Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Sensitive Directories
Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive
to uber-secret!

DATE Title Summary

2003- What kinds of things might you find in directories marked
private
06-27 "private?" let's find out.....
2003- What kinds of goodies lurk in directories marked as
secret
06-27 "secret?" Find out......
2003- Backup directories are often very interesting places to
Look in my backup directories! Please?
06-24 explore. More than one server has been ...
2004- Adding "inurl:ftp (pub | incoming)" to the "index.of"
intitle:"index of" inurl:ftp (pub | inco...
12-30 searches helps locati...
2004-
allinurl:"/*/_vti_pvt/" | allinurl:"... Frontpage extensions for Unix ? So be it.....
12-29
2004- These directories reveal the configuration file of the
intitle:index.of abyss.conf
12-19 abyss webserver. These files can contain...
2004- With ColdFusion, you can build and deploy powerful
intitle:"Index of /CFIDE/" administrator
12-19 web applications and web services with far l...
2004- Invision Power File Manager is a popular file
"Powered by Invision Power File Manager"...
12-19 management script, written in the popular PHP Scr...
2004- This search uses desktop.ini to track users with a
intitle:"index of" "parent director...
12-05 webserver running on their desktop computers...
2004- TotalIndex v2.0 is an open source script that is designed
intext:"Powered By: TotalIndex" intitle:...
11-28 to replace the simple, and boring def...
2004- This search looks for indexes with the following
"intitle:Index.Of /" stats merchant cgi-...
11-07 subdirectories: stats, merchant, online-store ...
2004- This dork indicates the "Local settings" dir in most cases,
intitle:"index of" intext:"content....
10-31 and browseble server dire...
2004- Yes! I probably have should have told you guys earlier,
intitle:"index of" -inurl:htm -inurl:htm...
10-20 but this is how ive been getting 100% ...
2004- The DCIM directory is the default name for a few brands
index.of.dcim
10-25 of digital camers. This is not a big ne...
2004- The Google Hackers Guide explains how to find Apache
intitle:"Directory Listing For" intext:T...
10-19 directory indexes, which are the most comm...
2004- Webadmin.php is a free simple Web-based file manager.
intitle:"webadmin - /*" filetype:php dir...
09-24 This search finds sites that use this sof...
2004- intitle:index.of (inurl:fileadmin | TYPO3 is a free Open Source content management
09-21 intitle:filead... system for enterprise purposes on the web and in...
2004- These are index pages of "My Shared Folder".
intitle:"Index of *" inurl:"my shar...
09-10 Sometimes they contain juicy stuff like ...
Directories containing commercial
2004-
intitle:index.of /AlbumArt_ music.AlbumArt_{.*}.jpg are download/create by MS-
08-26
Windows Med...
2004- "The YouSendIt team was formed to tackle a common
intext:"d.aspx?id" || inurl:"d.aspx...
08-05 problem: secure transmission of large do...
2004- Picasa is an 'Automated Digital Photo Organizer' recently
"index of" / picasa.ini
07-20 aquired by Google. This search allows...
2004- These directories are named "password." I wonder what
index.of.password
07-16 you might find in here. Warning...
2004- inurl:explorer.cfm
Filemanager without authentication....
10-31 inurl:(dirpath|This_Directory)
2004- phpMyAdmin is a tool written in PHP intended to handle
Index of phpMyAdmin
07-12 the administration of MySQL over the Web...
2004- filetype:cfg ks intext:rootpw -sample -test - Anaconda is a linux configuration tool like yast on suse
06-14 howto linux. The root password is often encr...
2004- Gallery (http://gallery.menalto.com) is software that
intitle:"album permissions" "Users ...
06-02 allows users to create webalbums and uplo...
2004- Many of these directories contain information about the
"Index Of /network" "last modified&...
06-01 network, though an attacker would need ...
2004- According to whatis.com: "An intranet is a private
intitle:intranet inurl:intranet +intext:"huma...
05-13 network that is contained within an ent...
2004- Many times, this search will reveal temporary files and
inurl:/tmp
05-11 directories on the web server. The info...
2004- This is the default name of the Windows recycle bin. The
"index of" inurl:recycler
05-04 files in this directory may contain se...
2004- This is the default installation location of Oracle
inurl:/pls/sample/admin_/help/
04-28 manuals. This helps in footprinting a serve...
2004- This directory contains sample Oracle JSP scripts which
inurl:ojspdemos
04-28 are installed on the server. These prog...
2004- This directory contains sample JSP scripts which are
inurl:j2ee/examples/jsp
04-28 installed on the server. These programs ma...
2004- CGI directories contain scripts which can often be
"index of cgi-bin"
04-23 exploited by attackers. Regardless of the vu...
2004- This is the top level directory of ColdFusion, a powerful
intitle:"Index of" cfide
04-19 web development environment. This dir...
2004- This directory has various personal documents and
intitle:"index.of.personal"
03-29 pictures....
2004- These pages indicate that they are sharing the
intitle:"Index of c:\Windows"
02-10 C:\WINDOWS directory, which is the system folder...
2003- phpMyAdmin is a widly spread webfrontend used to
"Welcome to phpMyAdmin" " Create ne...
08-12 mantain sql databases. The default security me...
2004- This query reveals backup directories. These directories
inurl:backup intitle:index.of inurl:admin
03-16 can contain various information rangin...
2003- These directories are named "password." I wonder what
index.of.password
06-27 you might find in here. Warning...
2003- What could be in a directory marked as "protected?"
protected
06-27 Let's find out......
2003- What could be hiding in directories marked as "secure?"
secure
06-27 let's find out......
2003- The \WINNT directory is the directory that Windows NT
winnt
06-27 is installed into by default. Now just be...
2015- The dork finds misconfigured WordPress sites.
inurl:wp-admin/ intext:css/
05-27 Author:NickiK. ...
2015- This dork finds open ftps. This is a base dork, where you
intitle:"Index of ftp"
05-26 can add intext:"ssh/" for ...
2015-
intitle:index.of.dropbox Sensitive Directories Ariel Anonis - @ariel_anonis ...
04-23
2015-
intitle:index.of.accounts Dork for directory with accounts. By Rootkit. ...
04-03
2015- intitle:index.of +"Indexed by Google dork for finding Private pics ;) :D
04-03 Apache::Gallery... #13lacKDemOn ...
2015- Relates to https://wordpress.org/plugins/wp-backitup/
inurl:/wp-content/wpbackitup_backups
02-27 Sensitive data/site rips/db rips in pu...
2015-
"Config" intitle:"Index of" in... Directory with keys of vpn servers. By Rootkit. ...
02-19
2015- "jos_users" intitle:"Index of" Files of configuration of
"jos_users" intitle:"Index of"
02-11 user Joomla serve...
2015-
inurl:/cgi-bin/.cgi Finds open index of /cgi-bin. ...
01-06
2014- i just found a google dork that is file/path disclosure of
allinurl:/hide_my_wp=
02-05 Hide My WP plugin Google dork -...
2013- Mac OSX directories -- -[Voluntas Vincit Omnia]-
intitle:"index of" intext:".ds_stor...
11-25 website http://www.erisresearch.org/ Go...
2013- Google search for shared HDD directories or shared
intitle:"index of" myshare
09-24 directories on servers. Gives access to oft...
2013- #Summary: Acces to Jenkins Dashboard #Author: g00gl3
inurl:8080 intitle:"Dashboard [Jenkins]"
08-08 5c0u7 ...
2013- the GHDB on subject (intitle:index.of
intitle:index.of intext:.bash_history
08-08 intext:.bash_history) finds all home users directory pat...
2013- intext:xampp-dav- # Exploit Title: google dork for apache directory listing
08-08 unsecure:$apr1$6O9scpDQ$JGw2Tjz0j... by url edit # Google Dork: intext:xa...
2013- Google Dork: "index of" inurl:sym You can Steal the
"index of" inurl:sym
04-09 symlinks of other Servers A...
2013- Google Dork: index of" inurl:root intitle:symlink Steal
"index of" inurl:root intitle:symlink
04-09 Others Symlink Author: Un0wn...
2012- Dork: inurl:ckfinder intext:"ckfinder.html" intitle:"Index
inurl:ckfinder intext:"ckfinder.html" in...
11-02 of /ckfinder" ...
2011-
inurl:/xampp this dork looks for servers with xampp installed...
11-19
2010-
allintext:"WebServerX Server at" Quick and dirty WebserverX HTTP server google dork ...
11-10
2010-
intitle:index.of ios -site:cisco.com Google search for Cisco IOS images Author: fdisk...
11-10
2010-
intitle:index.of cisco asa -site:cisco.com Google search for Pix/Asa images Author: fdisk...
11-10
2006- These directories can give information about a web
intitle:index.of.config
07-14 servers configuration. This should never be ...
2006- allintitle:"FirstClass Login" this is for firstclass directory
allintitle:"FirstClass Login"
02-28 listingsgo to http://[...
2006- Excelent information for foot holds. Everything from OS,
inurl:install.pl intext:"Reading path paramat...
01-16 to forum software, etc. Other exploits...
2005- "Warning: Installation directory exists by this dork you can find fresh installations of Zen-
12-01 at&qu... Cartsee Full Disclosure forums fore detail...
2005-
"Welcome to the directory listing of" &q... this is for NetworkActiv-Web-Server directory listing...
11-28
2005- Linklint is an Open Source Perl program that checks
log inurl:linklint filetype:txt -"checking&qu...
11-11 links on web sites. This search finds the L...
2005-
"Directory Listing for" "Hosted by ... directory listing for Xerver web server...
09-26
2005-
intitle:"Folder Listing" "Folder Li... directory listing for Fastream NETFile Web Server...
09-26
2005- intitle:"Backup-Management (phpMyBackup phpMyBackup is an mySQL backup tool, with features
09-13 v.0.4... like copying backups to a different server u...
2005- This search reveals the photo albums taken by Sprint
intitle:"pictures thumbnails" site:pictu...
07-21 PCS customers. Pictures taken with Sprint'...
2005- Finds java powered web servers which have indexing
intitle:index.of WEB-INF
05-02 enabled on their config directory...
2005-
intitle:index.of /maildir/new/ search gives you a mailbox dir. Contains a lot of mails....
03-26
2005- This dork finds any webshared windows folder inside my
filetype:ini Desktop.ini intext:mydocs.dll
02-17 docs. You can change the end bit "i...
2005- Torrent files .. don't expect to find spectacular stuff with
filetype:torrent torrent
01-16 this kind of string, this just to ...
2005-
"Index of" rar r01 nfo Modified 2004 New Warez Directory Lists...
01-09
2005- This will ask google to search for a php script used to
"Web File Browser" "Use regular exp...
01-07 manage files on a server. The script &q...
2005- "The HttpFileServer is a Java based mechanism for
intitle:"HFS /" +"HttpFileServer&qu...
01-05 providing web access to a set of files o...
2005- intitle:upload inurl:upload intext:upload - The search reveals server upload portals.An attacker can
01-01 forum -... use server space for his own benefit....
2016- Hostinger © 2016. All rights reserved Google Dork: Hostinger © 2016. All rights reserved
11-29 inurl:defaul... inurl:default.php Hostinger web hosting c...
2016- Dork: inurl:".esy.es/default.php" You can add “Here is a
inurl:".esy.es/default.php"
11-29 list of files in your pub...
2016- name =find liferay file page Google dork Description:
index:"html/js/editor/fckeditor/editor/filema...
10-04 index:"html/js/editor/fckeditor/ed...
2016- inurl:/FCKeditor/editor/filemanager/upload/ Let's you go
inurl:/FCKeditor/editor/filemanager/upload/
08-08 through unprotected files in the FC...
2016- inurl:pictures intitle:index.of Loads of personal pictures
inurl:pictures intitle:index.of
07-27 and what not Sent from trump t...
2016- One man's trash is another man's treasure. inurl:trash
inurl:trash intitle:index.of
06-06 intitle:index.of Decoy ...
2016- SSH Keys inurl:.ssh intitle:index.of authorized_keys
inurl:.ssh intitle:index.of authorized_keys
06-06 Decoy ...
2016- Description: Drupal default web-forms' storage path,
inurl:/sites/default/files/webform/
05-10 usually a lot of files there contains juic...
2016- MAC OS X. Parent Directory Wordpress information. -
intitle:Index of /__MACOSX ...
04-21 Xploit ...
2016- This dork will find git repository's which may have
(intext:"index of /.git") ("parent ...
03-22 sensitive information. (intext:"ind...
inurl:safm.asp ext:asp
2016-
inurl:safm.asp ext:asp http://atawho.blogspot.com.tr/2016/03/simple-asp-
03-07
filemanager.html ...
2016- Awstats Log file's directory can reveal file/directory
intitle: Index of /awstats/data
01-06 location These logs file may also revea...
2015- Google Search: inurl:/server/webapps Submission Date:
inurl:/server/webapps
12-21 12/19/2015 Description: Apache Tomcat...
2015- Dork with juicy info. Enjoy xD. Dork by Rootkit
intitle:index.of.mail
11-13 Pentester. ...
2015-
inurl:pipermail intitle:index.of parent Pipermail Archives Decoy ...
11-11
2015-
inurl:"wp-content/uploads/private" Directories with juicy data. Dork by Rootkit Pentester. ...
11-11
2015-
intitle:index.of inurl:grades site:edu Directories containing grades. Decoy ...
11-02
2015- http://www.google.com/search?q=intitle:index.of parent
intitle:index.of parent inurl:repos
10-30 inurl:repos Shared repositories. Very...
2015- http://www.google.com/search?q="Desktop" parent
"Desktop" parent intitle:index.of
10-22 intitle:index.of Desktops shared o...
2015- http://www.google.com/search?q="My Documents"
"My Documents" "parent" intitl...
10-22 "parent" intitle:index.of ...
2015- Directories containing SQL Installs and/or SQL
"sql" "parent" intitle:index.o...
10-20 databases... Decoy ...
2015- Google dork Description: Juice Directory "ASP" Google
inurl:/aspnet_client/system_web/
10-19 search: inurl:/aspnet_client/s...
2015-
inurl:.DS_Store intitle:index.of Directories with DS_Store files. By Rootkit Pentester. ...
10-19
2015-
inurl:.listing intitle:index.of Directories with .listing files. By Rootkit Pentester. ...
10-19
2015- http://www.google.com/search?q=inurl:users
inurl:users intitle:index.of
10-16 intitle:index.of User folders containing interest...
2015- http://www.google.com/search?q=private parent
private parent intitle:index.of
10-16 intitle:index.of Dork for all sorts of juicy s...
2015-
mail spool intitle:index.of Dork for mail spools. Decoy ...
10-16
2015- Dork= inurl:"default.php" intext:"website" "has been
inurl:"default.php" intext:"website...
09-17 successfully inst...
2015- Directories with interesting info. Have Fun Responsible.
intitle:"Index.of" "attachments&quo...
09-10 Dork by Rootkit Pentester. ...
2015- this dork find db.crypt/.db files of whatsapp
intitle:"Index of" "WhatsApp Databa...
09-07 conversations you can open them with https://co...
2015- inurl:"/cms/app/webroot" Author:ShockvaWe (mrnoone)
inurl:"/cms/app/webroot"
09-01 özüm ...
2015- WhatsApp Images folder, usually from backups. --
intitle:"Index of" "WhatsApp Images...
08-24 pmbento ...
2015-
intitle:"Index of" "DCIM" A lot of Camera Photos Dump. Have Fun!. Rootkit. ...
08-19
2015- Dork: intext:index of sym Most of hacker use auto server
intext:index of sym
08-10 symlink script and grab all the con...
2015- Exploit title: intitle:index.of.pubs Description:
intitle:index.of.pubs
07-09 intitle:index.of.pubs Sensitive Directories...
2015-
intitle:"Index of" "wwwroot" Directory of wwwroot Dork. Enjoy xD. By Rootkit. ...
06-30
2015- # Exploit Title: intitle:"index of" inurl:"no-ip.com" #
intitle:"index of" inurl:"no-ip.com...
06-17 Google Dork: intit...
2015-
intitle:"Index Of" intext:"iCloud P... From: Creep Mode Baby ...
06-17
2015-
inurl:private_files Directory private files xD. By Rootkit. ...
06-10
2015- # Exploit Title: intitle:"index of" "onetoc2" "one" #
intitle:"index of" "onetoc2" &...
06-04 Google Dor...

