Popular google keywords:
foo1 foo2 (that is associated with, such as companies search xx xx beautiful)
operator: foo
filetype: 123 Type
site: foo.com relatively straightforward to see your site more interesting , can be many unexpected information
intext: foo
intitle: fooltitle title Oh
allinurl: foo search all sites connected xx. (Check out the location necessary)
links: foo do not know that it's related links
allintilte: foo.com
we can assist "-" "+" to adjust the search the precision of the direct search
Password: (expressed as exact quotes search)
course, we can then extend the above results in a secondary search
"index of" htpasswd / passwd
filetype: xls username password email
"ws_ftp.log"
"config.php"
allinurl: admin mdb
service filetype: pwd .... or some such pcanywhere password suffix such as
cif more interesting, and again is even more sensitive information
"robots.txt" "Disallow:" filetype: txt
inurl: _vti_cnf (FrontPage key index of Rights , the scanner's CGI library generally have to)
allinurl: / msadc / Samples / selector / showcode.asp
/../../../ passwd
/ examples / jsp / snp / snoop.jsp
phpsysinfo
intitle: index of / admin
intitle: "documetation"
inurl: 5800 (vnc port) or desktop port, and other keyword search
webmin port 10000
inurl: / admin / login.asp
intext: Powered by GBook365
intitle: "php shell *" "Enable stderr" filetype: php direct search phpwebshell
foo.org filetype: inc
ipsec filetype: conf
intilte: "error occurred" ODBC request WHERE (select | insert) plainly is, can try to look up the database search, for now popular sql injection, will developed oh
intitle: "php shell *" "Enable stderr" filetype: php
"Dumping data for table" username password
intitle: "Error using Hypernews" ;
"Server Software"
intitle: "HTTP_USER_AGENT = Googlebot"
"HTTP_USER_ANGET = Googlebot" THS ADMIN
filetype:. doc site:. mil classified military-related direct search word < br>
check multiple keywords:
intitle: config confixx login password
"mydomain.com" nessus report
"report generated by"
"ipconfig"
"winipconfig"
google cache utilization (hoho, the most influential things) recommended you search time and more "select Search all sites"
Special Recommendation: administrator users and other related things, such as name, birthday, etc ... ... the worst thing in the dictionary can also be used as
cache: foo.com
can access similar results
first Zhaozhao website address of the management of the background :
site: xxxx.com intext: Management
site: xxxx.com inurl: login
site: xxxx.com intitle: Management
site: a2.xxxx.com inurl: file
site: a3.xxxx.com inurl: load
site: a2.xxxx.com intext: ftp:// *: *
site: a2.xxxx.com filetype: asp
site: xxxx.com / / get N-2 domain
site: xxxx.com intext: * @ xxxx.com / / get N a e-mail addresses, as well as the mailbox owner's name what the
site: xxxx.com intext: Phone / / N phone
intitle: "index of" etc
intitle: "Index of". sh_history
intitle: "Index of". bash_history
intitle: "index of" ; passwd
intitle: "index of" people.lst
intitle: "index of" pwd.db
intitle: "index of" etc / shadow
intitle: "index of" ; spwd
intitle: "index of" master.passwd
intitle: "index of" htpasswd
"#-FrontPage-" inurl: service.pwd
allinurl: bbs data
filetype: mdb inurl: database
filetype: inc conn
inurl: data filetype: mdb
intitle: "index of" data
... ...
number Skills set:
3) "http:// *: * @ www" domainname find some ISP sites, you can check each other's ip virtual host
3
4) auth_user_file.txt not practical ,Jonathan Lee, and too old
5) The Master List mailing list to find the
6) intitle: "welcome.to.squeezebox" a special kind of management system, the default open port 90 < br> 7) passlist.txt (a better way) dictionary
8) "A syntax error has occurred" filetype: ihtml
9) ext: php program_listing intitle: MythWeb.Program. Listing
10) intitle: index.of abyss.conf
11) ext: nbe nbe
12) intitle: "SWW link" "Please wait ....." < br> 13)
14) intitle: "Freifunk.Net - Status"-site: commando.de
15) intitle: "WorldClient" intext: "? (2003 | 2004) Alt-N Technologies. "
17) intitle: open-xchange inurl: login.pl
20) intitle:" site administration: please log in "" site designed by emarketsouth "
21) ORA-00921: unexpected end of SQL command
22) intitle:" YALA: Yet Another LDAP Administrator "
23) welcome.to phpqladmin" Please login " -cvsweb
24) intitle: "SWW link" "Please wait ....."
