:.DS_Store intitle:index.of Directories with DS_Store files. By Rootkit Pentester. ...
10-19
2015-
inurl:.listing intitle:index.of Directories with .listing files. By Rootkit Pentester. ...
10-19
2015- http://www.google.com/search?q=inurl:users
inurl:users intitle:index.of
10-16 intitle:index.of User folders containing interest...
2015- http://www.google.com/search?q=private parent
private parent intitle:index.of
10-16 intitle:index.of Dork for all sorts of juicy s...
2015-
mail spool intitle:index.of Dork for mail spools. Decoy ...
10-16
2015- Dork= inurl:"default.php" intext:"website" "has been
inurl:"default.php" intext:"website...
09-17 successfully inst...
2015- Directories with interesting info. Have Fun Responsible.
intitle:"Index.of" "attachments&quo...
09-10 Dork by Rootkit Pentester. ...
2015- this dork find db.crypt/.db files of whatsapp conversations
intitle:"Index of" "WhatsApp Databa...
09-07 you can open them with https://co...
2015- inurl:"/cms/app/webroot" inurl:"/cms/app/webroot" Author:ShockvaWe (mrnoone)
09-01 özüm ...
2015- WhatsApp Images folder, usually from backups.
intitle:"Index of" "WhatsApp Images...
08-24 --pmbento ...
2015-
intitle:"Index of" "DCIM" A lot of Camera Photos Dump. Have Fun!. Rootkit. ...
08-19
2015- Dork: intext:index of sym Most of hacker use auto server
intext:index of sym
08-10 symlink script and grab all the con...
2015- Exploit title: intitle:index.of.pubs Description:
intitle:index.of.pubs
07-09 intitle:index.of.pubs Sensitive Directories...
2015-
intitle:"Index of" "wwwroot" Directory of wwwroot Dork. Enjoy xD. By Rootkit. ...
06-30
2015- # Exploit Title: intitle:"index of" inurl:"no-ip.com" #
intitle:"index of" inurl:"no-ip.com...
06-17 Google Dork: intit...
2015-
intitle:"Index Of" intext:"iCloud P... From: Creep Mode Baby ...
06-17
2015-
inurl:private_files Directory private files xD. By Rootkit. ...
06-10
2015- # Exploit Title: intitle:"index of" "onetoc2" "one" #
intitle:"index of" "onetoc2" &...
06-04 Google Dor...
https://www.exploit-db.com/google-hacking-database/3/?pg=1
Table of Contents:
Footholds
Files containing usernames
Sensitive Directories
Web Server Detection
Vulnerable Files
Vulnerable Servers
Error Messages
Files containing juicy info
Files containing passwords
Sensitive Online Shopping Info
Network or vulnerability data
Pages containing login portals
Various Online Devices
credit http://www.exploit-db.com/google-dorks/
2014-04-
intitle:”Zimbra Web Client Sign In” Pages containing login portals
21
2014-04-
intitle:”Zimbra Web Client Log In” Pages containing login portals
21
2014-04-
inurl:typo3/install/index.php?mode= Pages containing login portals
07
2014-04-
inurl:typo3conf/localconf.php Files containing passwords
07
2014-03-
inurl:/backup intitle:index of backup intext:*sql Files containing passwords
31
2014-03-
inurl:”Citrix/XenApp/auth/login.aspx” Pages containing login portals
31
2014-03-
filetype:pdf “acunetix website audit” &q… Files containing juicy info
31
2014-03- inurl:crossdomain filetype:xml intext:allow-

27 access…
2014-03- inurl:clientaccesspolicy filetype:xml

27 intext:allow…
2014-02-
intitle:Admin inurl:login.php site:.co.in Pages containing login portals
28
2014- dork to find uploaded WSO 2.4 shell by hackers. found

intitle:”WSO 2.4″ [ Sec. Info ], [ Files…
01-03 Anon?M ID …
2014- the dork is used to find uploaded 1n73ct10n Shell on

intitle:”=[ 1n73ct10n privat shell ]=”
01-03 website. found by Anon?M ID …
2013- filetype:php intext:”!C99Shell v. 1.0 php backdoor: c99 shell — -[Voluntas Vincit Omnia]-
11-25 beta&qu… website http://www.erisresearch.org/…
2013-
intitle:”uploader by ghost-dz” ext:php intitle:”uploader by ghost-dz” ext:php…
11-25
2013- Finds websites that have 1337w0rm’s CPanel cracker

inurl:1337w0rm.php intitle:1337w0rm
08-08 uploaded. Since the Cracker is relatively n…
2012- This dork finds websites that were hacked, backdoored

inurl:”r00t.php”
11-02 contains their system information e…
2012- User & Domain || Symlink Using this dork you can find t
intitle:C0ded By web.sniper
11-02 User and the Domains of the Serv…
2012-
intitle:Priv8 SCR I am Un0wn_X Symlink User configs intitle:Priv8 SCR …
11-02
2011- inurl:”amfphp/browser/servicebrowser.swf
AMFPHP service browser, debug interface. Author: sydd
09-26 ”…
2011- A foothold using allintext:”fs-admin.php” shows the wo

allintext:”fs-admin.php”
01-09 readable directories of a…
2006- sHOUTcast is a free-of-charge audio homesteading solu

(intitle:”SHOUTcast Administrator”)|(int…
05-03 It permits anyone on the internet to…
2006-
(intitle:”WordPress ÃƒÂ¢Ã¢â€šÂ¬Ã… Alter setup configuration files.add ?step=1…
03-15
2006- searches for scripts that let you upload files which you
“index of /” ( upload.cfm | upload.asp |…
03-06 then execute on the server….
2006- “Please re-enter your password It must

Invision Powerboard registration pages. Plain and simpl
02-08 match …
2006- This query shows installations of Serena Teamtrack.

inurl:”tmtrack.dll?”
01-04 (www.serena.com).You may be able to adjust …
2005-
inurl:polly/CP You can get into admin panel without logging….
10-06
2005- net2ftp is a web-based FTP client written in PHP. Lets

intitle:”net2ftp” “powered by net2f…
09-25 explain this in detail. Web-based means …
2005- Basicly MyShell is a php program that allows you to exe

intitle:MyShell 1.1.0 build 20010923
08-15 commands remotely on whichever serv…
2005- intitle:”YALA: Yet Another LDAP YALA is a web-based LDAP administration GUI. The idea
05-02 Administrator… to simplify the directory administrati…
2005- intitle:”ERROR: The requested URL could squid error messages, most likely from reverse proxy
04-27 not b… servers….
2004- inurl:”phpOracleAdmin/php” phpOracleAdmin is intended to be a webbased Oracle Object

12-19 -download -cv… Manager.In many points alike phpMyAdm…
2004- PHPKonsole PHPShell filetype:php PHPKonsole is just a little telnet like shell wich allows you to ru
11-28 -echo commands on the webserver….
2004- filetype:php HAXPLORER “Server Haxplorer is a webbased filemanager which enables the user t
11-28 Files Browser&… browse files on the webserver. Yo…
2004- inurl:ConnectComputer/precheck.h Windows Small Business Server 2003: The network configurati
11-06 tm | inurl:Remote/… page is called “ConnectCompu…
2004- (inurl:81/cgi-bin/.cobalt/) | The famous Sun linux appliance. The default page displays thi
10-22 (intext:”Welco… text:”Congratulations on Ch…
2004- intitle:”Web Data Administrator – The Web Data Administrator is a utility program implemented
10-09 Login” ASP.NET that enables you to easi…
2004- “adding new user” Allows an attacker to create an account on a server running
07-20 inurl:addnewuser -&quo… Argosoft mail server pro for window…
2004- PHP Shell is a shell wrapped in a PHP script. It’s a tool you can
PHP Shell (unprotected)
07-12 to execute arbiritary she…
2004- PHPFM is an open source file manager written in PHP. It is easy

Public PHP FileManagers
07-12 set up for a beginner, but s…
2004- +htpasswd +WS_FTP.LOG WS_FTP.LOG can be used in many ways to find more informatio
05-20 filetype:log about a server. This query is very…
2003- Admin Login pages. Now, the existance of this page does not
intitle:admin intitle:login
09-09 necessarily mean a server is vulner…
2013- intext:”root:x:0:0:root:/root:/bin/bash
Author: ./tic0 | Izzudin al-Qassam Cyber Fighter …
04-22 ”…
2013-
inurl:”/root/etc/passwd” intext:”ho… inurl:”/root/etc/passwd” intext:”home/*:” …
04-22
2006- site:extremetracking.com The search reveals usernames (right in the URL in green) an
07-31 inurl:”login=” links to the sites that are signed…
2005- intext:”SteamUserPassphrase=” This will search for usernames and passwords for steam
06-05 intext:&qu… (www.steampowered.com) taken from the St…
2004- This search jumps right to the main page of Outlook Web Ac
OWA Public folders & Address book
06-19 Public Folders and the Exchange …
2004- filetype:conf inurl:proftpd.conf A standard FTP configuration file that provides far too many
05-20 -sample details about how the server is se…
2004- These log files record info about the SSH client PUTTY. These
filetype:log username putty
05-13 files contain usernames, site nam…
2004- filetype:reg reg +intext:”internet This google search reveals users names, pop3 passwords, e
05-12 account ma… addresses, servers connected to a…
2004- filetype:reg reg This search finds registry files from the Windows Operating
05-11 HKEY_CURRENT_USER username system. Considered the “soul&q…
2004- The webalizer program displays various information but this

+intext:”webalizer” +intext:”Total …
05-03 query displays usernames that have …
2004- inurl:php inurl:hlstats intext:”Server This page shows the halflife stat script and reveals the
04-28 Userna… username to the system. Table structur…
2004- This file contains information about the mIRC client and may
index.of perform.ini
04-13 include channel and user names….
2004- These lock files often contain usernames of the user that ha
“index of” / lck
04-13 locked the file. Username harvest…
2004- This search reveals userlists of administrative importance.

inurl:admin filetype:asp inurl:userlist
03-16 Userlists found using this method c…
2004- This search reveals userlists of administrative importance.

inurl:admin inurl:userlist
03-16 Userlists found using this method c…
2003- Ok, this file contains what a user typed at a shell command
sh_history files
06-24 prompt. You shouldn’t advertise thi…
2003- Ok, this file contains what a user typed at a shell command
bash_history files
06-24 prompt. You shouldn’t advertise thi…
2014- i just found a google dork that is file/path disclosure of Hide

allinurl:/hide_my_wp=
02-05 WP plugin Google dork -…
2013- Mac OSX directories — -[Voluntas Vincit Omnia]- website

intitle:”index of” intext:”.ds_stor…
11-25 http://www.erisresearch.org/ Go…
2013- Google search for shared HDD directories or shared directori
intitle:”index of” myshare
09-24 on servers. Gives access to oft…
2013- inurl:8080 intitle:”Dashboard #Summary: Acces to Jenkins Dashboard #Author: g00gl3 5c

08-08 [Jenkins]” …
2013- the GHDB on subject (intitle:index.of intext:.bash_history) fin

intitle:index.of intext:.bash_history
08-08 all home users directory pat…
2013- intext:xampp-dav-unsecure: # Exploit Title: google dork for apache directory listing by ur
08-08 $apr1$6O9scpDQ$JGw2Tjz0j… # Google Dork: intext:xa…
2013- Google Dork: “index of” inurl:sym You can Steal the symlinks
“index of” inurl:sym
04-09 other Servers A…
2013- Google Dork: index of” inurl:root intitle:symlink Steal Others

“index of” inurl:root intitle:symlink
04-09 Symlink Author: Un0wn…
2012- inurl:ckfinder intext:”ckfinder.html” Dork: inurl:ckfinder intext:”ckfinder.html” intitle:”Index of

11-02 in… /ckfinder” …
2011-
inurl:/xampp this dork looks for servers with xampp installed…
11-19
2010-
allintext:”WebServerX Server at” Quick and dirty WebserverX HTTP server google dork …
11-10
2010-
intitle:index.of ios -site:cisco.com Google search for Cisco IOS images Author: fdisk…
11-10
2010- intitle:index.of cisco asa

Google search for Pix/Asa images Author: fdisk…
11-10 -site:cisco.com
2006- These directories can give information about a web servers

intitle:index.of.config
07-14 configuration. This should never be …
2006- allintitle:”FirstClass Login” this is for firstclass directory listin

allintitle:”FirstClass Login”
02-28 to http://[…
2006- inurl:install.pl intext:”Reading path Excelent information for foot holds. Everything from OS, to fo
01-16 paramat… software, etc. Other exploits…
2005- “Warning: Installation directory by this dork you can find fresh installations of Zen-Cartsee Fu
12-01 exists at&qu… Disclosure forums fore detail…
2005- “Welcome to the directory listing of”

this is for NetworkActiv-Web-Server directory listing…
11-28 &q…
2005- log inurl:linklint filetype:txt Linklint is an Open Source Perl program that checks links on
11-11 -“checking&qu… sites. This search finds the L…
2005-
“Directory Listing for” “Hosted by … directory listing for Xerver web server…
09-26
2005- intitle:”Folder Listing”

directory listing for Fastream NETFile Web Server…
09-26 “Folder Li…
2005- intitle:”Backup- phpMyBackup is an mySQL backup tool, with features like copying backu
09-13 Management
(phpMyBackup v.0.4… to a different server u…
2005- intitle:”pictures This search reveals the photo albums taken by Sprint PCS customers.
07-21 thumbnails” site:pictu… Pictures taken with Sprint’…
2005- Finds java powered web servers which have indexing enabled on their co
intitle:index.of WEB-INF
05-02 directory…
2005- intitle:index.of
search gives you a mailbox dir. Contains a lot of mails….
03-26 /maildir/new/
2005- filetype:ini Desktop.ini This dork finds any webshared windows folder inside my docs. You can
02-17 intext:mydocs.dll change the end bit “i…
2005- Torrent files .. don’t expect to find spectacular stuff with this kind of strin
filetype:torrent torrent
01-16 this just to …
2005- “Index of” rar r01 nfo

New Warez Directory Lists…
01-09 Modified 2004
2005- “Web File Browser” “Use This will ask google to search for a php script used to manage files on a
01-07 regular exp… server. The script &q…
2005- intitle:”HFS /” “The HttpFileServer is a Java based mechanism for providing web access
01-05 +”HttpFileServer&qu… set of files o…
intitle:upload
2005- The search reveals server upload portals.An attacker can use server spa
inurl:upload
01-01 for his own benefit….
intext:upload -forum -…
2004- intitle:”index of” inurl:ftp

Adding “inurl:ftp (pub | incoming)” to the “index.of” searches helps loca
12-30 (pub | inco…
2004- allinurl:”/*/_vti_pvt/” |
Frontpage extensions for Unix ? So be it…..
12-29 allinurl:”…
2004- intitle:index.of These directories reveal the configuration file of the abyss webserver. Th
12-19 abyss.conf files can contain…
2004- intitle:”Index of /CFIDE/” With ColdFusion, you can build and deploy powerful web applications an
12-19 administrator web services with far l…
2004- “Powered by Invision Invision Power File Manager is a popular file management script, written
12-19 Power File Manager”… the popular PHP Scr…
2004- intitle:”index of” “parent This search uses desktop.ini to track users with a webserver running on
12-05 director… desktop computers…
2004- intext:”Powered By: TotalIndex v2.0 is an open source script that is designed to replace the
11-28 TotalIndex” intitle:… simple, and boring def…
2004- “intitle:Index.Of /” stats This search looks for indexes with the following subdirectories: stats,
11-07 merchant cgi-… merchant, online-store …
2004- intitle:”index of” This dork indicates the “Local settings” dir in most cases, and browseble
10-31 intext:”content…. server dire…
2004- intitle:”index of” -inurl:htm Yes! I probably have should have told you guys earlier, but this is ho
10-20 -inurl:htm… ive been getting 100% …
2004- The DCIM directory is the default name for a few brands of digital
index.of.dcim
10-25 camers. This is not a big ne…
2004- intitle:”Directory Listing For” The Google Hackers Guide explains how to find Apache directory
10-19 intext:T… indexes, which are the most comm…
2004- intitle:”webadmin – /*” Webadmin.php is a free simple Web-based file manager. This search
09-24 filetype:php dir… finds sites that use this sof…
intitle:index.of
2004- TYPO3 is a free Open Source content management system for enter
(inurl:fileadmin |
09-21 purposes on the web and in…
intitle:filead…
2004- intitle:”Index of *” inurl:”my These are index pages of “My Shared Folder”. Sometimes they conta
09-10 shar… juicy stuff like …
2004- Directories containing commercial music.AlbumArt_{.*}.jpg are

intitle:index.of /AlbumArt_
08-26 download/create by MS-Windows Med…
2004- intext:”d.aspx?id” || “The YouSendIt team was formed to tackle a common problem: secu
08-05 inurl:”d.aspx… transmission of large do…
2004- Picasa is an ‘Automated Digital Photo Organizer’ recently aquired by

“index of” / picasa.ini
07-20 Google. This search allows…
2004- These directories are named “password.” I wonder what you might fi
index.of.password
07-16 in here. Warning…
2004- inurl:explorer.cfm inurl:

Filemanager without authentication….
10-31 (dirpath|This_Directory)
2004- phpMyAdmin is a tool written in PHP intended to handle the

Index of phpMyAdmin
07-12 administration of MySQL over the Web…
2004- filetype:cfg ks intext:rootpw Anaconda is a linux configuration tool like yast on suse linux. The ro
06-14 -sample -test -howto password is often encr…
2004- intitle:”album permissions” Gallery (http://gallery.menalto.com) is software that allows users to

06-02 “Users … create webalbums and uplo…
2004- “Index Of /network” “last Many of these directories contain information about the network, th
06-01 modified&… an attacker would need …
2004- intitle:intranet inurl:intranet According to whatis.com: “An intranet is a private network that is
05-13 +intext:”huma… contained within an ent…
2004- Many times, this search will reveal temporary files and directories on
inurl:/tmp
05-11 web server. The info…
2004- This is the default name of the Windows recycle bin. The files in this
“index of” inurl:recycler
05-04 directory may contain se…
2004- inurl:/pls/sample/admin_/hel This is the default installation location of Oracle manuals. This helps
04-28 p/ footprinting a serve…
2004- inurl:ojspdemos This directory contains sample Oracle JSP scripts which are installed
04-28 the server. These prog…
2004- This directory contains sample JSP scripts which are installed on the ser
inurl:j2ee/examples/jsp
04-28 These programs ma…
2004- CGI directories contain scripts which can often be exploited by attackers
“index of cgi-bin”
04-23 Regardless of the vu…
2004- This is the top level directory of ColdFusion, a powerful web developmen
intitle:”Index of” cfide
04-19 environment. This dir…
2004-
intitle:”index.of.personal” This directory has various personal documents and pictures….
03-29
2004- intitle:”Index of These pages indicate that they are sharing the C:\WINDOWS directory,
02-10 c:\Windows” which is the system folder…
“Welcome to
2003- phpMyAdmin is a widly spread webfrontend used to mantain sql databa
phpMyAdmin” ” Create
08-12 The default security me…
ne…
inurl:backup
2004- This query reveals backup directories. These directories can contain var
intitle:index.of
03-16 information rangin…
inurl:admin
2003- These directories are named “password.” I wonder what you might find
index.of.password
06-27 here. Warning…
2003-
protected What could be in a directory marked as “protected?” Let’s find out……
06-27
2003-
secure What could be hiding in directories marked as “secure?” let’s find out…
06-27
2003- The \WINNT directory is the directory that Windows NT is installed into b
winnt
06-27 default. Now just be…
2003- What kinds of things might you find in directories marked “private?” let
private
06-27 find out…..
2003-
secret What kinds of goodies lurk in directories marked as “secret?” Find out…
06-27
2003- Look in my backup Backup directories are often very interesting places to explore. More tha
06-24 directories! Please? one server has been …
2006- intitle:”BadBlue: the file-

Badblue file sharing web server detection…
05-23 sharing web server…
2006- intext:”Target Multicast “… Multicast Beacon is a multicast diagnostic tool written in Perl which u
05-03 Group” “be… the RTP pr…
2006- intitle:”Apache Status”

New Apache Server Status Dork…
05-03 “Apache Ser…
2006- inurl:wl.exe inurl:?SS1= List server apparently keeps track of many clients, not just Domains and
02-08 intext:”Operating sy… hardware, but Operatin…
2005- inurl:nnls_brand.html OR Novell Nterprise Linux Services detection dork. Some of the features are
11-16 inurl:nnls_nav.html iFolder* Samba* NetS…
2005- (intitle:”502 Proxy A reverse proxy is a gateway for servers, and enables one web server to
05-30 Error”)|(intitle:&qu… provide content from an…
2005- intitle:”Welcome to The 602LAN SUITE runs on a webserver called WEB602/1.04 and include
05-20 602LAN SUITE *” webmail….
2005- intitle:”Document title

IBM Http Server (AS/400)…
05-02 goes here” intit…
intitle:”Welcome To Your
2005- This is the default page for the WebSTAR (Macintosh) web server (Heade
WebSTAR Home
05-02 say –> Server: Web…
Page&qu…
2005- intitle:”Welcome to the Webserver detection: The Advanced Extranet Server project aims to cre
04-27 Advanced Extranet Ser… an extensible open sou…
intitle:”Welcome to
2005- Another way to find Small Business Server 2003, for more results check
Windows Small Business
04-16 dork by JimmyNeutron…
Se…
2005- thttpd is is a webserver written in C and should compile and run on mos
thttpd webserver
03-29 unix-like systems. As …
2005- intitle:”IPC@CHIP web server detection for IPC@chip embedded webserverThe dork uses t
03-29 Infopage” webserver’s infopage whic…
2005- YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high

yaws.*.server.at
03-31 perfomance 1.1 webserver. …
2005- intitle:”Test Page for the

Apache 2.0 on Fedore Core Test page…
03-20 Apache HTTP Server…
2005- Powered.by.RaidenHTTPD RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web se

03-18 intitle:index.of software for Window…
2005- (inurl:81-cobalt |
Cobal RaQ internal pages…
03-05 inurl:cgi-bin/.cobalt)
2005- intitle:”welcome to mono XSD is the demo webserver for the Mono project and allows the executio
02-15 xsp” ASP.NET on Unix…
2005- inurl:oraweb Oracle administrators tend to naming their servers ora* – maybe becau
01-27 -site:oraweb.org they forget the name of…
2005- “Netware * Home” Rather than submitting various searches for all kinds of NetWare related
01-26 inurl:nav.html pages, Novell NetWare’…
2005- XAMPP XAMPP is an easy to install Apache distribution containing MySQL, PHP an
01-21 “inurl:xampp/index” Perl. XAMPP is really…
2004- The JanaServer 2 is amongst other things a proxy server, that makes it
inurl:2506/jana-admin
12-13 possible for LAN members…
2004- allintext:”Powered by WWW File Share Pro is a small HTTP server that can help you share files w
12-13 LionMax Software” … your friends. They…
2004- intitle:”Resin Default Resin provides a fast standalone web server. This search locates those
11-30 Home Page” servers based on the tit…
2004- intitle:”Welcome To Default Xitami installationAdditionally every default installation of Xitami

11-28 Xitami” -site:xitami… webserver has a te…
2004- intitle:”Welcome to Your

This finds the default Apache page on Debian installs….
11-13 New Home Page!”…
2004- “About Mac OS Personal Mac OS Personal Web Sharing allows Mac OS users to share Folders over
11-07 Web Sharing” Web.If you open this …
2004- “Switch to table format” This is an index page of OReilly WebSite Professional.WebsitePro was
11-07 inurl:table|pla… developed by O’reily and d…
2004- intitle:”Object not

This one detects apache werbservers (2.0.X/SuSE) with its error page….
10-12 found!” intext:”…
2004- intitle:”Open WebMail” “Open WebMail is a webmail system based on the Neomail version 1.14 f
10-12 “Open WebMai… Ernie Miller. Ope…
2004- intitle:”error 404″ “From WebLogic Server Process Edition extends the functionality of the Applicat
10-12 RFC 2068 … Server by convergi…
2004- intitle:”Directory Listing, Vendor page:”Einfache HTTP-Server-Software fÃƒÆ’Ã‚Â¼r privates

10-12 Index of /*/”… Homepage-Hosting …
2004- intitle:”Lotus Domino Go Domino Go Webserver is a scalable high-performance Web server that ru
10-12 Webserver:” &qu… on a broad range of pla…
2004- intitle:”Object not

This search will show netware apache webservers as the result….
10-09 found” netware “…
intitle:AnswerBook2
2004- First of all this search indicates solaris machines and second the webserv
inurl:ab2/ (inurl:8888 |
09-26 is vulnerable to …
inurl…
2004- intext:”404 Object Not