https://www.exploit-db.com/google-hacking-database/3/?pg=1
Table of Contents:
Footholds
Files containing usernames
Sensitive Directories
Web Server Detection
Vulnerable Files
Vulnerable Servers
Error Messages
Files containing juicy info
Files containing passwords
Sensitive Online Shopping Info
Network or vulnerability data
Pages containing login portals
Various Online Devices
credit http://www.exploit-db.com/google-dorks/
2014-04-
intitle:”Zimbra Web Client Sign In” Pages containing login portals
21

2014-04-
intitle:”Zimbra Web Client Log In” Pages containing login portals
21

2014-04-
inurl:typo3/install/index.php?mode= Pages containing login portals
07

2014-04-
inurl:typo3conf/localconf.php Files containing passwords
07

2014-03-
inurl:/backup intitle:index of backup intext:*sql Files containing passwords
31

2014-03-
inurl:”Citrix/XenApp/auth/login.aspx” Pages containing login portals
31

2014-03-
filetype:pdf “acunetix website audit” &q… Files containing juicy info
31

2014-03-
inurl:crossdomain filetype:xml intext:allow-access… Files containing juicy info
27

2014-03-
inurl:clientaccesspolicy filetype:xml intext:allow… Files containing juicy info
27

2014-02-
intitle:Admin inurl:login.php site:.co.in Pages containing login portals
28
2014- dork to find uploaded WSO 2.4 shell by hackers. found by
intitle:”WSO 2.4″ [ Sec. Info ], [ Files…
01-03 Anon?M ID …

2014- the dork is used to find uploaded 1n73ct10n Shell on website.

intitle:”=[ 1n73ct10n privat shell ]=”
01-03 found by Anon?M ID …

2013- filetype:php intext:”!C99Shell v. 1.0 php backdoor: c99 shell — -[Voluntas Vincit Omnia]- website
11-25 beta&qu… http://www.erisresearch.org/…

2013-
intitle:”uploader by ghost-dz” ext:php intitle:”uploader by ghost-dz” ext:php…
11-25

2013- Finds websites that have 1337w0rm’s CPanel cracker uploaded.

inurl:1337w0rm.php intitle:1337w0rm
08-08 Since the Cracker is relatively n…

2012- This dork finds websites that were hacked, backdoored and
inurl:”r00t.php”
11-02 contains their system information e…

2012- User & Domain || Symlink Using this dork you can find the User
intitle:C0ded By web.sniper
11-02 and the Domains of the Serv…

2012-
intitle:Priv8 SCR I am Un0wn_X Symlink User configs intitle:Priv8 SCR …
11-02

2011-
inurl:”amfphp/browser/servicebrowser.swf”… AMFPHP service browser, debug interface. Author: syddd …
09-26

2011- A foothold using allintext:”fs-admin.php” shows the world

allintext:”fs-admin.php”
01-09 readable directories of a…

2006- sHOUTcast is a free-of-charge audio homesteading solution. It

(intitle:”SHOUTcast Administrator”)|(int…
05-03 permits anyone on the internet to…

2006-
(intitle:”WordPress â€Å Alter setup configuration files.add ?step=1…
03-15

2006- searches for scripts that let you upload files which you can then
“index of /” ( upload.cfm | upload.asp |…
03-06 execute on the server….

2006- “Please re-enter your password It must match

Invision Powerboard registration pages. Plain and simple….
02-08 …

2006- This query shows installations of Serena Teamtrack.

inurl:”tmtrack.dll?”
01-04 (www.serena.com).You may be able to adjust …

2005-
inurl:polly/CP You can get into admin panel without logging….
10-06

2005- net2ftp is a web-based FTP client written in PHP. Lets explain this
intitle:”net2ftp” “powered by net2f…
09-25 in detail. Web-based means …
2005- Basicly MyShell is a php program that allows you to execute
intitle:MyShell 1.1.0 build 20010923
08-15 commands remotely on whichever serv…

2005- intitle:”YALA: Yet Another LDAP YALA is a web-based LDAP administration GUI. The idea is to
05-02 Administrator… simplify the directory administrati…

2005- intitle:”ERROR: The requested URL could not

squid error messages, most likely from reverse proxy servers….
04-27 b…

2004- inurl:”phpOracleAdmin/php” - phpOracleAdmin is intended to be a webbased Oracle Object Manager.In

12-19 download -cv… many points alike phpMyAdm…

2004- PHPKonsole PHPShell filetype:php - PHPKonsole is just a little telnet like shell wich allows you to run
11-28 echo commands on the webserver….

2004- filetype:php HAXPLORER “Server Files Haxplorer is a webbased filemanager which enables the user to browse
11-28 Browser&… files on the webserver. Yo…

2004- inurl:ConnectComputer/precheck.htm Windows Small Business Server 2003: The network configuration page is
11-06 | inurl:Remote/… called “ConnectCompu…

2004- (inurl:81/cgi-bin/.cobalt/) | The famous Sun linux appliance. The default page displays this
10-22 (intext:”Welco… text:”Congratulations on Ch…

2004- intitle:”Web Data Administrator – The Web Data Administrator is a utility program implemented in ASP.NET
10-09 Login” that enables you to easi…

2004- “adding new user” inurl:addnewuser - Allows an attacker to create an account on a server running Argosoft
07-20 &quo… mail server pro for window…

2004- PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to
PHP Shell (unprotected)
07-12 execute arbiritary she…

2004- PHPFM is an open source file manager written in PHP. It is easy to set up
Public PHP FileManagers
07-12 for a beginner, but s…

2004- WS_FTP.LOG can be used in many ways to find more information about a
+htpasswd +WS_FTP.LOG filetype:log
05-20 server. This query is very…

2003- Admin Login pages. Now, the existance of this page does not necessarily
intitle:admin intitle:login
09-09 mean a server is vulner…

2013-
intext:”root:x:0:0:root:/root:/bin/bash”… Author: ./tic0 | Izzudin al-Qassam Cyber Fighter …
04-22

2013-
inurl:”/root/etc/passwd” intext:”ho… inurl:”/root/etc/passwd” intext:”home/*:” …
04-22

2006- The search reveals usernames (right in the URL in green) and links to
site:extremetracking.com inurl:”login=”
07-31 the sites that are signed…
2005- intext:”SteamUserPassphrase=” This will search for usernames and passwords for steam
06-05 intext:&qu… (www.steampowered.com) taken from the St…

2004- This search jumps right to the main page of Outlook Web Access
OWA Public folders & Address book
06-19 Public Folders and the Exchange …

2004- A standard FTP configuration file that provides far too many details
filetype:conf inurl:proftpd.conf -sample
05-20 about how the server is se…

2004- These log files record info about the SSH client PUTTY. These files
filetype:log username putty
05-13 contain usernames, site nam…

2004- filetype:reg reg +intext:”internet account This google search reveals users names, pop3 passwords, email
05-12 ma… addresses, servers connected to a…

2004- filetype:reg reg HKEY_CURRENT_USER This search finds registry files from the Windows Operating system.
05-11 username Considered the “soul&q…

2004- The webalizer program displays various information but this query
+intext:”webalizer” +intext:”Total …
05-03 displays usernames that have …

2004- inurl:php inurl:hlstats intext:”Server This page shows the halflife stat script and reveals the username to
04-28 Userna… the system. Table structur…

2004- This file contains information about the mIRC client and may include
index.of perform.ini
04-13 channel and user names….

2004- These lock files often contain usernames of the user that has locked
“index of” / lck
04-13 the file. Username harvest…

2004- This search reveals userlists of administrative importance. Userlists

inurl:admin filetype:asp inurl:userlist
03-16 found using this method c…

2004- This search reveals userlists of administrative importance. Userlists

inurl:admin inurl:userlist
03-16 found using this method c…

2003- Ok, this file contains what a user typed at a shell command prompt.
sh_history files
06-24 You shouldn’t advertise thi…

2003- Ok, this file contains what a user typed at a shell command prompt.
bash_history files
06-24 You shouldn’t advertise thi…

2014- i just found a google dork that is file/path disclosure of Hide My WP

allinurl:/hide_my_wp=
02-05 plugin Google dork -…

2013- Mac OSX directories — -[Voluntas Vincit Omnia]- website

intitle:”index of” intext:”.ds_stor…
11-25 http://www.erisresearch.org/ Go…

2013- Google search for shared HDD directories or shared directories on

intitle:”index of” myshare
09-24 servers. Gives access to oft…
2013-
inurl:8080 intitle:”Dashboard [Jenkins]” #Summary: Acces to Jenkins Dashboard #Author: g00gl3 5c0u7 …
08-08

2013- the GHDB on subject (intitle:index.of intext:.bash_history) finds all

intitle:index.of intext:.bash_history
08-08 home users directory pat…

2013- intext:xampp-dav- # Exploit Title: google dork for apache directory listing by url edit #
08-08 unsecure:$apr1$6O9scpDQ$JGw2Tjz0j… Google Dork: intext:xa…

2013- Google Dork: “index of” inurl:sym You can Steal the symlinks of other
“index of” inurl:sym
04-09 Servers A…

2013- Google Dork: index of” inurl:root intitle:symlink Steal Others Symlink
“index of” inurl:root intitle:symlink
04-09 Author: Un0wn…

2012-
inurl:ckfinder intext:”ckfinder.html” in… Dork: inurl:ckfinder intext:”ckfinder.html” intitle:”Index of /ckfinder” …
11-02

2011-
inurl:/xampp this dork looks for servers with xampp installed…
11-19

2010-
allintext:”WebServerX Server at” Quick and dirty WebserverX HTTP server google dork …
11-10

2010-
intitle:index.of ios -site:cisco.com Google search for Cisco IOS images Author: fdisk…
11-10

2010-
intitle:index.of cisco asa -site:cisco.com Google search for Pix/Asa images Author: fdisk…
11-10

2006- These directories can give information about a web servers

intitle:index.of.config
07-14 configuration. This should never be …

2006- allintitle:”FirstClass Login” this is for firstclass directory listingsgo to

allintitle:”FirstClass Login”
02-28 http://[…

2006- inurl:install.pl intext:”Reading path Excelent information for foot holds. Everything from OS, to forum
01-16 paramat… software, etc. Other exploits…

2005- “Warning: Installation directory exists by this dork you can find fresh installations of Zen-Cartsee Full
12-01 at&qu… Disclosure forums fore detail…

2005- “Welcome to the directory listing of”

this is for NetworkActiv-Web-Server directory listing…
11-28 &q…

2005- log inurl:linklint filetype:txt - Linklint is an Open Source Perl program that checks links on web sites.
11-11 “checking&qu… This search finds the L…

2005-
“Directory Listing for” “Hosted by … directory listing for Xerver web server…
09-26
2005- intitle:”Folder Listing”
directory listing for Fastream NETFile Web Server…
09-26 “Folder Li…

intitle:”Backup-
2005- phpMyBackup is an mySQL backup tool, with features like copying backups to a
Management
09-13 different server u…
(phpMyBackup v.0.4…

2005- intitle:”pictures This search reveals the photo albums taken by Sprint PCS customers. Pictures taken
07-21 thumbnails” site:pictu… with Sprint’…

2005- Finds java powered web servers which have indexing enabled on their config
intitle:index.of WEB-INF
05-02 directory…

2005- intitle:index.of
search gives you a mailbox dir. Contains a lot of mails….
03-26 /maildir/new/

2005- filetype:ini Desktop.ini This dork finds any webshared windows folder inside my docs. You can change the
02-17 intext:mydocs.dll end bit “i…

2005- Torrent files .. don’t expect to find spectacular stuff with this kind of string, this just
filetype:torrent torrent
01-16 to …

2005- “Index of” rar r01 nfo

New Warez Directory Lists…
01-09 Modified 2004

2005- “Web File Browser” “Use This will ask google to search for a php script used to manage files on a server. The
01-07 regular exp… script &q…

2005- intitle:”HFS /” “The HttpFileServer is a Java based mechanism for providing web access to a set of
01-05 +”HttpFileServer&qu… files o…

2005- intitle:upload inurl:upload The search reveals server upload portals.An attacker can use server space for his
01-01 intext:upload -forum -… own benefit….

