zoukankan      html  css  js  c++  java
  • Google Hacker

    常用的google关键字: 
    foo1 foo2 (也就是关联,比如搜索xx公司 xx美女) 
    operator:foo 
    filetype:123 类型 
    site:foo.com 相对直接看网站更有意思,可以得到许多意外的信息 
    intext:foo 
    intitle: fooltitle 标题哦 
    allinurl:foo 搜索xx网站的所有相关连接。(踩点必备) 
    links:foo 不要说就知道是它的相关链接 
    allintilte:foo.com

    我们可以辅助"-" "+"来调整搜索的精确程度

    直接搜索密码:(引号表示为精确搜索) 
    当然我们可以再延伸到上面的结果里进行二次搜索 
    "index of" htpasswd / passwd 
    filetype:xls username password email 
    "ws_ftp.log" 
    "config.php" 
    allinurl:admin mdb 
    service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等

    越来越有意思了,再来点更敏感信息 
    "robots.txt" "Disallow:" filetype:txt 
    inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地) 
    allinurl: /msadc/Samples/selector/showcode.asp 
    /http://www.cnblogs.com/../passwd 
    /examples/jsp/snp/snoop.jsp 
    phpsysinfo 
    intitle:index of /admin 
    intitle:"documetation" 
    inurl: 5800(vnc的端口)或者desktop port等多个关键字检索 
    webmin port 10000 
    inurl:/admin/login.asp 
    intext:Powered by GBook365 
    intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell

    foo.org filetype:inc

    ipsec filetype:conf 
    intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦 
    intitle:"php shell*" "Enable stderr" filetype:php 
    "Dumping data for table" username password 
    intitle:"Error using Hypernews" 
    "Server Software" 
    intitle:"HTTP_USER_AGENT=Googlebot" 
    "HTTP_USER_ANGET=Googlebot" THS ADMIN 
    filetype:.doc site:.mil classified 直接搜索军方相关word

    检查多个关键字: 
    intitle:config confixx login password

    "mydomain.com" nessus report 
    "report generated by" 
    "ipconfig" 
    "winipconfig"

    google缓存利用(hoho,最有影响力的东西)推荐大家搜索时候多"选搜索所有网站" 
    特别推荐:administrator users 等相关的东西,比如名字,生日等……最惨也可以拿来做字典嘛 
    cache:foo.com

    可以查阅类似结果

    先找找网站的管理后台地址: 
    site:xxxx.com intext:管理 
    site:xxxx.com inurl:login 
    site:xxxx.com intitle:管理 
    site:a2.xxxx.com inurl:file 
    site:a3.xxxx.com inurl:load 
    site:a2.xxxx.com intext:ftp://*:* 
    site:a2.xxxx.com filetype:asp 
    site:xxxx.com //得到N个二级域名 
    site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的 
    site:xxxx.com intext:电话 //N个电话 
    intitle:"index of" etc 
    intitle:"Index of" .sh_history 
    intitle:"Index of" .bash_history 
    intitle:"index of" passwd 
    intitle:"index of" people.lst 
    intitle:"index of" pwd.db 
    intitle:"index of" etc/shadow 
    intitle:"index of" spwd 
    intitle:"index of" master.passwd 
    intitle:"index of" htpasswd 
    "# -FrontPage-" inurl:service.pwd

    allinurl:bbs data 
    filetype:mdb inurl:database 
    filetype:inc conn 
    inurl:data filetype:mdb 
    intitle:"index of" data 
    ……

    一些技巧集合:

    3) "http://*:*@www" domainname 找一些ISP站点,可以查对方ip的虚拟主机 

    4) auth_user_file.txt 不实用了,太老了

    5) The Master List 寻找邮件列表的

    6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统,默认开放端口90 
    7) passlist.txt (a better way) 字典

    8) "A syntax error has occurred" filetype:ihtml

    9) ext:php program_listing intitle:MythWeb.Program.Listing 
    10) intitle:index.of abyss.conf 
    11)ext:nbe nbe

    12)intitle:"SWW link" "Please wait....." 
    13)

    14) intitle:"Freifunk.Net - Status" -site:commando.de

    15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

    17) intitle:open-xchange inurl:login.pl

    20) intitle:"site administration: please log in" "site designed by emarketsouth" 
    21) ORA-00921: unexpected end of SQL command