This search finds IIS 5.0 error pages = IIS 5.0 Server…
08-16 Found” Microsoft-…
2004- intitle:”Shoutcast shoutcast is software for streaming mp3 and such. This search finds the
07-29 Administrator” administrator page. It …
2004- “powered by” shoutstats is a fast, free Shoutcast server statistic analysis program. It
07-29 “shoutstats” hour… produces instant and…
“Novell, Inc”
2004-
WEBACCESS Username This may be used to find Novell Grouwise Webaccess servers….
07-26
Passwor…
2004- “httpd+ssl/kttd” * The version of a particular web server can be detected with a simple que
07-19 server at intitle:ind… like this one. Altho…
2004- fitweb-wwws * server at The version of a particular web server can be detected with a simple que
07-19 intitle:index.of like this one. Altho…
2004- sEDWebserver * server The version of a particular web server can be detected with a simple que
07-19 +at intitle:index.of like this one. Altho…
2004- “Red Hat Secure/3.0 The version of a particular web server can be detected with a simple que
07-19 server at” like this one. Altho…
2004- The version of a particular web server can be detected with a simple que
“Red Hat Secure/2.0”
07-19 like this one. Altho…
2004- “OpenSA/1.0.4” The version of a particular web server can be detected with a simple que
2004- “OmniHTTPd/2.10” The version of a particular web server can be detected with a simple que
2004- “Microsoft-IIS/6.0” The version of a particular web server can be detected with a simple que
2004- “Microsoft-IIS/5.0 server The version of a particular web server can be detected with a simple que
07-19 at” like this one. Altho…
2004- “Microsoft-IIS/4.0” The version of a particular web server can be detected with a simple que
2004- “Microsoft-IIS/* server The version of a particular web server can be detected with a simple que
07-19 at” intitle:inde… like this one. Altho…
2004- “MaXX/3.1” The version of a particular web server can be detected with a simple que
2004- “JRun Web Server” The version of a particular web server can be detected with a simple que
2004- “CERN httpd 3.0B (VAX The version of a particular web server can be detected with a simple que
07-19 VMS)” like this one. Altho…
2004- “AnWeb/1.42h” The version of a particular web server can be detected with a simple que
2004- Red Hat Unix Red Hat UNIX Administration Pages. This search detects the fixed title for
07-12 Administration admin pages on c…
2004- This is a generic way of grabbing those CGI-spewed environmental var lis
Environment vars
07-02 To narrow to things…
2004- allinurl:”.nsconfig” Access to a Web server’s content, CGI scripts, and configuration files is
06-18 -sample -howto -tut… controlled by entries…
2004- This will return a listing of servers running Lotus Domino. These servers b
inurl:domcfg.nsf
05-17 default have very…
2004- intitle:”300 multiple This search shows sites that have the 300 error code, but also reveal a s
05-13 choices” tag at the botto…
2004- intitle:Snap.Server This page reveals the existance of a SNAP server (Netowrk attached serv
04-23 inurl:Func= NAS devices) Depen…
2004- intitle:”Test Page for This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use th
04-20 Apache” information to dete…
2004- allintitle:Netscape This finds default installations of Netscape Fasttrack Server. In many case
03-18 FastTrack Server Home default installat…
Page
03-04 Apache” “It … information to dete…
03-04 Apache” “It … information to dete…
2004- “seeing this instead” This is the default web page for Apache 1.3.11 – 1.3.26. Hackers can use
03-04 intitle:”test… information to de…
aboutprinter.shtml
2003- More Xerox printers on the web! Google found these printers. Should the
(More Xerox printers on
08-11 management interface …
the web…
index_i.shtml Ready
2003- These printers are not-only web-enabled, but their management interfac
(Xerox printers on the
08-11 somehow got crawled by …
web!)
2003- inurl:tech-support This is a way to find Cisco products with an open web interface. These ar
08-07 inurl:show Cisco generally supposed t…
2003- OpenBSD running I like the OpenBSD operating system. I really do. And I like the Apache we
06-24 Apache server software. Ho…
2003- Moving from personal, lightweight web servers into more production-read
IIS 4.0
06-24 software, we find that…
2003- Windows 2000 Internet At first glance, this search reveals even more examples of operating syst
06-24 Services users enabling the …
2003- Apache online When you install the Apache web server, you get a nice set of online
06-24 documentation documentation. When you le…
2013- -site:simplemachines.org Dork: -site:simplemachines.org “These are the paths and URLs to
09-24 “These are the paths… SMF installation&qu…
2011- allinurl:forcedownload.php? Didn’t see this anywhere in the GHDB, but its been known for a wh
08-25 file= and widely abused by oth…
2011- ionCube Loader Wizard inurl:loader-wizard ext:php This dork displays sensitive information
05-28 information disclosure Auth0r: MaXe…
2011- inurl:/install/install.php intitle:vBulletin * Install System This dork

vBulletin Install Page Detection
05-27 displays the untreat…
2006-
inurl:”simplenews/admin” hxxp://evuln.com/vulns/94/summary.html…
09-13
2006- inurl:updown.php | this (evil ) script lets you to upload a php shell on target server, in
02-28 intext:”Powered by PHP Upl… most cases not password…
2005- inurl:guestbook/guestbooklist. A sql vulnerability has been reported in a Techno Dreams asp scrip
12-19 asp “Post Date&… login.asp. http://search.s…
2005- A cross site scripting vunerability has been discovered in CJ linkou

intitle:”CJ Link Out V1″
10-26 version 1.x. CJ linkout i…
2005- “powered by mailgust” MailGust 1.9/2.0 (possibly prior versions) SQL injection / board
09-26 takevorsoftware:site: http://w…
2005- My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site:

“powered by my little forum”
09-26 http://www.mylittlehomepage.net/my_li…
2005- intitle:”Control panel” “Control Build, manage and customize your own search engine friendly new
09-25 Pa… article site from scratch –…
2005- The CartWIZ eCommerce Shopping Cart System will help you build
inurl:cartwiz/store/index.asp
09-25 your online store through an int…
2005- “e107.org 2002/2003” e107 is prone to an input validation vulnerability. This issue is due
09-13 inurl:forum_post.ph… failure in the appli…
2005- “maxwebportal” several vulnerabilities relating to this.MaxWebPortal is a web porta

09-13 inurl:”default”… and online community syst…
2005- “Mail-it Now!” intitle:”Contact Mail-it Now! 1.5 (possibly prior versions) contact.php remote code
09-11 for… executionsite: http://www.sk…
2005- “Warning:” “Cannot execute a “Warning: passthru(): Cannot execute a blank command in” “Warn
09-11 blank … system(): Can…
2005- “Powered by xcomic”this is a recent exploit, you can retrieve any fi

“Powered by Xcomic”
09-08 on target syst…
2005- FunkBoard V0.66CF (possibly prior versions) cross site scripting,

“Powered by FunkBoard”
08-08 possible database username/pa…
2005- “Powered by FlexPHPNews” 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection,
08-07 inurl:news | in… cross site scripting & re…
2005- “Powered By: Simplicity oF 26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior verso
08-07 Upload” inurl… remote code execution &…
2005- inurl:nquser.php Netquery 3.1 remote commands execution, cross site scripting, informat
08-07 filetype:php disclosure poc exploi…
2005- PHPFreeNews 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql

08-07 inurl:Admin.php injection/login bypass, cross s…
2005- silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypa
“Powered by SilverNews”
08-07 Remote commands e…
2005- “Powered by Gravity 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote c
08-07 Board” execution, SQL Injec…
2005- filetype:mdb “standard These Microsoft Access Database files may contain usernames, passwor
07-26 jet” simply prompts for su…
2005- intitle:”PHPstat” Phpstat shows nice statistical informatino about a website’s visitors. Cer
06-03 intext:”Browser&q… versions are als…
2005- intitle:”SSHVnc
sSHTerm Applet en SSHVnc Applet pages….
05-20 Applet”OR intitle:”…
2005- inurl:cgi-bin Anonymous surfing with bigate.cgi. Remove http:// when you copy paste
04-27 inurl:bigate.cgi it won’t work….
filetype:pl
2004- WebCal allows you to create and maintain an interactive events calenda
-intext:”/usr/bin/perl”
12-01 scheduling system on…
inur…
2004- filetype:mdb Web Wiz Site News unprotected database holds config and admin
11-30 inurl:”news/news” information in a microsoft access…
inurl:php.exe
2004- It is possible to read any file remotely on the server with PHP.EXE (assum
filetype:exe
11-28 a script alias fo…
-example.com
2004- “Powered by Land Down sQL injection vulnerability in Land Down Under 601 could give an attack
11-18 Under 601” administrative access…
2004- ext:asp “powered by DUForum is one of those free forum software packages. The database
11-16 DUForum” inurl:(mess… location is determined by th…
2004- ext:asp inurl:DUgallery The MS access database can be downloaded from inside the docroot. Th
11-16 intitle:”3.0″ -s… user table holds the admi…
2004- filetype:cgi cachemgr.cgi is a management interface for the Squid proxy service. It w
11-04 inurl:cachemgr.cgi installed by default…
2004- Finds websites using YellDL (or also known as YellDownLoad), a downloa
“powered by YellDL”
10-31 tracker written in PHP….
2004- inurl:click.php A script written in PHP 4 which logs a user’s statistics when they click on
10-27 intext:PHPClickLog link. The log is…
2004- “File Upload Manager thepeak file upload manager let you manage your webtree with up and
10-27 v1.3” “rename … downloading files….
2004- intitle:”phpremoteview” phpRemoteView is webbased filemanger with a basic shell. With this an
10-26 filetype:php &qu… attacker can browse the s…
2004- intitle:”ASP FileMan” FileMan is a corporate web based storage and file management solution
10-19 Resend -site:iiswo… intra- and internet. …
2004- ezBOO “Administrator Panel” ezBOO WebStats is a high level statistical tool for web sites
10-16 -cvs monitoring. It allows real time …
2004- intitle:mywebftp “Please enter MyWebFTP Free is a free lite version of MyWebFTP Personal – a PH
10-14 your password&… script providing FTP client c…
2004- intitle:”Directory Listing” “tree Dirlist is an ASP script that list folders in an explorer style: * Tree
10-14 v… Detailed * Tiled …
2004- Allows a user to change his/her password for authentication to th

inurl:changepassword.cgi -cvs
10-09 system. Script allows for r…
2004- inurl:” WWWADMIN.PL” wwwadmin.pl is a script that allows a user with a valid username
10-06 intitle:”wwwad… password, to delete files …
2004- BeyondTV is a web based software product which let you manage
inurl:cgi.asx?StoreID
10-05 your TV station. All you need is …
2004- Tired of websearching ? Want something to read ? You can find

filetype:lit lit (books|ebooks)
09-18 Ebooks (thousands of them) with t…
2004- PHP-Nuke – create super user PHP-Nuke is a popular web portal thingie. It has popped up in the
09-13 right now ! Google dorks before. I think …
2004- Gallery is a popular images package for websites. Unfortunately,

Gallery configuration setup files
09-10 so many users, more bugs …
2004- inurl:”nph-proxy.cgi” “Start Observing the web cracker in the wild, one feels like they are
09-09 browsi… watching a bear. Like a bear sto…
2004- link:http://www.toastforums.co Toast Forums is an ASP message board on the Internet. Toast Foru
09-06 m/ also has all the features of…
2004- pLog is a popular form of bloggin software. Currently there are

inurl:”plog/register.php”
09-06 estimated about 1450 sites runn…
2004- robpoll.cgi is used to administrate polls.The default password use

inurl:robpoll.cgi filetype:cgi
08-30 adding polls is ‘robpol…
2004- intitle:”PHP Explorer” ext:php This searches for PHP Explorer scripts. This looks like a file manag
08-20 (inurl:ph… with some nice extra opt…
2004- The UBB trial version contains files that are not safe to keep onlin
ext:cgi inurl:ubb6_test
08-13 after going live. The ins…
2004- Cookies are often used for authentication and a lot of other stuff.
filetype:inc inc intext:setcookie
08-01 “inc” php head…
2004- The XML headers are called *.wsdl files.they can include data,
filetype:wsdl wsdl
08-01 functions or objects. An attacke…
2004- filetype:cnf my.cnf -cvs The MySQL database system uses my.cnf files for configuration. I
07-21 -example include a lot of informat…
2004- filetype:php inurl:”viewfile” Programmers do strange things sometimes and forget about secu
06-16 -“ind… This search is the perfect e…
2004- intitle:”Index of /” modified PHP installed as a cgi-bin on a Windows Apache server will allow
06-10 php.exe attacker to view arbitrary …
2014- Search Oracle Reports likely vulnerable to DB user/password

inurl:”/reports/rwservlet” intext:”…
02-05 disclosure (CVE-2012-3152 and CVE…
2013- Google search for actoin files wich could be explotable via CVE
inurl:”struts” filetype:action
11-25 2013-2251 “Multiple Remot…
inurl:.php?
2013- inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?
intext:CHARACTER_SETS,COLLATIO
08-08 intitle:phpmyadmin view phpMyAdmin of web sit…
NS, ?int…
2012-
inurl:/wp-content/w3tc/dbcache/ – Jay Townsend…
12-31
2012- intext:SQL syntax & # Exploit Title: SQLI Exploit # Google Dork: intext:SQL syntax
12-31 inurl:index.php?=id & … inurl:index.php?=id &…
2012- More than 100k sites affected It will show asp sites that are
intext: intext: intext: intext: intext:
08-21 vulnerable to sql injection (…
2012- intitle:awen+intitle:asp.net Hi, This google dork exposes any already uploaded asp.net she
05-15 which are available in Bac…
2012- intitle:”-N3t” filetype:php intitle:”-N3t” filetype:php undetectable Search WebShell index

05-15 undetectable on a page. — …
2011- inurl:.php intitle:- BOFF 1.0 intext:[

This search attempts to find the BOFF 1.0 Shell. Author: alsa7r
12-23 Sec. Info ]
2011- filetype:php inurl:tiki-index.php Finds servers vulnerable to the CVE-2007-5423 exploit. Author
11-25 +sirius +1.9.* Matt Jones …
2011- filetype:php inanchor:c99 inurl:c99 This search attempts to find the c99 backdoor that may be
11-24 intitle:c99she… knowingly or unknowingly installed o…
2011- inurl:php intitle:”Cpanel , FTP

locates cpanel and ftp cracker. Author: alsa7r …
11-19 CraCkeR”
2011- intitle:#k4raeL – sh3LL Finds K4rael Shell , though many of the

intitle:#k4raeL – sh3LL
10-11 are dead but we can get som…
2011-
inurl:view.php?board1_sn= locates a webapp vulnerable to SQL injection …
09-26
2011-
intitle:m1n1 1.01 find the b374k shell…. Submitted by : biLLbud …
07-26
2011- intitle:Locus7shell intitle:Locus7shell intext:”Software:” Submitted by lionaneesh

05-03 intext:”Software:” Thanks Ane…
2011- intitle:”[EasyPHP] – Unprotected EasyPHP Admin page detection.. Author: Aneesh

03-23 Administration” Dogra (lionaneesh) …
2011- MySQL: ON MSSQL: OFF Oracle: Author :- eXeSoul You will get lots of web shells even some priv
02-24 OFF MSSQL: OFF Postgr… shells….
2011-
intitle:cyber anarchy shell Submitter: eXeSoul cyber anarchy shell …
02-24
2010-
inurl:/vb/install/upgrade.php Vbulletin custom updrade wizards. Author: ScOrPiOn…
12-10
2010- inurl:/vb/install/install.ph Vbulletin installation wizards, allow users to modify installation paramete
12-10 p May also reveal …
“CGI-Telnet Unit-x Team

2010-
Connected to Locates CGI-Telnet web shells. Author: ScOrPiOn…
12-09
*.com&qu…
2010- “www.*.com – c99shell”

Locates c99 web shells Author: ScOrPiOn…
12-08 OR “www.*.ne…
“safe_mode: * PHP
2010-
version: * cURL: * Locates r57 web shells Author: ScOrPiOn…
12-07
MySQL…
2010-
“r57shell” Locates r57 web shells Author: ScOrPiOn…
12-07
2010- “r57shell 1.4” Locates r57 web shells Author: ScOrPiOn…

12-07
2010- “[ phpinfo ] [ php.ini ]

Locates r57 web shells Author: ScOrPiOn…
12-07 [ cpu ] [ mem ] …
inurl:index.php?
2010- CVE: 2007-4007 EDB-ID: 4221 This google dork possibly exposes sites w
pagedb=rss
11-13 the Article Direct…
-Vulnerability -inurl
2006- intitle:”Uploader –
File upload servers, dangerous if used in couple with mytrashmail.com…
05-03 Uploader v6″ -pixloa…
2006- MvBlog is prone to multiple input-validation vulnerabilities. These issues

intitle:”MvBlog powered”
04-25 due to a failure…
2006- intitle:”Horde :: My Hi It will give you administrative ownership over Horde webmail system p
02-03 Portal” -“[Tic… all users in Hord…
2006- Web configuration pages for various types of systems. Many of these
inurl:rpSys.html
01-22 systems are not password pr…
filetype:pl
2006-
intitle:”Ultraboard setup pages to the ultraboard system….
01-16
Setup”
“Welcome to
2005-
Administration” This reveals admin site for Argo Software Design Mail Server….
09-17
“Genera…
2005- XOOPS Custom XOOPS custom installation wizards, allow users to modify installation
09-16 Installation parameters. May also reve…
2005- “you can now password” IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRES
09-15 | “this is a… AND OTHER INFO via deta…
2005- “set up the administrator Using this, you can find sites with a Pivot weblog installed but not set up
07-03 user” inurl:pi… default set up…
2005- “html allowed” When this is typed in google it finds websites which have HTML Enabled
06-11 guestbook guestbooks. This is real…
2005- “Powered by: vBulletin This google dork reveals vulnerable message boards. It works for all Vbu
03-19 Version 1.1.5” version up to 2….
2005- inurl:”/NSearch/AdminSe This search brings up results for Novell NetWare’s Web Search Manager..
01-26 rvlet” best the sites will …
2005- I was playing around on the net when I found a small problem with
inurl:servlet/webacc
01-06 Novell’s WebAcces. With User….
2004- “There are no Administrators This is a more specific search for the vulnerable PhpNuke index
12-27 Accounts” i… already seen on this website.Ph…
2004- intitle:”Mail Server CMailServer CMailServer is a small mail webmail server. Multiple vulnerabilities
12-04 Webmail”… were found, including buff…
2004- Newsdesk is a cgi script designed to allow remote administration o

inurl:newsdesk.cgi? inurl:”t=”
11-07 website news headlines.Due …
2004- (inurl:/shop.cgi/page=) | This is a “double dork” finds two different shopping carts, both
11-07 (inurl:/shop.pl/page=) vulnerable1) Cyber-V…
2004- inurl:aol*/_do/rss_popup? AOL Journals BlogID Incrementing Discloses Account Names and E
11-06 blogID= AddressesAOL Journals is bas…
2004- natterchat inurl:home.asp NatterChat is a webbased chat system written in ASP.An SQL injec
11-05 -site:natterchat.co.uk vulnerability is identifie…
2004- intitle:phpMyAdmin “Welcome phpMyAdmin is a tool written in PHP intended to handle the
10-31 to phpMyAdmin ***… administration of MySQL over the Web…
2004- intitle:phpMyAdmin “Welcome search for phpMyAdmin installations that are configured to run the
08-21 to phpMyAdmin ***… MySQL database with root pri…
2004- Use this search to find eastgame.net ftp servers, loads of warez an
“ftp://” “www.eastgame.net”
08-20 that sort of thing.”t…
2004- intext:”Warning: * am able * OsCommerce has some security issues, including the following
08-13 write ** configu… warning message: “Warning: I …
2004- allinurl:”index.php” Easyins Stadtportal v4 is a German Content Management System

07-29 “site=sglinks&… cities and regions. Version 4 …
2004- inurl:”index.php? http://www.cirt.net/advisories/ew_file_manager.shtml:Product:

07-29 module=ew_filemanager” EasyWeb FileManager Module – http…
2004- This brings up alot of insecure as well as secure filemanagers. The

filetype:cgi inurl:”fileman.cgi”
07-26 software solutions are of…
2004- filetype:cgi Zero X reported that “Web_Store.cgi” allows Command Execution:

07-26 inurl:”Web_Store.cgi” application was wr…
2004- (“Indexed.By”|”Monitored.By”) hAcxFtpScan – software that use ‘l33t h@x0rz’ to monitor their file
07-26 … stroz on ftp. On the ftp se…
2004- “Welcome to the Prestige Web- This is the configuration screen for a Prestige router. This page
06-04 Based Configurat… indicates that the router has…
2004- vAuthenticate is a multi-platform compatible PHP and MySQL scrip

filetype:php inurl:vAuthenticate
06-04 which allows creation of new …
2004- intitle:”Samba Web This search reveals wide-open samba web adminitration servers.
05-04 Administration Tool” … Attackers can change options on …
2004- intitle:”Gateway Configuration This is a normally protected configuration menu for Oracle Portal
04-28 Menu” Database Access Descriptors (…
2004- inurl:pls/admin_/gateway.ht This is a default login portal used by Oracle. In addition to the fact tha
04-28 m this file can be us…
2004- Pages with install/install.php files may be in the process of installing a

allinurl:install/install.php
04-06 new service or progr…
2004- According to whatis.com: “An intranet is a private network that is

allinurl:intranet admin
03-29 contained within an ent…
2004- “Select a database to view” An oldie but a goodie. This search locates servers which provides acc
03-29 intitle:&quo… to Filemaker pro datab…
2004- “Welcome to PHP-Nuke” This finds default installations of the postnuke CMS system. In many
03-18 congratulations cases, default installatio…
2004- From http://www.securityfocus.com/bid/9664, the AllMyPHP family of

inurl:info.inc.php
03-14 products (Versions 0.1.2 – 0…
2004- From http://www.securityfocus.com/bid/9664, the AllMyPHP family of

inurl:footer.inc.php
03-14 products (Versions 0.1.2 – 0…
2004- Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-si
inurl:search.php vbulletin
03-04 scripting vulnerabilit…
0000- According to whatis.com: “An intranet is a private network that is

“Welcome to Intranet”
00-00 contained within an ent…
2004- intitle:”Remote Desktop Microsoft Remote Desktop Connection Web Connection pages. These
03-04 Web Connection” pages are not necessarily insec…
2004- intitle:”Terminal Services Microsoft Terminal Services Web Connector pages. These pages are n
03-04 Web Connection&quo… necessarily insecure, sine…
2004- Microsoft Terminal Services Multiple Clients pages. These pages are n
inurl:ManyServers.htm
03-04 necessarily insecure, s…
2004- intitle:osCommerce This is a decent way to explore the admin interface of osCommerce e
03-04 inurl:admin intext:”redist… commerce sites. Depending o…
2004- Gallery in configuration Gallery is a nice little php program that allows users to post personal
03-04 mode pictures on their websi…
2004- Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and
“YaBB SE Dev Team”
03-04 perhaps others) contain an S…
2003- Hassan Consulting’s These servers can be messed with in many ways. One specific way is
07-08 Shopping Cart Version 1.18 way of the “../”…
intext:”Powered by X-
2005- X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There
Cart: shopping cart
06-03 doesn’t seem to be …
soft…
2005- intext:”powered by Description:==============Hosting Controller is a complete array

05-29 Hosting Controller” i… Web hosting automation tool…
site:ups.com
2004- Ever use the UPS Automated Tracking Service?? Wanna see where packa
intitle:"Ups
11-25 are going? Want to Man-i…
Package trackin…
2004- MIDICART is s an ASP and PHP based shopping Cart application with MS
inurl:midicart.mdb
10-10 Access and SQL database. A…
2004- “More Info about MetaCart is an ASP based shopping Cart application with SQL database. A
10-10 MetaCart Free” security vulnerability …
2004- shopdbtest is an ASP page used by several e-commerce products. A

inurl:shopdbtest.asp
10-10 vulnerability in the script al…
2004- Comersus.mdb Comersus is an e-commerce system and has been installed all over the w
07-12 database in more than 20000 s…
2004- VP-ASP Shop VP-ASP (Virtual Programming – ASP) has won awards both in the US and
06-25 Administrators only France. It is now in use i…
2004- POWERED BY HIT Hit Jammer is a Unix compatible script that allows you to manage the con
06-06 JAMMER 1.0! and traffic exchan…
2014
“[function.getimagesize]: failed to open
-02- Just another error that reveals full paths…
stre…
05
2014
Here is a Dork I use in conjunction with sqlmap, for
-02- intext:”Access denied for” intitle:”…
shopping carts with MySQL Error messages…
05
2013
inurl:advsearch.php?module= & intext:sql Exploit Title : SQLI Exploit Google Dork :
-04-
synta… inurl:advsearch.php?module= & intext:sql syntax…
09
2012
Dork to find Plugin errors in wordpress websites Dork –
-12- intext:”Fatal error: Class ‘Red_Action’ not f…
intext:”Fatal error: Class ‘Red_A…
06
2012
“CHARACTER_SETS” “CHARACTER_SETS”+”COLLATION_CHARACTER_SET_A
-08-
“COLLATION_CHARACT… CABILITY” find sql injectab…
21
2012
-05- inurl:”*.php?*=*.php” intext:”Warni… PHP Error Messages…
15
2011
inurl:”index.php? Author: eidelweiss http://host/index.php?
-01-
m=content+c=rss+catid=10&quo… m=content&c=rss&catid=5 show MySQL Error (tabl…
21
2010
Many of the results of the search show error logs whic
-12- “plugins/wp-db-backup/wp-db-backup.php”
give an attacker the server side paths …
08
2010
A foothold using allintext:”fs-admin.php” shows the w
-11- allintext:”fs-admin.php”
readable directories of a p…
11
2006
Apache Tomcat Error messages. These can reveal vari
-06- intitle:”Apache Tomcat” “Error Repo…
kinds information depending on the type …
15
2006
-04- “Unable to jump to row” “on MySQL r… another error message…
25
2006
“Warning: Bad arguments to (join|implode)
-04- and another error. open it from cache when not workin
() …
25
2006
-04- “Warning:” “failed to open stream: … Just another error message….
25
2006
“Warning: mysql_connect(): Access denied This dork reveals logins to databases that were denied
-04-
for … some reason….
25
2006
-04- “Warning: Division by zero in” “on … Just another error that reveals full paths….
25
2006
This search returns more than just the one I saw alrea
-03- filetype:asp + “[ODBC SQL”
here. This one will return all ODBC SQ…
13
2005
This error message reveals full path information.
-09- “Warning:” “SAFE MODE Restriction i…
Recommend use of site: operator to narrow sea…
25
2005
“Warning: Supplied argument is not a valid This error message cqan reveal path information. This
-09-
Fi… message (like other error messages) is of…
25
2005
“There seems to have been a problem with search reveals database errors on vbulletin sites. View
-08-
the&… page source and you can get informa…
16
2005
Plesk Server Administrator (PSA) is web based softwar
-04- intitle:”Default PLESK Page”
that enables remote administration of we…
26
2005- “Parse error: parse error,

PHP error with a full web root path disclosure…
04-26 unexpected T_VARIA…
"SQL Server
2005-
Driver][SQL Server]Line you can find many servers infected with sql injection…
04-07
1: In…
2005- Netscape Application This error message highlights potentially unpatched or misconfigured
04-05 Server Error page Netscape Application Serve…
2005- intext:”Error Message : This throws up pages which contain “CGI ERROR” reports – which includ
01-26 Error loading require… file (and …
“Warning:
2004-
mysql_query()” “invalid MySQL query errors revealing database schema and usernames….
11-28
q…
2004- intitle:Configuration.File This search finds configuration file errors within the softcart application.
11-13 inurl:softcart.exe includes the na…
2004- “The script whose uid is

