-= Contents =A.
)
B.)
C.)
D.)
E.)
F.)
G.)
H.)
I.)
A.)
FTP PASSWORD GOOGLE DORKS
XSS GGOOGLE DORKS
PHP GOOGLE DORKS
SQL DORKS
WORDPRESS DORKS
PASSWORD FILE DORKS
MISC. DORKS
FREE SWAG DORKS
WEBCAM DORKS
FTP PASSWORD GOOGLE DORKS
1.)
ws_ftp.ini configuration file search:
intitle:[Link] ws_ftp.ini
2.)
ws_ftp.ini configuration file with Parent Directory search:
filetype:ini ws_ftp pwd
3.)
Variation:
index of/ ws_ftp.ini parent directory
4. Variation:
+htpasswd +WS_FTP.LOG filetype:log
5.
Variation:
(Substitute [Link] with your site you want to search
allinurl: [Link] WS_FTP.LOG filetype:log
B.
XSS GOOGLE DORKS
1. cart32 executable file.
allinurl:/scripts/[Link]
2.) Cute news php file.
allinurl:/CuteNews/show_archives.php
3.) [Link] file.
allinurl:/[Link]
C.) PHP GOOGLE DORKS
1.) [Link] file search:
intitle:[Link] [Link]
2.) PHP file contents search:
intitle:Index of [Link]
3.)
-[Link] directory transversal vulneralbilities:
inurl:[Link]?=filename
�4.)
-[Link] search:
intitle:[Link] [Link]
inurl:[Link]
D.)
SQL PASSWORD DUMP DORKS
1.) SQL dumps saved to database search. (Some of the more common passwords for y
ou):
a.) 123456 = hashed password
ext:sql intext:@[Link] intext:e10adc3949ba59abbe56e057f20f883e
b.) 654321 = hashed password
ext:sql intext:@[Link] intext:c33367701511b4f6020ec61ded352059
c.) password = hashed password
ext:sql intext:@[Link] intext:5f4dcc3b5aa765d61d8327deb882cf99
d.) 12345678 = hashed password
ext:sql intext:@[Link] intext:25d55ad283aa400af464c76d713c07ad
e.)
iloveyou = hashed password
ext:sql intext:@[Link] intext:f25a2fc72690b780b2a14e140ef6a9e0
2.)
a.)
b.)
c.)
d.)
e.)
f.)
Variation of above search:
ext:sql intext:INSERT INTO
ext:sql intext:INSERT INTO
ext:sql intext:INSERT INTO
ext:sql intext:INSERT INTO
ext:sql intext:INSERT INTO
ext:sql intext:INSERT INTO
intext:@[Link] intext:password
intext:@[Link] intext:password
intext:@[Link] intext:password
intext:@[Link] intext:password
intext:@[Link] intext:password
intext:@[Link] intext:password
3.) SQLi
allinurl:/[Link]
E.) WORDPRESS GOOGLE DORKS
1.) Asset Manager Plugin Exploit Unprotected Remote File Upload Vuleralbility.
inurl:Editor/assetmanager/[Link]
2.) Timthumb Plugin Exploit Attacker can attach a shell to a image file and uplo
ad the shell. (It has been patched, but there are still a lot of webmasters who
have NOT updated!)
inurl:[Link] [Link]
inurl:[Link]
3.) Search for plugins directory:
inurl:wp-content/plugins/
4.) Search for themes directory:
inurl:wp-content/themes/
F.)
