站內搜索地址為:
http://www.google.com/custom?domains=(這裡寫我們要搜索的站點,比如
feelids.com)
進去可以選擇www和feelids.com, 當然再選我們要的站內搜索哦!
黑客專用信息和資料搜索
地址為:
http://www.google.com/custom?hl=xx-hacker
這
裡是google關鍵字的用法,要設置它為中文,則是
http://www.google.com/custom?hl=zh-CN
英
文則是http://www.google.com/custom?hl=en
常
用的google關鍵字:
foo1 foo2 (也就是關聯,比如搜索xx公司 xx美女)
operator:foo
filetype:123
類型
site:foo.com 相對直接看網站更有意思,可以得到許多意外的信息
intext:foo
intitle:
fooltitle 標題哦
allinurl:foo 搜索xx網站的所有相關連接。(踩點必備)
links:foo
不要說就知道是它的相關鏈接
allintilte:foo.com
我們可以輔助"-" "+"來調整搜索的精確程度
直
接搜索密碼:(引號表示為精確搜索)
當然我們可以再延伸到上面的結果裡進行二次搜索
"index of" htpasswd /
passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin
mdb
service filetype:pwd ....或者某個比如pcanywhere的密碼後綴cif等
越來越有意
思了,再來點更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf
(FrontPage的關鍵索引啦,掃瞄器的CGI庫一般都有地)
allinurl:
/msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index
of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop
port等多個關鍵字檢索
webmin port 10000
inurl:/admin/login.asp
intext:Powered
by GBook365
intitle:"php shell*" "Enable stderr" filetype:php
直接搜索到phpwebshell
foo.org filetype:inc
ipsec filetype:conf
intilte:"error
occurred" ODBC request WHERE (select|insert)
說白了就是說,可以直接試著查查數據庫檢索,針對目前流行的sql注射,會發達哦
intitle:"php shell*" "Enable
stderr" filetype:php
"Dumping data for table" username password
intitle:"Error
using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot"
THS ADMIN
filetype:.doc site:.mil classified 直接搜索軍方相關word
檢查
多個關鍵字:
intitle:config confixx login password
"mydomain.com"
nessus report
"report generated by"
"ipconfig"
"winipconfig"
google
緩存利用(hoho,最有影響力的東西)推薦大家搜索時候多"選搜索所有網站"
特別推薦:administrator users
等相關的東西,比如名字,生日等……最慘也可以拿來做字典嘛
cache:foo.com
可以查閱類似結果
先找找
網站的管理後台地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com
intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com
inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com
filetype:asp
site:xxxx.com //得到N個二級域名
site:xxxx.com
intext:*@xxxx.com //得到N個郵件地址,還有郵箱的主人的名字什麼的
site:xxxx.com intext:電話
//N個電話
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index
of" .bash_history
intitle:"index of" passwd
intitle:"index of"
people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index
of" spwd
intitle:"index of" master.passwd
intitle:"index of"
htpasswd
"# -FrontPage-" inurl:service.pwd
allinurl:bbs data
filetype:mdb
inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index
of" data
……
一些技巧集合:
3) "http://*:*@www" domainname
找一些ISP站點,可以查對方ip的虛擬主機
3
4) auth_user_file.txt 不實用了,太老了
5)
The Master List 尋找郵件列表的
6) intitle:"welcome.to.squeezebox"
一種特殊的管理系統,默認開放端口90
7) passlist.txt (a better way) 字典
8) "A
syntax error has occurred" filetype:ihtml
9) ext:php
program_listing intitle:MythWeb.Program.Listing
10) intitle:index.of
abyss.conf
11)ext:nbe nbe
12)intitle:"SWW link" "Please
wait....."
13)
14) intitle:"Freifunk.Net - Status"
-site:commando.de
15) intitle:"WorldClient" intext:"? (2003|2004)
Alt-N Technologies."
17) intitle:open-xchange inurl:login.pl
20)
intitle:"site administration: please log in" "site designed by
emarketsouth"
21) ORA-00921: unexpected end of SQL command
22)intitle:"YALA:
Yet Another LDAP Administrator"
23)welcome.to phpqladmin "Please
login" -cvsweb
24)intitle:"SWW link" "Please wait....."
25)inurl:"port_255"
-htm
27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N
Technologies."