    22)intitle:"YALA: Yet Another LDAP Administrator" 
    23)welcome.to phpqladmin "Please login" -cvsweb 
    24)intitle:"SWW link" "Please wait....." 
    25)inurl:"port_255" -htm

    27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

    这些是新的一些漏洞技巧,在0days公告公布

    ext:php program_listing intitle:MythWeb.Program.Listing

    inurl:preferences.ini "[emule]"

    intitle:"Index of /CFIDE/" administrator

    "access denied for user" "using password"

    ext:php intext:"Powered by phpNewMan Version" 可以看到:path/to/news/browse.php?clang=http://www.cnblogs.com/http://www.cnblogs.com/http://www.cnblogs.com/file/i/want

    inurl:"/becommunity/community/index.php?pageurl="

    intitle:"ASP FileMan" Resend -site:iisworks.com

    "Enter ip" inurl:"php-ping.php"

    ext:conf inurl:rsyncd.conf -cvs -man

    intitle: private, protected, secret, secure, winnt

    intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu 
    "#mysql dump" filetype:sql

    "allow_call_time_pass_reference" "PATH_INFO"

    "Certificate Practice Statement" inurl:(PDF | DOC)

    LeapFTP intitle:"index.of./" sites.ini modified 
    master.passwd

    mysql history files 
    NickServ registration passwords 
    passlist 
    passlist.txt (a better way) 
    passwd 
    passwd / etc (reliable) 
    people.lst 
    psyBNC config files 
    pwd.db 
    signin filetype:url 
    spwd.db / passwd 
    trillian.ini 
    wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin

    "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"

    inurl:service.pwd 
    "AutoCreate=TRUE password=*" 
    "http://*:*@www" domainname 
    "index of/" "ws_ftp.ini" "parent directory" 
    "liveice configuration file" ext:cfg -site:sourceforge.net 
    "powered by ducalendar" -site:duware.com 
    "Powered by Duclassified" -site:duware.com 
    "Powered by Duclassified" -site:duware.com "DUware All Rights reserved" 
    "powered by duclassmate" -site:duware.com 
    "Powered by Dudirectory" -site:duware.com 
    "powered by dudownload" -site:duware.com 
    "Powered By Elite Forum Version *.*" 
    "Powered by Link Department" 
    "sets mode: +k" 
    "Powered by DUpaypal" -site:duware.com 
    allinurl: admin mdb 
    auth_user_file.txt 
    config.php 
    eggdrop filetype:user user 
    etc (index.of) 
    ext:ini eudora.ini 
    ext:ini Version=... password 
    ext:txt inurl:unattend.txt

    filetype:bak inurl:"htaccess|passwd|shadow|htusers"

    filetype:cfg mrtg "target

    • " -sample -cvs -example

    filetype:cfm "cfapplication name" password

    filetype:conf oekakibbs 
    filetype:conf sc_serv.conf

    filetype:conf slapd.conf

    filetype:config config intext:appSettings "User ID"

    filetype:dat "password.dat"

    filetype:dat wand.dat

    filetype:inc dbconn

    filetype:inc intext:mysql_connect 
    filetype:inc mysql_connect OR mysql_pconnect

    filetype:inf sysprep

    filetype:ini inurl:"serv-u.ini" 
    filetype:ini inurl:flashFXP.ini 
    filetype:ini ServUDaemon 
    filetype:ini wcx_ftp 
    filetype:ini ws_ftp pwd

    filetype:ldb admin

    filetype:log "See `ipsec copyright"

    filetype:log inurl:"password.log"

    filetype:mdb inurl:users.mdb

    filetype:mdb wwforum

    filetype:netrc password

    filetype:pass pass intext:userid

    filetype:pem intext:private

    filetype:properties inurl:db intext:password

    filetype:pwd service 
    filetype:pwl pwl

    filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" 
    filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS 
    filetype:sql ("values * MD" | "values * password" | "values * encrypt") 
    filetype:sql ("passwd values" | "password values" | "pass values" ) 
    filetype:sql +"IDENTIFIED BY" -cvs 
    filetype:sql password

    filetype:url +inurl:"ftp://" +inurl:";@"

    filetype:xls username password email

    htpasswd 
    htpasswd / htgroup 
    htpasswd / htpasswd.bak

    intext:"enable secret $" 
    intext:"powered by Web Wiz Journal"

    intitle:"index of" intext:connect.inc 
    intitle:"index of" intext:globals.inc 
    intitle:"Index of" passwords modified

    intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com 
    ----------------------------------------------------------------------------------------------------------------------

    intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"

    inurl:"GRC.DAT" intext:"password"

    inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample

    inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample

    inurl:"wvdial.conf" intext:"password"

    inurl:/db/main.mdb

    inurl:chap-secrets -cvs

    inurl:config.php dbuname dbpass 
    inurl:filezilla.xml -cvs

    inurl:lilo.conf filetype:conf password -tatercounter -bootpwd -man

    inurl:nuke filetype:sql

    inurl:ospfd.conf intext:password -sample -test -tutorial -download 路由配置 
    inurl:pap-secrets -cvs

    inurl:perform filetype:ini 
    inurl:secring ext:skr | ext:pgp | ext:bak

    inurl:vtund.conf intext:pass -cvs

    inurl:zebra.conf intext:password -sample -test -tutorial -download

    "Generated by phpSystem" 
    "generated by wwwstat"

    "Host Vulnerability Summary Report" ]

    "HTTP_FROM=googlebot" googlebot.com "Server_Software="

    "Index of" / "chat/logs" 聊天室 
    "Installed Objects Scanner" inurl:default.asp

    "Mecury Version" "Infastructure Group" 
    "Microsoft (R) Windows * (TM) Version * DrWtsn Copyright (C)" ext:log

    "Most Submitted Forms and Scripts" "this section"

    "Network Vulnerability Assessment Report"

    "not for distribution" confidential 
    "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"

    "phpMyAdmin" "running on" inurl:"main.php"

    "produced by getstats" 
    "Request Details" "Control Tree" "Server Variables" 
    "robots.txt" "Disallow:" filetype:txt

    "Running in Child mode"

    "sets mode: +p" 
    "sets mode: +s" 
    "Thank you for your order" +receipt 
    "This is a Shareaza Node" 
    "This report was generated by WebLog" 
    ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject

    (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

    -site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp

    FBR "ADOBE PHOTOSHOP" 
    AIM buddy lists 
    allinurl:/examples/jsp/snp/snoop.jsp 
    allinurl:servlet/SnoopServlet 
    cgiirc.conf

    data filetype:mdb -site:gov -site:mil

    exported email addresses

    ext:asp inurl:pathto.asp

    ext:cgi inurl:editcgi.cgi inurl:file=

    ext:conf inurl:rsyncd.conf -cvs -man 
    ext:conf NoCatAuth -cvs

    ext:dat bpk.dat 
    ext:gho gho

    ext:ini intext:env.ini 
    ext:ldif ldif

    ext:log "Software: Microsoft Internet Information Services *.*" 
    ------------------------------------------------------------------------------------------ 
    ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

    filetype:bkf bkf 
    filetype:blt "buddylist" 
    filetype:blt blt +intext:screenname

    filetype:cfg auto_inst.cfg

    filetype:conf inurl:firewall -intitle:cvs 
    filetype:config web.config -CVS

    filetype:ctt ctt messenger

    filetype:fp fp 
    filetype:fp fp -site:gov -site:mil -"cvs log"

    filetype:inf inurl:capolicy.inf 
    filetype:lic lic intext:key

    filetype:myd myd -CVS 
    filetype:ns ns 
    filetype:ora ora 
    filetype:ora tnsnames 
    filetype:pdb pdb backup (Pilot | Pluckerdb)

    filetype:pot inurl:john.pot 
    ------------------------------------------------------------------------------------------------------------------ 
    filetype:pst inurl:"outlook.pst" 
    filetype:pst pst -from -to -date 
    filetype:qbb qbb 
    filetype:rdp rdp

    filetype:reg "Terminal Server Client" 
    filetype:vcs vcs 
    filetype:wab wab

    filetype:xls -site:gov inurl:contact 
    filetype:xls inurl:"email.xls" 
    Financial spreadsheets: finance.xls 
    Financial spreadsheets: finances.xls

    Ganglia Cluster Reports

    haccess.ctl (one way) 
    haccess.ctl (VERY reliable) 
    ICQ chat logs, please...