2004- intitle:”index of” inurl:ftp

Adding “inurl:ftp (pub | incoming)” to the “index.of” searches helps locati…
12-30 (pub | inco…

2004- allinurl:”/*/_vti_pvt/” |
Frontpage extensions for Unix ? So be it…..
12-29 allinurl:”…

2004- These directories reveal the configuration file of the abyss webserver. These files
intitle:index.of abyss.conf
12-19 can contain…

2004- intitle:”Index of /CFIDE/” With ColdFusion, you can build and deploy powerful web applications and web
12-19 administrator services with far l…

2004- “Powered by Invision Invision Power File Manager is a popular file management script, written in the
12-19 Power File Manager”… popular PHP Scr…

2004- intitle:”index of” “parent This search uses desktop.ini to track users with a webserver running on their
12-05 director… desktop computers…
2004- intext:”Powered By: TotalIndex v2.0 is an open source script that is designed to replace the simple, and
11-28 TotalIndex” intitle:… boring def…

2004- “intitle:Index.Of /” stats This search looks for indexes with the following subdirectories: stats, merchant,
11-07 merchant cgi-… online-store …

2004- intitle:”index of” This dork indicates the “Local settings” dir in most cases, and browseble server
10-31 intext:”content…. dire…

2004- intitle:”index of” -inurl:htm - Yes! I probably have should have told you guys earlier, but this is how ive been
10-20 inurl:htm… getting 100% …

2004- The DCIM directory is the default name for a few brands of digital camers. This
index.of.dcim
10-25 is not a big ne…

2004- intitle:”Directory Listing For” The Google Hackers Guide explains how to find Apache directory indexes,
10-19 intext:T… which are the most comm…

2004- intitle:”webadmin – /*” Webadmin.php is a free simple Web-based file manager. This search finds sites
09-24 filetype:php dir… that use this sof…

2004- intitle:index.of (inurl:fileadmin TYPO3 is a free Open Source content management system for enterprise
09-21 | intitle:filead… purposes on the web and in…

2004- intitle:”Index of *” inurl:”my These are index pages of “My Shared Folder”. Sometimes they contain juicy
09-10 shar… stuff like …

2004- Directories containing commercial music.AlbumArt_{.*}.jpg are

intitle:index.of /AlbumArt_
08-26 download/create by MS-Windows Med…

2004- intext:”d.aspx?id” || “The YouSendIt team was formed to tackle a common problem: secure
08-05 inurl:”d.aspx… transmission of large do…

2004- Picasa is an ‘Automated Digital Photo Organizer’ recently aquired by Google.

“index of” / picasa.ini
07-20 This search allows…

2004- These directories are named “password.” I wonder what you might find in here.
index.of.password
07-16 Warning…

2004- inurl:explorer.cfm
Filemanager without authentication….
10-31 inurl:(dirpath|This_Directory)

2004- phpMyAdmin is a tool written in PHP intended to handle the administration of

Index of phpMyAdmin
07-12 MySQL over the Web…

2004- filetype:cfg ks intext:rootpw - Anaconda is a linux configuration tool like yast on suse linux. The root password
06-14 sample -test -howto is often encr…

2004- intitle:”album permissions” Gallery (http://gallery.menalto.com) is software that allows users to create
06-02 “Users … webalbums and uplo…
2004- “Index Of /network” “last Many of these directories contain information about the network, though an
06-01 modified&… attacker would need …

2004- intitle:intranet inurl:intranet According to whatis.com: “An intranet is a private network that is contained
05-13 +intext:”huma… within an ent…

2004- Many times, this search will reveal temporary files and directories on the web
inurl:/tmp
05-11 server. The info…

2004- This is the default name of the Windows recycle bin. The files in this directory
“index of” inurl:recycler
05-04 may contain se…

2004- This is the default installation location of Oracle manuals. This helps in
inurl:/pls/sample/admin_/help/
04-28 footprinting a serve…

2004- This directory contains sample Oracle JSP scripts which are installed on the
inurl:ojspdemos
04-28 server. These prog…

2004- This directory contains sample JSP scripts which are installed on the server. These
inurl:j2ee/examples/jsp
04-28 programs ma…

2004- CGI directories contain scripts which can often be exploited by attackers.
“index of cgi-bin”
04-23 Regardless of the vu…

2004- This is the top level directory of ColdFusion, a powerful web development
intitle:”Index of” cfide
04-19 environment. This dir…

2004-
intitle:”index.of.personal” This directory has various personal documents and pictures….
03-29

2004- intitle:”Index of These pages indicate that they are sharing the C:\WINDOWS directory, which is the
02-10 c:\Windows” system folder…

“Welcome to
2003- phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The
phpMyAdmin” ” Create
08-12 default security me…
ne…

2004- inurl:backup intitle:index.of This query reveals backup directories. These directories can contain various
03-16 inurl:admin information rangin…

2003- These directories are named “password.” I wonder what you might find in here.
index.of.password
06-27 Warning…

2003-
protected What could be in a directory marked as “protected?” Let’s find out……
06-27

2003-
secure What could be hiding in directories marked as “secure?” let’s find out……
06-27

2003- The \WINNT directory is the directory that Windows NT is installed into by default.
winnt
06-27 Now just be…
2003- What kinds of things might you find in directories marked “private?” let’s find
private
06-27 out…..

2003-
secret What kinds of goodies lurk in directories marked as “secret?” Find out……
06-27

2003- Look in my backup Backup directories are often very interesting places to explore. More than one
06-24 directories! Please? server has been …

2006- intitle:”BadBlue: the file-

Badblue file sharing web server detection…
05-23 sharing web server…

2006- intext:”Target Multicast “… Multicast Beacon is a multicast diagnostic tool written in Perl which uses the
05-03 Group” “be… RTP pr…

2006- intitle:”Apache Status”

New Apache Server Status Dork…
05-03 “Apache Ser…

2006- inurl:wl.exe inurl:?SS1= List server apparently keeps track of many clients, not just Domains and hardware,
02-08 intext:”Operating sy… but Operatin…

2005- inurl:nnls_brand.html OR Novell Nterprise Linux Services detection dork. Some of the features are:* iFolder*
11-16 inurl:nnls_nav.html Samba* NetS…

2005- (intitle:”502 Proxy A reverse proxy is a gateway for servers, and enables one web server to provide
05-30 Error”)|(intitle:&qu… content from an…

2005- intitle:”Welcome to The 602LAN SUITE runs on a webserver called WEB602/1.04 and includes
05-20 602LAN SUITE *” webmail….

2005- intitle:”Document title

IBM Http Server (AS/400)…
05-02 goes here” intit…

intitle:”Welcome To Your
2005- This is the default page for the WebSTAR (Macintosh) web server (Headers say –>
WebSTAR Home
05-02 Server: Web…
Page&qu…

2005- intitle:”Welcome to the Webserver detection: The Advanced Extranet Server project aims to create an
04-27 Advanced Extranet Ser… extensible open sou…

intitle:”Welcome to
2005- Another way to find Small Business Server 2003, for more results check the dork by
Windows Small Business
04-16 JimmyNeutron…
Se…

2005- thttpd is is a webserver written in C and should compile and run on most unix-like
thttpd webserver
03-29 systems. As …

2005- intitle:”IPC@CHIP web server detection for IPC@chip embedded webserverThe dork uses the
03-29 Infopage” webserver’s infopage whic…

2005- YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high perfomance
yaws.*.server.at
03-31 1.1 webserver. …
2005- intitle:”Test Page for the
Apache 2.0 on Fedore Core Test page…
03-20 Apache HTTP Server…

2005- Powered.by.RaidenHTTPD RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web server

03-18 intitle:index.of software for Window…

2005- (inurl:81-cobalt | inurl:cgi-

Cobal RaQ internal pages…
03-05 bin/.cobalt)

2005- intitle:”welcome to mono XSD is the demo webserver for the Mono project and allows the execution of
02-15 xsp” ASP.NET on Unix…

2005- inurl:oraweb - Oracle administrators tend to naming their servers ora* – maybe because they
01-27 site:oraweb.org forget the name of…

2005- “Netware * Home” Rather than submitting various searches for all kinds of NetWare related pages,
01-26 inurl:nav.html Novell NetWare’…

2005- XAMPP XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl.
01-21 “inurl:xampp/index” XAMPP is really…

2004- The JanaServer 2 is amongst other things a proxy server, that makes it possible for
inurl:2506/jana-admin
12-13 LAN members…

2004- allintext:”Powered by WWW File Share Pro is a small HTTP server that can help you share files with your
12-13 LionMax Software” … friends. They…

2004- intitle:”Resin Default Resin provides a fast standalone web server. This search locates those servers based
11-30 Home Page” on the tit…

2004- intitle:”Welcome To Default Xitami installationAdditionally every default installation of Xitami webserver
11-28 Xitami” -site:xitami… has a te…

2004- intitle:”Welcome to Your

This finds the default Apache page on Debian installs….
11-13 New Home Page!”…

2004- “About Mac OS Personal Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.If
11-07 Web Sharing” you open this …

2004- “Switch to table format” This is an index page of OReilly WebSite Professional.WebsitePro was developed by
11-07 inurl:table|pla… O’reily and d…

2004- intitle:”Object not found!”

This one detects apache werbservers (2.0.X/SuSE) with its error page….
10-12 intext:”…

2004- intitle:”Open WebMail” “Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie
10-12 “Open WebMai… Miller. Ope…

2004- intitle:”error 404″ “From WebLogic Server Process Edition extends the functionality of the Application Server
10-12 RFC 2068 … by convergi…
2004- intitle:”Directory Listing, Vendor page:”Einfache HTTP-Server-Software für privates Homepage-
10-12 Index of /*/”… Hosting …

2004- intitle:”Lotus Domino Go Domino Go Webserver is a scalable high-performance Web server that runs on a
10-12 Webserver:” &qu… broad range of pla…

2004- intitle:”Object not found”

This search will show netware apache webservers as the result….
10-09 netware “…

intitle:AnswerBook2
2004- First of all this search indicates solaris machines and second the webservice is
inurl:ab2/ (inurl:8888 |
09-26 vulnerable to …
inurl…

2004- intext:”404 Object Not

This search finds IIS 5.0 error pages = IIS 5.0 Server…
08-16 Found” Microsoft-…

2004- intitle:”Shoutcast shoutcast is software for streaming mp3 and such. This search finds the
07-29 Administrator” administrator page. It …

2004- “powered by” shoutstats is a fast, free Shoutcast server statistic analysis program. It produces
07-29 “shoutstats” hour… instant and…

2004- “Novell, Inc” WEBACCESS

This may be used to find Novell Grouwise Webaccess servers….
07-26 Username Passwor…

2004- “httpd+ssl/kttd” * server The version of a particular web server can be detected with a simple query like this
07-19 at intitle:ind… one. Altho…

2004- fitweb-wwws * server at The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- sEDWebserver * server The version of a particular web server can be detected with a simple query like this
07-19 +at intitle:index.of one. Altho…

2004- “Red Hat Secure/3.0 The version of a particular web server can be detected with a simple query like this
07-19 server at” one. Altho…

2004- The version of a particular web server can be detected with a simple query like this
“Red Hat Secure/2.0”
07-19 one. Altho…

2004- “OpenSA/1.0.4” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “OmniHTTPd/2.10” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “Microsoft-IIS/6.0” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “Microsoft-IIS/5.0 server The version of a particular web server can be detected with a simple query like this
07-19 at” one. Altho…
2004- “Microsoft-IIS/4.0” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “Microsoft-IIS/* server at” The version of a particular web server can be detected with a simple query like this
07-19 intitle:inde… one. Altho…

2004- “MaXX/3.1” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “JRun Web Server” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- “CERN httpd 3.0B (VAX The version of a particular web server can be detected with a simple query like this
07-19 VMS)” one. Altho…

2004- “AnWeb/1.42h” The version of a particular web server can be detected with a simple query like this
07-19 intitle:index.of one. Altho…

2004- Red Hat Unix Red Hat UNIX Administration Pages. This search detects the fixed title for the admin
07-12 Administration pages on c…

2004- This is a generic way of grabbing those CGI-spewed environmental var lists. To
Environment vars
07-02 narrow to things…

2004- allinurl:”.nsconfig” - Access to a Web server’s content, CGI scripts, and configuration files is controlled by
06-18 sample -howto -tut… entries…

2004- This will return a listing of servers running Lotus Domino. These servers by default
inurl:domcfg.nsf
05-17 have very…

2004- intitle:”300 multiple This search shows sites that have the 300 error code, but also reveal a server tag at
05-13 choices” the botto…

2004- intitle:Snap.Server This page reveals the existance of a SNAP server (Netowrk attached server or NAS
04-23 inurl:Func= devices) Depen…

2004- intitle:”Test Page for This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this
04-20 Apache” information to dete…

allintitle:Netscape
2004- This finds default installations of Netscape Fasttrack Server. In many cases, default
FastTrack Server Home
03-18 installat…
Page

2004- intitle:”Test Page for This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this
03-04 Apache” “It … information to dete…

2004- intitle:”Test Page for This is the default web page for Apache 1.2.6 – 1.3.9. Hackers can use this
03-04 Apache” “It … information to dete…

2004- “seeing this instead” This is the default web page for Apache 1.3.11 – 1.3.26. Hackers can use this
03-04 intitle:”test… information to de…
 aboutprinter.shtml (More
2003- More Xerox printers on the web! Google found these printers. Should their
Xerox printers on the
08-11 management interface …
web…

index_i.shtml Ready
2003- These printers are not-only web-enabled, but their management interface somehow
(Xerox printers on the
08-11 got crawled by …
web!)

2003- inurl:tech-support This is a way to find Cisco products with an open web interface. These are generally
08-07 inurl:show Cisco supposed t…

2003- I like the OpenBSD operating system. I really do. And I like the Apache web server
OpenBSD running Apache
06-24 software. Ho…

2003- Moving from personal, lightweight web servers into more production-ready
IIS 4.0
06-24 software, we find that…

2003- Windows 2000 Internet At first glance, this search reveals even more examples of operating system users
06-24 Services enabling the …

2003- Apache online When you install the Apache web server, you get a nice set of online documentation.
06-24 documentation When you le…

2013- -site:simplemachines.org “These Dork: -site:simplemachines.org “These are the paths and URLs to your SMF
09-24 are the paths… installation&qu…

2011- Didn’t see this anywhere in the GHDB, but its been known for a while and
allinurl:forcedownload.php?file=
08-25 widely abused by oth…

2011- ionCube Loader Wizard inurl:loader-wizard ext:php This dork displays sensitive information Auth0r:
05-28 information disclosure MaXe…

2011- inurl:/install/install.php intitle:vBulletin * Install System This dork displays the

vBulletin Install Page Detection
05-27 untreat…

2006-
inurl:”simplenews/admin” hxxp://evuln.com/vulns/94/summary.html…
09-13

2006- inurl:updown.php | this (evil ) script lets you to upload a php shell on target server, in most cases
02-28 intext:”Powered by PHP Upl… not password…

2005- inurl:guestbook/guestbooklist.asp A sql vulnerability has been reported in a Techno Dreams asp script,
12-19 “Post Date&… login.asp. http://search.s…

2005- A cross site scripting vunerability has been discovered in CJ linkout version
intitle:”CJ Link Out V1″
10-26 1.x. CJ linkout i…

2005- MailGust 1.9/2.0 (possibly prior versions) SQL injection / board

“powered by mailgust”
09-26 takevorsoftware:site: http://w…

2005- My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site:

“powered by my little forum”
09-26 http://www.mylittlehomepage.net/my_li…
2005- intitle:”Control panel” “Control Build, manage and customize your own search engine friendly news / article
09-25 Pa… site from scratch –…

2005- The CartWIZ eCommerce Shopping Cart System will help you build your
inurl:cartwiz/store/index.asp
09-25 online store through an int…