這些是新的一些漏洞技巧,在0days公告公佈
ext:php
program_listing intitle:MythWeb.Program.Listing
inurl:preferences.ini
"[emule]"
intitle:"Index of /CFIDE/" administrator
"access
denied for user" "using password"
ext:php intext:"Powered by
phpNewMan Version"
可以看到:path/to/news/browse.php?clang=../../../../../../file/i/want
inurl:"/becommunity/community/index.php?pageurl="
intitle:"ASP
FileMan" Resend -site:iisworks.com
"Enter ip"
inurl:"php-ping.php"
ext:conf inurl:rsyncd.conf -cvs -man
intitle:
private, protected, secret, secure, winnt
intitle:"DocuShare"
inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"allow_call_time_pass_reference"
"PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
LeapFTP
intitle:"index.of./" sites.ini modified
master.passwd
mysql
history files
NickServ registration passwords
passlist
passlist.txt
(a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC
config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard
WebAdmin inurl:passwd.txt wwwboard|webadmin
"# -FrontPage-"
ext:pwd inurl:(service | authors | administrators | users) "#
-FrontPage-"
inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www"
domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice
configuration file" ext:cfg -site:sourceforge.net
"powered by
ducalendar" -site:duware.com
"Powered by Duclassified"
-site:duware.com
"Powered by Duclassified" -site:duware.com "DUware
All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered
by Dudirectory" -site:duware.com
"powered by dudownload"
-site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by
Link Department"
"sets mode: +k"
"Powered by DUpaypal"
-site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop
filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini
Version=... password
ext:txt inurl:unattend.txt
filetype:bak
inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg
"target[*]" -sample -cvs -example
filetype:cfm "cfapplication
name" password
filetype:conf oekakibbs
filetype:conf
sc_serv.conf
filetype:conf slapd.conf
filetype:config
config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat
wand.dat
filetype:inc dbconn
filetype:inc
intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf
sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini
inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini
ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec
copyright"
filetype:log inurl:"password.log"
filetype:mdb
inurl:users.mdb
filetype:mdb wwforum
filetype:netrc
password
filetype:pass pass intext:userid
filetype:pem
intext:private
filetype:properties inurl:db intext:password
filetype:pwd
service
filetype:pwl pwl
filetype:reg reg
+intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg
HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values *
password" | "values * encrypt")
filetype:sql ("passwd values" |
"password values" | "pass values" )
filetype:sql +"IDENTIFIED BY"
-cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls
username password email
htpasswd
htpasswd / htgroup
htpasswd
/ htpasswd.bak
intext:"enable secret $"
intext:"powered by
Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index
of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:dupics
inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
----------------------------------------------------------------------------------------------------------------------
intitle:index.of
intext:"secring.skr"|"secring.pgp"|"secring.bak"
inurl:"GRC.DAT"
intext:"password"
inurl:"slapd.conf" intext:"credentials"
-manpage -"Manual Page" -man: -sample
inurl:"slapd.conf"
intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial.conf"
intext:"password"
inurl:/db/main.mdb
inurl:chap-secrets
-cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf
filetype:conf password -tatercounter -bootpwd -man
inurl:nuke
filetype:sql
inurl:ospfd.conf intext:password -sample -test
-tutorial -download 路由配置
inurl:pap-secrets -cvs
inurl:perform
filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:vtund.conf
intext:pass -cvs
inurl:zebra.conf intext:password -sample -test
-tutorial -download
"Generated by phpSystem"
"generated by
wwwstat"
"Host Vulnerability Summary Report" ]
"HTTP_FROM=googlebot"
googlebot.com "Server_Software="
"Index of" / "chat/logs" 聊天室
"Installed
Objects Scanner" inurl:default.asp
"Mecury Version"
"Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn
Copyright (C)" ext:log
"Most Submitted Forms and Scripts" "this
section"
"Network Vulnerability Assessment Report"
"not
for distribution" confidential
"phone * * *" "address *" "e-mail"
intitle:"curriculum vitae"
"phpMyAdmin" "running on"
inurl:"main.php"
"produced by getstats"
"Request Details"
"Control Tree" "Server Variables"
"robots.txt" "Disallow:"
filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets
mode: +s"
"Thank you for your order" +receipt
"This is a
Shareaza Node"
"This report was generated by WebLog"
(
filetype:mail | filetype:eml | filetype:mbox | filetype:mbx )
intext:password|subject
(inurl:"robot.txt" | inurl:"robots.txt" )
intext:disallow filetype:txt
-site:php.net -"The PHP Group"
inurl:source inurl:url ext:pHp
FBR "ADOBE PHOTOSHOP"
AIM
buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:servlet/SnoopServlet
cgiirc.conf
data
filetype:mdb -site:gov -site:mil
exported email addresses
ext:asp
inurl:pathto.asp
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf
inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat
bpk.dat
ext:gho gho
ext:ini intext:env.ini
ext:ldif ldif
ext:log
"Software: Microsoft Internet Information Services *.*"
------------------------------------------------------------------------------------------
ext:mdb
inurl:*.mdb inurl:fpdb shop.mdb
filetype:bkf bkf
filetype:blt
"buddylist"
filetype:blt blt +intext:screenname
filetype:cfg
auto_inst.cfg
filetype:conf inurl:firewall -intitle:cvs
filetype:config
web.config -CVS
filetype:ctt ctt messenger
filetype:fp
fp
filetype:fp fp -site:gov -site:mil -"cvs log"
filetype:inf
inurl:capolicy.inf
filetype:lic lic intext:key
filetype:myd
myd -CVS
filetype:ns ns
filetype:ora ora
filetype:ora tnsnames
filetype:pdb
pdb backup (Pilot | Pluckerdb)
filetype:pot inurl:john.pot
------------------------------------------------------------------------------------------------------------------
filetype:pst
inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb
qbb
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs
vcs
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls
inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial
spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl
(one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...
