Google Dork : “index of cgi-bin”
Description : CGI directories contain scripts which can often be exploited by attackers.
Google Dork : allinurl:"User_info/auth_user_file.txt"
Description : Files containing passwords
Google Dork :
Description: For Passwords
Google Dork: -inurl:htm -inurl:html -inurl:php intitle:”index of” (mpg|avi|wmv) “Coldplay”
Description : Can be used to discover Videos and Mp3 songs (copy the complete string)
Google Dork :
- Axis:
inurl:”view/indexFrame.shtml”inurl:”view/index.shtml”intitle:”Live View / – AXIS”intitle:axis cameraintitle:”axis #Kameramodell#” - Canon:
inurl:sample/LvAppl/
- JVC:
intitle:”V.Networks [Motion Picture(Java)”
- EvoCam:
intitle:”EvoCam” inurl:”webcam.html”
- WebcamXP:
intitle:”my webcamXP server!”
- MOBOTIX:
inurl:/control/userimage.html
- Panasonic:
inurl:/ViewerFrame?Mode=Motion
- FlexWatch:
inurl:toolam.htmlinurl:viewash.html
- Toshiba:
intitle:”TOSHIBA Network Camera – User Login”
- Sony:
inurl:/home/homeJ.html
Description : Used to Dig In WebCams
Google Dork : "Welcome to phpMyAdmin" AND " Create new database"
Description : PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases.The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application.Google Dork :
- inurl:-cfg intext:"enable password"
- filetype:ini "[FFFTP]” (pass|passwd|password|pwd)
- filetype:sql “phpmyAdmin SQL Dump” (pass|password|passwd|pwd)
- filetype:sql “PostgreSQL database dump” (pass|password|passwd|pwd)
- inurl:htpasswd filetype:htpasswd
Description: For Passwords
Google Dork :
- inurl:src/login.php
- adminlogin.asp
- allinurl:”exchange/logon.asp”
- inurl:+:8443/login.php3
Description: Login Pages requires SQLI (hint) or other techniques