2005- “e107.org 2002/2003” e107 is prone to an input validation vulnerability. This issue is due to a failure
09-13 inurl:forum_post.ph… in the appli…

2005- several vulnerabilities relating to this.MaxWebPortal is a web portal and

“maxwebportal” inurl:”default”…
09-13 online community syst…

2005- “Mail-it Now!” intitle:”Contact Mail-it Now! 1.5 (possibly prior versions) contact.php remote code
09-11 for… executionsite: http://www.sk…

2005- “Warning:” “Cannot execute a “Warning: passthru(): Cannot execute a blank command in” “Warning:
09-11 blank … system(): Can…

2005- “Powered by xcomic”this is a recent exploit, you can retrieve any file on
“Powered by Xcomic”
09-08 target syst…

2005- FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible
“Powered by FunkBoard”
08-08 database username/pa…

2005- “Powered by FlexPHPNews” 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site
08-07 inurl:news | in… scripting & re…

2005- “Powered By: Simplicity oF 26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote
08-07 Upload” inurl… code execution &…

2005- inurl:nquser.php Netquery 3.1 remote commands execution, cross site scripting, information
08-07 filetype:php disclosure poc exploi…

2005- PHPFreeNews 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login
08-07 inurl:Admin.php bypass, cross s…

2005- silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote
“Powered by SilverNews”
08-07 commands e…

2005- “Powered by Gravity 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code
08-07 Board” execution, SQL Injec…

2005- filetype:mdb “standard These Microsoft Access Database files may contain usernames, passwords or simply
07-26 jet” prompts for su…

2005- intitle:”PHPstat” Phpstat shows nice statistical informatino about a website’s visitors. Certain
06-03 intext:”Browser&q… versions are als…

2005- intitle:”SSHVnc Applet”OR

sSHTerm Applet en SSHVnc Applet pages….
05-20 intitle:”…
2005- Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won’t
inurl:cgi-bin inurl:bigate.cgi
04-27 work….

filetype:pl -
2004- WebCal allows you to create and maintain an interactive events calendar or
intext:”/usr/bin/perl”
12-01 scheduling system on…
inur…

2004- filetype:mdb Web Wiz Site News unprotected database holds config and admin information in a
11-30 inurl:”news/news” microsoft access…

2004- inurl:php.exe filetype:exe - It is possible to read any file remotely on the server with PHP.EXE (assuming a script
11-28 example.com alias fo…

2004- “Powered by Land Down sQL injection vulnerability in Land Down Under 601 could give an attacker
11-18 Under 601” administrative access…

2004- ext:asp “powered by DUForum is one of those free forum software packages. The database location is
11-16 DUForum” inurl:(mess… determined by th…

2004- ext:asp inurl:DUgallery The MS access database can be downloaded from inside the docroot. The user table
11-16 intitle:”3.0″ -s… holds the admi…

2004- filetype:cgi cachemgr.cgi is a management interface for the Squid proxy service. It was installed
11-04 inurl:cachemgr.cgi by default…

2004- Finds websites using YellDL (or also known as YellDownLoad), a download tracker
“powered by YellDL”
10-31 written in PHP….

2004- inurl:click.php A script written in PHP 4 which logs a user’s statistics when they click on a link. The
10-27 intext:PHPClickLog log is…

2004- “File Upload Manager thepeak file upload manager let you manage your webtree with up and
10-27 v1.3” “rename … downloading files….

2004- intitle:”phpremoteview” phpRemoteView is webbased filemanger with a basic shell. With this an attacker
10-26 filetype:php &qu… can browse the s…

2004- intitle:”ASP FileMan” FileMan is a corporate web based storage and file management solution for intra-
10-19 Resend -site:iiswo… and internet. …

2004- ezBOO WebStats is a high level statistical tool for web sites monitoring. It
ezBOO “Administrator Panel” -cvs
10-16 allows real time …

2004- intitle:mywebftp “Please enter MyWebFTP Free is a free lite version of MyWebFTP Personal – a PHP script
10-14 your password&… providing FTP client c…

2004- Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed
intitle:”Directory Listing” “tree v…
10-14 * Tiled …

2004- Allows a user to change his/her password for authentication to the system.
inurl:changepassword.cgi -cvs
10-09 Script allows for r…
2004- inurl:” WWWADMIN.PL” wwwadmin.pl is a script that allows a user with a valid username and
10-06 intitle:”wwwad… password, to delete files …

2004- BeyondTV is a web based software product which let you manage your TV
inurl:cgi.asx?StoreID
10-05 station. All you need is …

2004- Tired of websearching ? Want something to read ? You can find Ebooks
filetype:lit lit (books|ebooks)
09-18 (thousands of them) with t…

2004- PHP-Nuke – create super user PHP-Nuke is a popular web portal thingie. It has popped up in the Google
09-13 right now ! dorks before. I think …

2004- Gallery is a popular images package for websites. Unfortunately, with so

Gallery configuration setup files
09-10 many users, more bugs …

2004- inurl:”nph-proxy.cgi” “Start Observing the web cracker in the wild, one feels like they are watching a
09-09 browsi… bear. Like a bear sto…

2004- Toast Forums is an ASP message board on the Internet. Toast Forums also
link:http://www.toastforums.com/
09-06 has all the features of…

2004- pLog is a popular form of bloggin software. Currently there are estimated
inurl:”plog/register.php”
09-06 about 1450 sites runn…

2004- robpoll.cgi is used to administrate polls.The default password used for

inurl:robpoll.cgi filetype:cgi
08-30 adding polls is ‘robpol…

2004- intitle:”PHP Explorer” ext:php This searches for PHP Explorer scripts. This looks like a file manager with
08-20 (inurl:ph… some nice extra opt…

2004- The UBB trial version contains files that are not safe to keep online after
ext:cgi inurl:ubb6_test
08-13 going live. The ins…

2004- Cookies are often used for authentication and a lot of other stuff.The “inc”
filetype:inc inc intext:setcookie
08-01 php head…

2004- The XML headers are called *.wsdl files.they can include data, functions or
filetype:wsdl wsdl
08-01 objects. An attacke…

2004- The MySQL database system uses my.cnf files for configuration. It can
filetype:cnf my.cnf -cvs -example
07-21 include a lot of informat…

2004- Programmers do strange things sometimes and forget about security. This
filetype:php inurl:”viewfile” -“ind…
06-16 search is the perfect e…

2004- intitle:”Index of /” modified PHP installed as a cgi-bin on a Windows Apache server will allow an attacker
06-10 php.exe to view arbitrary …

2014- Search Oracle Reports likely vulnerable to DB user/password disclosure

inurl:”/reports/rwservlet” intext:”…
02-05 (CVE-2012-3152 and CVE…
2013- Google search for actoin files wich could be explotable via CVE-2013-
inurl:”struts” filetype:action
11-25 2251 “Multiple Remot…

inurl:.php?
2013- inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin
intext:CHARACTER_SETS,COLLATIONS,
08-08 view phpMyAdmin of web sit…
?int…

2012-
inurl:/wp-content/w3tc/dbcache/ – Jay Townsend…
12-31

2012- intext:SQL syntax & # Exploit Title: SQLI Exploit # Google Dork: intext:SQL syntax &
12-31 inurl:index.php?=id & … inurl:index.php?=id &…

2012- More than 100k sites affected It will show asp sites that are vulnerable to
intext: intext: intext: intext: intext:
08-21 sql injection (…

2012- Hi, This google dork exposes any already uploaded asp.net shells which
intitle:awen+intitle:asp.net
05-15 are available in Bac…

2012- intitle:”-N3t” filetype:php intitle:”-N3t” filetype:php undetectable Search WebShell indexed on a

05-15 undetectable page. — …

2011- inurl:.php intitle:- BOFF 1.0 intext:[

This search attempts to find the BOFF 1.0 Shell. Author: alsa7r …
12-23 Sec. Info ]

2011- filetype:php inurl:tiki-index.php Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt
11-25 +sirius +1.9.* Jones …

2011- filetype:php inanchor:c99 inurl:c99 This search attempts to find the c99 backdoor that may be knowingly or
11-24 intitle:c99she… unknowingly installed o…

2011- inurl:php intitle:”Cpanel , FTP

locates cpanel and ftp cracker. Author: alsa7r …
11-19 CraCkeR”

2011- intitle:#k4raeL – sh3LL Finds K4rael Shell , though many of them are dead
intitle:#k4raeL – sh3LL
10-11 but we can get som…

2011-
inurl:view.php?board1_sn= locates a webapp vulnerable to SQL injection …
09-26

2011-
intitle:m1n1 1.01 find the b374k shell…. Submitted by : biLLbud …
07-26

2011- intitle:Locus7shell intext:”Software:” Submitted by lionaneesh — Thanks

intitle:Locus7shell intext:”Software:”
05-03 Ane…

2011- Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra

intitle:”[EasyPHP] – Administration”
03-23 (lionaneesh) …

2011- MySQL: ON MSSQL: OFF Oracle: OFF Author :- eXeSoul You will get lots of web shells even some private
02-24 MSSQL: OFF Postgr… shells….
2011-
intitle:cyber anarchy shell Submitter: eXeSoul cyber anarchy shell …
02-24

2010-
inurl:/vb/install/upgrade.php Vbulletin custom updrade wizards. Author: ScOrPiOn…
12-10

2010-
inurl:/vb/install/install.php Vbulletin installation wizards, allow users to modify installation parameters. May also rev
12-10

2010- “CGI-Telnet Unit-x Team

Locates CGI-Telnet web shells. Author: ScOrPiOn…
12-09 Connected to *.com&qu…

2010- “www.*.com – c99shell” OR

Locates c99 web shells Author: ScOrPiOn…
12-08 “www.*.ne…

2010- “safe_mode: * PHP version: *

Locates r57 web shells Author: ScOrPiOn…
12-07 cURL: * MySQL…

2010-
“r57shell” Locates r57 web shells Author: ScOrPiOn…
12-07

2010-
“r57shell 1.4” Locates r57 web shells Author: ScOrPiOn…
12-07

2010- “[ phpinfo ] [ php.ini ] [ cpu ] [

Locates r57 web shells Author: ScOrPiOn…
12-07 mem ] …

2010- inurl:index.php?pagedb=rss -
CVE: 2007-4007 EDB-ID: 4221 This google dork possibly exposes sites with the Article Dire
11-13 Vulnerability -inurl

2006- intitle:”Uploader – Uploader

File upload servers, dangerous if used in couple with mytrashmail.com…
05-03 v6″ -pixloa…

2006-
intitle:”MvBlog powered” MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failu
04-25

2006- intitle:”Horde :: My Portal” -

Hi It will give you administrative ownership over Horde webmail system plus all users in H
02-03 “[Tic…

2006- Web configuration pages for various types of systems. Many of these systems are not
inurl:rpSys.html
01-22 password pr…

2006- filetype:pl intitle:”Ultraboard

setup pages to the ultraboard system….
01-16 Setup”

2005- “Welcome to Administration”

This reveals admin site for Argo Software Design Mail Server….
09-17 “Genera…

2005- XOOPS custom installation wizards, allow users to modify installation parameters. May al
XOOPS Custom Installation
09-16 reve…
2005- “you can now password” | IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER
09-15 “this is a… via deta…

2005- “set up the administrator

Using this, you can find sites with a Pivot weblog installed but not set up. The default set u
07-03 user” inurl:pi…

2005- When this is typed in google it finds websites which have HTML Enabled guestbooks. This
“html allowed” guestbook
06-11 real…

2005- “Powered by: vBulletin

This google dork reveals vulnerable message boards. It works for all Vbulletin version up t
03-19 Version 1.1.5”

2005- This search brings up results for Novell NetWare’s Web Search Manager.. at best the sites
inurl:”/NSearch/AdminServlet”
01-26 …

2005- I was playing around on the net when I found a small problem with Novell’s
inurl:servlet/webacc
01-06 WebAcces. With User….

2004- “There are no Administrators This is a more specific search for the vulnerable PhpNuke index already seen
12-27 Accounts” i… on this website.Ph…

2004- intitle:”Mail Server CMailServer CMailServer is a small mail webmail server. Multiple vulnerabilities were
12-04 Webmail”… found, including buff…

2004- Newsdesk is a cgi script designed to allow remote administration of website

inurl:newsdesk.cgi? inurl:”t=”
11-07 news headlines.Due …

2004- (inurl:/shop.cgi/page=) | This is a “double dork” finds two different shopping carts, both vulnerable1)
11-07 (inurl:/shop.pl/page=) Cyber-V…

2004- AOL Journals BlogID Incrementing Discloses Account Names and Email
inurl:aol*/_do/rss_popup?blogID=
11-06 AddressesAOL Journals is bas…

2004- natterchat inurl:home.asp - NatterChat is a webbased chat system written in ASP.An SQL injection
11-05 site:natterchat.co.uk vulnerability is identifie…

2004- intitle:phpMyAdmin “Welcome to phpMyAdmin is a tool written in PHP intended to handle the administration
10-31 phpMyAdmin ***… of MySQL over the Web…

2004- intitle:phpMyAdmin “Welcome to search for phpMyAdmin installations that are configured to run the MySQL
08-21 phpMyAdmin ***… database with root pri…

2004- Use this search to find eastgame.net ftp servers, loads of warez and that sort
“ftp://” “www.eastgame.net”
08-20 of thing.”t…

2004- intext:”Warning: * am able * OsCommerce has some security issues, including the following warning
08-13 write ** configu… message: “Warning: I …

2004- allinurl:”index.php” Easyins Stadtportal v4 is a German Content Management System for cities
07-29 “site=sglinks&… and regions. Version 4 …
2004- inurl:”index.php? http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb
07-29 module=ew_filemanager” FileManager Module – http…

2004- This brings up alot of insecure as well as secure filemanagers. These software
filetype:cgi inurl:”fileman.cgi”
07-26 solutions are of…

2004- Zero X reported that “Web_Store.cgi” allows Command Execution:This

filetype:cgi inurl:”Web_Store.cgi”
07-26 application was wr…

2004- hAcxFtpScan – software that use ‘l33t h@x0rz’ to monitor their file stroz on
(“Indexed.By”|”Monitored.By”) …
07-26 ftp. On the ftp se…

2004- “Welcome to the Prestige Web- This is the configuration screen for a Prestige router. This page indicates that
06-04 Based Configurat… the router has…

2004- vAuthenticate is a multi-platform compatible PHP and MySQL script which

filetype:php inurl:vAuthenticate
06-04 allows creation of new …

2004- intitle:”Samba Web This search reveals wide-open samba web adminitration servers. Attackers
05-04 Administration Tool” … can change options on …

2004- intitle:”Gateway Configuration This is a normally protected configuration menu for Oracle Portal Database
04-28 Menu” Access Descriptors (…

2004- This is a default login portal used by Oracle. In addition to the fact that this file
inurl:pls/admin_/gateway.htm
04-28 can be us…