iletype:log
cron.log
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias
Oetiker" "traffic analysis"
intext:(password | passcode)
intext:(username | userid | user) filetype:csv
intext:gmail invite
intext:http://gmail.google.com/gmail/a
intext:SQLiteManager
inurl:main.php
intitle:"Apache::Status" (inurl:server-status |
inurl:status.html | inurl:apache.html)
intitle:"AppServ Open
Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator
*.*" "ASP Stats Generator" "- weppos"
intitle:"FTP root at"
intitle:"index
of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index
Of" cookies.txt size
intitle:"index of" mysql.conf OR
mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of"
.diz .nfo last modified
intitle:"Multimon UPS status page"
intitle:"PHP
Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer"
inurl:"index.php" -cvs
---------------------------------------------------------------------
intitle:"statistics
of" "advanced web statistics"
intitle:"System Statistics" +"System
and Network Information Center"
intitle:"Usage Statistics for"
"Generated by Webalizer"
intitle:"wbem" compaq login "Compaq
Information Technologies Group"
intitle:"Web Server Statistics
for ****"
intitle:"web server status" SSH Telnet
intitle:"welcome.to.squeezebox"
intitle:admin
intitle:login
intitle:index.of "Apache" "server at"
intitle:index.of
cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of
inbox dbx
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl"
-script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti"
+inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/"
intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf"
intext:"workgroup" filetype:conf conf
----------------------------------------------------------------------------------------------------------
Welcome
to ntop!
"adding new user" inurl:addnewuser -"there are no
domains"
(inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt
RaQ")
filetype:php HAXPLORER "Server Files Browser"
intitle:"Web
Data Administrator - Login"
inurl:ConnectComputer/precheck.htm |
inurl:Remote/logon.aspx
PHP Shell (unprotected)
PHPKonsole
PHPShell filetype:php -echo
Public PHP FileManagers
"index
of" / picasa.ini
"index of" inurl:recycler
"Index of" rar r nfo
Modified
"intitle:Index.Of /" stats merchant cgi-* etc
"Powered by
Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing
directory /" )
"Web File Browser" "Use regular expression"
filetype:ini
Desktop.ini intext:mydocs.dll
intext:"d.aspx?id" ||
inurl:"d.aspx?id"
intext:"Powered By: TotalIndex"
intitle:"TotalIndex"
intitle:"album permissions" "Users who can
modify photos" "EVERYBODY"
intitle:"Directory Listing For"
intext:Tomcat -intitle:Tomcat
intitle:"HFS /" +"HttpFileServer"
intitle:"Index
of *" inurl:"my shared folder" size modified
-------------------------------------------------------------------------------------------------------------------
"File
Upload Manager v." "rename to"
ext:asp "powered by DUForum"
inurl:(messages|details|login|default|register) -site:duware.com
ext:asp
inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com
ext:cgi
inurl:ubb_test
ezBOO "Administrator Panel" -cvs
filetype:cgi
inurl:cachemgr.cgi
filetype:cnf my.cnf -cvs -example
filetype:inc
inc intext:setcookie
filetype:php inurl:"viewfile" -"index.php"
-"idfil
filetype:wsdl wsdl
intitle:"ASP FileMan" Resend
-site:iisworks.com
intitle:"Index of /" modified php.exe
intitle:"phpremoteview"
filetype:php "Name, Size, Type, Modify"
inurl:" WWWADMIN.PL"
intitle:"wwwadmin"
inurl:"nph-proxy.cgi" "Start browsing through
this CGI-based proxy"
inurl:"plog/register.php"
inurl:cgi.asx?StoreID
inurl:robpoll.cgi
filetype:cgi
The Master List
"More Info about MetaCart
Free"
留言列表