25) inurl:" port_255 "-htm
27) intitle:" WorldClient "intext:"? (2003 | 2004) Alt-N Technologies. "
These are some loopholes in the new skills in 0days announcements
ext: php program_listing intitle: MythWeb . Program.Listing
inurl: preferences.ini "[emule]"
intitle: "Index of / CFIDE /" administrator
"access denied for user "" using password "
ext: php intext:" Powered by phpNewMan Version "can be seen: path / to / news / browse.php? clang =../../.. /../../../ file / i / want
inurl: "/ becommunity / community / index.php? pageurl ="
intitle: "ASP FileMan" ; Resend-site: iisworks.com
"Enter ip" inurl: "php-ping.php"
ext: conf inurl: rsyncd.conf-cvs-man
intitle: private, protected, secret, secure, winnt
intitle: "DocuShare" inurl: "docushare / dsweb /"-faq-gov-edu
"# mysql dump" ; filetype: sql
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl: (PDF | DOC)
LeapFTP intitle: "index. of. / "sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd < br> passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype: url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl: passwd.txt wwwboard | webadmin
"#-FrontPage-" ext: pwd inurl: (service | authors | administrators | users) "#-FrontPage-"
< br> inurl: service.pwd
"AutoCreate = TRUE password =*"
"http:// *: * @ www" domainname
"index of /" "ws_ftp. ini "" parent directory "
" liveice configuration file "ext: cfg-site: sourceforge.net
" powered by ducalendar "-site: duware.com
" Powered by Duclassified "- site: duware.com
"Powered by Duclassified"-site: duware.com "DUware All Rights reserved"
"powered by duclassmate"-site: duware.com
"Powered by Dudirectory" ;-site: duware.com
"powered by dudownload"-site: duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: + k"
" Powered by DUpaypal "-site: duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype: user user
etc (index.of)
ext: ini eudora.ini
ext: ini Version =... password
ext: txt inurl: unattend.txt
filetype: bak inurl: "htaccess | passwd | shadow | htusers"
filetype: cfg mrtg "target [*]"-sample-cvs-example
filetype: cfm " ; cfapplication name "password
filetype: conf oekakibbs
filetype: conf sc_serv.conf
filetype: conf slapd.conf
filetype: config config intext: appSettings" ; User ID "
filetype: dat" password.dat "
filetype: dat wand.dat
filetype: inc dbconn
filetype: inc intext: mysql_connect
filetype: inc mysql_connect OR mysql_pconnect
filetype: inf sysprep
filetype: ini inurl: "serv-u.ini"
filetype: ini inurl: flashFXP . ini
filetype: ini ServUDaemon
filetype: ini wcx_ftp
filetype: ini ws_ftp pwd
filetype: ldb admin
filetype: log "See` ipsec copyright "
filetype: log inurl: "password.log"
filetype: mdb inurl: users.mdb
filetype: mdb wwforum
filetype: netrc password
filetype: pass pass intext: userid
filetype: pem intext: private
filetype: properties inurl: db intext: password
filetype: pwd service
filetype: pwl pwl
filetype: reg reg + intext: "defaultusername" + intext: "defaultpassword"
filetype: reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype: sql (" values * MD "|" values * password "|" values * encrypt ")
filetype: sql (" passwd values " | " password values " | " pass values ")
filetype: sql + "IDENTIFIED BY"-cvs
filetype: sql password
没有评论:
发表评论