2004- Pages with install/install.php files may be in the process of installing a new
allinurl:install/install.php
04-06 service or progr…

2004- According to whatis.com: “An intranet is a private network that is contained

allinurl:intranet admin
03-29 within an ent…

2004- “Select a database to view” An oldie but a goodie. This search locates servers which provides access to
03-29 intitle:&quo… Filemaker pro datab…

2004- “Welcome to PHP-Nuke” This finds default installations of the postnuke CMS system. In many cases,
03-18 congratulations default installatio…

2004- From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products

inurl:info.inc.php
03-14 (Versions 0.1.2 – 0…

2004- From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products

inurl:footer.inc.php
03-14 (Versions 0.1.2 – 0…

2004- Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting
inurl:search.php vbulletin
03-04 vulnerabilit…

0000- According to whatis.com: “An intranet is a private network that is contained

“Welcome to Intranet”
00-00 within an ent…
2004- intitle:”Remote Desktop Web Microsoft Remote Desktop Connection Web Connection pages. These pages are
03-04 Connection” not necessarily insec…

2004- intitle:”Terminal Services Web Microsoft Terminal Services Web Connector pages. These pages are not
03-04 Connection&quo… necessarily insecure, sine…

2004- Microsoft Terminal Services Multiple Clients pages. These pages are not
inurl:ManyServers.htm
03-04 necessarily insecure, s…

2004- intitle:osCommerce This is a decent way to explore the admin interface of osCommerce e-commerce
03-04 inurl:admin intext:”redist… sites. Depending o…

2004- Gallery is a nice little php program that allows users to post personal pictures on
Gallery in configuration mode
03-04 their websi…

2004- Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps
“YaBB SE Dev Team”
03-04 others) contain an S…

2003- Hassan Consulting’s Shopping These servers can be messed with in many ways. One specific way is by way of
07-08 Cart Version 1.18 the “../”…

2005- intext:”Powered by X- X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn’t
06-03 Cart: shopping cart soft… seem to be …

2005- intext:”powered by Description:==============Hosting Controller is a complete array of Web hosting

05-29 Hosting Controller” i… automation tool…

site:ups.com
2004- Ever use the UPS Automated Tracking Service?? Wanna see where packages are
intitle:"Ups Package
11-25 going? Want to Man-i…
trackin…

2004- MIDICART is s an ASP and PHP based shopping Cart application with MS Access and
inurl:midicart.mdb
10-10 SQL database. A…

2004- “More Info about MetaCart is an ASP based shopping Cart application with SQL database. A security
10-10 MetaCart Free” vulnerability …

2004- shopdbtest is an ASP page used by several e-commerce products. A vulnerability in

inurl:shopdbtest.asp
10-10 the script al…

2004- Comersus is an e-commerce system and has been installed all over the world in more
Comersus.mdb database
07-12 than 20000 s…

2004- VP-ASP Shop VP-ASP (Virtual Programming – ASP) has won awards both in the US and France. It is
06-25 Administrators only now in use i…

2004- POWERED BY HIT Hit Jammer is a Unix compatible script that allows you to manage the content and
06-06 JAMMER 1.0! traffic exchan…

2014
-02- “[function.getimagesize]: failed to open stre… Just another error that reveals full paths…
05
2014
Here is a Dork I use in conjunction with sqlmap, for shopping
-02- intext:”Access denied for” intitle:”…
carts with MySQL Error messages…
05

2013
inurl:advsearch.php?module= & intext:sql Exploit Title : SQLI Exploit Google Dork :
-04-
synta… inurl:advsearch.php?module= & intext:sql syntax…
09

2012
Dork to find Plugin errors in wordpress websites Dork –
-12- intext:”Fatal error: Class ‘Red_Action’ not f…
intext:”Fatal error: Class ‘Red_A…
06

2012
“CHARACTER_SETS”+”COLLATION_CHARACTER_SET_APPLICABI
-08- “CHARACTER_SETS” “COLLATION_CHARACT…
LITY” find sql injectab…
21

2012
-05- inurl:”*.php?*=*.php” intext:”Warni… PHP Error Messages…
15

2011 Author: eidelweiss

inurl:”index.php?m=content+c=rss+catid=10&q
-01- http://host/index.php?m=content&c=rss&catid=5 show MySQL
uo…
21 Error (tabl…

2010
Many of the results of the search show error logs which give an
-12- “plugins/wp-db-backup/wp-db-backup.php”
attacker the server side paths …
08

2010
A foothold using allintext:”fs-admin.php” shows the world
-11- allintext:”fs-admin.php”
readable directories of a p…
11

2006
Apache Tomcat Error messages. These can reveal various kinds
-06- intitle:”Apache Tomcat” “Error Repo…
information depending on the type …
15

2006
-04- “Unable to jump to row” “on MySQL r… another error message…
25

2006
-04- “Warning: Bad arguments to (join|implode) () … and another error. open it from cache when not working….
25

2006
-04- “Warning:” “failed to open stream: … Just another error message….
25

2006
This dork reveals logins to databases that were denied for some
-04- “Warning: mysql_connect(): Access denied for …
reason….
25
2006
-04- “Warning: Division by zero in” “on … Just another error that reveals full paths….
25

2006
This search returns more than just the one I saw already here.
-03- filetype:asp + “[ODBC SQL”
This one will return all ODBC SQ…
13

2005
This error message reveals full path information. Recommend
-09- “Warning:” “SAFE MODE Restriction i…
use of site: operator to narrow sea…
25

2005
This error message cqan reveal path information. This message
-09- “Warning: Supplied argument is not a valid Fi…
(like other error messages) is of…
25

2005
“There seems to have been a problem with search reveals database errors on vbulletin sites. View the page
-08-
the&… source and you can get informa…
16

2005
Plesk Server Administrator (PSA) is web based software that
-04- intitle:”Default PLESK Page”
enables remote administration of we…
26

2005- “Parse error: parse error,

PHP error with a full web root path disclosure…
04-26 unexpected T_VARIA…

"SQL Server
2005-
Driver][SQL Server]Line 1: you can find many servers infected with sql injection…
04-07
In…

2005- Netscape Application This error message highlights potentially unpatched or misconfigured Netscape
04-05 Server Error page Application Serve…

2005- intext:”Error Message : This throws up pages which contain “CGI ERROR” reports – which include the file
01-26 Error loading require… (and …

2004- “Warning: mysql_query()”

MySQL query errors revealing database schema and usernames….
11-28 “invalid q…

2004- intitle:Configuration.File This search finds configuration file errors within the softcart application. It includes
11-13 inurl:softcart.exe the na…

2004- “The script whose uid is ”

This PHP error message is revealing the webserver’s directory and user ID….
10-16 “is not …

2004- snitz forums uses a microsoft access databases for storage and the default name is
snitz! forums db path error
09-07 “Snitz_…

2004- filetype:log “PHP Parse This search will show an attacker some PHP error logs wich may contain
08-14 error” | “P… information on wich an a…
2004- “ASP.NET_SessionId” “data .NET pages revealing their datasource and sometimes the authentication
07-26 source=&q… credentials with it. The…

2004- “ORA-12541: TNS:no In many cases, these pages display nice bits of SQL code which can be used by an
07-16 listener” intitle:&qu… attacker to mo…

2004- filetype:php Discuz! Board error messages related to MySQL. The error message may be empty
07-16 inurl:”logging.php” “D… or contain path i…

2004- “Internal Server Error” We have a similar search already, but it relies on “500 Internal Server” which
07-16 “server at&… doesn’…

2004- PHP application warnings These error messages reveal information about the application that created them
07-14 failing “include_pat… as well as reve…

2004- intext:”Warning: Failed These error messages reveal information about the application that created them
07-09 opening” “o… as well as reve…

2004- The ht://Dig system is a complete world wide web indexing and searching system
ht://Dig htsearch error
06-24 for a domain or …

2004- intitle:”Error Occurred Cold fusion error messages logging the SQL SELECT or INSERT statements and the
06-24 While Processing Requ… location of the …

2004- intitle:”Error using HyperNews is a cross between the WWW and Usenet News. Readers can browse
06-15 Hypernews” “Se… through the messages w…

2004- “Invision Power Board These are SQL error messages, ranging from to many connections, access denied to
05-28 Database Error” user xxx, show…

2004- “error found handling the Cocoon is an XML publishing framework. It allows you to define XML documents
07-29 request” cocoo… and transformation…

2004- intitle:”Execution of this This is a cgiwrap error message which displays admin name and email, port numbers,
04-28 script not permitt… path names, …

2004- intitle:”Error Occurred” This is a typical error message from ColdFusion. A good amount of information is
04-19 “The error… available from…

2004- warning “error on line” sablotron is an XML toolit thingie. This query hones in on error messages generated
03-11 php sablotron by this too…

2004- “Fatal error: Call to This error message can reveal information such as compiler used, language used, line
03-16 undefined function”… numbers, p…

2004- filetype:asp “Custom This is an ASP error message that can reveal information such as compiler used,
03-16 Error Message” Cate… language used, …

2004- “Can’t connect to local” Another SQL error message, this message can display database name, path names
03-04 intitle:warning and partial SQL c…
2004- intitle:”Under This error message can be used to narrow down the operating system and web
03-04 construction” “does … server version which…

2004- “access denied for user” Another SQL error message, this message can display the username, database, path
03-04 “using pas… names and part…

2004- “Warning: Cannot modify A PHP error message, this message can display path names, function names,
03-04 header information – … filenames and partial…

2004- “Warning: pg_connect(): This search reveals Postgresql servers in yet another way then we had seen before.
08-25 Unable to connect to … Path informa…

An unexpected token
2004- A DB2 error message, this message can display path names, function names,
“END-OF-STATEMENT”
03-04 filenames, partial co…
w…

2004- “detected an internal A DB2 error message, this message can display path names, function names,
03-04 error [IBM][CLI Driver]… filenames, partial co…

2004- “A syntax error has An Informix error message, this message can display path names, function names,
03-04 occurred” filetype:i… filenames and p…

2004- “An illegal character has An Informix error message, this message can display path names, function names,
03-04 been found in the s… filenames and p…

2004- “Syntax error in query An Access error message, this message can display path names, function names,
03-04 expression ” -the filenames and par…

2004- supplied argument is not An PostgreSQL error message, this message can display path names, function names,
03-04 a valid PostgreSQL result filenames and…

2004- “PostgreSQL query failed: An PostgreSQL error message, this message can display path names, function names,
03-04 ERROR: parser: pa… filenames and…

2004- An SQL Server error message, this message can display path names, function names,
“Incorrect syntax near”
03-04 filenames and…

2004- An SQL Server error message, this message can display path names, function names,
“Incorrect syntax near”
03-04 filenames and…

2004- “Unclosed quotation mark An SQL Server error message, this message can display path names, function names,
03-04 before the character… filenames and…

“ORA-00933: SQL
2004- An Oracle error message, this message can display path names, function names,
command not properly
03-04 filenames and par…
ended&qu…

2004- ORA-00921: unexpected Another generic SQL message, this message can display path names, function
03-04 end of SQL command names, filenames and…

2004- ORA-00936: missing A generic ORACLE error message, this message can display path names, function
03-04 expression names, filenames …
2004- “Supplied argument is not Another generic SQL message, this message can display path names, function
03-04 a valid MySQL resul… names, filenames and…

2004- Another generic SQL message, this message can display path names and partial SQL
sQL syntax error
03-04 code, both of …

2004- Another error message, this appears when an SQL query bails. This is a generic
mysql error with query
03-04 mySQL message, s…

2004- This one shows the type of web server running on the site, and has the ability to
Internal Server Error
03-04 show other in…

2004- IIS web server error This query finds various types of IIS servers. This error message is fairly indicative of
03-04 messages a som…

2004- Windows 2000 web server

Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box……
03-04 error messages

2004-
IIS 4.0 error messages IIS 4.0 servers. Extrememly old, incredibly easy to hack……
03-04

2004- This is a default directory for the sitebuilder web design software program. If these
sitebuilderpictures
03-04 people po…

2004- This is a default directory for the sitebuilder web design software program. If these
sitebuilderfiles
03-04 people po…

2004- This is a default directory for the sitebuilder web design software program. If these
sitebuildercontent
03-04 people po…

2004- ORA-00921: unexpected Another SQL error message from Cesar. This one coughs up full web pathnames
01-09 end of SQL command and/or php filename…

2003- “Chatologica MetaSearch” There is soo much crap in this error message… Apache version, CGI environment
08-15 “stack tra… vars, path name…

2003- MYSQL error message: One of many potential error messages that spew interesting information. The results
06-24 supplied argument…. of this mes…

2003- These aren’t too horribly bad, but there are SO MANY of them. These sites got
Coldfusion Error Pages
06-24 googlebotted whil…

2012-
inurl:finger.cgi Finger Submitted by: Christy Philip Mathew…
11-02

2012- site*.*.*/webalizer Shows usage statistics of sites. Includes monthy reports on the IP addresses, user
08-21 intitle:”Usage Statistics… agents, and …

2006- intitle:r57shell +uname - compromised servers… a lot are dead links, but pages cached show interesting
05-04 bbpress info, this is r5…
2006- “The statistics were last
Results include many varius Network activity logs…
05-03 updated” “…

2006- inurl:/counter/index.php This is an online vulnerable web stat program called PHPCounter
04-06 intitle:”+PHPCounter… 7.http://www.clydebelt.org.uk/c…

2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring,
03-13 | intitle:&q… access beyond the p…

2006- inurl:CrazyWWWBoard.cgi gives tons of private forum configuration information.examples: Global variables
02-08 intext:”detailed debu… installed, wha…

2005- An HP Java network management tool. It is a sign that a network may not be
inurl:ovcgi/jovw
12-31 configured properly….

2005- inurl:proxy | inurl:wpad Information about proxy servers, internal ip addresses and other network
12-21 ext:pac | ext:dat findpro… sensitive stuff….