PASSWORD FILE GOOGLE DORKS
�1.) Search for Microsoft Excel data file:
Login: * password =* filetype: xls
2.) Search for auth_user_file:
allinurl: auth_user_file.txt
3.) Search for username/password saved in Microsoft Excel files:
filetype: xls inurl: [Link]
4.) Search for login pages:
intitle: login password
5.) Search for master password page:
intitle: Index of [Link]
6.) Search for backup directory:
index of /backup
7.) Search for password backup file index:
intitle:[Link] [Link]
8.) Search for password databases:
intitle:[Link] [Link]
intitle:index of [Link]
9.) Search for /etc/passwd/ index:
intitle:index of .. etc passwd
10.) Search for plaintext password file:
[Link] [Link]
inurl:[Link]
11.) Search for hidden documents/password files:
[Link]
[Link]
12.) Search for PhpMyAdmin files:
# PhpMyAdmin MySQL-Dump filetype: txt
13.) Hidden Superuser (root) data files:
inurl:[Link]-history-bugs
inurl:[Link] holds shared secrets
14.) Find the information files:
inurl:[Link]-intitle:manpage
15.) Search for a stored password in a database:
filetype:ldb admin
16.) Search for [Link] file:
inurl:search/[Link]
17.) Search for password log files:
inurl:[Link] filetype:log
18.) Search for Hkey_Current_User in registry files:
filetype: reg HKEY_CURRENT_USER username
19.) Search for username/password file backups:
Http://username: password @ www filetype: bak inurl: htaccess | passwd | shadow | h
�t users
20.) Search for username/password files:
filetype:mdb inurl:account|users|admin|administrators|passwd|password mdb files
21.) Search for Microsoft Frontpage passwords:
ext:pwd inurl:(service|authors|administrators|users) # -FrontPage-
22.) Search for SQL database Code and passwords:
filetype: sql ( passwd values **** | password values **** | pass values ****)
23.) Search for e-mail account files:
intitle: Index Of-inurl: maillog
G.) MISC. DORKS
1.) WebWiz Rich Text Editor (RTE) Remote file upload vulneralbility:
inurl:rte/my_documents/my_files
2.) EZFilemanager Remote file upload vulneralbility:
inurl:ezfilemanager/[Link]
3.) [Link] See directories hidden from crawlers. Also sometimes you can pull
off a directory transversal with this:
inurl:[Link]
4.) Serial Numbers Look for software serial numbers
software name 94FBR
H.)
FIND FREE SWAG
1.) site:*.com intitle:Thank You For Your Order intext:Click Here to Download
2.) site:*.net intitle:Thank You For Your Order intext:Click Here to Download
3.) site:*.co intitle:Thank You For Your Order intext:Click Here to Download
4.) site:*.org intitle:Thank You For Your Order intext:Click Here to Download
5.) site:*.biz intitle:Thank You For Your Order intext:Click Here to Download
6.) site:*.tv intitle:Thank You For Your Order intext:Click Here to Download
7.) site:*.[Link] intitle:Thank You For Your Order intext:Click Here to Download
8.) site:*.[Link] intitle:Thank You For Your Order intext:Click Here to Download
9.) site:*.eu intitle:Thank You For Your Order intext:Click Here to Download
10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus
11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus
12.) intitle:Thank you for your order! intext:PLR OR MRR
13.) intitle:Thank you for your Purchase! intext:PLR OR MRR
14.) inurl:/thankyou*.html intitle:Thank you for your order!
15.) intext:Click Here To Download
16.) inurl:thanks intext:Thank You For Your Order! Click Here filetype:html
17.) intitle:Thank You For Your Order! intext:Private Label
18.) intitle:Thank You For Your Purchased! intext:Private Label
19.) intext:Thank You For Your Order intext:PLR
20.) intitle:Thank You For Your Order! intext:download
21.) intitle:Thank You For Your Order intext:Click Here To Download Now
22.) intitle:Thank you for your purchase! intext:Click Here to Download
23.) * thank you for your order download
24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonu
s
25.) * intitle:Thank you for your order! intext:PLR OR MRR
�26.)
27.)
28.)
29.)
30.)
31.)
32.)
33.)
34.)
35.)
36.)
37.)
38.)
39.)
40.)
41.)
42.)
* intitle:Thank You For Your Purchase! intext:Click Here to Download
* intitle:Thank You For Your Order! intext:download
inurl:[Link] .mp3
inurl:[Link] .mov
inurl:[Link] .iso
?intitle:[Link]? mp3
?intitle:[Link]? mov
?intitle:[Link]? iso
inurl:insert filetype:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar
intext:parent directory intext:[EXE]
intext:parent directory index of:[EXE]
intext:parent directory index of:[RAR]
intext:parent directory intext:[VID]
intext:parent directory index of:[VID]
intext:parent directory intext:[MP3]
intext:parent directory index of:[MP3]
intext:parent directory index of:[Gamez]
I.) WEBCAM GOOGLE DORKS
1.)
2.)
3.)
4.)
5.)
inurl:/[Link]
inurl:/[Link]
intitle:Live View / AXIS | inurl:view/[Link]^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