This PHP error message is revealing the webserver’s directory and user
10-16 ” “is not …
2004- snitz! forums db path snitz forums uses a microsoft access databases for storage and the defa
09-07 error name is “Snitz_…
2004- filetype:log “PHP Parse This search will show an attacker some PHP error logs wich may contain
08-14 error” | “P… information on wich an a…
2004- “ASP.NET_SessionId” .NET pages revealing their datasource and sometimes the authenticatio
07-26 “data source=&q… credentials with it. The…
2004- “ORA-12541: TNS:no In many cases, these pages display nice bits of SQL code which can be u
07-16 listener” intitle:&qu… by an attacker to mo…
2004- filetype:php Discuz! Board error messages related to MySQL. The error message may
07-16 inurl:”logging.php” “D… empty or contain path i…
2004- “Internal Server Error” We have a similar search already, but it relies on “500 Internal Server”
07-16 “server at&… which doesn’…
2004- PHP application warnings These error messages reveal information about the application that crea
07-14 failing “include_pat… them as well as reve…
2004- intext:”Warning: Failed These error messages reveal information about the application that crea
07-09 opening” “o… them as well as reve…
2004- The ht://Dig system is a complete world wide web indexing and searchin
ht://Dig htsearch error
06-24 system for a domain or …
2004- intitle:”Error Occurred Cold fusion error messages logging the SQL SELECT or INSERT statemen
06-24 While Processing Requ… and the location of the …
2004- intitle:”Error using HyperNews is a cross between the WWW and Usenet News. Readers can
06-15 Hypernews” “Se… browse through the messages w…
2004- “Invision Power Board These are SQL error messages, ranging from to many connections, acce
05-28 Database Error” denied to user xxx, show…
2004- “error found handling Cocoon is an XML publishing framework. It allows you to define XML
07-29 the request” cocoo… documents and transformation…
2004- intitle:”Execution of this This is a cgiwrap error message which displays admin name and email, p
04-28 script not permitt… numbers, path names, …
2004- intitle:”Error Occurred” This is a typical error message from ColdFusion. A good amount of
04-19 “The error… information is available from…
2004- warning “error on line” sablotron is an XML toolit thingie. This query hones in on error messages
03-11 php sablotron generated by this too…
2004- “Fatal error: Call to This error message can reveal information such as compiler used, langua
03-16 undefined function”… used, line numbers, p…
2004- filetype:asp “Custom This is an ASP error message that can reveal information such as compile
03-16 Error Message” Cate… used, language used, …
2004- “Can’t connect to local” Another SQL error message, this message can display database name, p
03-04 intitle:warning names and partial SQL c…
2004- intitle:”Under This error message can be used to narrow down the operating system an
03-04 construction” “does … web server version which…
2004- “access denied for Another SQL error message, this message can display the username,
03-04 user” “using pas… database, path names and part…
“Warning: Cannot
2004- A PHP error message, this message can display path names, function nam
modify header
03-04 filenames and partial…
information – …
2004- “Warning: pg_connect(): This search reveals Postgresql servers in yet another way then we had se
08-25 Unable to connect to … before. Path informa…
An unexpected token
2004- A DB2 error message, this message can display path names, function na
“END-OF-STATEMENT”
03-04 filenames, partial co…
w…
2004- “detected an internal A DB2 error message, this message can display path names, function na
03-04 error [IBM][CLI Driver]… filenames, partial co…
2004- “A syntax error has An Informix error message, this message can display path names, functio
03-04 occurred” filetype:i… names, filenames and p…
2004- “An illegal character has An Informix error message, this message can display path names, functio
03-04 been found in the s… names, filenames and p…
2004- “Syntax error in query An Access error message, this message can display path names, function
03-04 expression ” -the names, filenames and par…
supplied argument is
2004- An PostgreSQL error message, this message can display path names,
not a valid PostgreSQL
03-04 function names, filenames and…
result
“PostgreSQL query
2004- An PostgreSQL error message, this message can display path names,
failed: ERROR: parser:
pa…
2004- An SQL Server error message, this message can display path names, fun
“Incorrect syntax near”
03-04 names, filenames and…
“Incorrect syntax near”
“Unclosed quotation
mark before the
character…
“ORA-00933: SQL
2004- An Oracle error message, this message can display path names, function
command not properly
03-04 names, filenames and par…
ended&qu…
2004- ORA-00921: unexpected Another generic SQL message, this message can display path names,
03-04 end of SQL command function names, filenames and…
2004- ORA-00936: missing A generic ORACLE error message, this message can display path names,
03-04 expression function names, filenames …
“Supplied argument is
2004- Another generic SQL message, this message can display path names,
not a valid MySQL
resul…
2004- Another generic SQL message, this message can display path names and
sQL syntax error
03-04 partial SQL code, both of …
2004- Another error message, this appears when an SQL query bails. This is a
mysql error with query
03-04 generic mySQL message, s…
2004- This one shows the type of web server running on the site, and has the
Internal Server Error
03-04 ability to show other in…
2004- IIS web server error This query finds various types of IIS servers. This error message is fairly
03-04 messages indicative of a som…
2004- Windows 2000 web Windows 2000 web servers. Aging, fairly easy to hack, especially out of t
03-04 server error messages box……
2004-
IIS 4.0 error messages IIS 4.0 servers. Extrememly old, incredibly easy to hack……
03-04
2004- This is a default directory for the sitebuilder web design software program
sitebuilderpictures
03-04 these people po…
sitebuilderfiles
sitebuildercontent
2004- ORA-00921: unexpected Another SQL error message from Cesar. This one coughs up full web
01-09 end of SQL command pathnames and/or php filename…
“Chatologica
2003- There is soo much crap in this error message… Apache version, CGI
MetaSearch” “stack
08-15 environment vars, path name…
tra…
2003- MYSQL error message: One of many potential error messages that spew interesting information.
06-24 supplied argument…. results of this mes…
2003- These aren’t too horribly bad, but there are SO MANY of them. These site
Coldfusion Error Pages
06-24 got googlebotted whil…
2012-
inurl:finger.cgi Finger Submitted by: Christy Philip Mathew…
11-02
2012- site*.*.*/webalizer Shows usage statistics of sites. Includes monthy reports on the IP
08-21 intitle:”Usage Statistics… addresses, user agents, and …
2006- intitle:r57shell +uname compromised servers… a lot are dead links, but pages cached show
05-04 -bbpress interesting info, this is r5…
2006- “The statistics were last

Results include many varius Network activity logs…
05-03 updated” “…
2006- inurl:/counter/index.php This is an online vulnerable web stat program called PHPCounter
04-06 intitle:”+PHPCounter… 7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.as Ipswitch Whats Up Monitoring 2005!This is a console for Network

03-13 p” | intitle:&q… Monitoring, access beyond the p…
2006- inurl:CrazyWWWBoard.cgi gives tons of private forum configuration information.examples: Globa

02-08 intext:”detailed debu… variables installed, wha…
2005- An HP Java network management tool. It is a sign that a network may

inurl:ovcgi/jovw
12-31 be configured properly….
2005- inurl:proxy | inurl:wpad Information about proxy servers, internal ip addresses and other netwo
12-21 ext:pac | ext:dat findpro… sensitive stuff….
inurl:webalizer
2005- ***WARNING: This search uses google images, disable images unless y
filetype:png -.gov -.edu
11-21 want your IP spewed acros…
-.mil -op…
2005- intitle:”Retina Report” This googledork finds vulnerability reports produced by eEye Retina
10-26 “CONFIDENTI… Security Scanner. The info…
2005- “Shadow Security Scanner This is a googledork to find vulnerability reports produced by Shadow
10-26 performed a vulnerab… Security Scanner. They c…
2005- “The following report This googledork reveals vunerability reports from many different vendo
10-26 contains confidential i… These reports can co…
2005- Nagios Status page. See what ports are being monitored as well as ip
inurl:status.cgi?host=all
10-04 addresses.Be sure to check…
2005-
inurl:login.jsp.bak JSP programmer anyone? You can read this!…
09-30
2005- intitle:”Belarc Advisor People who have foolishly published an audit of their machine(s) on th
02-15 Current Profile”… with some server in…
2005- “Traffic Analysis for” List of RMON ports produced by MRTG which is a network traffic analys
03-05 “RMON Port *… tool. See also #198…
2005- “powered | performed by This search finds Beyond Security reports. Beyond Security sells a box
02-03 Beyond Security’s Aut… which performs automated…
2004- intitle:”PHPBTTracker This query shows pages which summarise activity on PHPBT-powered
12-30 Statistics” | inti… BitTorrent trackers – all the …
2004- This query shows pages which summarise activity on BNBT-powered

intitle:”BNBT Tracker Info”
12-30 BitTorrent trackers – including…
2004- intitle:”Azureus : Java BitTorrent This query shows machines using the Azureus BitTorrent client’s b
12-30 Client Tra… in tracker – the pages ar…
2004- This searches for the install.php file. Most results will be a Bulletin
inurl:”install/install.php”
12-29 board like Phpbb etc.T…
2004- intext:”Welcome to the Web see and control JVC webcameras, you can move the camera, zoom
12-07 V.Networks” i… change the settings, etc…….
2004- intitle:”start.managing.the.devi MCK Communications, Inc.PBXgatewayIIHigh density central site

12-10 ce” remo… gateway for remote PBX access(MCK…
2004- “Radiator is a highly configurable and flexible Radius server that

ext:cfg radius.cfg
12-06 supports authentication…
2004- filetype:php inurl:ipinfo.php Dshield is a distributed intrusion detection system. The ipinfo.php
12-07 “Distributed In… script includes a whois loo…
2004- inurl:”sitescope.html” Mercury SiteScope designed to ensure the availability and

12-03 intitle:”sit… performance of distributed IT infrast…
2004- intitle:”twiki” TWiki has many security problems, depeding on the version insta
12-02 inurl:”TWikiUsers&q… TWiki, is a flexible, powe…
2004- “Phorum Admin” “Database Phorum admin pagesThis either shows Information leakage (path
11-28 Connection… or it shows Unprotected Adm…
2004- “Output produced by SysWatch sysWatch is a CGI to display current information about your UNIX
11-28 *” system. It can display drive p…
2004- Testpage / webserver environmentThis is the test cgi for xitami

inurl:testcgi xitami
11-28 webserver. It shows the webserv…
2004- filetype:log ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive i
11-28 intext:”ConnectionManager2″ like ip addresses, phon…
2004- intitle:”sysinfo * ” Lots of information leakage on these pages about active network
11-12 intext:”Genera… services, server info, network …
2004- inurl:portscan.php “from This is general search for online port scanners which accept any I
11-12 Port”|”Por… does not find a specifi…
2004- PhotoPost Pro is photo gallery system. This dork finds its installati
inurl:/adm-cfgedit.php
11-07 page.You can use this p…
2004- webutil.pl is a web interface to the following services:* ping*

inurl:webutil.pl
11-07 traceroute* whois* finger* nslo…
2004- Domino is server technology which transforms Lotus NotesÃƒâ€šÃ

inurl:statrep.nsf -gov
10-20 into an Internet a…
2004- inurl:/cgi-bin/finger? “In real The finger command on unix displays information about the syste
10-19 life” users. This search displays pr…
2004- inurl:/cgi-bin/finger? Enter The finger command on unix displays information about the syste
10-19 (account|host|user|us… users. This search displays th…
2004- filetype:php inurl:nqt Network Query Tool enables any Internet user to scan network
10-18 intext:”Network Query … information using:* Resolve/Revers…
2004- inurl:”map.asp?” “WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily trac
10-05 intitle:”WhatsUp G… variables associate…
2004- ext:cgi intext:”nrg-” ” NRG is a system for maintaining and visualizing network data and other
09-29 This web pa… resource utilization dat…
2004- ((inurl:ifgraph “Page ifGraph is a set of perl scripts that were created to fetch data from SNMP
09-29 generated at”) OR … agents and feed a RR…
2004- inurl:”/catalog.nsf” This will return servers which are running versions of Lotus Domino. The
09-10 intitle:catalog catalog.nsf is the ser…
2004- “Powered by phpOpenTracker is a framework solution for the analysis of website traffi
09-21 phpOpenTracker”
Statistics and visitor analysis…
site:netcraft.com
2004- Netcraft reports a site’s operating system, web server, and netblock own
intitle:That.Site.Running
09-21 together with, if av…
Apache
2004- “this proxy is working These are test pages for some proxy program. Some have a text field th
08-13 fine!” “ente… allows you to use that…
2004- This search shows the webserver access stats as the user “admin”. The
“apricot – admin” 00h
07-29 language used i…
“by Reimar Hoven. All

2006- dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” |
Rights Reserved.
04-15 inurl:”log/logdb.dta&…
Discla…
2004- intitle:”Microsoft Site Microsoft discontinued Site Server and Site Server Commerce Edition on
07-16 Server Analysis” June 1, 2001 with the in…
2004- Analysis Console for ACID stands for for “Analysis Console for Incident Databases”. It is a php
07-12 Incident Databases frontend f…
2004- A Looking Glass is a CGI script for viewing results of simple queries exec
Looking Glass
06-22 on remote router…
2004- “Version Info” “Boot This is the status page for a Belkin Cable/DSL gateway. Information can
06-04 Version” … retrieved from this …
2004- intitle:”ADSL This is the status screen for the Solwise ADSL modem. Information avail
06-04 Configuration page” from this page incl…
2004- filetype:vsd vsd network Reveals network maps (or any other kind you seek) that can provide
05-13 -samples -examples sensitive information such a…
2004- filetype:pdf “Assessment These are reports from the Nessus Vulnerability Scanner. These report
05-03 Report” nessus contain detailed informat…
inurl:phpSysInfo/
2004- This statistics program allows the an admin to view stats about a webse
“created by
04-16 Some sites leave t…
phpsysinfo”…
2004- snort is an intrusion detection system. SnorfSnarf creates pretty web pa

“SnortSnarf alert page”
04-16 from intrusion dete…
2004- “Network Host This search yeids ISS scan reports, revealing potential vulnerabilities on
03-30 Assessment Report” “I… hosts and networks. …
2004- “This report lists” This search yeids ISS scan reports, revealing potential vulnerabilities on
03-30 “identified by … hosts and networks. …
2004- intitle:”Nessus Scan This search yeids nessus scan reports. Even if some of the vulnerabilities
03-30 Report” “This … have been fixed, we …
2014
filetype:pdf “acunetix
-03- Finds reports generated by Acunetix scans. – Andy G – twitter.com/vxhex …
website audit” &q…
31
2014 inurl:clientaccesspolic Locates clientaccesspolicy.xml files used by silverlight to determine the cros
-03- y filetype:xml
27 intext:allow… domain policy …
2014 inurl:crossdomain
Locates crossdomain.xml files used by flash/flex/silverlight to determine the
-03- filetype:xml
cross domain pol…
27 intext:allow-access…
2014
site:bitbucket.org
-02- Finding Sensitive data site:bitbucket.org inurl:.bash_history By Pharos …
inurl:.bash_history
05
2013 intext:phpMyAdmin
intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO àdmin` (ìd`
-11- SQL Dump filetype:sql
ùser`, `password`) V…
27 intext:INS…
2013
inurl:mikrotik mikrotik url backups uploaded.. then.. credentials cracked via
-11-
filetype:backup http://mikrotikpasswordrecove…
27
2013
filetype:xml Sitemaps, the opposite of Web Robots Exclusion Detail directory and page m
-11-
inurl:sitemap — -[Volun…
25
2013 inurl:”jmx- JBoss

-11- console/HtmlAdaptor” http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Conne
25 intitle:… g_to_the_J…
2013
Tar files Contain user and group information (in addition to potentially usefu
-11- inurl:tar filetype:gz
files) — …
25
2013
filetype:bak (inurl:php This one could be used to find all sorts of backup data, but this example is
-11-
| inurl:asp | inurl:rb) limited to just c…
25
2013 site:github.com
-11- inurl:”id_rsa” Finds private SSH keys on GitHub. – Andy G – twitter.com/vxhex …
25 -inurl:&q…
2013 site:github.com
-11- inurl:”known_hosts” Finds SSH known_hosts files on GitHub. – Andy G – twitter.com/vxhex …
25 &quo…
2013 inurl:/wp-
Google dork for WordPress database backup file (sql): inurl:/wp-content/uplo
-11- content/uploads/
filetype:sq…
25 filetype:sql
2013 inurl:config “fetch =

Git config file Easy way to find Git Repositories — -[Voluntas Vincit Omnia]-
-11- +refs/heads/*:refs/re
website…
25 mo…
2013 filetype:php
Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/
-11- intext:”PROJECT
Can identify the …
25 HONEY POT ADDRES…
2013 inurl:github.com
Find FTP logins and full path disclosures pushed to github inurl:github.com
-11- intext:sftp-conf.json
intext:sftp-conf…
25 +intext:/wp…
2013 inurl:*/webalizer/*
-09- intitle:”Usage *Obrigado,* …
24 Statistics…
2013
intitle:index.of
-09- Find peoples ssh public and private keys – tmc / #havok …
intext:.ssh
24
2013 filetype:txt
This dork can be used to find symlinked WordPress configuration files of othe
-08- inurl:~~Wordpress2.t
web sites …
08 xt
2013
filetype:txt inurl:wp- Easily hunt the WordPress configuration file in of remote web sites Author :
-08-
config.txt Un0wn_X …
08
2013- By this dork you can find juicy information joomla configurat
inurl:~~joomla3.txt filetype:txt
08-08 files Author: Un0wn_X …
2013- intitle:”WAMPSERVER Homepage” & #Summary: Wampserver Homepage free access

08-08 inte… (*http://www.wampserver.com/).* #Author: g00gl3 5c0u…
2013- This is *Mohan Pendyala* (penetration tester) from india. Go

inurl:wp-content/uploads/dump.sql
08-08 Dork: *inurl:wp-content/u…
2013- Works with every single fluidgalleries portofolio sites. Just

inurl:fluidgalleries/dat/login.dat
08-08 decrypt the MD5 hash and login on…
2013-
“information_schema” filetype:sql Dork: “information_schema” filetype:sql By: Cr4t3r …
08-08
2013- inurl:”zendesk.com/attachments/tok zendesk is good ticketing system . It has thousands of clients

08-08 en” si… with the above dork you can s…
2013- Searching for “allintext: /iissamples/default/” may provide

allintext: /iissamples/default/
04-23 interesting informatio…
2013- filetype:php -site:php.net Tries to reduce false positive results from similar dorks. Finds
04-22 intitle:phpinfo “p… pages containing output from …
2013- filetype:ini “This is the default Finds PHP configuration files (php.ini) that have been placed
04-22 settings fi… indexed folders. Php.ini defi…
2013- inurl:”php?id=” intext:”DB_Error

Description: Files containing juicy info Author:ruben_linux …
04-09 Ob…
2013- *Google Search:* http://www.google.com/search?q=ext:gnuc

ext:gnucash
02-05 *Description:* Find Gnucas…
2013- Hits: 807 Config file from Thomson home routers, sometimes
runtimevar softwareVersion=
02-05 contains password’s and user’s …
2012- inurl:admin intext:username= AND

— nitish mehta …
12-31 email= AND passwo…
2012- inurl:newsnab/www/ Usenet Accounts from Newsnab configs inurl:newsnab/www/
12-06 automated.config.php automated.config.php Author: rmccurd…
2012- Finds the configuration files of the PHP Database on the serv
inurl:.com/configuration.php-dist
11-02 By Chintan GurjarRahul Tygi…
2012- Lots of Avast Licenses . Author : gr00ve_hack3r

filetype:avastlic
08-21 www.gr00vehack3r.wordpress.com …
2012- filetype:docx Domain Registrar $user Dork :- *filetype:docx Domain Registrar $user $pass* Use :- *
08-21 $pass find domain login password fo…
2012- inurl:”phpmyadmin/index.php”
This dork finds unsecured databases …
08-21 intext:&quo…
2012- intext:”Thank you for your This dork can fetch you Avast product licenses especially Ava
05-15 purchase/trial of … Antiviruses , including Profes…
2012-
?intitle:index.of?”.mysql_history” Find some juicy info in .mysql_history files enjoy bastich …
05-15
2012- intext:”~~Joomla1.txt” title:”Index of /” Get all server config

intext:”~~Joomla1.txt” title:”Index…
05-15 files…
This Query contains sensitive data (D.N.I ) in a xls for

2011-
allintext:D.N.I filetype:xls
12-27
(excel) and D.N.I for People of…
2011- List of Phone Numbers (In XLS File ) This is a dork for a list of Phone Private Numbers in Argentina
12-19 allinurl:tele… Author: Luciano UNLP …
2011- Microsoft-IIS/7.0 intitle:index.of

IIS 7 directory listing. Author: huang …
12-19 name size
2011- Google Dork inurl:Curriculum Vitale

This dork locates Curriculum Vitale files. Author: Luciano UNL
12-16 filetype:doc (…
2011- Google Dork For Social Security This dork locates social security numbers. Author: Luciano U
12-16 Number ( In Spain … …
2011- There are three of mysql_connects but that all search in .inc
filetype:old (mysql_connect) ()
11-24 warnings, non search for .old…
2011- filetype:old (define)(DB_USER| this dork locates backed up config files filetype:php~ (define
11-24 DB_PASS|DB_NAME) (DB_USER|DB_PASS|DB_NAME) file…
filetype:reg reg
2011-
HKEY_CURRENT_USER this dork locates registry dumps …
11-19
SSHHOSTKEYS
2011- intitle:index.of? this dork finds mostly backed up configuration.php files. Its
11-19 configuration.php.zip possible to change the *.zip to …
2011- The Dork Allows you to get data base information from config
inurl:”/includes/config.php”
11-19 files. Author: XeNon …
2011- example google dork to find trace.axd, a file used for debugg
inurl:”trace.axd” ext:axd “Applicat…
11-19 asp that reveals full http re…
2011- +intext:”AWSTATS DATA FILE” Shows data downloads containing statistics on the site.Made
09-26 filetype:txt AwstatsThe best dork for that sy…
2011- filetype:ini “Bootstrap.php” (pass| Zend application ini, with usernames, passwords and db info
08-25 passw… Bastich …
2011- Microsoft private keys, frequently used for servers with UserI
filetype:pem “Microsoft”
07-26 the same page. — Sha…
2011- inurl:server-info intitle:”Server Juicy information about the apache server installation in the
07-26 Information… website. — *Regards, Fady …
2011- inurl:/push/ .pem apns -“push iphone apple push notification system private keys, frequent
07-18 notifications&q… unencrypted, frequently with De…
2011- site:stashbox.org cv Or resume OR Searches StashBox for publicly avaliable PDF’s or .doc files
07-18 curriculum vitae… containing information used in a…
2011- site:mediafire.com cv Or resume OR Searches Mediafire for publicly avaliable PDF’s containing
07-18 curriculum vita… information used in a CV/Resume/Cur…
2011- site:docs.google.com intitle:(cv Or Searches GoogleDocs for publicly avaliable PDF’s containing
07-18 resume OR curr… information used in a CV/Resume/Cu…
2011- site:dl.dropbox.com filetype:pdf cv OR Searches Dropbox for publicly avaliable PDF’s

07-01 curriculum … containing information used in a CV/Resume/Curr
2011- Submitter: pipefish Squid User Access Reports th

inurl:sarg inurl:siteuser.html
05-26 show users’ browsing history t…
2011- The filetype:xls never changes What is inbtween

filetype:xls + password + inurl:.com
05-03 + sings can be what ever you are looking …
2011- allinurl:http://www.google.co.in/latitude/apps/ba Site: google.com/latitude – This is a free applicati

05-03 d… where you can track your PC, laptop and…
2011- Submitter: Bastich mysql.nimbit.com dashboard

intext:db_pass inurl:settings.ini
02-24 settings…
2011- Magento local.xml sensitive information disclosur

inurl:app/etc/local.xml
02-19 Author: Rambaud Pierre…
2010- XAMPP Security Setting Page Information Disclosu

allinurl:/xampp/security.php
12-13 Author: modpr0be …
2010- Locates phpinfo files. A phpinfo file Outputs a larg

inurl:phpinfo.php
12-10 amount of information about the current s…
2010- locates the default configuration file for vBulletin

inurl:”config.php.new” +vbulletin
12-07 (/includes/config.php.new) Author: MaXe…
2010- locates the default configuration file of JOOMLA

inurl:configuration.php-dist
12-07 Author: ScOrPiOn …
2010- Match some apache access.log files. Author:
filetype: log inurl:”access.log” +intext…
11-25 susmab…
2010- Google search for Pix Authorization Keys Author:

“Cisco PIX Security Appliance Software Versio…
11-10 fdisk…
2010- filetype:reg reg HKEY_CURRENT_USER This search locates private SSHHostkeys. Author:
11-10 SSHHOSTKEYS loganWHD…
2006- Often includes phpinfo and unsecured links to

intitle:”AppServ Open Project *” “A…
10-02 phpmyadmin….
2006- Logrep is an open source log file Extraction and

intitle:”LOGREP – Log file reporting system&q…
03-21 Reporting System by ITeF!x. This dork finds t…
2006- PRTG Traffic Grapher is Windows software for

(intitle:”PRTG Traffic Grapher” inurl:&q…
03-18 monitoring and classifying bandwidth usage. It pr
Joomla! is a Content Management System (CMS)

2006-
intitle:”Joomla – Web Installer” created by the same team that brought the Mam
03-18
CM…
2006- if you search through lots of these then you find

“not for public release” -.edu -.gov -.m…
02-22 some really juicy things, there files from po…
2006- CVs is a software used to keep track of changes t

intext:ViewCVS inurl:Settings.php
01-16 websites. You can review all updates and pre…
2006- General build error file. Can tell what modules are
inurl:build.err
01-16 installed, the OS the compiler the language…
2005-
inurl:/cgi-bin/pass.txt Passwords…
12-22
(intitle:WebStatistica
2005- WebStatistica provides detailed statistics about a web page. Normally y
inurl:main.php) | (intitle:
12-19 would have to login …
…
inurl:wp-mail.php +
2005- This is the WordPress script handling Post-By-Email functionality, the sea
“There doesn’t seem to
11-24 is focussed on th…
b…
intitle:”Welcome to F-
2005- An attacker may want to know about the antivirus software running. The
Secure Policy Manager
11-16 description says he can…
S…
intitle:Bookmarks
2005- AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in
inurl:bookmarks.html
10-22 bookmarks.html. It is often …
“Bookm…
2005- intitle:”urchin (5|3|

Gain access to Urchin analysis reports….
10-04 admin)” ext:cgi
2005- rdbqds -site:.edu Ceasar encryption is a rather simple encryption. You simply shift letters
09-08 -site:.mil -site:.gov or down across the…
2005- Forget Bluetooth Hacking! You’ll be amazed, at how many people sync t
contacts ext:wml
08-23 Cell Phones to the sa…
2005- intitle:”curriculum vitae” Hello. 1. It reveals personal datas, often private addresses, phone numb
08-12 filetype:doc e-mails, how many …
2005- intitle:”admin panel” This finds all versions of RedKernel Referer Tracker(stats page) it just giv
08-16 +”Powered by … out some nice in…
2005- ext:(doc | pdf | xls | txt | Although this search is a bit broken (the file extensions don’t always wo
07-30 ps | rtf | odt | sxw … it reveals intere…
2005- site:www.mailinator.com Mailinator.com allows people to use temporary email boxes. Read the si
07-24 inurl:ShowMail.do won’t explain here….
2005-
allinurl:cdkey.txt cdkeys…
07-21
2005- PS is for “postscript”…which basically means you get the high quality pr
filetype:PS ps
07-08 data fo…
2005- Quickbooks is software to manage your business’s financials. Invoicing,

filetype:QBW qbw
06-21 banking, payroll, etc, …
2005- This query reveals an .asp script which can often be used to send
inurl:XcCDONTS.asp
06-07 anonymous emails from fake se…
2005-
ext:DCA DCA IBM DisplayWrite Document Content Architecture Text File…
04-27
2005-
ext:ccm ccm -catacomb Lotus cc:Mail Mailbox file…
04-27
2005-
ext:CDX CDX Visual FoxPro database index…
04-27
2005-
ext:DBF DBF Dbase DAtabase file. Can contain sensitive data like any other database
04-27
2005- There is a full path disclosure in .jbf files (paint shop pro), which by
ext:jbf jbf
04-27 itself is not a vulner…
2005- ext:plist filetype:plist These Safari bookmarks that might show very interesting info abou
04-26 inurl:bookmarks.plist user’s surfing habits…
2005- ICalender Fileder that can contain a lot of useful information about
ext:ics ics
04-26 possible target….
2005- “MacHTTP” filetype:log MacHTTP is an webserver for Macs running OS 6-9.x. It’s pretty goo
04-26 inurl:machttp.log older Macs but the defa…
2005- ExpressionEngine is a modular, flexible, feature-packed web publish