2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want
11-21 .gov -.edu -.mil -op… your IP spewed acros…

2005- intitle:”Retina Report” This googledork finds vulnerability reports produced by eEye Retina Security
10-26 “CONFIDENTI… Scanner. The info…

2005- “Shadow Security Scanner This is a googledork to find vulnerability reports produced by Shadow Security
10-26 performed a vulnerab… Scanner. They c…

2005- “The following report This googledork reveals vunerability reports from many different vendors. These
10-26 contains confidential i… reports can co…

2005- Nagios Status page. See what ports are being monitored as well as ip addresses.Be
inurl:status.cgi?host=all
10-04 sure to check…

2005-
inurl:login.jsp.bak JSP programmer anyone? You can read this!…
09-30

2005- intitle:”Belarc Advisor People who have foolishly published an audit of their machine(s) on the net with
02-15 Current Profile”… some server in…

2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See
03-05 Port *… also #198…

2005- “powered | performed by This search finds Beyond Security reports. Beyond Security sells a box which
02-03 Beyond Security’s Aut… performs automated…

2004- intitle:”PHPBTTracker This query shows pages which summarise activity on PHPBT-powered BitTorrent
12-30 Statistics” | inti… trackers – all the …

2004- This query shows pages which summarise activity on BNBT-powered BitTorrent
intitle:”BNBT Tracker Info”
12-30 trackers – including…
2004- intitle:”Azureus : Java BitTorrent This query shows machines using the Azureus BitTorrent client’s built-in
12-30 Client Tra… tracker – the pages ar…

2004- This searches for the install.php file. Most results will be a Bulletin board like
inurl:”install/install.php”
12-29 Phpbb etc.T…

2004- intext:”Welcome to the Web see and control JVC webcameras, you can move the camera, zoom… change
12-07 V.Networks” i… the settings, etc…….

2004- intitle:”start.managing.the.device” MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for
12-10 remo… remote PBX access(MCK…

2004- “Radiator is a highly configurable and flexible Radius server that supports
ext:cfg radius.cfg
12-06 authentication…

2004- filetype:php inurl:ipinfo.php Dshield is a distributed intrusion detection system. The ipinfo.php script
12-07 “Distributed In… includes a whois loo…

2004- Mercury SiteScope designed to ensure the availability and performance of

inurl:”sitescope.html” intitle:”sit…
12-03 distributed IT infrast…

2004- intitle:”twiki” TWiki has many security problems, depeding on the version installed. TWiki,
12-02 inurl:”TWikiUsers&q… is a flexible, powe…

2004- “Phorum Admin” “Database Phorum admin pagesThis either shows Information leakage (path info) or it
11-28 Connection… shows Unprotected Adm…

2004- sysWatch is a CGI to display current information about your UNIX system. It
“Output produced by SysWatch *”
11-28 can display drive p…

2004- Testpage / webserver environmentThis is the test cgi for xitami webserver. It
inurl:testcgi xitami
11-28 shows the webserv…

2004- filetype:log ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip
11-28 intext:”ConnectionManager2″ addresses, phon…

2004- intitle:”sysinfo * ” Lots of information leakage on these pages about active network services,
11-12 intext:”Genera… server info, network …

2004- inurl:portscan.php “from This is general search for online port scanners which accept any IP. It does
11-12 Port”|”Por… not find a specifi…

2004- PhotoPost Pro is photo gallery system. This dork finds its installation
inurl:/adm-cfgedit.php
11-07 page.You can use this p…

2004- webutil.pl is a web interface to the following services:* ping* traceroute*

inurl:webutil.pl
11-07 whois* finger* nslo…

2004- Domino is server technology which transforms Lotus Notes® into an

inurl:statrep.nsf -gov
10-20 Internet a…
2004- The finger command on unix displays information about the system users.
inurl:/cgi-bin/finger? “In real life”
10-19 This search displays pr…

2004- inurl:/cgi-bin/finger? Enter The finger command on unix displays information about the system users.
10-19 (account|host|user|us… This search displays th…

2004- filetype:php inurl:nqt Network Query Tool enables any Internet user to scan network information
10-18 intext:”Network Query … using:* Resolve/Revers…

2004- inurl:”map.asp?” “WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily track
10-05 intitle:”WhatsUp G… variables associate…

2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network data and other resource
09-29 web pa… utilization dat…

2004- ((inurl:ifgraph “Page ifGraph is a set of perl scripts that were created to fetch data from SNMP agents
09-29 generated at”) OR … and feed a RR…

2004- inurl:”/catalog.nsf” This will return servers which are running versions of Lotus Domino. The catalog.nsf
09-10 intitle:catalog is the ser…

2004- “Powered by phpOpenTracker is a framework solution for the analysis of website traffic and
09-21 phpOpenTracker” Statistics visitor analysis…

site:netcraft.com
2004- Netcraft reports a site’s operating system, web server, and netblock owner together
intitle:That.Site.Running
09-21 with, if av…
Apache

2004- “this proxy is working These are test pages for some proxy program. Some have a text field that allows
08-13 fine!” “ente… you to use that…

2004- This search shows the webserver access stats as the user “admin”. The language
“apricot – admin” 00h
07-29 used i…

2006- “by Reimar Hoven. All

dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&…
04-15 Rights Reserved. Discla…

2004- intitle:”Microsoft Site Microsoft discontinued Site Server and Site Server Commerce Edition on June 1,
07-16 Server Analysis” 2001 with the in…

2004- Analysis Console for ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend
07-12 Incident Databases f…

2004- A Looking Glass is a CGI script for viewing results of simple queries executed on
Looking Glass
06-22 remote router…

2004- “Version Info” “Boot This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved
06-04 Version” … from this …

2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from
06-04 page” this page incl…
2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive
05-13 samples -examples information such a…

2004- filetype:pdf “Assessment These are reports from the Nessus Vulnerability Scanner. These report contain
05-03 Report” nessus detailed informat…

2004- inurl:phpSysInfo/ “created This statistics program allows the an admin to view stats about a webserver. Some
04-16 by phpsysinfo”… sites leave t…

2004- snort is an intrusion detection system. SnorfSnarf creates pretty web pages from
“SnortSnarf alert page”
04-16 intrusion dete…

2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
03-30 Report” “I… networks. …

2004- “This report lists” This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
03-30 “identified by … networks. …

2004- intitle:”Nessus Scan This search yeids nessus scan reports. Even if some of the vulnerabilities have been
03-30 Report” “This … fixed, we …

2014
filetype:pdf “acunetix
-03- Finds reports generated by Acunetix scans. – Andy G – twitter.com/vxhex …
website audit” &q…
31

2014 inurl:clientaccesspolicy
Locates clientaccesspolicy.xml files used by silverlight to determine the cross domain
-03- filetype:xml
policy …
27 intext:allow…

2014 inurl:crossdomain
Locates crossdomain.xml files used by flash/flex/silverlight to determine the cross
-03- filetype:xml
domain pol…
27 intext:allow-access…

2014
site:bitbucket.org
-02- Finding Sensitive data site:bitbucket.org inurl:.bash_history By Pharos …
inurl:.bash_history
05

2013 intext:phpMyAdmin SQL

intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`,
-11- Dump filetype:sql
`password`) V…
27 intext:INS…

2013
inurl:mikrotik mikrotik url backups uploaded.. then.. credentials cracked via
-11-
filetype:backup http://mikrotikpasswordrecove…
27

2013
filetype:xml Sitemaps, the opposite of Web Robots Exclusion Detail directory and page map — -
-11-
inurl:sitemap [Volun…
25

2013 inurl:”jmx- JBoss

-11- console/HtmlAdaptor” http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to
25 intitle:… _the_J…
2013
-11- inurl:tar filetype:gz Tar files Contain user and group information (in addition to potentially useful files) — …
25

2013
filetype:bak (inurl:php | This one could be used to find all sorts of backup data, but this example is limited to just
-11-
inurl:asp | inurl:rb) c…
25

2013 site:github.com
-11- inurl:”id_rsa” - Finds private SSH keys on GitHub. – Andy G – twitter.com/vxhex …
25 inurl:&q…

2013 site:github.com
-11- inurl:”known_hosts” Finds SSH known_hosts files on GitHub. – Andy G – twitter.com/vxhex …
25 &quo…

2013 inurl:/wp-
Google dork for WordPress database backup file (sql): inurl:/wp-content/uploads/
-11- content/uploads/
filetype:sq…
25 filetype:sql

2013 inurl:config “fetch =

-11- +refs/heads/*:refs/rem Git config file Easy way to find Git Repositories — -[Voluntas Vincit Omnia]- website…
25 o…

2013 filetype:php
Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/) Can
-11- intext:”PROJECT HONEY
identify the …
25 POT ADDRES…

2013 inurl:github.com
Find FTP logins and full path disclosures pushed to github inurl:github.com intext:sftp-
-11- intext:sftp-conf.json
conf…
25 +intext:/wp…

2013 inurl:*/webalizer/*
-09- intitle:”Usage *Obrigado,* …
24 Statistics…

2013
intitle:index.of
-09- Find peoples ssh public and private keys – tmc / #havok …
intext:.ssh
24

2013
filetype:txt This dork can be used to find symlinked WordPress configuration files of other web sites
-08-
inurl:~~Wordpress2.txt …
08

2013
filetype:txt inurl:wp-
-08- Easily hunt the WordPress configuration file in of remote web sites Author : Un0wn_X …
config.txt
08

2013- By this dork you can find juicy information joomla configuration files
inurl:~~joomla3.txt filetype:txt
08-08 Author: Un0wn_X …
2013- intitle:”WAMPSERVER Homepage” & #Summary: Wampserver Homepage free access
08-08 inte… (*http://www.wampserver.com/).* #Author: g00gl3 5c0u…

2013- This is *Mohan Pendyala* (penetration tester) from india. Google

inurl:wp-content/uploads/dump.sql
08-08 Dork: *inurl:wp-content/u…

2013- Works with every single fluidgalleries portofolio sites. Just decrypt the
inurl:fluidgalleries/dat/login.dat
08-08 MD5 hash and login on…

2013-
“information_schema” filetype:sql Dork: “information_schema” filetype:sql By: Cr4t3r …
08-08

2013- inurl:”zendesk.com/attachments/token” zendesk is good ticketing system . It has thousands of clients. with the
08-08 si… above dork you can s…

2013- Searching for “allintext: /iissamples/default/” may provide interesting

allintext: /iissamples/default/
04-23 informatio…

2013- filetype:php -site:php.net intitle:phpinfo Tries to reduce false positive results from similar dorks. Finds pages
04-22 “p… containing output from …

2013- filetype:ini “This is the default settings Finds PHP configuration files (php.ini) that have been placed in indexed
04-22 fi… folders. Php.ini defi…

2013-
inurl:”php?id=” intext:”DB_Error Ob… Description: Files containing juicy info Author:ruben_linux …
04-09

2013- *Google Search:* http://www.google.com/search?q=ext:gnucash

ext:gnucash
02-05 *Description:* Find Gnucas…

2013- Hits: 807 Config file from Thomson home routers, sometimes it
runtimevar softwareVersion=
02-05 contains password’s and user’s …

2012- inurl:admin intext:username= AND

— nitish mehta …
12-31 email= AND passwo…

2012- inurl:newsnab/www/ Usenet Accounts from Newsnab configs inurl:newsnab/www/

12-06 automated.config.php automated.config.php Author: rmccurd…

2012- Finds the configuration files of the PHP Database on the server. By
inurl:.com/configuration.php-dist
11-02 Chintan GurjarRahul Tygi…

2012- Lots of Avast Licenses . Author : gr00ve_hack3r

filetype:avastlic
08-21 www.gr00vehack3r.wordpress.com …

2012- filetype:docx Domain Registrar $user Dork :- *filetype:docx Domain Registrar $user $pass* Use :- *To find
08-21 $pass domain login password fo…

2012- inurl:”phpmyadmin/index.php”
This dork finds unsecured databases …
08-21 intext:&quo…

2012- intext:”Thank you for your This dork can fetch you Avast product licenses especially Avast
05-15 purchase/trial of … Antiviruses , including Profes…
2012-
?intitle:index.of?”.mysql_history” Find some juicy info in .mysql_history files enjoy bastich …
05-15

2012-
intext:”~~Joomla1.txt” title:”Index… intext:”~~Joomla1.txt” title:”Index of /” Get all server configs files…
05-15

2011-
allintext:D.N.I filetype:xls This Query contains sensitive data (D.N.I ) in a xls format (excel)
12-27
and D.N.I for People of…

2011- List of Phone Numbers (In XLS File ) This is a dork for a list of Phone Private Numbers in Argentina. Author:
12-19 allinurl:tele… Luciano UNLP …

2011- Microsoft-IIS/7.0 intitle:index.of name

IIS 7 directory listing. Author: huang …
12-19 size

2011- Google Dork inurl:Curriculum Vitale

This dork locates Curriculum Vitale files. Author: Luciano UNLP …
12-16 filetype:doc (…

2011- Google Dork For Social Security Number

This dork locates social security numbers. Author: Luciano UNLP …
12-16 ( In Spain …

2011- There are three of mysql_connects but that all search in .inc or
filetype:old (mysql_connect) ()
11-24 warnings, non search for .old…

2011- filetype:old this dork locates backed up config files filetype:php~

11-24 (define)(DB_USER|DB_PASS|DB_NAME) (define)(DB_USER|DB_PASS|DB_NAME) file…

2011- filetype:reg reg HKEY_CURRENT_USER

this dork locates registry dumps …
11-19 SSHHOSTKEYS

2011- this dork finds mostly backed up configuration.php files. Its possible to
intitle:index.of? configuration.php.zip
11-19 change the *.zip to …

2011- The Dork Allows you to get data base information from config files.
inurl:”/includes/config.php”
11-19 Author: XeNon …

2011- example google dork to find trace.axd, a file used for debugging asp
inurl:”trace.axd” ext:axd “Applicat…
11-19 that reveals full http re…

2011- +intext:”AWSTATS DATA FILE” Shows data downloads containing statistics on the site.Made by
09-26 filetype:txt AwstatsThe best dork for that sy…

2011- filetype:ini “Bootstrap.php” Zend application ini, with usernames, passwords and db info love
08-25 (pass|passw… Bastich …

2011- Microsoft private keys, frequently used for servers with UserID on the
filetype:pem “Microsoft”
07-26 same page. — Sha…

2011- inurl:server-info intitle:”Server Juicy information about the apache server installation in the website.
07-26 Information… — *Regards, Fady …
2011- inurl:/push/ .pem apns -“push iphone apple push notification system private keys, frequently
07-18 notifications&q… unencrypted, frequently with De…

2011- site:stashbox.org cv Or resume OR Searches StashBox for publicly avaliable PDF’s or .doc files containing
07-18 curriculum vitae… information used in a…

2011- site:mediafire.com cv Or resume OR Searches Mediafire for publicly avaliable PDF’s containing information
07-18 curriculum vita… used in a CV/Resume/Cur…

2011- site:docs.google.com intitle:(cv Or Searches GoogleDocs for publicly avaliable PDF’s containing
07-18 resume OR curr… information used in a CV/Resume/Cu…

2011- Searches Dropbox for publicly avaliable PDF’s containing

site:dl.dropbox.com filetype:pdf cv OR curriculum …
07-01 information used in a CV/Resume/Curri…

2011- Submitter: pipefish Squid User Access Reports that show

inurl:sarg inurl:siteuser.html
05-26 users’ browsing history t…

2011- The filetype:xls never changes What is inbtween then +

filetype:xls + password + inurl:.com
05-03 sings can be what ever you are looking …

2011- Site: google.com/latitude – This is a free application where

allinurl:http://www.google.co.in/latitude/apps/bad…
05-03 you can track your PC, laptop and…

2011-
intext:db_pass inurl:settings.ini Submitter: Bastich mysql.nimbit.com dashboard settings…
02-24

2011- Magento local.xml sensitive information disclosure

inurl:app/etc/local.xml
02-19 Author: Rambaud Pierre…

2010- XAMPP Security Setting Page Information Disclosure.

allinurl:/xampp/security.php
12-13 Author: modpr0be …

2010- Locates phpinfo files. A phpinfo file Outputs a large

inurl:phpinfo.php
12-10 amount of information about the current s…

2010- locates the default configuration file for vBulletin

inurl:”config.php.new” +vbulletin
12-07 (/includes/config.php.new) Author: MaXe…

2010- locates the default configuration file of JOOMLA Author:

inurl:configuration.php-dist
12-07 ScOrPiOn …

2010-
filetype: log inurl:”access.log” +intext… Match some apache access.log files. Author: susmab…
11-25

2010-
“Cisco PIX Security Appliance Software Versio… Google search for Pix Authorization Keys Author: fdisk…
11-10

2010- This search locates private SSHHostkeys. Author:

filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
11-10 loganWHD…
2006- Often includes phpinfo and unsecured links to
intitle:”AppServ Open Project *” “A…
10-02 phpmyadmin….