    iletype:log cron.log 
    intext:"Session Start * * * *:*:* *" filetype:log 
    intext:"Tobias Oetiker" "traffic analysis"

    intext:(password | passcode) intext:(username | userid | user) filetype:csv 
    intext:gmail invite intext:http://gmail.google.com/gmail/a

    intext:SQLiteManager inurl:main.php

    intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

    intitle:"AppServ Open Project" -site:www.appservnetwork.com 
    intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "- weppos"

    intitle:"FTP root at" 
    intitle:"index of" +myd size

    intitle:"Index Of" -inurl:maillog maillog size

    intitle:"Index Of" cookies.txt size

    intitle:"index of" mysql.conf OR mysql_config 
    intitle:"Index of" upload size parent directory

    intitle:"index.of" .diz .nfo last modified 
    intitle:"Multimon UPS status page" 
    intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php ) 
    intitle:"PhpMyExplorer" inurl:"index.php" -cvs 
    --------------------------------------------------------------------- 
    intitle:"statistics of" "advanced web statistics" 
    intitle:"System Statistics" +"System and Network Information Center" 
    intitle:"Usage Statistics for" "Generated by Webalizer" 
    intitle:"wbem" compaq login "Compaq Information Technologies Group"

    intitle:"Web Server Statistics for ****" 
    intitle:"web server status" SSH Telnet 
    intitle:"welcome.to.squeezebox"

    intitle:admin intitle:login 
    intitle:index.of "Apache" "server at" 
    intitle:index.of cleanup.log 
    intitle:index.of dead.letter 
    intitle:index.of inbox 
    intitle:index.of inbox dbx

    intitle:intranet inurl:intranet +intext:"phone" 
    inurl:"/axs/ax-admin.pl" -script 
    inurl:"/cricket/grapher.cgi" 
    inurl:"bookmark.htm"

    inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM 
    inurl:"newsletter/admin/" 
    inurl:"newsletter/admin/" intitle:"newsletter admin" 
    inurl:"putty.reg" 
    inurl:"smb.conf" intext:"workgroup" filetype:conf conf 
    ----------------------------------------------------------------------------------------------------------

    Welcome to ntop!

    "adding new user" inurl:addnewuser -"there are no domains" 
    (inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")

    filetype:php HAXPLORER "Server Files Browser" 
    intitle:"Web Data Administrator - Login"

    inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx 
    PHP Shell (unprotected) 
    PHPKonsole PHPShell filetype:php -echo 
    Public PHP FileManagers

    "index of" / picasa.ini 
    "index of" inurl:recycler 
    "Index of" rar r nfo Modified 
    "intitle:Index.Of /" stats merchant cgi-* etc 
    "Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" ) 
    "Web File Browser" "Use regular expression"

    filetype:ini Desktop.ini intext:mydocs.dll

    intext:"d.aspx?id" || inurl:"d.aspx?id" 
    intext:"Powered By: TotalIndex" intitle:"TotalIndex" 
    intitle:"album permissions" "Users who can modify photos" "EVERYBODY" 
    intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat 
    intitle:"HFS /" +"HttpFileServer" 
    intitle:"Index of *" inurl:"my shared folder" size modified 
    -------------------------------------------------------------------------------------------------------------------

    "File Upload Manager v." "rename to"

    ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com 
    ext:asp inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com 
    ext:cgi inurl:ubb_test

    ezBOO "Administrator Panel" -cvs

    filetype:cgi inurl:cachemgr.cgi 
    filetype:cnf my.cnf -cvs -example 
    filetype:inc inc intext:setcookie

    filetype:php inurl:"viewfile" -"index.php" -"idfil 
    filetype:wsdl wsdl

    intitle:"ASP FileMan" Resend -site:iisworks.com

    intitle:"Index of /" modified php.exe

    intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"

    inurl:" WWWADMIN.PL" intitle:"wwwadmin" 
    inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy" 
    inurl:"plog/register.php" 
    inurl:cgi.asx?StoreID

    inurl:robpoll.cgi filetype:cgi

    The Master List

    "More Info about MetaCart Free"

  • 相关阅读:
    info plist各个功能的详解
    打个测试包弄成连接供别人下载测试
    封装的数据请求加上风火轮的效果
    福大软工 · BETA 版冲刺前准备(团队)
    福大软工 · 第十一次作业
    Alpha 冲刺 (10/10)
    Alpha 冲刺 (9/10)
    Alpha 冲刺 (8/10)
    Alpha 冲刺 (7/10)
    Alpha 冲刺 (6/10)
  • 原文地址:https://www.cnblogs.com/johnpher/p/2861076.html
Copyright © 2011-2022 走看看