WebLog Referrers
03-30 system that adapts to a …
2005- “#mysql dump” filetype:sql this is a mod of one of the previous queries posted in here. the basi
02-28 21232f297a57a… thing is, to add this:21…
2005- This searches for tns names files. This is an Oracle configuration file
filetype:ora tnsnames
02-15 that sets up connectio…
2005- inurl:getmsg.html These pages contain hotmail messages that were saved as HTML.
03-02 intitle:hotmail These messages can contain anythi…
2005- This search reveals NetOp license files. From the netop website: “N
+”HSTSNR” -“netop.com”
02-28 Remote Control is …
2005- intitle:”web server status”

simple port scanners for most common ports…
02-15 SSH Telnet
2005- -site:php.net -“The PHP scripts to view the source code of PHP scripts running on the server
02-15 Group” inurl:sou… Can be very interesting i…
2005- History for Netscape – So an attacker can read a user’s browsing

inurl:netscape.hst
01-27 history….
2005-
inurl:”bookmark.htm” Bookmarks for Netscape and various other browsers….
01-27
2005- Netscape Bookmark List/History: So an attacker would be able to lo

inurl:netscape.hst
01-27 the bookmark and history…
2005- There’s a bunch of interesting info in netscape.ini1. Viewers: which

inurl:netscape.ini
01-27 multimedia viewers the fir…
2005- intitle:”edna:streaming mp3 Edna allows you to access your MP3 collection from any networked
01-27 server” -for… computer. This software stream…
2005- Putty registry entries. Contain username and hostname pairs, as we

ext:reg “username=*” putty
01-27 type of session (sftp, …
2005- This will find text dumps of the DirectX Diag utility. It gives an outlin
ext:txt inurl:dxdiag
01-22 the hardware of t…
2005- This dork will return some FTP root directories. The string can be m
intitle:”FTP root at”
01-13 more specific by adding…
intext:gmail invite
2005- This is a dork I did today. At first, I wanted to find out the formula fo
intext:http://gmail.google.co
01-02 making one, but … …
m…
2005- This will give msn contact lists .. modify the “msn” to what ever you
Peoples MSN contact lists
01-02 feel is messeng…
2005-
filetype:ctt Contact This is for MSN Contact lists……
01-02
2004- intitle:”index.of” .diz .nfo last File_id.diz is a description file uploaders use to describe packages
12-30 modifi… uploaded to FTP sites. Alt…
2004-
filetype:blt “buddylist” AIM buddylists….
12-30
2004- filetype:cnf inurl:_vti_pvt The access.cnf file is a “weconfigfile” (webconfig file) used by
12-30 access.cnf Frontpage Extentions…
2004- intitle:”welcome.to.squeezebo squeezebox is the easiest way for music lovers to enjoy high-qualit
12-19 x” playback of their whole di…
2004- inurl:preferences.ini This finds the emule configuration file which contains some genera
12-19 “[emule]” proxy information.Somet…
2004- ext:conf inurl:rsyncd.conf -cvs rsync is an open source utility that provides fast incremental file
12-19 -man transfer.rsync can also tal…
2004- Affordable Web-based document and content management applica

inurl:ds.py
12-13 lets businesses of every size …
2004- Perfect Keylogger is as the name says a keylogger :)This dork finds
ext:dat bpk.dat
12-13 corresponding datafiles…
2004- intitle:”Multimon UPS status

Multimon provide UPS monitoring services…
12-04 page”
2004- php-addressbook “This is the php-addressbook shows user address information without a
12-05 addressbook for… password….
2004- PhpSystem shows info about unix systems, including: General Info
“Generated by phpSystem”
12-05 (kernel, cpu, uptime), Connect…
2004- inurl:”/axs/ax-admin.pl” This system records visits to your site. This admin script allows you
12-04 -script display these records …
2004- VMWare allows PC emulation across a variety of platforms.

ext:vmx vmx
12-03 Theseconfiguration files describe a v…
2004- VMWare allows PC emulation across a variety of platforms. These fi

ext:vmdk vmdk
12-03 are VMWare disk images wh…
2004- PQ DriveImage allows administrators to create hard rive images for

ext:pqi pqi -database
12-03 of purposes including b…
2004- Norton Ghost allows administrators to create hard rive images for l
ext:gho gho
12-03 of purposes including ba…
2004- intitle:”PHP Advanced PHP Advacaned Transfer is GPL’d software that claims to be the “Th
11-28 Transfer” (inurl:i… ultimate PHP download …
2004- intitle:”DocuShare” some companies use a Xerox Product called DocuShare. The proble
11-28 inurl:”docushar… with this is by default guest …
2004- ext:txt “Final encryption IPSec debug/log data which contains user data and password hashes.Ca
11-28 key” used to crack password…
2004- inurl:report “EVEREST Well what can be said about this one, I’ve added it to the DB under Juicy
11-20 Home Edition “ info, however it coul…
2004- “Microsoft (R) Windows * This file spills a lot of juicy info… in some cases, passwords in the raw du
11-23 (TM) Version * DrWts… but not in an…
2004- intitle:”Apache::Status” The Apache::Status returns information about the server software, opera
11-21 (inurl:server-s… system, number of c…
2004- intitle:”PhpMyExplorer” PhpMyExplorer is a PHP application that allows you to easily update you
11-18 inurl:”inde… online without an…
2004- MySQL stores its data for each database in individual files with the exten
filetype:myd myd -CVS
11-18 MYD.An attacker …
2004- filetype:config Through Web.config an IIS adminstrator can specify settings like custom
11-16 web.config -CVS error pages, authen…
2004- Netstunbler files contain information about the wireless network. For a
filetype:ns1 ns1
11-16 cleanup add stuff like:…
2004- ext:cgi inurl:editcgi.cgi This was inspired by the K-Otic report. Only two results at time of writing
11-16 inurl:file= The cgi script let…
2004- filetype:pst pst -from -to Finds Outlook PST files which can contain emails, calendaring and addre
11-12 -date information….
2004- This registry dump contains putty saved session data. SSH servers the
inurl:”putty.reg”
11-07 according usernames and p…
2004- NoCatAuth configuration file. This reveals the configuration details of wi

ext:conf NoCatAuth -cvs
11-07 gateway includi…
2004- “Certificate Practice Certificate Practice Statement (CPS)A CPS defines the measures taken to
11-05 Statement” inurl:(… secure CA operation an…
2004- filetype:inf The CAPolicy.inf file provides Certificate Servicces configuration informa
11-05 inurl:capolicy.inf which is read d…
filetype:php inurl:index
2004- PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IET
inurl:phpicalendar -site:
10-31 spec. It displays …
…
2004- intitle:”Web Server These are www analog webstat reports. The failure report shows informa
10-31 Statistics for ****” leakage about databa…
2004- intitle:”AppServ Open AppServ is the Apache/PHP/MySQL open source software installer packa
10-31 Project” -site:www… This normally includes…
2004- intitle:”Index of” upload Files uploaded through ftp by other people, sometimes you can find all s
10-24 size parent di… of things from mov…
2004- Domino is server technology which transforms Lotus NotesÃƒâ€šÃ‚Â® in

inurl:log.nsf -gov
10-20 an Internet a…
2004- Domino is server technology which transforms Lotus NotesÃƒâ€šÃ‚Â® in

ext:nsf nsf -gov -mil
10-20 an Internet a…
2004- intitle:”index.of *” admin With Compulive News you can enter the details of your news items onto
10-19 news.asp conf… webform and upload imag…
2004- inurl:cgi-bin/testcgi.exe Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussi
10-18 “Please distribute … engine for the …
2004- ext:mdb inurl:*.mdb The directory “http:/xxx/fpdb/” is the database folder used by some vers
10-18 inurl:fpdb shop.mdb of Front…
2004- This one shows configuration files for various applications. based on the
ext:ini intext:env.ini
10-16 application an attack…
2004- “Installed Objects Installed Objects Scanner makes it easy to test your IIS Webserver for
10-16 Scanner” inurl:defaul… installed components. In…
2004- intitle:”ASP Stats ASP Stats Generator is a powerful ASP script to track web site activity. It
10-16 Generator *.*” “… combines a server s…
2004- This search will show the googler ODBC client configuration files which m
inurl:odbc.ini ext:ini -cvs
10-09 contain usernames/d…
2004- intext:SQLiteManager sQLiteManager is a tool Web multi-language of management of data bas

10-05 inurl:main.php SQLite. # Management of…
2004- +”:8080″ +”:3128″

With the string [+”:8080″ +”:3128″ +”:80″ filetype:txt] it is pos…
09-29 +”:80&q…
2004- With the combined collaboration features of Windows SharePoint Service

inurl:/_layouts/settings
09-23 and SharePoint Portal S…
2004- www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used

ext:ldif ldif
09-23 nearly everything in o…
2004- filetype:pst All versions of the popular business groupware client called Outlook hav
09-11 inurl:”outlook.pst” the possibility to st…
2004- Filext.com says: “Various programs use the *.VCS extension; too many t
filetype:vcs vcs
09-22 individually….
ext:log “Software:
2004- Microsoft Internet Information Services (IIS) has log files that are normal
Microsoft Internet
09-21 not in the docroo…
Informa…
2004- Lotus Domino address This search will return any Lotus Domino address books which may be o
09-18 books to the public. This ca…
2004- filetype:asp DBQ=” * This search finds sites using Microsoft Access databases, by looking for t
09-18 Server.MapPath(“*.m… the database conne…
2004- filetype:pdb pdb backup Hotsync database files can be found using “All databases on a Palm dev
09-10 (Pilot | Pluckerdb) including the o…
2004- filetype:xls Our forum members never get tired of finding juicy MS office files. Here’
09-10 inurl:”email.xls” one by urban that fi…
2004- filetype:pot John the Ripper is a popular cracking program every hacker knows. It’s
09-10 inurl:john.pot results are stored in a …
2004- filetype:reg “Terminal These are Microsoft Terminal Services connection settings registry files.
09-07 Server Client” may sometimes co…
2004- These are Remote Desktop Connection (rdp) files. They contain th
filetype:rdp rdp
09-07 settings and sometimes the cr…
2004- The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and
inurl:snitz_forums_2000.mdb
09-07 Readme says: “it is strongl…
2004- This search will show backupfiles for xp/2000 machines.Of course
filetype:bkf bkf
09-06 these files could contain near…
2004- This search will show QuickBooks Bakup Files. Quickbook is financ
filetype:qbb qbb
09-06 accounting software so sto…
2004- ( filetype:mail | filetype:eml | storing emails in your webtree isnt a good idea.with this search go
08-26 filetype:mbox | f… will show files contai…
2004- The QDATA.QDF file (found sometimes in zipped “QDATA” archives

Quicken data files
08-25 online, sometimes not)…
2004- “phone * * *” “address *” This search gives hounderd of existing curriculum vitae with name
08-19 &qu… and adress. An attacker coul…
ext:asp inurl:pathto.asp
2004- filetype:xls -site:gov

Microsoft Excel sheets containing contact information….
08-09 inurl:contact
2004- mail filetype:csv -site:gov

CSV Exported mail (user) names and such….
08-09 intext:name
2004- intext:”Session Start * * * *:*:* These are IRC and a few AIM log files. They may contain juicy info
08-09 *” fil… just hours of good clean …
2004- (inurl:”robot.txt” | Webmasters wanting to exclude search engine robots from certain
08-09 inurl:”robots…. parts of their site often choos…
2004- Mandrake auto-install configuration files. These contain informatio

filetype:cfg auto_inst.cfg
08-05 about the installed packag…
2004-
filetype:fp7 fp7 These are Filemaker Pro version 7 databases files….
08-05
2004-
filetype:fp3 fp3 These are FileMaker Pro version 3 Databases….
08-05
2004- filetype:fp5 fp5 -site:gov These are various kinds of FileMaker Pro Databases (*.fp5 applies
08-02 -site:mil -“cvs lo… both version 5 and 6)….
2004- More Microsoft Access databases for your viewing pleasure. Resul
inurl:*db filetype:mdb
08-02 may vary, but there have bee…
2004- “allow_call_time_pass_referenc Returns publically visible pages generated by the php function
08-02 e” “P… phpinfo(). This search differs f…
2004- Greetings, The *.ora files are configuration files for oracle clients.
filetype:ora ora
08-01 attacker can identify…
2004- intitle:”Index Of” -inurl:maillog This google search reveals all maillog files within various directori
07-28 maill… on a webserver. This se…
2004- These are Remote Desktop Connection (rdp) files. They contain th
filetype:rdp rdp
09-07 settings and sometimes the cr…
2004- The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and
inurl:snitz_forums_2000.mdb
09-07 Readme says: “it is strongl…
2004- This search will show backupfiles for xp/2000 machines.Of course
filetype:bkf bkf
09-06 these files could contain near…
2004- This search will show QuickBooks Bakup Files. Quickbook is financ
filetype:qbb qbb
09-06 accounting software so sto…
2004- ( filetype:mail | filetype:eml | storing emails in your webtree isnt a good idea.with this search go
08-26 filetype:mbox | f… will show files contai…
2004- The QDATA.QDF file (found sometimes in zipped “QDATA” archives

Quicken data files
08-25 online, sometimes not)…
2004- “phone * * *” “address *” This search gives hounderd of existing curriculum vitae with name
08-19 &qu… and adress. An attacker coul…
ext:asp inurl:pathto.asp
2004- filetype:xls -site:gov

Microsoft Excel sheets containing contact information….
08-09 inurl:contact
2004- mail filetype:csv -site:gov

CSV Exported mail (user) names and such….
08-09 intext:name
2004- intext:”Session Start * * * *:*:* These are IRC and a few AIM log files. They may contain juicy info
08-09 *” fil… just hours of good clean …
2004- (inurl:”robot.txt” | Webmasters wanting to exclude search engine robots from certain
08-09 inurl:”robots…. parts of their site often choos…
2004- Mandrake auto-install configuration files. These contain informatio

filetype:cfg auto_inst.cfg
08-05 about the installed packag…
2004-
filetype:fp7 fp7 These are Filemaker Pro version 7 databases files….
08-05
2004-
filetype:fp3 fp3 These are FileMaker Pro version 3 Databases….
08-05
2004- filetype:fp5 fp5 -site:gov These are various kinds of FileMaker Pro Databases (*.fp5 applies
08-02 -site:mil -“cvs lo… both version 5 and 6)….
2004- More Microsoft Access databases for your viewing pleasure. Resul
inurl:*db filetype:mdb
08-02 may vary, but there have bee…
2004- “allow_call_time_pass_referenc Returns publically visible pages generated by the php function
08-02 e” “P… phpinfo(). This search differs f…
2004- Greetings, The *.ora files are configuration files for oracle clients.
filetype:ora ora
08-01 attacker can identify…
2004- intitle:”Index Of” -inurl:maillog This google search reveals all maillog files within various directori
07-28 maill… on a webserver. This se…
2004- inurl:profiles
Microsoft Access databases containing (user) profiles …..
07-26 filetype:mdb
intext:(password |
2004- CSV formatted files containing all sorts of user/password combinations.
passcode) intext:
07-26 Results may vary, but a…
(username | us…
2004- intitle:”Index Of” searches for cookies.txt file. On MANY servers this file holds all cookie
07-26 cookies.txt size information, which ma…
2004- inurl:forum
Microsoft Access databases containing ‘forum’ information …..
07-26 filetype:mdb
2004- inurl:backup
Microsoft Access database backups…..
07-26 filetype:mdb
2004- data filetype:mdb

Microsoft Access databases containing all kinds of ‘data’….
07-26 -site:gov -site:mil
2004-
inurl:email filetype:mdb Microsoft Access databases containing email information…..
07-26
2004- intitle:”index of” +myd The MySQL data directory uses subdirectories for each database and
07-21 size common files for table stora…
2004-
“sets mode: +s” This search reveals secret channels on IRC as revealed by IRC chat logs…
07-19
2004-
“sets mode: +p” This search reveals private channels on IRC as revealed by IRC chat logs…
07-19
2004- inurl:ssl.conf The information contained in these files depends on the actual file itself.
07-15 filetype:conf SSL.conf files cont…
2004- This search will find private key files… Private key files are supposed to b
private key files (.csr)
07-12 well… privat…
2004- This search will find private key files… Private key files are supposed to b
private key files (.key)
07-12 well… privat…
2004- exported email Loads of user information including email addresses exported in comma
07-12 addresses separated file format (.c…
2004- Ntop shows the current network usage. It displays a list of hosts that are
Welcome to ntop!
07-06 currently using the …
2004- MySQL tabledata sQL database dumps. LOTS of data in these. So much data, infact, I’m
07-06 dumps pressed to think of what e…
2004- Microsoft Money Data Microsoft Money 2004 provides a way to organize and manage your pers
07-02 Files finances (http://www.m…
2004- OWA Public Folders This search looks for Outlook Web Access Public Folders directly. These lin
06-25 (direct view) open public folde…
2004- Development of UnrealIRCd began in 1999. Unreal was created from the
Unreal IRCd
07-06 Dreamforge IRCd that was f…
2004- filetype:ctt ctt MSN Messenger uses the file extension *.ctt when you export the contact
06-22 messenger An attacker could…
2004- 94FBR “ADOBE 94FBR is part of many serials. An malicious user would only have to cha
06-10 PHOTOSHOP” the programm name (p…
2004- inurl:forward Users on *nix boxes can forward their mail by placing a .forward file in t
05-26 filetype:forward -cvs home directory. …
2004- intitle:”System Statistics” This search reveals internal network information including network
05-24 +”Syste… configuratino, ping times, s…
2004- inurl:”cacti” This search reveals internal network info including architecture, hosts a
05-24 +inurl:”graph_view.ph… services available….
2004- inurl:”/cricket/grapher.cgi This search reveals information about internal networks, such as
05-24 ” configuration, services, bandw…
2004- intitle:”Big Sister” +”OK This search reveals Internal network status information about services a
05-24 Attention… hosts….
2004- “Mecury Version” Mecury is a centralized ground control program for research satellites. T
05-18 “Infastructure Gro… query simply loca…
2004- The php.ini file contains all the configuration for how PHP is parsed on a
inurl:php.ini filetype:ini
05-17 server. It can cont…
intitle:intranet
2004- These pages are often private intranet pages which contain phone listin
inurl:intranet
05-17 and email addresses. …
+intext:”phon…
2004- filetype:blt blt Reveals AIM buddy lists, including screenname and who’s on their ‘budd
05-14 +intext:screenname list and their ‘blocke…
2004- filetype:log access.log These are http server access logs which contain all sorts of information
05-14 -CVS ranging from usernames…
2004- Displays logs from cron, the *nix automation daemon. Can be used to
filetype:log cron.log
05-14 determine backups, full an…
2004- License files for various software titles that may contain contact info an
filetype:lic lic intext:key
05-13 the product version…
2004- intitle:”index of” This file contains port number, version number and path info to MySQL
05-13 mysql.conf OR mysql_c… server….
2004- filetype:eml eml These are oulook express email files which contain emails, with full hea
05-12 +intext:”Subject” +inte… The information …
2004- filetype:mbx mbx These searches reveal Outlook v 1-4 or Eudora mailbox files. Often thes
05-11 intext:Subject are made public on pur…
2004- These are Microsoft Outlook Mail address books. The information contai
filetype:wab wab
05-10 will vary, but at the…
2004- “Request Details” These pages contain a great deal of information including path names,
05-06 “Control Tree&quo… session ID’s, stack trace…
2004- “HTTP_FROM=googlebot” These pages contain trace information that was collected when the
05-06 googlebot.com &qu… googlebot crawled a page. The…
2004- filetype:conf inurl:firewall These are firewall configuration files. Although these are often example
05-05 -intitle:cvs sample files, in m…
2004- inurl:”smb.conf” These are samba configuration files. They include information a
05-04 intext:”workgroup&… the network, trust relation…
2004- inurl:tdbin This is the default directory for TestDirector

05-03 (http://www.mercuryinteractive.com/products/test…
2004- intext:”Tobias Oetiker” “traffic This is the MRTG traffic analysis pages. This page lists informatio
05-03 an… about machines on the netw…
2004- inurl:server-info “Apache Server This is the Apache server-info program. There is so much sensiti
04-28 Information&… stuff listed on this page th…
2004- This is the print environemnts script which lists sensitive inform
inurl:perl/printenv
04-28 such as path names, ser…
2004- This is the print environemnts script which lists sensitive inform
inurl:cgi-bin/printenv
04-28 such as path names, ser…
2004- This is the fastcgi echo script, which provides a great deal of
inurl:fcgi-bin/echo
04-28 information including port numb…
2004- This page shows all sort of information about the Apache web
inurl:server-status “apache”
04-26 server. It can be used to track pr…
2004- These pages are from Shareaza client programs. Various data is
“This is a Shareaza Node”
04-21 displayed including client versi…
2004- This is a gnutella client that was picked up by google. There is a

“Running in Child mode”
04-21 of data present includin…
2004- These pages reveal server information such as port, server softw
allinurl:servlet/SnoopServlet
04-20 version, server name, full …
2004- allinurl:/examples/jsp/snp/snoop.j These pages reveal information about the server including path
04-20 sp information, port information, e…
2004- These pages generally contain newsletter administration pages.

inurl:”newsletter/admin/”
04-16 Some of these site are password …
2004- inurl:”newsletter/admin/” These pages generally contain newsletter administration pages.

04-16 intitle:”… Some of these site are password …
2004- This search reveals chat logs. Depending on the contents of the
“Index of” / “chat/logs”
04-13 logs, these files could contain…
2004- inurl:vbstats.php “page This is your typical stats page listing referrers and top ips and su
04-08 generated” This information can ce…
2004- This reveals mySQL database dumps. These database dumps lis
“#mysql dump” filetype:sql
04-05 structure and content of datab…
2004- This search reveals potential location for mailbox files by keying
intitle:index.of cleanup.log
04-05 the Outlook Express clean…
2004- This search reveals potential location for mailbox files. In some
intitle:index.of inbox dbx
04-05 cases, the data in this direc…
2004- This search reveals potential location for mailbox files. In some
intitle:index.of inbox
04-05 cases, the data in this direc…
2004- “Host Vulnerability This search yeids host vulnerability scanner reports, revealing potential
03-30 Summary Report” vulnerabilities on ho…
2004- “Network Vulnerability This search yeids vulnerability scanner reports, revealing potential
03-30 Assessment Report”… vulnerabilities on hosts a…
2004- “Thank you for your After placing an order via the web, many sites provide a page containin
03-29 order” +receipt phrase “Thank…
2004- “not for distribution” The terms “not for distribution” and confidential indicate a sensitive
03-29 confidential document. Resu…
2004- inurl:changepassword.as This is a common script for changing passwords. Now, this doesn’t actu
03-24 p reveal the password,…
2004- “Most Submitted Forms More www statistics on the web. This one is very nice.. Lots of directory
03-22 and Scripts” “… and client acce…
2004- This search can find Excel spreadsheets in an administrative directory o

inurl:admin filetype:xls
03-16 an administrative …
2004- This search can find administrative login pages. Not a vulnerability in an
intitle:admin intitle:login
03-14 itself, this que…
2004- This search can find administrative login pages. Not a vulnerability in an
inurl:admin intitle:login
03-14 itself, this que…
2004- ws_ftp.ini is a configuration file for a popular FTP client that stores
intitle:index.of ws_ftp.ini
03-04 usernames, (weakly) enc…
2004- intitle:index.of dead.letter contains the contents of unfinished emails created on the UN
03-04 dead.letter platform. Emails (fi…
2004- intitle:index.of “Apache” This is a very basic string found on directory listing pages which show th
03-04 “server a… version of the Apac…
2004- intitle:”wbem” compaq These devices are running HP Insight Management Agents for Servers w
03-04 login “Compaq… “provide device i…
2004- inurl:main.php Welcome From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended
03-04 to phpMyAdmin handle the administ…
2004- inurl:main.php From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended

03-04 phpMyAdmin handle the administ…
2004- “phpMyAdmin” “running From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended
03-04 on” inur… handle the administ…
2004- “robots.txt” “Disallow:” The robots.txt file serves as a set of instructions for web crawlers. The
03-04 filet… “disallow” …
2004- intitle:”Usage Statistics The webalizer program shows web statistics for web servers. This
03-04 for” “Gen… information includes who is vi…
2004- intitle:”statistics of” the awstats program shows web statistics for web servers. This informa
03-04 “advanced w… includes who is visi…
2004- The ipsec.conf file could help hackers figure out what uber-secure users
ipsec.conf
03-04 freeS/WAN are prote…
2004- from the manpage for ipsec_secrets: “It is vital that these secrets be
ipsec.secrets
03-04 protected. The file…
2004- from the manpage for ipsec_secrets: “It is vital that these secrets be
ipsec.secrets
03-04 protected. The file…
2004- This is another less reliable way of finding the cgiirc.config file. CGIIRC is a
cgiirc.conf
03-04 web-based IRC …
2004- CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists
cgiirc.conf
03-04 options for…
2004- From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to

phpMyAdmin dumps
03-04 handle the administ…
2004- From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to

phpMyAdmin dumps
03-04 handle the administ…
2003- mystuff.xml – Trillian This particular file contains web links that trillian users have entered into
08-19 data files tool. Trillia…
2003- I never really thought about this until I started coming up with juicy exam
site:edu admin grades
07-10 for DEFCON 11…..
2003- haccess.ctl (VERY haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way
06-30 reliable) file decribe…
2003- this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file
haccess.ctl (one way)
06-30 describes who can…
2003- “generated by More www statistics on the web. This one is very nice.. Lots of directory in
06-30 wwwstat” and client acce…
2003- Another web statistics package. This one originated from a google scan o
“produced by getstats”
06-30 ivy league college…
2003- “This report was These are weblog-generated statistics for web sites… A roadmap of files,
06-27 generated by WebLog” referrers, errors, s…
2003- The robots.txt file contains “rules” about where web spiders are allowed (
robots.txt
06-27 NOT all…
2004- this brings up sites with phpinfo(). There is SO much cool stuff in here tha
phpinfo()
11-18 you just have to …
2003- These searches bring up common names for AOL Instant Messenger
AIM buddy lists
06-24 “buddylists”. These li…
2003- These folks had the technical prowess to unpack the movable type files, b
mt-db-pass.cgi files
06-24 couldn’t manage to …
2003- sQL database dumps. LOTS of data in these. So much data, infact, I’m pre
sQL data dumps
06-24 to think of what e…
2003- Financial spreadsheets: “Hey! I have a great idea! Let’s put our finances on our website in a secre
06-24 finances.xls directory so …
2003- Financial spreadsheets: “Hey! I have a great idea! Let’s put our finances on our website in a secre
06-24 finance.xls directory so …
2003- ICQ chat logs, ICQ (http://www.icq.com) allows you to store the contents of your online ch
06-24 please… into a file. The…
2003- Ganglia Cluster These are server cluster reports, great for info gathering. Lesse, what were
06-24 Reports those server names…
2003- squid cache server These are squid server cache reports. Fairly benign, really except when yo
06-24 reports consider using them…
2012-
inurl:finger.cgi Finger Submitted by: Christy Philip Mathew…
11-02
2012- site*.*.*/webalizer Shows usage statistics of sites. Includes monthy reports on the IP
08-21 intitle:”Usage Statistics… addresses, user agents, and …
2006- intitle:r57shell +uname compromised servers… a lot are dead links, but pages cached show
05-04 -bbpress interesting info, this is r5…
2006- “The statistics were last

Results include many varius Network activity logs…
05-03 updated” “…
2006- inurl:/counter/index.php This is an online vulnerable web stat program called PHPCounter
04-06 intitle:”+PHPCounter… 7.http://www.clydebelt.org.uk/c…
2006- inurl:”NmConsole/Login.as Ipswitch Whats Up Monitoring 2005!This is a console for Network

03-13 p” | intitle:&q… Monitoring, access beyond the p…
2006- inurl:CrazyWWWBoard.cgi gives tons of private forum configuration information.examples: Globa

02-08 intext:”detailed debu… variables installed, wha…
2005- An HP Java network management tool. It is a sign that a network may

inurl:ovcgi/jovw
12-31 be configured properly….
2005- inurl:proxy | inurl:wpad Information about proxy servers, internal ip addresses and other netwo
12-21 ext:pac | ext:dat findpro… sensitive stuff….
inurl:webalizer
2005- ***WARNING: This search uses google images, disable images unless y
filetype:png -.gov -.edu
11-21 want your IP spewed acros…
-.mil -op…
2005- intitle:”Retina Report” This googledork finds vulnerability reports produced by eEye Retina
10-26 “CONFIDENTI… Security Scanner. The info…
2005- “Shadow Security Scanner This is a googledork to find vulnerability reports produced by Shadow
10-26 performed a vulnerab… Security Scanner. They c…
2005- “The following report This googledork reveals vunerability reports from many different vendo
10-26 contains confidential i… These reports can co…
2005- Nagios Status page. See what ports are being monitored as well as ip
inurl:status.cgi?host=all
10-04 addresses.Be sure to check…
2005-
inurl:login.jsp.bak JSP programmer anyone? You can read this!…
09-30
2005- intitle:”Belarc Advisor People who have foolishly published an audit of their machine(s) on th
02-15 Current Profile”… with some server in…
2005- “Traffic Analysis for” List of RMON ports produced by MRTG which is a network traffic analys
03-05 “RMON Port *… tool. See also #198…
2005- “powered | performed by This search finds Beyond Security reports. Beyond Security sells a box
02-03 Beyond Security’s Aut… which performs automated…
2004- intitle:”PHPBTTracker This query shows pages which summarise activity on PHPBT-powered
12-30 Statistics” | inti… BitTorrent trackers – all the …
2004- This query shows pages which summarise activity on BNBT-powered

intitle:”BNBT Tracker Info”
12-30 BitTorrent trackers – including…
2004- intitle:”Azureus : Java BitTorrent This query shows machines using the Azureus BitTorrent client’s b
12-30 Client Tra… in tracker – the pages ar…
2004- This searches for the install.php file. Most results will be a Bulletin
inurl:”install/install.php”
12-29 board like Phpbb etc.T…
2004- intext:”Welcome to the Web see and control JVC webcameras, you can move the camera, zoom
12-07 V.Networks” i… change the settings, etc…….
2004- intitle:”start.managing.the.devi MCK Communications, Inc.PBXgatewayIIHigh density central site

12-10 ce” remo… gateway for remote PBX access(MCK…
2004- “Radiator is a highly configurable and flexible Radius server that

ext:cfg radius.cfg
12-06 supports authentication…
2004- filetype:php inurl:ipinfo.php Dshield is a distributed intrusion detection system. The ipinfo.php
12-07 “Distributed In… script includes a whois loo…
2004- inurl:”sitescope.html” Mercury SiteScope designed to ensure the availability and

12-03 intitle:”sit… performance of distributed IT infrast…
2004- intitle:”twiki” TWiki has many security problems, depeding on the version insta
12-02 inurl:”TWikiUsers&q… TWiki, is a flexible, powe…
2004- “Phorum Admin” “Database Phorum admin pagesThis either shows Information leakage (path
11-28 Connection… or it shows Unprotected Adm…
2004- “Output produced by SysWatch sysWatch is a CGI to display current information about your UNIX
11-28 *” system. It can display drive p…
2004- Testpage / webserver environmentThis is the test cgi for xitami

inurl:testcgi xitami
11-28 webserver. It shows the webserv…
2004- filetype:log ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive i
11-28 intext:”ConnectionManager2″ like ip addresses, phon…
2004- intitle:”sysinfo * ” Lots of information leakage on these pages about active network
11-12 intext:”Genera… services, server info, network …
2004- inurl:portscan.php “from This is general search for online port scanners which accept any I
11-12 Port”|”Por… does not find a specifi…
2004- PhotoPost Pro is photo gallery system. This dork finds its installati
inurl:/adm-cfgedit.php
11-07 page.You can use this p…
2004- webutil.pl is a web interface to the following services:* ping*
inurl:webutil.pl
11-07 traceroute* whois* finger* nslo…
2004- Domino is server technology which transforms Lotus NotesÃƒâ€šÃ

inurl:statrep.nsf -gov
10-20 into an Internet a…
2004- inurl:/cgi-bin/finger? “In real The finger command on unix displays information about the syste
10-19 life” users. This search displays pr…
2004- inurl:/cgi-bin/finger? Enter The finger command on unix displays information about the syste
10-19 (account|host|user|us… users. This search displays th…
2004- filetype:php inurl:nqt Network Query Tool enables any Internet user to scan network
10-18 intext:”Network Query … information using:* Resolve/Revers…
2004- inurl:”map.asp?” “WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily trac
10-05 intitle:”WhatsUp G… variables associate…
2004- ext:cgi intext:”nrg-” ” NRG is a system for maintaining and visualizing network data and other
09-29 This web pa… resource utilization dat…
2004- ((inurl:ifgraph “Page ifGraph is a set of perl scripts that were created to fetch data from SNMP
09-29 generated at”) OR … agents and feed a RR…
2004- inurl:”/catalog.nsf” This will return servers which are running versions of Lotus Domino. The
09-10 intitle:catalog catalog.nsf is the ser…
“Powered by
2004- phpOpenTracker is a framework solution for the analysis of website traffi
phpOpenTracker”
09-21 and visitor analysis…
Statistics
site:netcraft.com
2004- Netcraft reports a site’s operating system, web server, and netblock own
intitle:That.Site.Running
09-21 together with, if av…
Apache
2004- “this proxy is working These are test pages for some proxy program. Some have a text field th
08-13 fine!” “ente… allows you to use that…
2004- This search shows the webserver access stats as the user “admin”. The
“apricot – admin” 00h
07-29 language used i…
“by Reimar Hoven. All

2006- dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” |
Rights Reserved.
04-15 inurl:”log/logdb.dta&…
Discla…
2004- intitle:”Microsoft Site Microsoft discontinued Site Server and Site Server Commerce Edition on
07-16 Server Analysis” June 1, 2001 with the in…
2004- Analysis Console for ACID stands for for “Analysis Console for Incident Databases”. It is a php
07-12 Incident Databases frontend f…
2004- A Looking Glass is a CGI script for viewing results of simple queries exec
Looking Glass
06-22 on remote router…
2004- “Version Info” “Boot This is the status page for a Belkin Cable/DSL gateway. Information can
06-04 Version” … retrieved from this …
2004- intitle:”ADSL This is the status screen for the Solwise ADSL modem. Information avail
06-04 Configuration page” from this page incl…
2004- filetype:vsd vsd network Reveals network maps (or any other kind you seek) that can provide
05-13 -samples -examples sensitive information such a…
2004- filetype:pdf “Assessment These are reports from the Nessus Vulnerability Scanner. These report
05-03 Report” nessus contain detailed informat…
inurl:phpSysInfo/
2004- This statistics program allows the an admin to view stats about a webse
“created by
04-16 Some sites leave t…
phpsysinfo”…
2004- snort is an intrusion detection system. SnorfSnarf creates pretty web pa

“SnortSnarf alert page”
04-16 from intrusion dete…
2004- “Network Host This search yeids ISS scan reports, revealing potential vulnerabilities on
03-30 Assessment Report” “I… hosts and networks. …
2004- “This report lists” This search yeids ISS scan reports, revealing potential vulnerabilities on
03-30 “identified by … hosts and networks. …
201
4- typo3 passwords Bruno Schmid …
inurl:typo3conf/localconf.php
04-
07
201
4- inurl:/backup intitle:index of Google Search:https://www.google.com/search?
03- backup intext:*sql client=opera&q=admin+username+and+pass&sour…
31
201
3- Passwords for Java Management Extensions (JMX Remote) Used by
filetype:password jmxremote
11- jconsole, Eclipse’s MAT, Java Vi…
25
201
3- ext:sql intext:@gmail.com
author:haji …
11- intext:password
25
201
3- site:github.com inurl:sftp- Find disclosed FTP login credentials in github repositories Credit:
11- config.json RogueCoder…
25
201
3- site:github.com inurl:sftp- Finds disclosed ftp FTP for WordPress installs, which have been pushe
11- config.json intext:/wp-… a public repo on GitH…
25
201
3- “BEGIN RSA PRIVATE KEY”
To find private RSA Private SSL Keys …
09- filetype:key -gi…
24
201
3- filetype:sql insite:pass && Google Dork: filetype:sql insite:pass && user We Can get login userna
04- user and password…
22
201
3- ext:sql intext:@hotmail.com By , NItish Mehta , www.illuminativeworks.com/blog
04- intext :password https://www.facebook.com/illuminativework…
09
201
3- filetype:config This google dork to find sensitive information of MySqlServer , “uid, a
04- inurl:web.config inurl:ftp password” …
09
201
3- filetype:inc OR filetype:bak Aggregates previous mysql_(p)connect google dorks and adds a new
02- OR filetype:old mysql… filetype. Searches common fil…
05
201
3- ext:xml (“proto=’prpl-‘” | *Google Search:* https://www.google.com/search?q=ext:xml
02- “prpl-ya… %20(%22proto=’prpl-‘%22%20|%20%22prp…
05
201
2- allinurl:”User_info/auth_user_ Google dork for find user info and configuration password of DCForum
11- file.txt” allinurl:”User_info/…
05
201
2- A path to a DES encrypted password for DBMan ( http://www.gossam
inurl:”/dbman/default.pass”
11- threads.com/products/archiv…
02
201
2- “parent directory” This dork is based on this: http://www.exploit-db.com/ghdb/1212/ but
11- proftpdpasswd intitle… improved cause that is u…
02
201
2- filetype:xls “username | filetype:xls “username | password” This search reveals usernames an
11- password” passwords of …
02
201
ext:xml
2-
(“mode_passive”|”mode_defa OffSec: So the dork is: ext:xml (“mode_passive”|”mode_default”) Th…
11-
u…
02
201
2- intext:charset_test= email= find facebook email and password …
08- default_persistent=
21
201 inurl:”passes” OR Hack the $cr1pt kiddies. There are a lot of Phishing pages hosted on
2-
08- inurl:”passwords&… internet , this dork wi…
21
201
2- filetype:cfg “radius” (pass| Find config files with radius configs and passwords and secrets… Lov
05- passwd|passw… Bastich …
15
2011- (username=* | username:* |) |

Logged username, passwords, hashes Author: GhOsT-PR …
12-27 ( ((password=* | pas…
2011- Search for WordPress MySQL database backup. Author:

filetype:sql inurl:wp-content/backup-*
12-14 AngelParrot …
2011- This dork looks for Roboform password files. Author: Robe
“My RoboForm Data” “index of”
12-12 McCurdy …
2011-
inurl:”/Application Data/Filezilla/*” OR… this dork locates files containing ftp passwords …
11-19
2011- filetype:php~ (pass|passwd|password| Backup or temp versions of php files containing you gues
10-11 dbpass|db_pass… it passwords or other ripe for the…
2011- this string may be used to find many low hanging fruit on
inurl:ftp “password” filetype:xls
09-26 sites recently indexed by google….
2011- filetype:sql “phpmyAdmin SQL Dump”

phpMyAdmin SQL dump with passwords Bastich …
06-28 (pass…
2011- filetype:sql “MySQL dump” (pass|

MySQL database dump with passwords Bastich …
06-28 password…
2011- filetype:sql “PostgreSQL database

PostgreSQL database dump with passwords Bastich …
06-28 dump” …
2011- filetype:ini “[FFFTP]” (pass|passwd| Asian FTP software -, run the password hash through John
04-18 pass… Author: Bastich …
2011- filetype:ini “FtpInBackground” (pass| Total commander wxc_ftp.ini run has through John etc. or
04-18 pas… better use http://wcxftp.org.ru/…
2011- filetype:ini “precurio” (pass|passwd|

plain text passwods …
04-18 pas…
2011- filetype:ini “SavedPasswords” (pass| Unreal Tournament config, plain text passwords Author:
04-18 pass… Bastich …
2011- filetype:ini “pdo_mysql” (pass|passwd| full details dbname dbuser dbpass all plain text
04-18 pa… Author:Bastich …
2011- Google search for web site build with symfony framework
inurl:web/frontend_dev.php -trunk
01-09 in development environment. In …
2011- inurl:config/databases.yml -trac -trunk Google search for web site build with symfony framework
01-09 -“Goo… This file contains the login / passwo…
2010- Google search for Cisco config files (some variants below)
inurl:-cfg intext:”enable password”
11-10 inurl:router-confg inurl:-confg…
2006- This returns xls files containing login names and password
“login: *” “password: *” filet…
09-06 works by showing all the xls fi…
2006- Hacking a phpBB forum. Here you can gather the mySQL
ext:php intext:”$dbms””$dbhost”…
08-10 connection information for their forum dat…
2006- CalenderScript is an overpriced online calender system

inurl:”calendarscript/users.txt”
03-21 written in perl. The passwords are encry…
2006- filetype:sql “insert into” (pass|

Looks for SQL dumps containing cleartext or encrypted passwords…
03-06 passwd|…
2006- filetype:reg reg +intext:ÃƒÂ¢Ã This can be used to get encoded vnc passwords which can otherwis
02-05 ¢â€šÂ¬Ã… obtained by a local regist…
2006- ext:asa | ext:bak intext:uid

search for plaintext database credentials in ASA and BAK files….
01-02 intext:pwd -“uid…
2006- enable password | secret Another Cisco configuration search. This one is cleaner, gives comp
01-02 “current configurati… configuration files and…
2006- ext:passwd -intext:the Various encrypted passwords, some plaintext passwords and some
01-02 -sample -example private keys are revealed by thi…
2006- inurl:”editor/list.asp” | This search finds CLEARTEXT usernames/passwords for the Results
01-02 inurl:”da… Database Editor. The log in po…
2006- This query searches for files that have been renamed to a .bak
filetype:bak createobject sa
01-01 extension (obviously), but inclu…
2005- inurl:ventrilo_srv.ini This search reveals the ventrilo (voice communication program use
12-19 adminpassword many online gamers) passw…
2005- “parent directory” User names and password hashes from web server backups genera
11-30 +proftpdpasswd by cpanel for ProFTPd. Passwo…
2005- Ruby on Rails is a MVC full-stack framework for development of we

ext:yml database inurl:config
11-14 applications. There’s a conf…
2005- FlashFXP has the ability to import a Sites.dat file into its current
inurl:”Sites.dat”+”PASS=”
11-03 Sites.dat file, using this…
2005- Yes, people actually post their teamspeak servers on websites. Just
server-dbs “intitle:index of”
10-30 for the words superadm…
2005- inurl:/yabb/Members/Admin.d This search will show you the Administrator password (very first lin
09-28 at YaBB forums whose own…
2005- “admin account info” searches for logs containing admin server account information such
09-25 filetype:log username and password….
2005- “your password is” This search finds log files containing the phrase (Your password is).
09-24 filetype:log These files often contain…
2005-
intitle:rapidshare intext:login Rapidshare login passwords….
09-18
2005- some people are that stupid to keep their Cisco routers config files
intext:”enable password 7″
09-13 site. You can easly fin…
2005- If you want to find out FTP passwords from FlashFXP Client, just typ
filetype:dat inurl:Sites.dat
09-13 this query in google and …
2005-
ext:inc “pwd=” “UID=” Database connection strings including passwords…
08-31
2005- [WFClient] Password= The WinFrame-Client infos needed by users to connect toCitrix
07-27 filetype:ica Application Servers (e.g. Metafra…
2005- inurl:cgi-bin CGI Calendar (Perl) configuration file reveals information including
06-24 inurl:calendar.cfg passwords for the program….
2005- intitle:”phpinfo()” This will look throught default phpinfo pages for ones that have a defau
06-05 +”mysql.default… mysql password….
2005- Accesses passwords mostly in cgibin but not all the timeCan find passw
inurl:pass.dat
06-04 + usernames (sometim…
2005- inurl:perform.ini mIRC Passwords For Nicks & Channels in channel\[chanfolder] section o
06-06 filetype:ini mirc.ini you can fin…
2005- intext:”powered by HTMLJunction EZGuestbook is prone to a database disclosure vulnerabi

05-11 EZGuestbook” Remote users may down…
2005- inurl:server.cfg rcon

Counter strike rcon passwords, saved in the server.cfg….
05-06 password
!Host=*.*
2005- some people actually keep their VPN profiles on the internet…omg… Sim
intext:enc_UserPassword
05-02 donwload the pcf f…
=* ext:pcf
wwwboard WebAdmin
2005- This is a filtered version of previous ‘inurl:passwd’ searches, focusing on
inurl:passwd.txt
03-28 WWWBoard [1]. Ther…
wwwboard|webad…
2005- sysprep is used to drive unanttended MS Windows installations. The file

filetype:inf sysprep
03-20 contain all informatio…
2005- the unattend.txt is used to drive unanttended MS Windows installations

ext:txt inurl:unattend.txt
03-20 The files contain all i…
filetype:sql
2005- Find insert statements where the field (or table name) preceding the
("passwd
02-23 operator VALUES will be ‘…
values" | …
2005- filetype:sql (“values * Locate insert statements making use of some builtin function to encryp
02-23 MD5” | “val… password. PASSWORD(),…
2005- intitle:”Index of” This dork lists sc_serv.conf files. These files contain information for
02-10 sc_serv.conf sc_serv … Shoutcast servers and o…
2005- “Powered by Link Link management script with advanced yet easy to use admin control
02-15 Department” panel, fully template driven…
"Powered by
2005- Here is another DUware product, DUpaypal. Once you get hold of the
DUpaypal"
02-07 database it contains the adm…
-site:duwa…
filetype:inc
2005- INC files have PHP code within them that contain unencrypted usernam
mysql_connect OR
02-09 passwords, and addresse…
mysql_pconnect
2005- ext:ini Version=4.0.0.4 The servU FTP Daemon ini file contains setting and session information
01-27 password including usernames, pas…
2004- Well, this is the configuration file for Eudora…may contain sensitive
ext:ini eudora.ini
12-19 information like pop se…
2004- intext:”powered by Web Web Wiz Journal ASP Blog. The MDB database is mostly unprotected an
12-13 Wiz Journal” can be downloaded directly…
2004- filezilla.xml contains Sites,Logins and crypted Passwords of ftp connecti

inurl:filezilla.xml -cvs
12-02 made with the open…
2004- inurl:”GRC.DAT” symantec Norton Anti-Virus Corporate Edition data file containing encrypte
11-28 intext:”password&qu… passwords….
2004- filetype:log “See BARF log filesMan page:Barf outputs (on standard output) a collection of
11-28 ìpsec –copyright” debugging information …
“powered by
2004- Most duware products use Microsoft Access databases in default locations
dudownload”
11-23 without instructing th…
-site:duware.com
intitle:dupics inurl:
(add.asp | default.asp
| view…
“powered by
duclassmate”
-site:duware.co…
“Powered by
Duclassified”
-site:duware.c…
“Powered by
Dudirectory”
-site:duware.co…
“Powered by
Duclassified”
-site:duware.c…
“powered by
ducalendar”
-site:duware.com
2004- intext:”enable secret 5 sometimes people make mistakes and post their cisco configs on “help site
11-16 $” and don’t…
2004- “liveice configuration This finds the liveice.cfg file which contains all configuration data for an Ice
11-08 file” ext:cfg -si… server. P…
2004- filetype:ini inurl:”serv- serv-U is a ftp/administration server for Windows. This file leaks info about
11-06 u.ini” version, user…
2004- linux vpns store there usernames and passwords for PAP authentification in
inurl:pap-secrets -cvs
11-06 file called “…
2004- linux vpns store their usernames and passwords for CHAP authentification
inurl:chap-secrets -cvs
11-06 file called “…
2004- filetype:ini FlashFXP offers the easiest and fastest way to transfer any file using FTP,
10-10 inurl:flashFXP.ini providing an except…
2004- “Powered By Elite Elite forums is one of those Microsoft Access .mdb file based forums. This o
09-24 Forum Version *.*” is particularly …
2004- Web Wiz Forums is a free ASP Bulletin Board software package. It uses a
filetype:mdb wwforum
09-24 Microsoft Access databa…
2004- “index of/” “ws_ftp.ini” This search is a cleanup of a previous entry by J0hnny. It uses “parent
09-17 “… directory” to…
filetype:config config
2004- These files generally contain configuration information for a .Net Web
intext:appSettings
09-16 Application. Things like…
“Us…
2004- This searches for Total commander FTP passwords (encrypted) in a file calle
filetype:ini wcx_ftp
08-25 wcx_ftp.ini. Only …
2004- LeapFTP intitle:”index.of./” The LeapFTP client configuration file “sites.ini” holds the login
08-20 sites.ini m… credentials for tho…
2004- Oekakibss is a japanese anime creation application. The config

filetype:conf oekakibbs
08-16 tells an attacker the encry…
2004- This is a query to get inline passwords from search engines (no
“http://*:*@www” domainname
08-14 Google), you must type in…
2004- filetype:bak inurl:”htaccess| This will search for backup files (*.bak) created by some editors
08-14 passwd|shadow|ht… even by the administrator …
2004- ASP-Nuke database file containing passwords.This search goes

inurl:/db/main.mdb
08-13 the direct location and has fe…
2004- This search reveals database dumps that most likely relate to t
inurl:nuke filetype:sql
08-10 php-nuke or postnuke content …
2004- The servU FTP Daemon ini file contains setting and session
filetype:ini ServUDaemon
08-06 information including usernames, pas…
2004- Generally, these are dbman password files. They are not clearte
filetype:pass pass intext:userid
08-06 but still allow an attacker …
2004- This searches the password for “Website Access Analyzer”, a
“AutoCreate=TRUE password=*”
08-05 Japanese software that cr…
2004- The software wwwboard stores its passwords in a file called

inurl:/wwwboard
08-01 “passwd.txt”.An attacker …
2004- These are Windows Password List files and have been known to
filetype:pwl pwl
07-29 easy to crack since the release…
2004- “# -FrontPage-” ext:pwd inurl: Frontpage.. very nice clean search results listing !!No further
07-26 (service |… comments required..changelog:22…
2004- This search reveals channel keys (passwords) on IRC as reveale

“sets mode: +k”
07-19 from IRC chat logs….
2004- intitle:”Index of” passwords These directories are named “password.” I wonder what you m
07-16 modified find in here. Warning…
2004- inurl:lilo.conf filetype:conf LILO is a general purpose boot manager that can be used to bo
07-16 password -tatercount… multiple operating systems, inc…
2004- NickServ allows you to “register” a nickname (on some IRC

NickServ registration passwords
07-12 networks) and prevent other…
2004- psyBNC is an IRC-Bouncer with many features. It compiles on Li

psyBNC config files
07-06 FreeBSD, SunOs and Solaris. …
2004- Everyone has this problem, we need to remember many passw

filetype:mdb inurl:users.mdb
06-16 to access the resources we use. S…
2004- CCBill.com sells E-tickets to online entertainment and subscript

inurl:ccbill filetype:log
06-18 based websites. CCBill.com …
2004- inurl:ospfd.conf intext:password GNU Zebra is free software that manages TCP/IP based routing
06-10 -sample -test -tu… protocols. It supports BGP-4 proto…
inurl:zebra.conf
2004- GNU Zebra is free software that manages TCP/IP based routing protocols.
intext:password -sample
06-10 supports BGP-4 prot…
-test -tu…
2004- Microsoft Frontpage extensions appear on virtually every type of scanner

filetype:pwd service
06-10 the late 90’s peop…
2004- Database maintenance is often automated by use of .sql files that contai
filetype:sql password
06-04 many lines of batched…
2004- filetype:sql Database maintenance is often automated by use of .sql files wich may
06-04 +”IDENTIFIED BY” -cvs contain many lines of bat…
2004- According to filext.com, the ldb file is “A lock file is used to keep muti-use
filetype:ldb admin
06-02 databases …
2004- filetype:cfg mrtg Mrtg.cfg is the configuration file for polling SNMP enabled devices. The
06-02 “target[*]” -sample -c… community string (ofte…
2004- The world-famous web-browser Opera has the ability to save the passwo
filetype:dat wand.dat
05-27 for you, and it call th…
2004- signin filetype:url Javascript for user validation is a bad idea as it shows cleartext user/pass
05-26 combos. There is …
2004- The .netrc file is used for automatic login to servers. The passwords are
filetype:netrc password
05-26 stored in cleartext….
2004- The encryption method used in WS_FTP is _extremely_ weak. These files
filetype:ini ws_ftp pwd
05-26 be found with the &qu…
2004- inurl:”slapd.conf” slapd.conf is the configuration file for slapd, the opensource LDAP deamo
05-25 intext:”rootpw&q… You can view a clea…
2004- inurl:”slapd.conf” slapd.conf is the configuration file for slapd, the opensource LDAP deamo
05-25 intext:”credenti… The key “crede…
2004- This file contains the username and password the website uses to conne
filetype:inc dbconn
05-26 the db. Lots of th…
2004- inurl:”wvdial.conf” The wvdial.conf is used for dialup connections.it contains phone numbers
05-24 intext:”passwor… usernames and passwor…
2004- filetype:pem This search will find private key files… Private key files are supposed to b
05-17 intext:private well… privat…
2004- slapd.conf is the file that contains all the configuration for OpenLDAP,
filetype:conf slapd.conf
05-17 including the root pas…
2004- filetype:dat This file contains plaintext usernames and password. Deadly information
05-17 “password.dat” the hands of an atta…
2004- filetype:log These files contain cleartext usernames and passwords, as well as the sit
05-13 inurl:”password.log” associated with tho…
filetype:url
2004- These are FTP Bookmarks, some of which contain plaintext login names a
+inurl:”ftp://”
05-12 passwords….
+inurl:&qu…
2004- inurl:vtund.conf Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund

05-12 intext:pass -cvs encrypted tunne…
filetype:reg reg
2004- This search reveals SSH host key fro the Windows Registry. These fi
HKEY_CURRENT_USER
05-11 contain information abou…
SSHHOSTKEYS
filetype:reg reg
2004- These pages display windows registry keys which reveal passwords
+intext:”defaultusername&qu
05-07 and/or usernames….
o…
2004- filetype:inc INC files have PHP code within them that contain unencrypted
05-05 intext:mysql_connect usernames, passwords, and addresse…
2004- filetype:properties inurl:db The db.properties file contains usernames, decrypted passwords an
05-04 intext:password even hostnames and ip addres…
2004- intitle:”index of”

contains plaintext user/pass for mysql database…
05-03 intext:globals.inc
2004- Displays the perform.ini file used by the popular irc client mIRC. Of
inurl:perform filetype:ini
05-03 times has channel pass…
2004- intitle:”index of” These files often contain usernames and passwords for connection
04-26 intext:connect.inc mysql databases. In many ca…
2004- These are eggdrop config files. Avoiding a full-blown descussion ab

eggdrop filetype:user user
04-26 eggdrops and IRC bots, s…
2004- filetype:cfm “cfapplication These files contain ColdFusion source code. In some cases, the pag
04-19 name” passwo… are examples that are foun…
2004- Not all of these pages are administrator’s access databases contain
allinurl: admin mdb
04-16 usernames, passwords and…
2004- This file contains usernames and (lame) encrypted passwords! Arm
intitle:Index.of etc shadow
03-04 with this file and a decent …
2004- inurl:secring ext:skr | ext:pgp This file is the secret keyring for PGP encryption. Armed with this fi
03-04 | ext:bak (and perhaps a passphr…
2004- intitle:index.of This file contains administrative user names and (weakly) encrypte
03-04 administrators.pwd password for Microsoft Fron…
2004- This is a nifty way to find htpasswd files. Htpasswd files contain
htpasswd
03-04 usernames and crackable pass…
2004-
passlist.txt (a better way) Cleartext passwords. No decryption required!…
01-23
2003- Trillian pulls together all sort of messaging clients like AIM MSN, Yah
trillian.ini
08-19 IRC, ICQ, etc. The v…
2003- inurl:config.php dbuname The old config.php script. This puppy should be held very closely. It
07-29 dbpass should never be viewable …
2003- DCForum’s password file. This file gives a list of (crackable) passwo
auth_user_file.txt
07-11 usernames and email a…
2003- filetype:xls username This search shows Microsoft Excel spreadsheets containing the wor
06-30 password email username, password and emai…
2003- This search gets you access to the etc directory, where many many
etc (index.of)
06-27 many types of password files …
2003- I’m not sure what uses this, but the passlist and passlist.txt files contain
passlist
06-27 passwords in CLEAR…
2003- This search brings up sites with “config.php” files. To skip the technical
config.php
06-24 discussion…
2003- There’s nothing that defines a googleDork more than getting your
passwd / etc (reliable)
06-24 PASSWORDS grabbed by Google fo…
spwd.db / passwd
htpasswd / htgroup
htpasswd / htpasswd.bak
pwd.db
master.passwd
passwd
2003-
people.lst *sigh*…
06-24
2003- intitle:index.of PGP is a great encryption technology. It keeps secrets safe. Everyone fro
06-24 intext:”secring.skr”|&q… drug lords to the he…
2003- The .mysql_history file contains commands that were performed agains
mysql history files
06-24 mysql database. A “…
2014-
intitle:”Zimbra Web Client Log In” Open Source Zimbra Webmail Login pages …
04-21
2014-
intitle:”Zimbra Web Client Sign In” Open Source Zimbra Webmail Login pages …
04-21
2014-
inurl:typo3/install/index.php?mode= typo3 install logins Bruno Schmid …
04-07
2014- Finds login portals for Citrix XenApp. – Andy G –

inurl:”Citrix/XenApp/auth/login.aspx”
03-31 twitter.com/vxhex …
dork submitted by M4RKM3N aka Osama Mahmood

2014- revels admin login panels of sites …
intitle:Admin inurl:login.php site:.co.in
02-28
2014- zimbra webmail login page lookup allinurl:”zimbra/

allinurl:”zimbra/?zinitmode=http” -googl…
02-05 zinitmode=http” -google -github …
2014- [+] This dork will help you find Chamilo login porta
allinurl:”/main/auth/profile.php” -githu…
01-03 Depending on the version, the site co…
2013- Title: google hacking username and password of jo

inurl:/administrator/index.php?autologin=1
12-03 Google Dork: inurl:/administrator/index….
2013- Hi, I would like to submit this GHDB which allow to

“inurl:/data/nanoadmin.php”
11-25 out nanoCMS administration pages :…
2013- Finds login pages for Jenkins continuous integration

inurl:”/jenkins/login” “Page genera…
11-25 servers. – Andy G – twitter.com/vxhex …
2013- inurl:”/module.php/core/loginuserpass.php&qu Finds SimpleSAMLphp login pages. – Andy G –

11-25 o… twitter.com/vxhex …
2013- [+] Description – Find OWA login portals Regards,

allinurl:”owa/auth/logon.aspx” -google -…
11-25 necrodamus http://www.twitter.com/ne…
2013- IP Codecs offering “studio quality audio and video o
intitle:”Comrex ACCESS Rack”
09-24 wired and wireless IP circuits&qu…
2013- inurl:phpmyadmin/index.php & #Summary: PHP Admin login portals #Author: g00g
08-08 (intext:username … 5c0u7 …
2013- #Summary: Surveillance login portals #Author: g0

intitle:”::: Login :::” & intext:&qu…
08-08 5c0u7 …
2013- #Summary: VoIP login portals #Category: Pages

inurl:8080 intitle:”login” intext:”…
08-08 containing login portals #Author: g00gl3 5c0u7 …
2013- intitle:”WebMail | Powered by Winmail Server #Summary: Winmail login portals #Author: g00gl3
08-08 … 5c0u7 …
2013- #Summary: OTRS login portals #Author: g00gl3 5c

intitle:”Login – OTRS” inurl:pl
08-08 …
2013- #Summary: Several Web Pages Login Portal #Cate

inurl:”/secure/login.aspx”
08-08 Pages containing login portals #Author: g…
2013- intext:”I’m using a public or shared #Summary: Windows Business Server 2003 Login
08-08 computer… portal #Category: Pages containing login portals …
2013- intitle:”.:: Welcome to the #Summary: ZyXEL router login portal #Category: Pages containing lo
08-08 Web-Based Configu… portals #Author: g00gl3…
2013- intitle:”Internet Security #Summary: ZyWall Firewall login portal #Category: Various Online
08-08 Appliance” &a… Devices #Author: g00gl3 5c0u…
2013- inurl:5000/webman/index.c
Synology nas login …
08-08 gi
2013- “Welcome to phpMyAdmin”

Finds cPanel login pages. – Andy G – twitter.com/vxhex …
08-08 + “Username…
2013- inurl:/secure/Dashboard.jsp Finds login pages and system dashboards for Atlassian’s JIRA. – Andy
08-08 a intitle:”System … twitter.com/vxhex …
2013- intitle:”Cisco Integrated intitle:”Cisco Integrated Management Controller Login” The Cisco
08-08 Management Controll… Integrated Manage…
2013- inurl:”dasdec/dasdec.csp” DASDEC II Emergency Alert System User

inurl:”dasdec/dasdec.csp”
08-08 Manual: http://www….
2013- intitle:”VNC Viewer for

VNC Viewer for Java ~4N6 Security~ …
08-08 Java”
2013- Serv-U (c) Copyright 1995- # Category: FTP Login Portals # Description : Dork for finding FTP Log
04-22 2013 Rhino Software, Inc… portals # Google Dor…
2013- intext:Computer Misuse Act Category : Pages containing login portals Description : Dork for findin
04-09 inurl:login.aspx sensitive login porta…
intext:YOU ARE ACCESSING

2013- Category : Pages containing login portals Description : Dork for findin
A GOVERNMENT
04-09 government login port…
INFORMATION …
2013- intext:THIS IS A PRIVATE Category : Pages containing login portals Description : Dork for findin
SYSTEM AUTHORISED
04-09 sensitive login porta…
ACCESS …
2013- allintext: “Please login to

Reported by: Jasper Briels…
04-09 continue…”…
2013- DORK:site:login.*.* Description: Allow User To View Login Panel Of Man

site:login.*.*
02-05 WebSites.. Author:MT…
2012- you really should fix this

Gives sites with default username root and no password — nitish meh
12-31 security hole by settin…
2012-
inurl:phpliteadmin.php The default password is ‘admin’ …
11-02
2012- inurl:”InfoViewApp/logon.js Google Hacking *SAP Business Object 3.1 XI*

11-02 p” inurl:”InfoViewApp/logon.jsp” tw…
2012- This dork will find most Linux-based DVR web clients that are accessib
intitle:”DVR+Web+Client”
08-21 to the web and throug…
2012- Please-logon “intitle:zarafa

Zarafa Webaccess logon pages. Greetings, Alrik. …
08-21 webaccess “
2012- intitle:”Log In” “Access iOmega Storcenter login page: intitle:”Log In” “Access unsecured cont
08-21 unsecured … with…
2012- inurl:/app_dev.php/login Search for login screen in web aplications developed with
08-21 “Environment” Symfony2 in a development environment…
2012- inurl:”cgi-bin/webcgi/main” This dork finds indexed public fac

inurl:”cgi-bin/webcgi/main”
08-21 Dell Remote Acce…
2012- Hi, By default, while subscribing to a mailing list on a websit

“mailing list memberships reminder”
05-15 running Mailman (GNU) for…
2012- “Welcome to Sitecore” + “License

Sitecore CMS detection. …
05-15 Ho…
2011- Search for login screen of default instance: Cyber Recruiter

intitle:”cyber recruiter” “User ID&…
05-11 (applicant tracking and recruitin…
2011- intitle:”Enabling Self-Service Search for login screen of default instance: Puridiom (A
05-11 Procurement&qu… Procurement Web Application) …
2011- “Login Name” Repository Webtop Search for login screen of default instance: Documentum We
05-11 intitle:l… by EMC …
2011- intitle:”cascade server” Search for login screen of default instance: Cascade Server C
03-15 inurl:login.act by Hannon Author: Erik Horton …
2010-
inurl:src/login.php Locates SquirrelMail Login Pages Author: 0daydevilz…
11-13
2010-
inurl:/dana-na/auth/ Juniper SSL Author: bugbear…
11-12
2010- “Remote Supervisor Adapter II”
IBM e-server’s login pages. Author: DigiP…
11-10 inurl:use…
2010- This search identifies clpbpucket installations. They frequent

||Powered by [ClipBucket 2.0.91]
11-10 have an admin/admin default pa…
2006- intitle:ARI “Phone System

Login page for “Asterisk Recording Interface” (ARI)….
10-02 Administrator”
2006- intitle:”AdventNet ManageEngine serviceDesk Plus is a 100 % web-based Help Desk and Asset
10-02 ServiceDesk P… Management software.vendor: h**p://ma…
2006- Customer login pages for what looks like an inhouse eshop. M
inurl:”/?pagename=CustomerLogin”
09-20 information here:h**p://catalin…
2006- inurl:”/? Powered by Bariatric AdvantageAdmin Login:Admin login pag

09-20 pagename=AdministratorLogin” for what looks like an inhouse esho…
2006- Plesk is a multi platform control panel solution for hosting.Mo

inurl:+:8443/login.php3
09-27 information: hxxp://www.swsof…
2006- (intitle:”SilkyMail by Cyrusoft silkyMail is a free internet email client, from www.cyrusoft.co
08-03 International… that runs in your browser. Th…
2006- intitle:”Login to @Mail” (ext:pl | Webmail is a http based email server made by atmail.com. T
08-03 inurl… get to the admin login instead of t…
2006- “SurgeMAIL” inurl:/cgi/user.cgi surgemail is an email server from netwinsite.com that can b
08-03 ext:cgi accessed by a web browser. This do…
2006- Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A

intitle:Ampache intitle:”love of music” …
06-29 manager. It allows you to view, edit, and play y…
2006- This simple search brings up lots of online Flash Chat

FlashChat v4.5.7
07-29 clients. Flash Chat’s administration dir…
2006- Login Pages “eXist is an Open Source native XML

intitle:”eXist Database Administration” …
05-03 database featuring efficient, index-based …
2006- Login Pages for WebMyStyle.”WebMyStyle offers a full

(intitle:”WmSC e-Cart Administration”)|(…
05-03 range of web hosting and dedicated se…
2006- (intitle:”Please login – Forums powered by

Logins for Forums powered by UBB.threads…
05-03 UB…
2006- Login pages for SHOUTcast”SHOUTcast is a free-of-cha

intitle:”SHOUTcast Administrator” inurl:…
05-03 audio homesteading solution. It pe…
2006- Webmail Login pages for IMP”IMP is a set of PHP scrip

intitle:IMP inurl:imp/index.php3
05-03 that implement an IMAP based webma…
2006- “TWIG is a Web-based groupware suite written in PHP

intitle:”TWIG Login”
05-03 compatible with both PHP3 and PHP4. I…
2006-
“SquirrelMail version” “By the Squi… More SquirrelMail Logins…
05-03
2006- “TrackerCamÃƒâ€šÃ‚Â® is a software application that
intitle:(“TrackerCam Live Video”)|(“…
05-03 you put your webcam on…
2006- “rymo is a small but reliable webmail gateway. It cont

(intitle:”rymo Login”)|(intext:”We…
05-03 a POP3-server for mail reading …
2006- (intitle:”Please login – Forums powered by “WWWthreads is a high powered, full scalable,
05-03 WW… customizable open source bulletin board pack…
2006- inurl:”/slxweb.dll/external? Customer login pages”SalesLogix is the Customer

05-03 name=(custportal|… Relationship Management Solution that driv…
2006-
intitle:”Employee Intranet Login” Intranet login pages by decentrix.com…
05-03
2006- “PHP121 is a free web based instant messenger – writ

inurl:”php121login.php”
05-03 entirely in PHP. This means that i…
2006- Please enter a valid password! The PHP Poll Wizard 2 ist a powerful and easy-to-use P
04-25 inurl:polladmin Script for creating and managing polls…
2006- EZPartner is a great marketing tool that will help you

intitle:”EZPartner” -netpond
03-21 increase your sales by sending webmaster…
2006- Webmail is a http based email server made by

intitle:”Login to @Mail” (ext:pl | inurl…
03-21 atmail.com. To get to the admin login instead of r…
2006- Ecommerce templates makes a online shopping cart

inurl:”vsadmin/login” | inurl:”vsad…
03-21 solution. This search finds the admin login….
2006- This dork finds firewall/vpn products from fiber logic. T

“Web-Based Management” “Please inpu…
03-21 only require a one-factor authent…
inurl:2000
2006- RemotelyAnywhere is a program that enables remote control, in the sa
intitle:RemotelyAnywhere
03-21 matter as VNC. Once Log…
-site:realvnc….
2006- inurl:”/admin/configuratio simply google inurl trick for Oscommerce for open administrator page.I
03-07 n. php?” Mysto… no .htpassword is set f…
2006- EasyAccess Web is a application to view radiological images online.Like

inurl:ids5web
02-09 hospitals or univers…
2006- intext:”Fill out the form The page to change admin passwords. Minor threat but the place to sta
02-08 below completely to… an attack….
2006- “Powered by Midmart Midmart Messageboard lets you run a highly customizable bulletin boar
01-16 Messageboard” “… with a very nice user in…
2006- intitle:Ovislink
Ovislink vpn login page….
01-16 inurl:private/login
2006- “intitle:3300 Integrated logon portal to the mitel 330 integrated communications platform.
01-14 Communications Platf… [MitelÃƒâ€šÃ‚Â® 330…
2006- “bp blog admin” betaparticle (bp) blog is blog software coded in asp. This google dork fi
01-02 intitle:login | intitle:… the admin logins….
2005- “Emergisoft web Hospital patient management system, in theory it could be dangerous…
applications are a part of
12-31
ou…
2005- intitle:”b2evo > Login b2evolution is a free open-source blogging system from b2evolution.ne
12-19 form” “Lo… This dork finds the ad…
2005- intitle:”Admin login” “Web sift Group makes a web site administration product which can be acces
12-19 Site Adm… via a web browser. Th…
inurl:/Merchant2/admin.m
2005- Miva Merchant is a product that helps buisnesses get into e-commerce.
v|
12-19 dork locates their …
inurl:/Merchant2/admin…
2005- “site info for” “Enter This will take you to the cash crusader admin login screen. It is my first
11-21 Admin Passwo… google hack.. also t…
2005- “Establishing a secure

iLo and related login pages !? Whoops…..
11-16 Integrated Lights Out …
2005- inurl:webvpn.html “login” The Cisco WebVPN Services Module is a high-speed, integrated Secure
11-16 “Please e… Sockets Layer (SSL) VPN ser…
2005- “This is a restricted Mostly Login Pages for iPlanet Messenger Express, which is a web-base
11-16 Access Server” &qu… electronic mail program …
2005- intitle:”Merak Mail Server User login pages for Merak Email Server Suite which consists of Merak
11-16 Web Administration… Email Server core and opt…
2005- “Powered by Merak Mail Webmail login portals for Merak Email ServerMerak Email Server Suite
11-13 Server Software” … consists of multiple award…
2005- This search finds the login page for iCONECTnxt, it enables firms to sea
“iCONECT 4.1 :: Login”
11-12 organize, and revi…
2005- intitle:”Novell Web Novell GroupWise is a complete collaboration software solution that
11-12 Services” “Grou… provides information worker…
2005- intitle:”*- HP WBEM HP WBEM Clients are WBEM enabled management applications that pro
11-12 Login” | “You a… the user interface and fu…
2005- intitle:”EXTRANET login”

This search finds many different Extranet login pages….
11-12 -.edu -.mil -.g…
2005- intitle:”EXTRANET * – WorkZone Extranet Solution login page. All portals are in french or span
11-12 Identification” belive….
intitle:”OnLine
2005- This is the Employer’s Interface of eRecruiter, a 100% Paper Less
Recruitment Program –
11-12 Recruitment Solution implemen…
Login&q…
2005- intitle:”Docutek ERes – Docutek Eres is software that helps libaries get an internet end to them
10-26 Admin Login” -ed… This dork finds the a…
2005- inurl:ocw_login_usernam WEBppliance is a software application designed to automate the

10-13 e deployment and management of Web…
2005- intitle:”Supero Doctor III” “Supero Doctor III Remote Management” by Supermicro, Inc.info:
09-26 -inurl:super… http://www.supermicro….
2005- intitle:”iDevAffiliate – Affiliate Tracking Software Adding affiliate tracking software to your site
09-25 admin” -demo one of the most…
2005- “Please login with admin PHPsFTPd is a web based administration and configuration interface for
09-25 pass” -“le… SLimFTPd ftp serverI…
2005- intitle:”Admin Login” Blogware Login Portal: “An exciting and innovative tool for creating or
09-25 “admin login&… enhancing your web…
2005- intitle:”Login Forum Anyboard Login Portals. In addition,A vulnerability has been reported in
09-23 Powered By AnyBoard”… Netbula Anyboard 9.x &…
intitle:”Login to the
2005- Aimoo Login Pages. “Looking for a free message board solution? Aimoo
forums –
09-23 provides one of the m…
@www.aimoo.com…
2005- intitle:”i-secure v1.1″

I-Secure Login Pages…
09-23 -edu
inurl:/modcp/
2005- there have been several dorks for vBulletin, but I could not find one in t
intext:Moderator+vBullet
09-23 search that target…
in
2005- intitle:”PHProjekt – login” PHProjekt is a group managing software for online calenders, chat, forum
09-21 login passwo… etc. I looked aroun…
2005- “login prompt” GreyMatter is prone to an HTML injection vulnerability. This issue is due
09-13 inurl:GM.cgi failure in the a…
2005- “Powered by Monster Top 2 Step dork – Change url to add filename “admin.php” (just remove
09-13 List” MTL numran… index.php&stuff…
2005- intext:”Master Account”

There seems to be several vulns for qmail….
09-13 “Domain Na…
intitle:”Content
2005- iCMS – Content Management System…Create dynamic interactive webs
Management System”
09-13 in minutes without knowi…
&quo…
2005- “Please authenticate

Photo gallery managment system login…
08-30 yourself to get access t…
2005- intitle:”*- HP WBEM HP WBEM Clients are WBEM enabled management applications that pro
11-12 Login” | “You a… the user interface and fu…
2005- intitle:”EXTRANET login”

This search finds many different Extranet login pages….
11-12 -.edu -.mil -.g…
2005- intitle:”EXTRANET * – WorkZone Extranet Solution login page. All portals are in french or span
11-12 Identification” belive….
intitle:”OnLine
2005- This is the Employer’s Interface of eRecruiter, a 100% Paper Less
Recruitment Program –
11-12 Recruitment Solution implemen…
Login&q…
2005- intitle:”Docutek ERes – Docutek Eres is software that helps libaries get an internet end to them
10-26 Admin Login” -ed… This dork finds the a…
2005- inurl:ocw_login_usernam WEBppliance is a software application designed to automate the

10-13 e deployment and management of Web…
2005- intitle:”Supero Doctor III” “Supero Doctor III Remote Management” by Supermicro, Inc.info:
09-26 -inurl:super… http://www.supermicro….
2005- intitle:”iDevAffiliate – Affiliate Tracking Software Adding affiliate tracking software to your site
09-25 admin” -demo one of the most…
2005- “Please login with admin PHPsFTPd is a web based administration and configuration interface for
09-25 pass” -“le… SLimFTPd ftp serverI…
2005- intitle:”Admin Login” Blogware Login Portal: “An exciting and innovative tool for creating or
09-25 “admin login&… enhancing your web…
2005- intitle:”Login Forum Anyboard Login Portals. In addition,A vulnerability has been reported in
09-23 Powered By AnyBoard”… Netbula Anyboard 9.x &…
intitle:”Login to the
2005- Aimoo Login Pages. “Looking for a free message board solution? Aimoo
forums –
09-23 provides one of the m…
@www.aimoo.com…
2005- intitle:”i-secure v1.1″

I-Secure Login Pages…
09-23 -edu
inurl:/modcp/
2005- there have been several dorks for vBulletin, but I could not find one in t
intext:Moderator+vBullet
09-23 search that target…
in
2005- intitle:”PHProjekt – login” PHProjekt is a group managing software for online calenders, chat, forum
09-21 login passwo… etc. I looked aroun…
2005- “login prompt” GreyMatter is prone to an HTML injection vulnerability. This issue is due
09-13 inurl:GM.cgi failure in the a…
2005- “Powered by Monster Top 2 Step dork – Change url to add filename “admin.php” (just remove
09-13 List” MTL numran… index.php&stuff…
2005- intext:”Master Account”

There seems to be several vulns for qmail….
09-13 “Domain Na…
intitle:”Content
2005- iCMS – Content Management System…Create dynamic interactive webs
Management System”
09-13 in minutes without knowi…
&quo…
2005- “Please authenticate

Photo gallery managment system login…
08-30 yourself to get access t…
“You have requested to

2005-
access the management Terracotta web manager admin login portal….
08-30
…
2005- intitle:”web-cyradm”|”by Web-cyradm is a software that glues topnotch mailing technologies

08-30 Luc de Lou… together. The focus is on adm…
2005- intext:”Master Account” qmail mail admin login pages.There are several vulnerabilities relating t
08-30 “Domain Nam… this software…
2005- intitle:”Content iCMS – Content Management System…Create websites without knowing

08-30 Management System”
&quo… HTML or web programming….
2005-
inurl:csCreatePro.cgi Create Pro logon pages….
08-28
2005- intitle:”xams 0.0.0..15 – This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being
08-14 Login” latest version as …
2005- “HostingAccelerator” This will find the login portal for HostingAccelerator ControlPanel I have
08-14 intitle:”login… looked for explo…
2005- “inspanel” intitle:”login”

This finds all versions of the inspanel login page….
08-15 -&q…
2005- intitle:”communigate pro Just reveals the login for Communigate Pro webmail. A brute force attac
08-11 * *” intitle:&q… could be attempted. Th…
2005-
intitle:”AlternC Desktop” This finds the login page for AlternC Desktop I dont know what versions
08-15
2005- Vulnerable script auth.php (SQL injection)— from rst.void.ru —Possible

intitle:phpnews.login
08-10 scenario of attack:[…
2005- intitle:”Cisco CallManager [quote]Cisco CallManagerCallManager is a FREE web application/interfa

08-08 User Options Log O… included with your VoIP…
2005- inurl:”default/login.php” This dork reveals login pages for Kerio Mail server. Kerio MailServer is a
07-26 intitle:”… state-of-the-art gro…
2005- intitle:”Member Login” Pretty standered login pages, they all have various differences but it
07-24 “NOTE: Your … appears that they use th…
2005- “This section is for Nothing special, just one more set of login pages, but the “Administrato
07-24 Administrators only. If … only” line…
2005- intitle:”Welcome to Mailtraq WebMail is just another a web-based e-mail client. This is the lo
07-22 Mailtraq WebMail” page….
2005- intitle:”TOPdesk Topdesk is some kind of incident ticket system with a webinterface. It
07-22 ApplicationServer” requires: Windows 98 and…
“You have requested