2006- Logrep is an open source log file Extraction and Reporting

intitle:”LOGREP – Log file reporting system&q…
03-21 System by ITeF!x. This dork finds t…

2006- PRTG Traffic Grapher is Windows software for monitoring

(intitle:”PRTG Traffic Grapher” inurl:&q…
03-18 and classifying bandwidth usage. It pro…

2006- Joomla! is a Content Management System (CMS) created

intitle:”Joomla – Web Installer”
03-18 by the same team that brought the Mambo CM…

2006- if you search through lots of these then you find some
“not for public release” -.edu -.gov -.m…
02-22 really juicy things, there files from po…

2006- CVs is a software used to keep track of changes to

intext:ViewCVS inurl:Settings.php
01-16 websites. You can review all updates and pre…

2006- General build error file. Can tell what modules are
inurl:build.err
01-16 installed, the OS the compiler the language…

2005-
inurl:/cgi-bin/pass.txt Passwords…
12-22

2005- (intitle:WebStatistica WebStatistica provides detailed statistics about a web page. Normally you would
12-19 inurl:main.php) | (intitle:… have to login …

2005- inurl:wp-mail.php + “There This is the WordPress script handling Post-By-Email functionality, the search is
11-24 doesn’t seem to b… focussed on th…

2005- intitle:”Welcome to F- An attacker may want to know about the antivirus software running. The
11-16 Secure Policy Manager S… description says he can…

intitle:Bookmarks
2005- AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in
inurl:bookmarks.html
10-22 bookmarks.html. It is often …
“Bookm…

2005- intitle:”urchin
Gain access to Urchin analysis reports….
10-04 (5|3|admin)” ext:cgi

2005- rdbqds -site:.edu -site:.mil - Ceasar encryption is a rather simple encryption. You simply shift letters up or down
09-08 site:.gov across the…

2005- Forget Bluetooth Hacking! You’ll be amazed, at how many people sync their Cell
contacts ext:wml
08-23 Phones to the sa…

2005- intitle:”curriculum vitae” Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails,
08-12 filetype:doc how many …

2005- intitle:”admin panel” This finds all versions of RedKernel Referer Tracker(stats page) it just gives out
08-16 +”Powered by … some nice in…
2005- ext:(doc | pdf | xls | txt | Although this search is a bit broken (the file extensions don’t always work), it
07-30 ps | rtf | odt | sxw … reveals intere…

2005- site:www.mailinator.com Mailinator.com allows people to use temporary email boxes. Read the site, I won’t
07-24 inurl:ShowMail.do explain here….

2005-
allinurl:cdkey.txt cdkeys…
07-21

2005-
filetype:PS ps PS is for “postscript”…which basically means you get the high quality press data fo…
07-08

2005- Quickbooks is software to manage your business’s financials. Invoicing, banking,

filetype:QBW qbw
06-21 payroll, etc, …

2005- This query reveals an .asp script which can often be used to send anonymous
inurl:XcCDONTS.asp
06-07 emails from fake se…

2005-
ext:DCA DCA IBM DisplayWrite Document Content Architecture Text File…
04-27

2005-
ext:ccm ccm -catacomb Lotus cc:Mail Mailbox file…
04-27

2005-
ext:CDX CDX Visual FoxPro database index…
04-27

2005-
ext:DBF DBF Dbase DAtabase file. Can contain sensitive data like any other database….
04-27

2005- There is a full path disclosure in .jbf files (paint shop pro), which by itself is not
ext:jbf jbf
04-27 a vulner…

2005- ext:plist filetype:plist These Safari bookmarks that might show very interesting info about a user’s
04-26 inurl:bookmarks.plist surfing habits…

2005- ICalender Fileder that can contain a lot of useful information about a possible
ext:ics ics
04-26 target….

2005- “MacHTTP” filetype:log MacHTTP is an webserver for Macs running OS 6-9.x. It’s pretty good for older
04-26 inurl:machttp.log Macs but the defa…

2005- ExpressionEngine is a modular, flexible, feature-packed web publishing system

WebLog Referrers
03-30 that adapts to a …

2005- “#mysql dump” filetype:sql this is a mod of one of the previous queries posted in here. the basic thing is,
02-28 21232f297a57a… to add this:21…

2005- This searches for tns names files. This is an Oracle configuration file that sets
filetype:ora tnsnames
02-15 up connectio…
2005- These pages contain hotmail messages that were saved as HTML. These
inurl:getmsg.html intitle:hotmail
03-02 messages can contain anythi…

2005- This search reveals NetOp license files. From the netop website: “NetOp
+”HSTSNR” -“netop.com”
02-28 Remote Control is …

2005- intitle:”web server status” SSH

simple port scanners for most common ports…
02-15 Telnet

2005- -site:php.net -“The PHP Group” scripts to view the source code of PHP scripts running on the server. Can be
02-15 inurl:sou… very interesting i…

2005-
inurl:netscape.hst History for Netscape – So an attacker can read a user’s browsing history….
01-27

2005-
inurl:”bookmark.htm” Bookmarks for Netscape and various other browsers….
01-27

2005- Netscape Bookmark List/History: So an attacker would be able to locate the

inurl:netscape.hst
01-27 bookmark and history…

2005- There’s a bunch of interesting info in netscape.ini1. Viewers: which multimedia

inurl:netscape.ini
01-27 viewers the fir…

2005- intitle:”edna:streaming mp3 Edna allows you to access your MP3 collection from any networked computer.
01-27 server” -for… This software stream…

2005- Putty registry entries. Contain username and hostname pairs, as well as type
ext:reg “username=*” putty
01-27 of session (sftp, …

2005- This will find text dumps of the DirectX Diag utility. It gives an outline of the
ext:txt inurl:dxdiag
01-22 hardware of t…

2005- This dork will return some FTP root directories. The string can be made more
intitle:”FTP root at”
01-13 specific by adding…

2005- intext:gmail invite This is a dork I did today. At first, I wanted to find out the formula for making
01-02 intext:http://gmail.google.com… one, but … …

2005- This will give msn contact lists .. modify the “msn” to what ever you feel is
Peoples MSN contact lists
01-02 messeng…

2005-
filetype:ctt Contact This is for MSN Contact lists……
01-02

2004- intitle:”index.of” .diz .nfo last File_id.diz is a description file uploaders use to describe packages uploaded to
12-30 modifi… FTP sites. Alt…

2004-
filetype:blt “buddylist” AIM buddylists….
12-30
2004- filetype:cnf inurl:_vti_pvt The access.cnf file is a “weconfigfile” (webconfig file) used by Frontpage
12-30 access.cnf Extentions…

2004- squeezebox is the easiest way for music lovers to enjoy high-quality playback
intitle:”welcome.to.squeezebox”
12-19 of their whole di…

2004- This finds the emule configuration file which contains some general and proxy
inurl:preferences.ini “[emule]”
12-19 information.Somet…

2004- ext:conf inurl:rsyncd.conf -cvs - rsync is an open source utility that provides fast incremental file transfer.rsync
12-19 man can also tal…

2004- Affordable Web-based document and content management application lets

inurl:ds.py
12-13 businesses of every size …

2004- Perfect Keylogger is as the name says a keylogger :)This dork finds the
ext:dat bpk.dat
12-13 corresponding datafiles…

2004- intitle:”Multimon UPS status

Multimon provide UPS monitoring services…
12-04 page”

2004- php-addressbook “This is the

php-addressbook shows user address information without a password….
12-05 addressbook for…

2004- PhpSystem shows info about unix systems, including: General Info (kernel,
“Generated by phpSystem”
12-05 cpu, uptime), Connect…

2004- This system records visits to your site. This admin script allows you to display
inurl:”/axs/ax-admin.pl” -script
12-04 these records …

2004- VMWare allows PC emulation across a variety of platforms.

ext:vmx vmx
12-03 Theseconfiguration files describe a v…

2004- VMWare allows PC emulation across a variety of platforms. These files are
ext:vmdk vmdk
12-03 VMWare disk images wh…

2004- PQ DriveImage allows administrators to create hard rive images for lots of
ext:pqi pqi -database
12-03 purposes including b…

2004- Norton Ghost allows administrators to create hard rive images for lots of
ext:gho gho
12-03 purposes including ba…

2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate
11-28 (inurl:i… PHP download …

2004- intitle:”DocuShare” some companies use a Xerox Product called DocuShare. The problem with this
11-28 inurl:”docushar… is by default guest …

2004- ext:txt “Final encryption IPSec debug/log data which contains user data and password hashes.Can be used to
11-28 key” crack password…
2004- inurl:report “EVEREST Well what can be said about this one, I’ve added it to the DB under Juicy info,
11-20 Home Edition “ however it coul…

2004- “Microsoft (R) Windows * This file spills a lot of juicy info… in some cases, passwords in the raw dump, but not
11-23 (TM) Version * DrWts… in an…

2004- intitle:”Apache::Status” The Apache::Status returns information about the server software, operating
11-21 (inurl:server-s… system, number of c…

2004- intitle:”PhpMyExplorer” PhpMyExplorer is a PHP application that allows you to easily update your site online
11-18 inurl:”inde… without an…

2004- MySQL stores its data for each database in individual files with the extension
filetype:myd myd -CVS
11-18 MYD.An attacker …

2004- filetype:config web.config - Through Web.config an IIS adminstrator can specify settings like custom 404 error
11-16 CVS pages, authen…

2004- Netstunbler files contain information about the wireless network. For a cleanup add
filetype:ns1 ns1
11-16 stuff like:…

2004- ext:cgi inurl:editcgi.cgi This was inspired by the K-Otic report. Only two results at time of writing. The cgi
11-16 inurl:file= script let…

2004- filetype:pst pst -from -to - Finds Outlook PST files which can contain emails, calendaring and address
11-12 date information….

2004- This registry dump contains putty saved session data. SSH servers the according
inurl:”putty.reg”
11-07 usernames and p…

2004- NoCatAuth configuration file. This reveals the configuration details of wirless
ext:conf NoCatAuth -cvs
11-07 gateway includi…

2004- “Certificate Practice Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA
11-05 Statement” inurl:(… operation an…

2004- filetype:inf The CAPolicy.inf file provides Certificate Servicces configuration information, which
11-05 inurl:capolicy.inf is read d…

2004- filetype:php inurl:index PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It
10-31 inurl:phpicalendar -site:… displays …

2004- intitle:”Web Server These are www analog webstat reports. The failure report shows information
10-31 Statistics for ****” leakage about databa…

2004- intitle:”AppServ Open AppServ is the Apache/PHP/MySQL open source software installer packages. This
10-31 Project” -site:www… normally includes…

2004- intitle:”Index of” upload Files uploaded through ftp by other people, sometimes you can find all sorts of
10-24 size parent di… things from mov…

2004- Domino is server technology which transforms Lotus Notes® into an

inurl:log.nsf -gov
10-20 Internet a…
2004- Domino is server technology which transforms Lotus Notes® into an
ext:nsf nsf -gov -mil
10-20 Internet a…

2004- intitle:”index.of *” admin With Compulive News you can enter the details of your news items onto a webform
10-19 news.asp conf… and upload imag…

2004- inurl:cgi-bin/testcgi.exe Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine
10-18 “Please distribute … for the …

2004- ext:mdb inurl:*.mdb The directory “http:/xxx/fpdb/” is the database folder used by some versions of
10-18 inurl:fpdb shop.mdb Front…

2004- This one shows configuration files for various applications. based on the application
ext:ini intext:env.ini
10-16 an attack…

2004- “Installed Objects Scanner” Installed Objects Scanner makes it easy to test your IIS Webserver for installed
10-16 inurl:defaul… components. In…

2004- intitle:”ASP Stats ASP Stats Generator is a powerful ASP script to track web site activity. It combines a
10-16 Generator *.*” “… server s…

2004- This search will show the googler ODBC client configuration files which may contain
inurl:odbc.ini ext:ini -cvs
10-09 usernames/d…

2004- intext:SQLiteManager sQLiteManager is a tool Web multi-language of management of data bases SQLite. #
10-05 inurl:main.php Management of…

2004- +”:8080″ +”:3128″

With the string [+”:8080″ +”:3128″ +”:80″ filetype:txt] it is pos…
09-29 +”:80&q…

2004- With the combined collaboration features of Windows SharePoint Services and
inurl:/_layouts/settings
09-23 SharePoint Portal S…

2004- www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly
ext:ldif ldif
09-23 everything in o…

2004- filetype:pst All versions of the popular business groupware client called Outlook have the
09-11 inurl:”outlook.pst” possibility to st…

2004- Filext.com says: “Various programs use the *.VCS extension; too many to list
filetype:vcs vcs
09-22 individually….

ext:log “Software:
2004- Microsoft Internet Information Services (IIS) has log files that are normally not in
Microsoft Internet
09-21 the docroo…
Informa…

2004- Lotus Domino address This search will return any Lotus Domino address books which may be open to the
09-18 books public. This ca…

2004- filetype:asp DBQ=” * This search finds sites using Microsoft Access databases, by looking for the the
09-18 Server.MapPath(“*.m… database conne…
2004- filetype:pdb pdb backup Hotsync database files can be found using “All databases on a Palm device,
09-10 (Pilot | Pluckerdb) including the o…

2004- filetype:xls Our forum members never get tired of finding juicy MS office files. Here’s one by
09-10 inurl:”email.xls” urban that fi…

2004- John the Ripper is a popular cracking program every hacker knows. It’s results are
filetype:pot inurl:john.pot
09-10 stored in a …

2004- filetype:reg “Terminal These are Microsoft Terminal Services connection settings registry files. They may
09-07 Server Client” sometimes co…

2004- These are Remote Desktop Connection (rdp) files. They contain the settings
filetype:rdp rdp
09-07 and sometimes the cr…

2004- The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme
inurl:snitz_forums_2000.mdb
09-07 says: “it is strongl…

2004- This search will show backupfiles for xp/2000 machines.Of course these files
filetype:bkf bkf
09-06 could contain near…

2004- This search will show QuickBooks Bakup Files. Quickbook is financial
filetype:qbb qbb
09-06 accounting software so sto…

2004- ( filetype:mail | filetype:eml | storing emails in your webtree isnt a good idea.with this search google will
08-26 filetype:mbox | f… show files contai…

2004- The QDATA.QDF file (found sometimes in zipped “QDATA” archives online,
Quicken data files
08-25 sometimes not)…

2004- This search gives hounderd of existing curriculum vitae with names and
“phone * * *” “address *” &qu…
08-19 adress. An attacker coul…

2004- The UBB trial version contains files that are not safe to keep online after
ext:asp inurl:pathto.asp
08-13 going live. The ins…

2004-
filetype:xls -site:gov inurl:contact Microsoft Excel sheets containing contact information….
08-09

2004- mail filetype:csv -site:gov

CSV Exported mail (user) names and such….
08-09 intext:name

2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just
08-09 fil… hours of good clean …

2004- Webmasters wanting to exclude search engine robots from certain parts of
(inurl:”robot.txt” | inurl:”robots….
08-09 their site often choos…

2004- Mandrake auto-install configuration files. These contain information about

filetype:cfg auto_inst.cfg
08-05 the installed packag…
2004-
filetype:fp7 fp7 These are Filemaker Pro version 7 databases files….
08-05

2004-
filetype:fp3 fp3 These are FileMaker Pro version 3 Databases….
08-05

2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both
08-02 -“cvs lo… version 5 and 6)….