2005- BackgroundEasySite is a Content Management System (CMS) build on P
access to a restricted
07-20 and MySQL. Many easysite s…
ar…
2005- inurl:textpattern/index.ph
Login portal for textpattern a CMS/Blogger tool….
06-09 p
2005- Cacti is a complete network graphing solution designed to harness the

intitle:”Login to Cacti”
06-24 power of RRDTool’s data s…
2005- intitle:”XMail Web Administration This search will find the Web Administration Interface for
06-09 Interface&q… servers running XMail.”XMail is…
2005- This gives results for hosting plans that don’t have assoc
intext:”Welcome to” inurl:”cp”…
06-05 fees, so anyone can sign up wit…
2005- This query reveals login pages for the administration of
intitle:”XcAuctionLite” | “DRIVEN B…
06-07 XcAuction and XcClassified Lite..”…
2005- This search reveals the login page for the Cyclades TS10
allintitle:”Welcome to the Cyclades”
06-02 and TS2000 Web Management Service. T…
2005- VisNetic WebMail is a built-in web mail server that allows

intitle:”VisNetic WebMail” inurl:”/…
06-06 VisNetic Mail Server account holders…
2005- inurl:/SUSAdmin intitle:”Microsoft Microsoft SUS Server is a Patch Management Tool for
05-23 Software U… Windows 2000, XP and 2003 systems.It can be…
2005-
inurl:exchweb/bin/auth/owalogon.asp Outlook Web Access Login POrtal…
05-15
2005- inurl:Citrix/MetaFrame/default/default.as
MetaFrame Presentation Server…
05-15 px
2005-
inurl::2082/frontend -demo This allows you access to CPanel login dialogues/screens
05-11
2005- MDaemon , Windows-based email server software, conta

intitle:”WorldClient” intext:”Ãƒ�…
05-02 full mail server functionality and cont…
2005- Open-Xchange 5 is a high performance substitute for cos

intitle:open-xchange inurl:login.pl
05-02 and inflexible Microsoft Exchange de…
2005- intitle:”site administration: please log

Real Estate software package, with the admin login scree
05-02 in&q…
2005- GNU GNATS is a set of tools for tracking bugs reported by

inurl:gnatsweb.pl
05-02 users to a central site. It allows pr…
2005- “Powered by DWMail” password What is DWmailÃƒÂ¢Ã¢â‚¬Å¾Ã‚Â¢?: DWmailÃƒÂ¢Ã

05-02 intitle:dwm… ¢â‚¬Å¾Ã‚Â¢ is an ‘…
2005- Just another logon page search, this one is for SFXÃƒâ€šÃ
intitle:”SFXAdmin – sfx_global” | intitl…
04-27 a link server from Ex …
2005- By itself, this returns Zope’s help pages. Manipulation of

intitle:”Zope Help System” inurl:HelpSys
04-27 URL, changing ‘HelpSys’ to ‘mana…
2005- IlohaMail is a light-weight yet feature rich multilingual

intitle:ilohamail “Powered by IlohaMail”
04-17 webmail system designed for ease of u…
2005-
intitle:ilohamail intext:”Version 0.8.10″… some version of ilohamail are vulnerable….
04-11
2005- intitle:"inc. vpn 3000 This search will show the login page for Cisco VPN 3000
04-11 concentrator&q… concentrators. Since the default user …
2005- intext:"vbulletin"
vBulletin Admin Control Panel…
04-09 inurl:admincp
2005- inurl:”usysinfo? Dell OpenManage enables remote execution of tasks such as system
01-25 login=true” configuration, imaging, applic…
2005- intext:”Mail admins login
Another way to locate Postfix admin logon pages….
01-24 here to administrat…
2005- PhotoPost was designed to help you give your users exactly what they w
PhotoPost PHP Upload
01-13 Your users will be t…
2005- PHPhotoalbum is a picturegallery script. You can upload pictures directly

PHPhotoalbum Statistics
01-13 from your webbrowser….
2005- Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a

PHPhotoalbum Upload
01-13 picturegallery script. You can…
2005- inurl:”631/admin” Administration pages for CUPS, The Common UNIX Printing System. Mos
01-18 (inurl:”op=*”… are password protected….
2005- intitle:”VNC viewer for VNC (Virtual Network Computing) allows a pc to be controlled remotely
01-15 Java” the Internet. These …
2005- inurl:”Activex/default.htm This search will reveal the active X plugin page that allows someone to
01-15 ” “Demo&q… access PC Anywhere from…
2005- “pcANYWHERE EXPRESS This search will reveal the java script program that allows someone to
01-15 Java Client” access PC Anywhere from,…
2004- intext:””BiTBOARD v2.0″ The bitboard2 is a board that need no database to work. So it is useful f
12-19 BiTSHiFTERS… webmaster that have…
2004- intitle:Login intext:”RT is RT is an enterprise-grade ticketing system which enables a group of peo
12-19 Ãƒâ€šÃ‚�… to intelligently and…
2004- intitle:”Athens Athens is an Access Management system for controlling access to web
12-19 Authentication Point” based subscription services…
2004- intitle:”Novell Web “NovellÃƒâ€šÃ‚Â® GroupWise is an enterprise collaboration system that

12-19 Services” intext:&qu… provides …
2004- inurl:1810 “Oracle Enterprise Manager 10g Grid Control provides a single tool that can mo
12-19 Enterprise Manager” and manage not only…
2004- intitle:”WebLogic Server” BEA WebLogic Server 8.1 provides an industrial-strength application
12-19 intitle:”… infrastructure for developi…
2004- intitle:”MX Control MX LogicÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢s customizable and easy-to-use MX Con

12-19 Console” “If yo… Console…
2004- inurl:”1220/parse_xml.cgi Quicktime streaming server is uhhhhh…..well it’s a streaming server an

12-10 ?” can be managed via…
2004- intitle:”vhost” vHost is a one-step solution for all virtual hosting needs. It enables a
12-13 intext:”vHost . 200… Linux/BSD server with …
2004- intitle:”VitalQIP IP The VitalQIP Web Client Interface provides a World Wide Web interface f
12-07 Management System” the VitalQIP IP Manag…
intext:”Storage
2004- These pages can reveal information about the operating system and pa
Management Server for”
11-30 level, as well as provi…
i…
2004- intitle:”PHP Advanced PHP Advacaned Transfer is GPL’d software that claims to be the “Th
11-28 Transfer” inurl:&q… ultimate PHP download …
2004- inurl:coranto.cgi intitle:Login Coranto is one of the most powerful Content Management System
11-28 (Authorized Users … (CMS) available on the market. It…
2004- inurl:/webedit.* intext:WebEdit WebEdit is a content management system. This is the login portal
11-18 Professional -html search….
2005- intitle:”phpPgAdmin – Login” phpPgAdmin is a web-based administration tool for PostgreSQL. It

03-03 Language perfect for PostgreSQL DBAs…
2004- inurl:postfixadmin
Postfix Admin login pages. Duh….
11-16 intitle:”postfix admin&quo…
2004- intitle:”Icecast Administration Icecast streaming audio server web admin.This gives you a list of
11-07 Admin Page&qu… connected clients. Interestin…
2004- CGIIRC is a web-based IRC client. Using a non-transparent proxy an

inurl:irc filetype:cgi cgi:irc
11-04 attacker could communicate a…
2004- intitle:”php icalendar This is the adminstration login portal search for PHP iCalendar. It is
10-31 administration” -… compatible with Evolutio…
2004- intitle:”php icalendar PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of t
10-31 administration” -… IETF spec. It displays …
2004- inurl:login.php “SquirrelMail squirrelMail is a standards-based webmail package written in PHP4

10-20 version” includes built-in pure PH…
2004- inurl:/dana- Neoteris Instant Virtual Extranet (IVE) has been reported prone to a
10-20 na/auth/welcome.html cross-site scripting vulne…
2004- Plesk is server management software developed for the Hosting

intitle:plesk inurl:login.php3
10-20 Service Industry. Various vulnera…
2004- “OPENSRS Domain OpenSRS Domain Management SystemNo vulnerabilities are repor
10-19 Management” inurl:manage… to security focus….
2004- The famous Sun linux appliance. Nice clean portal search.Various
“Login – Sun Cobalt RaQ”
10-19 vulnerabilities are reported t…
2004- intitle:”ISPMan : Unauthorized ISPMan is a distributed system to manage components of ISP from
10-19 Access prohibi… central management interface….
2004- sysCP: Open Source server management tool for Debian LinuxNo
“SysCP – login”
10-19 vulnerabilities are reported to se…
2004- intitle:”Virtual Server VISAS, German control panel software like confixx.No vulnerabilitie
10-19 Administration System… are reported to security f…
2004- VHCS is professional Control Panel Software for Shared, Reseller,

“VHCS Pro ver” -demo
10-19 vServer and Dedicated Servers…
2004- inurl:confixx inurl:login| Confixx is a webhosting management tool and has the following
10-19 anmeldung features: * create resellers, * e…
2004- inurl:”calendar.asp? aspWebCalendar is a browser based software package that runs ov

10-06 action=login” standard web browser, such …
2004- “IMail Server Web IMail Server from Ipswitch is a messaging solution with 60 million users
10-19 Messaging” intitle:log… worldwide. It contains…
intitle:”remote
2004- The Aanval Intrusion Detection Console is an advanced intrusion detect
assessment” OpenAanval
10-16 monitor and alerting …
C…
2004- “WebExplorer Server – WebExplorer Server is a web-based file management system for sharing
10-16 Login” “Welco… files with user permission…
2004- intitle:”Philex 0.2*” Philex (phile ‘file’ explorer) is a web content manager based php what
10-14 -script -site:free… philex can do ? – eas…
2004- inurl:default.asp Polycom WebCommander gives you control over all aspects of setting u
10-14 intitle:”WebCommander” conferences on Polycom MG…
2004- MailMan is a product by Endymion corporation that provides a web base

intitle:”MailMan Login”
10-11 interface to email via P…
intitle:”oMail-admin
2004- oMail-webmail is a Webmail solution for mail servers based on qmail an
Administration –
10-05 optionally vmailmgr or …
Login&q…
2004- intitle:”microsoft Microsoft Certificate Services Authority (CA) software can be used to iss
09-24 certificate services”… digital certificate…
2004- MailEnable Standard Edition provides robust SMTP and POP3 services fo
inurl:mewebmail
09-23 Windows NT/2000/XP/2003 …
2005- What is W-Nailer?W-Nailer is a PHP script which can create galleries for
W-Nailer Upload Area
01-13 you.It uses a graphica…
2004- inurl:”typo3/index.php? TYPO3 is a free Open Source content management system for enterpris
09-21 u=” -demo purposes on the web and in…
2004- inurl:administrator Mambo is a full-featured content management system that can be used
09-21 “welcome to mambo” everything from simple …
2004- Thousands of enterprises, governmental offices, non-profit organization

ez Publish administration
09-21 small and middle size…
2004- intitle:”Tomcat Server This finds login portals for Apache Tomcat, an open source Java servlet
09-18 Administration” container which can run…
2004- intitle:”Login – powered Easy File Sharing Web Server is a file sharing software that allows visito
09-18 by Easy File Sharing… upload/download…
2004- “Login to Usermin” Usermin is a web interface that can be used by any user on a Unix syste
09-18 inurl:20000 to easily perform task…
2004- TUTOS stands for “The Ultimate Team Organization Software.” This sear
intitle:”TUTOS Login”
09-18 finds the log…
filetype:pl “Download:
2004- this search will get you on the web administration portal of linux open
SuSE Linux
09-10 exchange servers….
Openexchang…
2004- 4images Administration 4images Gallery – 4images is a web-based image gallery management
08-25 Control Panel system. The 4images administr…
intitle:Novell
2004-
intitle:WebAccess search to show online Novell Groupwise web access portals….
08-21
“Copyright *…
2004- GradeSpeed seems to be a .NET application to administer school resul

inurl:”gs/adminlogin.aspx”
08-20 for several schools usin…
2004- 1&1 Webmail login portals. This is made by a german company called
intitle:Login * Webmailer
08-20 Internet United active i…
2004- Login (“Powered by Jetbox Jetbox is a content management systems (CMS) that uses MySQL or
08-20 One CMS ÃƒÂ¢Ã�… equivalent databases. There is …
2004- intitle:”ITS System

Frontend for SAP Internet Transaction Server webgui service….
08-16 Information” “P…
Novell NetWare
2004- Netware servers ( v5 and up ) use a web-based management utility ca
intext:”netware
08-16 Portal services, which …
management por…
2004- “powered by CuteNews” This finds sites powered by various CuteNews versions. An attacker us
08-16 “2003..2005 C… this list and search the…
inurl:cgi-
2004- These are login pages for Infopop’s message board UBB.classic. For th
bin/ultimatebb.cgi?
08-13 UBB.threads you can use …
ubb=login
2004- intitle:”please login” “your These administrators were friendly enough to give hints about the
08-13 passwo… password….
2004-
Ultima Online loginservers This one finds login servers for the Ultima Online game….
08-09
2004- “WebSTAR Mail – Please @stake, Inc. advisory: “4D WebSTAR is a software product that provide
08-09 Log In” Web, FTP, and Mail …
2004- intitle:”teamspeak server- TeamSpeak is an application which allows its users to talk to each othe
08-09 administration over the internet and …
2004- inurl:/cgi-bin/sqwebmail?
sQWebmail login portals….
08-06 noframes=1
2004- (inurl:”ars/cgi-bin/arweb? From the vendor site: “RemedyÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢s Action Request

08-05 O=0″ | inurl:a… System…
2004- intitle:Node.List synchronet Bulletin Board System Software is a free software package
08-05 Win32.Version.3.11 can turn your persona…
2004- inurl:”utilities/TreeView.asp From the marketing brochure: “UltiPro Workforce Management offers y
07-29 ” the most comprehensi…
2004- ASP.login_aspx .NET based login pages serving the whole environment and process tr
07-26 “ASP.NET_SessionId” for your viewing pleasur…
2004- From the sales department: “INDEXU is a portal solution software that
Powered by INDEXU
07-22 allows you to build …
2004- PhpWebMail is a php webmail system that supports imap or pop3. It h

phpWebMail
07-12 been reported that PHP…
2004- filetype:php
This is a standard login portal for the webadmin program….
07-09 inurl:”webeditor.php”
2004- CGIIRC is a web-based IRC client. Using a non-transparent proxy an

CGI:IRC Login
06-22 attacker could communicate a…
2004- Outlook Web Access (a better According to Microsoft “Microsoft (R) Outlook (TM) Web Access i
06-18 way) Microsoft Exchange Acti…
2004- Tarantella is a family of enterprise-class secure remote access

“ttawlogin.cgi/?action=”
06-04 software products. This Google-…
2004- intitle:”Welcome Site/User service providers worldwide use Ensim’s products to automate t
06-10 Administrator”… management of their hosting s…
2004- intitle:”ZyXEL Prestige Router” This is the main authentication screen for the ZyXEL Prestige
06-04 “En… Router….
2004- WRQ Reflection gives you a standard desktop that includes web
filetype:r2w r2w
06-04 and Windows-based terminal emula…
2004- phpMySearch is a personal search engine that one can use to

inurl:search/admin.php
05-30 provide a search feature for one’s …
2004- silkRoad Eprise is a dynamic content management product that

inurl:/eprise/
05-26 simplifies the flow of content to …
2004- intitle:”Dell Remote Access This is the Dell Remote Access Controller that allows remote
05-17 Controller” administration of a Dell server….
2004- This is a simple search for a login page. Attackers view login pa
“please log in”
05-13 as the “front door&qu…
2004- This search reveals sites which may be using Shockwave (Flash
inurl:login filetype:swf swf
05-12 a login mechanism for a site….
2004-
inurl:”webadmin” filetype:nsf This is a standard login page for Domino Web Administration….
05-11
2004- intitle:”eMule *” intitle:”- Web This iks the login page for eMule, the p2p file-sharing program.
05-11 Co… These pages forego the login n…
2004- These are Citrix Metaframe login portals. Attackers can use thes
inurl:/Citrix/Nfuse17/
05-10 profile a site and can use…
2004- inurl:metaframexp/default/login.a These are Citrix Metaframe login portals. Attackers can use thes
05-10 sp | intitle:&quo… profile a site and can use…
2004- A Login portal for Lotus Domino servers. Attackers can attack th
inurl:names.nsf?opendatabase
05-04 page or use it to gather inf…
2004- intitle:”Remote Desktop Web This is the login page for Microsoft’s Remote Desktop Web
04-28 Connection” … Connection, which allows remote users…
2004- intitle:”MikroTik RouterOS

This is the front page entry point to a “Mikro Tik” Router….
04-26 Managing Webpage&q…
2004- VNC is a remote-controlled desktop product. Depending on the

“VNC Desktop” inurl:5800
04-21 configuration, remote users may no…
2004- This is a typical login page. It has recently become a target for S
inurl:/admin/login.asp
04-21 injection. Comsec’s artic…
2004- This is a typical login page. It has recently become a target for S
inurl:login.asp
04-21 injection. Comsec’s artic…
2004- inurl:”:10000″ Webmin is a html admin interface for Unix boxes. It is run on a proprie
04-20 intext:webmin web server listenin…
2004- This is the default login page for ColdFusion. Although many of these a
inurl:login.cfm
04-19 secured, this is an i…
2004- intitle:”ColdFusion This is the default login page for ColdFusion administration. Although
04-19 Administrator Login” many of these are secure…
2004- allinurl:”exchange/logon.as According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a
04-16 p” Microsoft Exchange Acti…
2014- intitle:not accepted Find IDS and Mod security dork: intitle:not accepted
02-05 inurl:”union+select”… inurl:”union+select” inurl:…
2013- Java Web Start (Java Network Launch Protocol) — -[Voluntas Vincit
filetype:jnlp
11-25 Omnia]- website http:/…
2013- intitle:”RT at a glance” RT Request Tracker Ticket Database http://www.bestpractical.com/r

11-25 intext:”qu… -[Voluntas Vincit …
2013- Foscam IPCam By default these cameras attach to the myfoscam.o

intitle:”IPCam Client”
11-25 DDNS. So you could add sit…
2013- inurl:*/graphs* intitle:”Traffic With this search you can view results for mikrotik graphics interfac
09-24 and system r… *Obrigado,*…
2013- Yet another DVR system. Probably requires Java to display. 4N6 Sec
intitle:”Web Client for EDVS”
09-24 …
2013- Returns various Actiontec (and often Qwest) branded routers’ login
inurl:”/webcm?getpage=”
09-24 pages. 4N6 Security …
2013- intitle:”RouterOS router Returns login portals for Microtik routers running RouterOS version
09-24 configuration page&q… and up. 4N6 Security …
2013- Returns login pages for various Barracuda Networks branded hardw
inurl:”/cgi-mod/index.cgi”
09-24 spam filters and mail arch…
2013- intitle:”SPA504G Dork : intitle:”SPA504G Configuration” Result : Gives access to Cisc

09-24 Configuration” SPA504G Config…
2013- intitle:”Web Image Monitor” & #Summary: Several printers that use “Web Image Monitor” contro
08-08 inurl:… panel ( http://ricoh…
2013- intitle:”Transponder/EOL #Summary: Cheeta Technologies Transponder Configuration Portal

08-08 Configuration:”… http://www.cheetahtech.com)….
2013- intitle:”NetBotz Network #Summary:Various Online Divices #Category: Pages containing log
08-08 Monitoring Appliance… portals #Author: g00gl3 5c0…
2013- #Summary:Weather Wing (http://www.meteo-system.com/ws2.php

intitle:”Weather Wing WS-2″
08-08 Portal. #Category: Various Online …
2013- inurl:/voice/advanced/
This allows you to look at linksys VOIP Router Config pages. …
04-22 intitle:Linksys SPA configu…
2013-
inurl:/control/userimage.html Mobotix webcam search. yet another newer search …
02-05
2012- inurl:”Orion/SummaryView.asp Hello, Enumerate Solarwinds Orion network monitoring portals. In s

11-02 x” intext:&q… cases, the portal ca…
2012- inurl:”/level/13|14|15/exec/” Cisco IOS HTTP Auth Vulnerability ..

inurl:”/level/13|14|15/exec/”
11-02 Command before …
2012- intitle:”dd-wrt info” This dork finds web interfaces of various routers using custom firm
11-02 intext:”Firmw… DD-WRT. Default login…
2012- Submitting this for the GHDB. These are web accessible Plex Media
inurl:32400/web/index.html
11-02 Servers where you can watch…
2012- intitle:”Pyxis Mobile Test Pyxis Mobile Test Page intitle:”Pyxis Mobile Test Page”
11-02 Page” inurl:&… inurl:”mpTest.aspx&qu…
2012- This dork will locate Unsecured PHP APC Installations. With regards
‘apc info’ ‘apc.php?SCOPE=’
08-21 Shubham Mittal (Hack …
2012- intext:”You may also donate

Still find alot of equipment running v24 sp1 …
08-21 through the Money…
2012- intitle:”hp laserjet”

HP LaserJet printers …
08-21 inurl:info_configu…
2012- inurl:Settings.aspx Beyond TV gives you the capability to turn your PC into a high qual
05-15 intitle:Beyond TV digital video recorder…
2012- intitle:”HtmlAnvView:D7B039 This dork finds Wireless Security/Webcams that are accessible from
05-15 C1″ web. The interesting p…
2011-
inurl:cgi-bin/cosmobdf.cgi? COSMOView for building management. Author: GhOsT-PR …
12-28
2011- inurl:RgFirewallRL.asp |
Gateway Routers Author: GhOsT-PR …
12-27 inurl:RgDmzHost.asp | inu…
2011- Google dork for pelco SpectraIV-IP Dome Series cameras Default
intitle:SpectraIV-IP
12-26 username/password “admin/a…
2011- Brings up listings for Iomgea NAS devices. Password protected fold
inurl:/cgi-bin/makecgi-pro
12-12 are susceptible to authe…
2011- allintitle:”UniMep Station UniMep is a device for managing fuel station. You can see process
12-10 Controller” fueling cars and you can …
2011- inurl:”:9000″ PacketVideo inurl:”:9000″ PacketVideo corporation About: This provides Twonky
07-26 corporation Server Media int…
2010-
inurl:/level/15/exec/- Default Cisco 2800 Series page…
11-21
2010- inurl:/exec/show/tech-
Default Cisco 2800 Series page…
11-21 support/cr
2010- inurl:/level/15/exec/-/configure
Default Cisco 2800 Series page…
11-21 /http
2010- allintitle:”SyncThru Web

This search finds Internet-connected Samsung printer control pane
11-11 Service”
2010- intitle:”EvoCam” This search identifies EvoCam cameras accessible over the Interne
11-10 inurl:”webcam.html” There are also public explo…
2006- intitle:Top “Vantage Service VSG1200 Vantage Service Gateway (topframe), go up one level for
10-02 Gateway” -i… login page. Vendor page at …
2006- Net2Phone CommCenterÃƒâ€šÃ‚Â® is software that allows you to m

intitle:”Net2Phone Init Page”
10-02 phone calls and se…
2006- intitle:”Your Network Device” Login page for the Solwise Sar715+ ADSL Router from solwise.co.u
10-02 Status (LA… Thanks to jeffball55 for the…
2006- “SnapGear Management “Welcome to the SnapGear Unit! To begin configuring your SnapGear
10-02 Console” “Welc… now, use the menu t…
2006- “Welcome to the “Welcome to the CyberGuard unit! To begin configuring your CyberGu
10-02 CyberGuard unit!” unit now, use the me…
2006- “LANCOM DSL/*-* Office *” h**p://www.lancom-systems.de/Login page for these Lancom online D
10-02 “Entry Pa… devices….
2006-
inurl:wrcontrollite Browse up to 16 security cameras at one time :)…
09-11
2006- softwell Technology “Wit-Eye” DVR.Default user/pass is

allintitle:”DVR login”
06-30 admin:adminRequires ActiveX…
2006- intitle:”stingray fts login” | ( The Stingray File Transfer Server: Open communication regardless of
06-29 login.j… platform, protocol or locat…
2006- intitle:”BlueNet Video Near broadcast quality video over the internet. A full 30fps at the 320
06-25 Viewer” 240 size. 12fps at th…
2006- allintitle: Axis 2.10 OR 2.12 No one search will reveal all Axis cameras. This is a variant for the 2xx
06-25 OR 2.30 OR 2.31 OR 2… series….
2006- intitle:”Live View / – AXIS” | No one search will reveal all Axis cameras. This is my mod of one of th
06-25 inurl:vie… queries. It usualy ret…
2006-
intitle:”Divar Web Client” Boshe/Divar Net Cameras. Uses ActiveX – IE only….
06-25
2006- allintitle: EDR400 login |

Everfocus EDR400…
06-25 Welcome
2006- allintitle: EDR1600 login |

Everfocus EDR1600…
06-25 Welcome
2006- allintitle:Edr1680 remote Everfocus EDR1680. Only returns 2 or 3 results, but submitted for
06-25 viewer completeness sake….
2006- allintitle: EverFocus | EDSR Modified Everfocus search, pulls in EDSR400’s as well s a few strays
06-25 | EDSR400 Applet missed by original query….
2006- intitle:”SNC-RZ30 HOME” This search will reveal Sony’s SNC-RZ30 IP camera’s web interface. Qu
06-22 -demo a few of these camera…
2006- inurl:cgi-
just more more MOBOTIX’s…
05-04 bin/guestimage.html
(intitle:(EyeSpyFX|
2006-
OptiCamFX) “go to just more cameras vendor site: http://www.eyespyfx.com/…
05-04
camera&q…
2006- intitle:”Veo Observer XT” just more results for this:http://johnny.ihackstuff.com/index.php?

05-04 -inurl:shtml|p… module=prodreviews&func=s…
2006- intitle:”iGuard Fingerprint vendor:http://www.iguardus.com/dome information disclosure: employ

05-04 Security System&q… list & free camera a…
2006- intitle:”Device Status hxxp://www.netbotz.com/products/index.htmlNetwork/server/room

05-03 Summary Page” -de… security and enviromental alarm d…
(intitle:MOBOTIX
2006- more cams…vendor site:
intitle:PDAS) |
04-19 http://www.mobotix.com/layout/set/index/language/index…
(intitle:MOBOTIX …
2006-
intitle:”IVC Control Panel” this searches for security cameras, vendor site:http://www.ivcco.com/…
04-18
2006- intitle:”Edr1680 remote

This search finds the 1680 series digital video recorder from EverFocus…
03-21 viewer”
2006- “OK logout” inurl:vb.htm? This is a google dork for Hunt Electronics web cams. To get to the came
03-21 logout=1 remove the vb.htm?l…
2006- intitle:”DVR Client” -the

This dork finds digital video recording client from Nuvico….
03-21 -free -pdf -do…
2006-
intitle:”GigaDrive Utility” Linksys GigaDrive network storage utility….
03-18
2006- intitle:”Ethernet Network

Linksys network storage utility….
03-18 Attached Storage U…
intitle:”Skystream
2006-
Networks Edge Media skystream Networks Edge Media Router….
03-18
Router…
2006- intitle:”NAS”
Disk Online Server NAS device….
03-18 inurl:indexeng.html
2006- intext:”you to handle

ELSA DSL lan modems….
03-18 frequent configuration …
2006- intitle:”WxGoos-” This is used in serverrooms and such where climate conditions are cruci
03-18 (“Camera image&qu… hardware health. I…
2006- intitle:”AR-*” “browser of

A few Sharp printers …..
03-18 frame de…
2006- intitle:”Webview Logon This is the web interface for Alcatel’s Omniswitch. Default login is:
03-18 Page” admin/switch….
2006- inurl:setdo.cgi intext:”Set Dcs-2100 camerasBy removing “intext:Set DO OK” you will get more hit
02-08 DO OK” but they will r…
2006- intext:”Welcome to Celestix Networks, Inc., the premier supplier of network server applianc
02-08 Taurus” “The Tau… announces the Taurus…
2006- intitle:”::::: INTELLINET IP A variation on Jeffball55’s original Intellinet Ip Camera.This search finds
01-16 Camera Homepage … several more web ca…
2006- intitle:”Dell Laser Printer

Dell laser printers. This search finds different results that dork id 1077…
01-02 *” port_0 -j…
2005- DCS Login pages for the DCS-950 Web Camera. Even comes with a built in
12-31 inurl:”/web/login.asp” microphone….
intitle:Axis
2005- similar searchs exist. This search finds a few more results as well as acc
inurl:”/admin/admin.shtm
12-31 to the Admin area…
l”
2005-
inurl:/img/vr.htm Linksys wireless G Camera….
12-31
2005-
inurl:Printers/ipp_0001.asp Thanks to Windows 2003 Remote Printing…
12-08
2005- This an online device, you can search for unpassworded sha
intitle:”Snap Server” intitle:”Home…
11-28 on Snap Appliance Server.Moderato…
2005- intitle:”Sony SNT-V304 Video The SNT-V304 Video Network Station.Sony’s network camera
11-21 Network Station&… control station….
2005- Display Cameras intitle:”Express6 Express6 live video controller.Displays video from “Netlive
11-21 Live Image&… Cameras” found in this se…
2005- intitle:”Iomega NAS Manager” Login page dork for Iomega NAS Manager.. There’s only 1 re
11-16 -ihackstuff… for it now, but this could chang…
2005- intitle:Cisco “You are using an old

Login pages for Ciso VPN Concentrator stuff…
11-16 browser o…
2005- intitle:”Summit Management Extreme Networks Summit Switches Web admin pages. Serv
11-16 Interface” -g… Allegro-Software-RomPager/2.10…
2005- intitle:”SNOIE Intel Web Netport

Intel Netport Express Print Server….
11-16 Manager”…
2005- “This page is for configuring

several different samsung printers…
11-11 Samsung Network…
2005- (“port_255/home”)|(inurl:”home? standered printer search. Moderator note: see also dork
11-05 port… id=1221…
2005- intitle:”IQeye302 | IQeye303 | This is a googledork for IQeye netcams. Some of which you c
10-03 IQeye601 | IQe… control how they tilt/zoom. The …
2005- (intitle:”VisionGS Webcam I don’t know if the google query got submitted right because
09-29 Software”)|(in… looks truncated. here it is ag…
2005- intitle:”Biromsoft WebCam” -4.0 Brimsoft webcam software enables anyone with a webcam t
09-29 -serial … easily create a webcam http server. T…
2005-
intitle:”Netcam” intitle:”user logi… just yet other online cam….
09-26
2005-
intitle:”Orite IC301″ | intitle:”OR… This search finds orite 301 netcams with audio capabilities…
09-21
2005- Phaser numrange:100-100000 Name This is a search for various phaser network printers. With thi
09-21 DNS IP “More … search you can look for printe…
2005- intitle:”netbotz appliance” -inurl:.php Netbotz devices are made to monitor video, temperature,
09-16 … electricity and door access in server r…
2005- intitle:”NetCam Live Image” -.edu This is a googledork for StarDot netcams. You can watch the
09-06 -.gov … cams and if you have the admin p…
2005- This googledork finds INTELLINET ip cameras. They are used

intitle:”INTELLINET” intitle:”IP Ca…
08-27 monitor things and have a web in…
2005- intitle:iDVR -intitle:”com | net | Online camera. Default login is administrator and password
08-17 shop”… blank. Video server runs default on …
2005- Networked USB hard drives (NSLU2). Be sure

intitle:”Network Storage Link for USB 2.0 Dis…
08-12 disable Google’s filter (&filters=0) as that…
sensorProbe is a SNMP enabled and Web base

2005-
“Summary View of Sensors” | “sensor… Environmental Monitoring Device. The sensor
08-07
attach…
HP ProCurve Switch web management pages,

2005-
intitle:”HP ProCurve Switch *” “Thi… found by their [noscript] html tags. Please not
08-07
this…
2005- This is a small search for the Italk BB899 Phon

intitle:”V1″ “welcome to phone sett…
08-07 Adaptor login page. iTalkBB is a local and lon…
2005- intitle:”WEBDVR” -inurl:product -inurl:d… DVR is a generic name used to describe the
07-22 recording process with a digital cam (digitial
video…
Another Standalone Network Camera.Default

2005-
intitle:”Java Applet Page” inurl:ml Login: remove wg_jwebeye.ml to get a nice
07-22
clue ..Serv…
Another online camera search. This one uses

2005-
intitle:”Veo Observer Web Client” ActiveX thingies, so you need a M$ browser.
07-22
Append …
2005- Tandberg is a manufacturer of videoconferenc

intitle:”Middle frame of Videoconference Mana…
07-22 A videoconference (also known as a video tele
2005- Tandberg is a manufacturer of videoconferenc

intitle:”TANDBERG” “This page requi…
07-22 A videoconference (also known as a video tele
2005- A small modification to the AXIS camera searc

tilt intitle:”Live View / – AXIS” | inur…
07-07 it now returns cameras with pan / tilt, which …
This search finds AXIS 240 Camera Servers (a

2005-
intitle:”AXIS 240 Camera Server” intext:… opposed to just the cameras) which can host
06-10
many …
2005-
intitle:”GCC WebAdmin” -gcc.ru All sorts of various printer status information…
06-08
2005-
“RICOH Network Printer D model-Restore Factor… Not a whole lot here….
06-07
some interesting information on printer status

2005-
printers/printman.html including Name, Location, Model, Pagecount,
06-07
Acti…
2005-
intitle:”Dell Laser Printer M5200″ port_… Dell Laser Printer M5200…
06-07
2005- More dell and lexmark printers, The usual thin

intitle:”configuration” inurl:port_0
06-07 included….
2005- This search reveals even more Panasonic IP

inurl:”CgiStart?page=”
06-08 cameras!…
2005- Mobile cameras? Not sure what camera type t

inurl:”S=320×240″ | inurl:”S=160×12…
06-07 is for but they are all from Asia and no passwo
Kpix Java Based Traffic Cameras. Based at CB

2005- (cam1java)|(cam2java)|(cam3java)|(cam4java)|
broadcasting for San Fransisco, Oakland, and
06-01 (cam5j…
San…
Web admin for netopia routersThis Web tool

2005-
intitle:”Netopia Router (*.)””to vi… provides access to information about the curr
06-03
sta…
2005- ( intitle:”PacketShaper Packeteer’s PacketShaper is an application traffic management system t

05-20 Login”)|(intitle… monitors, controls, a…
2005- intitle:”PacketShaper
PacketShaper Login.Provides login access for PacketShaper Customers…
05-19 Customer Login”
2005- intitle:”Dell *” oA few Online Dell Printers, status, paper, toner levels, ips macs, the usu
05-31 inurl:port_0 (Lexmark and De…
“To view the Web

2005- speedtouch 510 DSL modem devices that were once unprotected. That m
interface of the
05-20 have changed by now….
SpeedTouch,…
2005- VPON (Video Picture On Net) is a video surveillance setup which seems t
inurl:start.htm?scrw=
05-14 used by a lot of bu…
2005- intitle:”— VIDEO WEB AVTech Video Web Server is a surveillance producted that is directly
05-14 SERVER —” intex… connected to the internet …
2005- intext:”Powered by: Printers equipped with Adobe’s PrintGear technologyAdobe’s PrintGear
05-14 Adobe PrintGear” inu… technology is a new printi…
2005- intitle:”InterJak Web A router device by Uroam (formerly FilaNet), with email and VPN
05-20 Manager” possibilities….
2005- intitle:”SWW link”

Zyxel Zywall…
05-02 “Please wait…….
2005- Another way to dig up some not yet dorked Lexmark and a couple of De
inurl:”port_255″ -htm
05-02 printers.http://johnny.i…
2005- intitle:”Freifunk.Net – Hacked WRT54G Freifunk firmware. The router is based on Linux so after
05-02 Status” -site:co… GPL the source code …
ext:dhtml
2005-
intitle:"document Various Online Devices>Xerox (*Centre)…
05-02
centre|(home)…
2005- “Please use Netscape A search for some HTML code used in a variety of D-link network devices
04-27 2.0 or enhance !!” … (webcams and such)….
2005- intitle:”NeroNET – NeroNet is an online burning device by Nero. Basically with this query yo
04-20 burning online” get a listing of …
2005- Just a bit of fun, should reveal a few instances of a Winamp HTTP contro
Winamp Web Interface
04-11 program. Without logi…
2005- intitle:”OfficeConnect This query allows you to find OfficeConnect Cable/DSL Gateways, by loc
04-16 Cable/DSL Gateway”… the browser-check p…
2005- webserver detection for GeoHttpServer, the page is the login page or gu
inurl:JPGLogin.htm
04-12 cam. Don’t ask why t…
2005- “display printer status”

Xerox Phaser printers….
04-16 intitle:”H…
intitle:jdewshlp
2005-
“Welcome to the HP Officejet help page. Remove “help.html” for main page….
04-12
Embedded Web…
2005-
inurl:/en/help.cgi “ID=*” Aficio printers (this search locates the help pages)..
04-12
2005-
intitle:”Lexmark *” inurl:port_0 Lexmark printers (4 models)…
04-12
2005- intitle:”OfficeConnect Wireless

OfficeConnect Wireless 11g Access Point…
04-12 11g Access Po…
2005-
“Webthru User Login” samsung webthru cameras…
03-20
2005- intitle:”actiontec” main setup

Actiontec Routers….
03-20 status &q…
2005- intitle:”BorderWare MXtreme BorderWare MXtreme Mail firewallMXtreme is a hardened applianc

03-20 Mail Firewall Log… with a highly robust mail trans…
2005- intitle:”Service Managed

service Managed Gateway from VirtualAccess login page…
03-20 Gateway Login”
2005- intitle:”Flash Operator Panel” Flash Operator Panel is a switchboard type application for the Ast
03-20 -ext:php … PBX. It runs on a web b…
2005- intitle:asterisk.management.po Coalescent Systems Inc. launched The Asterisk Management Port
03-20 rtal web-access project to bring together best-…
2005- intitle:HomeSeer.Web.Control | HomeSeer (http://www.homeseer.com/) provides a well known ho

03-18 Home.Status.Events…. automation solution (software + …
2005- searches for “Active Webcam” feeds on websites, a popular USB

intitle:”active webcam page”
02-15 webcam interface….
2005- Finds Dell’s printers with EWS.EWS : Embedded Web Server

intitle:”Dell Laser Printer” ews
03-04 technology enables the usage of a stan…
2005- mmEye webcam / cam servermmEye is a multifunction multimed

allintitle:Brains, Corp. camera
03-05 server equipped with 32bit RISC CP…
2005-
inurl:camctrl.cgi Vivotec web cams…
03-05
2005- intext:”Please enter correct

Finds SMC Routers….
02-12 password for Adm…
2005- intitle:”supervisioncam “SupervisionCam captures and compares images from video cam
02-22 protocol” (internet) image files or…
2005- intitle:Linksys Ourlinksys.com DDNS entries pointing to Linksys web enabled

02-15 site:ourlinksys.com cameras…
2005- High scalable Ethernet switches by HP running in the default

intitle:”DEFAULT_CONFIG – HP”
02-15 configuration…
2005- intitle:”switch login” “IBM Fast

IBM 8275 Model 416 High Performance Ethernet Workgroup Switc
02-15 Et…
2005- intitle:"Brother"
Finds a real bunch of Brother printers…
02-04 intext:&qu…
2005- intitle:"Connection This is an intriguing way of finding various ‘5861 DMT Routers’ – t
02-02 Status" inte… presence of a web-interfa…
2005- This searches for the admin pages for a “Network Appliance” box
inurl:na_admin
02-01 authenticated use…
2005- intitle:”EpsonNet WebAssist

This reveals the Epson Web Assist page (internal to the machine)…
01-28 Rev”
2005- The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDS

intitle:”EverFocus.EDSR.applet”
01-27 600 (6-channel) digital video rec…
2005- Norton AntiVirus for GatewaysEasily administered from anywhere

inurl:”8003/Display?what=”
01-27 an HTML interface, it scans …
2005- This will find webcams made by Sweex, Orite and others. Support
allinurl:index.htm?cus?audio
01-27 motion detection, ftp, smtp an…
2005-
intitle:”Browser Launch Page” An ActiveX based webcam – so use MS IE…
01-21
2005- intitle:”Network Print Server”

Axis Network Print Server devices (a better shorter search)….
01-12 intext:&q…
2005- intitle:”Network Print Server” Axis Network Print Server devices. This search has all the possible
01-12 filetype:… (more than strictly ne…
2005- intitle:”Setup Home” “You will This should reveal Belkin routers. Interestingly, Belkin routers by
01-10 need… default have remote adminis…
2005- Digital Video Recorder by SnapStream. It is possible on misconfig

filetype:cgi transcoder.cgi
01-11 machines to stream video …
2004- inurl:”next_file=main_fs.htm”
Linksys Wireless-G web cams….
12-30 inurl:img …
2005- intitle:”SpeedStream *
a lot of Speed stream routers :)…
01-08 Management Interface&q…
2004- intitle:”Sipura.SPA.Configuratio Query returns configuration pages for online Voice over IP devices
12-30 n” -.pdf Discloses an obscene amount…
2004- some of the sites are very, very interesting – try a search substitu
12-08 site:gov instead of si…
2004- Cayman DSL modems. Many Cayman units have a weakness whe
intitle:”Cayman-DSL.home”
12-19 even if remote administration is dis…
2004- intitle:”Spam Firewall” The Barracuda Spam Firewall is an integrated hardware and softw
12-13 inurl:”8000… solution for complete protec…
2004- And again another webcam search. MOst of these cams seem to b
intitle:”iVISTA.Main.Page”
12-13 security cams…
2004- inurl:”:631/printers” -php CUPS provides a portable printing layer for UNIXÃƒâ€šÃ‚Â®-based
12-13 -demo operating systems. I…
2004- intitle:”AudioReQuest.web.serv Audio ReQuest home CD/MP3 player. Various information about th
12-06 er” configuration of the host and s…
2004-
intitle:”V-Gear BEE” V-Gear Bee Web Cameras…
12-06
2004- intitle:”Live NetSnap

Netsnap Online Cameras…
12-06 Cam-Server feed”
2004- axis storpoint “file view” The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom pla
12-04 inurl:/volume… (or writers) into …
2004- inurl:”printer/main.html”
Brother HL Printers….
12-03 intext:”s…
2004- intext:”MaiLinX Alert

Xerox DocuPrint printer models….
12-03 (Notify)” -site:ne…
2004- “Copyright (c) Tektronix,

Captain, the Phasers are online :)…
12-03 Inc.” “pr…
2004- Providing a standout printing solution, Novell iPrint offers secure print
inurl:”ipp/pdisplay.htm”
11-30 services that extend …
intext:”Videoconference
2004- Tandberg video conferencing appliancesThe webinterface enables you t
Management
11-28 drop calls and to browse …
System&quo…
2004- intitle:”Smoothwall smoothwall is a firewall operating system distribution based on Linux. (N

11-24 Express” inurl:cgi-b… many results for th…
2004- IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be
intitle:”ipcop – main”
11-23 managed from a simple …
2004- intitle:”EvoCam”
Evocams !…
11-18 inurl:”webcam.html…
2004-
“Starting SiteZAP 6.0” siteZap webcams !…
11-16
2004- Just another search string to detect the infamous Axis netcams. This
inurl:axis-cgi
11-16 company actually changed t…
2004- “intitle:Cisco Systems, The Cisco VPN 3000 Concentrator is a remote access VPN. The
11-09 Inc. VPN 3000 Concent… ‘Concentrator’ is a piece of hardw…
2004- intext:”UAA (MSB)” Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Op
11-13 Lexmark -ext:pdf T616, T520 and Optra S …
2004- intext:”Ready with

Xerox 860 and 8200 Printers….
11-13 10/100T Ethernet”
2004- intitle:”Home” “Xerox CentreWare Internet Services is an interactive service that uses Internet
11-07 Corporation&q… technology to extend …
2004- WebControl intitle:”AMX AMX Netlink is a server appliance which connects various devices like a
11-06 NetLinx” beamer, laptop or video…
2004- “please visit” intitle:”i- CCTV webcams by ICode….

11-03 Catcher C…
2004- intitle:”toshiba network

Web interface of Toshiba network cameras….
10-25 camera – User Login&…
2004- inurl:”level/15/exec/-/sho This search finds Cisco devices which have level 15 access open via
10-20 w” webinterface. If an attacke…
2004- site:.viewnetcam.com The FREE viewnetcam.com service allows you to create a

10-19 -www.viewnetcam.com personal web address (e.g., http://bob.v…
2004- This embedded DVR is quick plug and play. Just plug it in a
intitle:”DVR Web client”
10-19 it will start recording. You can …
2004- inurl:TiVoConnect? Tivo is a the digital replacement for your analog videoreco
10-18 Command=QueryServer It’s a digital media system th…
2004- An Axis Network Camera captures and transmits live imag

inurl:netw_tcp.shtml
10-12 directly over an IP network (e.g. LAN…
2004- (inurl:webArch/mainFrame.cgi ) | The Ricoh Aficio 2035 (fax/scanner) web interface.Attacke

10-11 (intitle:”we… may read faxes and can get informat…
2004- intitle:”my webcamXP server!” “my webcamXP server!”Is there really an explantation
10-11 inurl:&quo… needed?…
2004-
camera linksys inurl:main.cgi Another webcam, Linksys style….
10-10
2004-
intitle:”DEFAULT_CONFIG – HP” searches for the web interface of HP switches….
10-09
2004- Most cisco switches are shipped with a web administration

intitle:”switch home page” “cisco s…
10-09 interface. If a switch is reachable f…
2004- intitle:”axis storpoint CD” Axis’ network CD/DVD servers are faster, less costly and
10-05 intitle:&quo… easier to manage than using full-blown…
2004-
intitle:webeye inurl:login.ml This one gets you on the webinterface of Webeye webcam
10-05
2004- This one gets you on the web interface of some more HP
inurl:hp/device/this.LCDispatcher
10-05 Printers….
2004- The “large” Canon ImageReady machines with model vers

Canon ImageReady machines
09-29 3300, 5000 & 60000….
2004- The Lantronix web manager home pages show the print s
intitle:”lantronix web-manager”
09-29 configuration (Server Name, Boot Cod…
2004- intitle:RICOH intitle:”Network Network Administration pages for several Ricoh Afficio pri
09-29 Administration… models, for example the Aficio 1…
2004- The Ricoh Aficio 1022 is a digital multifunctional B&W cop

Aficio 1022
09-29 easily upgraded to include n…
2004- This finds Konica Network Printer Administration pages. Th

Konica Network Printer Administration
09-29 is one result at the time of writ…
2004- (“Fiery WebTools” inurl:index2.html) | Fiery WebTools offers many of the same capabilities of the
09-29 &… Command WorkStationÃƒÂ¢Ã¢â‚…
2004- The Axis 200 HOME pages reside within the AXIS 200 devi
intitle:”The AXIS 200 Home Page”
09-29 and hold information about the curre…
2004- More Axis Netcams, this search combines the cams with t
More Axis netcams !
09-29 default title (Live View) and extends…
2004- this search will show web administration interfaces of linux dream boxes.
intitle:”dreambox web”
09-10 Dreambox is one of…
2004- Phasers More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can acc
08-05 4500/6250/8200/8400 the webinterface with…
2004- Canon Webview Canon has a series of netcams that all use the “WebView LiveScope”
07-29 netcams software. They are…
2004- Xerox PhaserÃƒâ€šÃ‚Â® This product is supported but no longer sold by Xerox in the United State
07-22 840 Color Printer Support and supplie…
2004- Brochure info: “The Phaser 8200 uses solid ink, an alternative technology
Xerox Phaser 8200
07-22 laser printin…
2004- Xerox PhaserÃƒâ€šÃ‚Â® This product is supported but no longer sold by Xerox in the United State
07-22 740 Color Printer Replacement Product…
2004- Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V,
Xerox Phaser 6250
07-22 26ppm Color/B&W (24…
2004- intitle:”BorderManager This is an Informational message produced by the Novell BorderManager

07-19 Information alert”… firewall/proxy server. At…
2004- intitle:”Live View / – These AXIS cams seem to run their own http server (Boa/0.94.13). The se
07-19 AXIS” button can be hidden…
“powered by
2004- webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the m
webcamXP” “Pro|
07-16 advanced version of the s…
Broadcas…
2004- Panasonic WJ-NT104 The Panasonic WJ-NT104 allows easy monitoring with a conventional brow
07-10 netcams More vendor informat…
2004- Mobotix netcams use the thttpd-2.x. server

Mobotix netcams
07-10 (http://www.acme.com/software/thttpd/). The latest v…
2004- sony SNC-RZ20 network sony NC RZ20 cameras, only one result for this cam at the moment, a nic
07-10 cameras street view from a sky…
2004- seyeon FlexWATCH seyeon provides various type of products and software to build up a remo
07-10 cameras video monitoring and…
2004- sony SNC-RZ30 Network sony NC RZ30 camera’s require a java capable browser. The admin pane
07-10 Cameras found at http://[siten…
2004- Panasonic Network Panasonic Network Cameras can be viewed and controlled from a standa
07-10 Cameras web browser. These camer…
2004- intitle:”View and These printer’s configuration is wide open. Attackers can change just abo
07-08 Configure PhaserLink” any value through t…
2004- The AXIS 2400 is a Web server of its own. This means that the server is
Axis Network Cameras
06-06 secured like any other …
Taken from http://www.exploit-db.com/google-dorks/ all categories in 1

Google Hacking Database

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Google Hacking Database

Uploaded by

Copyright:

Available Formats

Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

DATE Title Summary

2014-03- inurl:crossdomain filetype:xml intext:allow-

2014-03- inurl:clientaccesspolicy filetype:xml

2014- dork to find uploaded WSO 2.4 shell by hackers. found

2014- the dork is used to find uploaded 1n73ct10n Shell on

2013- Finds websites that have 1337w0rm’s CPanel cracker

2012- This dork finds websites that were hacked, backdoored

2011- A foothold using allintext:”fs-admin.php” shows the wo

2006- sHOUTcast is a free-of-charge audio homesteading solu

2006- “Please re-enter your password It must

2006- This query shows installations of Serena Teamtrack.

2005- net2ftp is a web-based FTP client written in PHP. Lets

2005- Basicly MyShell is a php program that allows you to exe

2004- inurl:”phpOracleAdmin/php” phpOracleAdmin is intended to be a webbased Oracle Object

2004- PHPFM is an open source file manager written in PHP. It is easy

2004- The webalizer program displays various information but this

2004- This search reveals userlists of administrative importance.

2004- This search reveals userlists of administrative importance.

2014- i just found a google dork that is file/path disclosure of Hide

2013- Mac OSX directories — -[Voluntas Vincit Omnia]- website

2013- inurl:8080 intitle:”Dashboard #Summary: Acces to Jenkins Dashboard #Author: g00gl3 5c

2013- the GHDB on subject (intitle:index.of intext:.bash_history) fin

2013- Google Dork: index of” inurl:root intitle:symlink Steal Others

2012- inurl:ckfinder intext:”ckfinder.html” Dork: inurl:ckfinder intext:”ckfinder.html” intitle:”Index of

2010- intitle:index.of cisco asa

2006- These directories can give information about a web servers

2006- allintitle:”FirstClass Login” this is for firstclass directory listin

2005- “Welcome to the directory listing of”

2005- intitle:”Folder Listing”

2005- “Index of” rar r01 nfo

2004- intitle:”index of” inurl:ftp

2004- Directories containing commercial music.AlbumArt_{.*}.jpg are

2004- Picasa is an ‘Automated Digital Photo Organizer’ recently aquired by

2004- inurl:explorer.cfm inurl:

2004- phpMyAdmin is a tool written in PHP intended to handle the

2004- intitle:”album permissions” Gallery (http://gallery.menalto.com) is software that allows users to

2006- intitle:”BadBlue: the file-

2006- intitle:”Apache Status”

2005- intitle:”Document title

2005- YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high

2005- intitle:”Test Page for the

2005- Powered.by.RaidenHTTPD RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web se

2004- intitle:”Welcome To Default Xitami installationAdditionally every default installation of Xitami

2004- intitle:”Welcome to Your

2004- intitle:”Object not

2004- intitle:”Directory Listing, Vendor page:”Einfache HTTP-Server-Software fÃƒÆ’Ã‚Â¼r privates

2004- intitle:”Object not

2004- intext:”404 Object Not

2011- inurl:/install/install.php intitle:vBulletin * Install System This dork

2005- A cross site scripting vunerability has been discovered in CJ linkou

2005- My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site:

2005- “maxwebportal” several vulnerabilities relating to this.MaxWebPortal is a web porta

2005- “Powered by xcomic”this is a recent exploit, you can retrieve any fi

2005- FunkBoard V0.66CF (possibly prior versions) cross site scripting,

2005- PHPFreeNews 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql

2004- Allows a user to change his/her password for authentication to th

2004- Tired of websearching ? Want something to read ? You can find

2004- Gallery is a popular images package for websites. Unfortunately,

2004- pLog is a popular form of bloggin software. Currently there are

2004- robpoll.cgi is used to administrate polls.The default password use

2014- Search Oracle Reports likely vulnerable to DB user/password

2013- This is Mohan Pendyala (penetration tester) from india. Go

2013- Google Search: http://www.google.com/search?q=ext:gnuc