2004- More Microsoft Access databases for your viewing pleasure. Results may
inurl:*db filetype:mdb
08-02 vary, but there have bee…

2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This
08-02 “P… search differs f…

2004- Greetings, The *.ora files are configuration files for oracle clients. An attacker
filetype:ora ora
08-01 can identify…

2004- intitle:”Index Of” -inurl:maillog This google search reveals all maillog files within various directories on a
07-28 maill… webserver. This se…

2004- These are Remote Desktop Connection (rdp) files. They contain the settings
filetype:rdp rdp
09-07 and sometimes the cr…

2004- The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme
inurl:snitz_forums_2000.mdb
09-07 says: “it is strongl…

2004- This search will show backupfiles for xp/2000 machines.Of course these files
filetype:bkf bkf
09-06 could contain near…

2004- This search will show QuickBooks Bakup Files. Quickbook is financial
filetype:qbb qbb
09-06 accounting software so sto…

2004- ( filetype:mail | filetype:eml | storing emails in your webtree isnt a good idea.with this search google will
08-26 filetype:mbox | f… show files contai…

2004- The QDATA.QDF file (found sometimes in zipped “QDATA” archives online,
Quicken data files
08-25 sometimes not)…

2004- This search gives hounderd of existing curriculum vitae with names and
“phone * * *” “address *” &qu…
08-19 adress. An attacker coul…

2004- The UBB trial version contains files that are not safe to keep online after
ext:asp inurl:pathto.asp
08-13 going live. The ins…

2004-
filetype:xls -site:gov inurl:contact Microsoft Excel sheets containing contact information….
08-09

2004- mail filetype:csv -site:gov

CSV Exported mail (user) names and such….
08-09 intext:name
2004- intext:”Session Start * * * *:*:* *” These are IRC and a few AIM log files. They may contain juicy info or just
08-09 fil… hours of good clean …

2004- Webmasters wanting to exclude search engine robots from certain parts of
(inurl:”robot.txt” | inurl:”robots….
08-09 their site often choos…

2004- Mandrake auto-install configuration files. These contain information about

filetype:cfg auto_inst.cfg
08-05 the installed packag…

2004-
filetype:fp7 fp7 These are Filemaker Pro version 7 databases files….
08-05

2004-
filetype:fp3 fp3 These are FileMaker Pro version 3 Databases….
08-05

2004- filetype:fp5 fp5 -site:gov -site:mil These are various kinds of FileMaker Pro Databases (*.fp5 applies to both
08-02 -“cvs lo… version 5 and 6)….

2004- More Microsoft Access databases for your viewing pleasure. Results may
inurl:*db filetype:mdb
08-02 vary, but there have bee…

2004- “allow_call_time_pass_reference” Returns publically visible pages generated by the php function phpinfo(). This
08-02 “P… search differs f…

2004- Greetings, The *.ora files are configuration files for oracle clients. An attacker
filetype:ora ora
08-01 can identify…

2004- intitle:”Index Of” -inurl:maillog This google search reveals all maillog files within various directories on a
07-28 maill… webserver. This se…

2004-
inurl:profiles filetype:mdb Microsoft Access databases containing (user) profiles …..
07-26

intext:(password |
2004- CSV formatted files containing all sorts of user/password combinations. Results may
passcode)
07-26 vary, but a…
intext:(username | us…

2004- intitle:”Index Of” searches for cookies.txt file. On MANY servers this file holds all cookie information,
07-26 cookies.txt size which ma…

2004-
inurl:forum filetype:mdb Microsoft Access databases containing ‘forum’ information …..
07-26

2004-
inurl:backup filetype:mdb Microsoft Access database backups…..
07-26

2004- data filetype:mdb -

Microsoft Access databases containing all kinds of ‘data’….
07-26 site:gov -site:mil

2004-
inurl:email filetype:mdb Microsoft Access databases containing email information…..
07-26
2004- intitle:”index of” +myd The MySQL data directory uses subdirectories for each database and common files
07-21 size for table stora…

2004-
“sets mode: +s” This search reveals secret channels on IRC as revealed by IRC chat logs….
07-19

2004-
“sets mode: +p” This search reveals private channels on IRC as revealed by IRC chat logs….
07-19

2004- The information contained in these files depends on the actual file itself. SSL.conf
inurl:ssl.conf filetype:conf
07-15 files cont…

2004- This search will find private key files… Private key files are supposed to be, well…
private key files (.csr)
07-12 privat…

2004- This search will find private key files… Private key files are supposed to be, well…
private key files (.key)
07-12 privat…

2004- Loads of user information including email addresses exported in comma separated
exported email addresses
07-12 file format (.c…

2004- Ntop shows the current network usage. It displays a list of hosts that are currently
Welcome to ntop!
07-06 using the …

2004- sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to
MySQL tabledata dumps
07-06 think of what e…

2004- Microsoft Money Data Microsoft Money 2004 provides a way to organize and manage your personal
07-02 Files finances (http://www.m…

2004- OWA Public Folders This search looks for Outlook Web Access Public Folders directly. These links open
06-25 (direct view) public folde…

2004- Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge
Unreal IRCd
07-06 IRCd that was f…

2004- MSN Messenger uses the file extension *.ctt when you export the contact list. An
filetype:ctt ctt messenger
06-22 attacker could…

2004- 94FBR “ADOBE 94FBR is part of many serials. An malicious user would only have to change the
06-10 PHOTOSHOP” programm name (p…

2004- inurl:forward Users on *nix boxes can forward their mail by placing a .forward file in their home
05-26 filetype:forward -cvs directory. …

2004- intitle:”System Statistics” This search reveals internal network information including network configuratino,
05-24 +”Syste… ping times, s…

2004- inurl:”cacti” This search reveals internal network info including architecture, hosts and services
05-24 +inurl:”graph_view.ph… available….
2004- This search reveals information about internal networks, such as configuration,
inurl:”/cricket/grapher.cgi”
05-24 services, bandw…

2004- intitle:”Big Sister” +”OK

This search reveals Internal network status information about services and hosts….
05-24 Attention…

2004- “Mecury Version” Mecury is a centralized ground control program for research satellites. This query
05-18 “Infastructure Gro… simply loca…

2004- The php.ini file contains all the configuration for how PHP is parsed on a server. It
inurl:php.ini filetype:ini
05-17 can cont…

intitle:intranet
2004- These pages are often private intranet pages which contain phone listings and
inurl:intranet
05-17 email addresses. …
+intext:”phon…

2004- filetype:blt blt Reveals AIM buddy lists, including screenname and who’s on their ‘buddy’ list and
05-14 +intext:screenname their ‘blocke…

2004- These are http server access logs which contain all sorts of information ranging
filetype:log access.log -CVS
05-14 from usernames…

2004- Displays logs from cron, the *nix automation daemon. Can be used to determine
filetype:log cron.log
05-14 backups, full an…

2004- License files for various software titles that may contain contact info and the
filetype:lic lic intext:key
05-13 product version…

2004- intitle:”index of”

This file contains port number, version number and path info to MySQL server….
05-13 mysql.conf OR mysql_c…

2004- filetype:eml eml These are oulook express email files which contain emails, with full headers. The
05-12 +intext:”Subject” +inte… information …

2004- filetype:mbx mbx These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made
05-11 intext:Subject public on pur…

2004- These are Microsoft Outlook Mail address books. The information contained will
filetype:wab wab
05-10 vary, but at the…

2004- “Request Details” “Control These pages contain a great deal of information including path names, session ID’s,
05-06 Tree&quo… stack trace…

2004- “HTTP_FROM=googlebot” These pages contain trace information that was collected when the googlebot
05-06 googlebot.com &qu… crawled a page. The…

2004- filetype:conf inurl:firewall - These are firewall configuration files. Although these are often examples or sample
05-05 intitle:cvs files, in m…

2004- inurl:”smb.conf” These are samba configuration files. They include information about the
05-04 intext:”workgroup&… network, trust relation…
2004- This is the default directory for TestDirector
inurl:tdbin
05-03 (http://www.mercuryinteractive.com/products/test…

2004- This is the MRTG traffic analysis pages. This page lists information about
intext:”Tobias Oetiker” “traffic an…
05-03 machines on the netw…

2004- inurl:server-info “Apache Server This is the Apache server-info program. There is so much sensitive stuff
04-28 Information&… listed on this page th…

2004- This is the print environemnts script which lists sensitive information such
inurl:perl/printenv
04-28 as path names, ser…

2004- This is the print environemnts script which lists sensitive information such
inurl:cgi-bin/printenv
04-28 as path names, ser…

2004- This is the fastcgi echo script, which provides a great deal of information
inurl:fcgi-bin/echo
04-28 including port numb…

2004- This page shows all sort of information about the Apache web server. It
inurl:server-status “apache”
04-26 can be used to track pr…

2004- These pages are from Shareaza client programs. Various data is displayed
“This is a Shareaza Node”
04-21 including client versi…

2004- This is a gnutella client that was picked up by google. There is a lot of data
“Running in Child mode”
04-21 present includin…

2004- These pages reveal server information such as port, server software
allinurl:servlet/SnoopServlet
04-20 version, server name, full …

2004- These pages reveal information about the server including path
allinurl:/examples/jsp/snp/snoop.jsp
04-20 information, port information, e…

2004- These pages generally contain newsletter administration pages. Some of

inurl:”newsletter/admin/”
04-16 these site are password …

2004- These pages generally contain newsletter administration pages. Some of

inurl:”newsletter/admin/” intitle:”…
04-16 these site are password …

2004- This search reveals chat logs. Depending on the contents of the logs, these
“Index of” / “chat/logs”
04-13 files could contain…

2004- This is your typical stats page listing referrers and top ips and such. This
inurl:vbstats.php “page generated”
04-08 information can ce…

2004- This reveals mySQL database dumps. These database dumps list the
“#mysql dump” filetype:sql
04-05 structure and content of datab…

2004- This search reveals potential location for mailbox files by keying on the
intitle:index.of cleanup.log
04-05 Outlook Express clean…

2004- This search reveals potential location for mailbox files. In some cases, the
intitle:index.of inbox dbx
04-05 data in this direc…
2004- This search reveals potential location for mailbox files. In some cases, the
intitle:index.of inbox
04-05 data in this direc…

2004- “Host Vulnerability This search yeids host vulnerability scanner reports, revealing potential
03-30 Summary Report” vulnerabilities on ho…

2004- “Network Vulnerability This search yeids vulnerability scanner reports, revealing potential vulnerabilities
03-30 Assessment Report”… on hosts a…

2004- “Thank you for your order” After placing an order via the web, many sites provide a page containing the phrase
03-29 +receipt “Thank…

2004- “not for distribution” The terms “not for distribution” and confidential indicate a sensitive document.
03-29 confidential Resu…

2004- This is a common script for changing passwords. Now, this doesn’t actually reveal
inurl:changepassword.asp
03-24 the password,…

2004- “Most Submitted Forms More www statistics on the web. This one is very nice.. Lots of directory info, and
03-22 and Scripts” “… client acce…

2004- This search can find Excel spreadsheets in an administrative directory or of an

inurl:admin filetype:xls
03-16 administrative …

2004- This search can find administrative login pages. Not a vulnerability in and of itself,
intitle:admin intitle:login
03-14 this que…

2004- This search can find administrative login pages. Not a vulnerability in and of itself,
inurl:admin intitle:login
03-14 this que…

2004- ws_ftp.ini is a configuration file for a popular FTP client that stores usernames,
intitle:index.of ws_ftp.ini
03-04 (weakly) enc…

2004- dead.letter contains the contents of unfinished emails created on the UNIX
intitle:index.of dead.letter
03-04 platform. Emails (fi…

2004- intitle:index.of “Apache” This is a very basic string found on directory listing pages which show the version of
03-04 “server a… the Apac…

2004- intitle:”wbem” compaq These devices are running HP Insight Management Agents for Servers which
03-04 login “Compaq… “provide device i…

2004- inurl:main.php Welcome to From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle
03-04 phpMyAdmin the administ…

2004- inurl:main.php From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle
03-04 phpMyAdmin the administ…

2004- “phpMyAdmin” “running From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle
03-04 on” inur… the administ…
2004- “robots.txt” “Disallow:”
The robots.txt file serves as a set of instructions for web crawlers. The “disallow” …
03-04 filet…

2004- intitle:”Usage Statistics for” The webalizer program shows web statistics for web servers. This information
03-04 “Gen… includes who is vi…

2004- intitle:”statistics of” the awstats program shows web statistics for web servers. This information
03-04 “advanced w… includes who is visi…

2004- The ipsec.conf file could help hackers figure out what uber-secure users of
ipsec.conf
03-04 freeS/WAN are prote…

2004- from the manpage for ipsec_secrets: “It is vital that these secrets be protected. The
ipsec.secrets
03-04 file…

2004- from the manpage for ipsec_secrets: “It is vital that these secrets be protected. The
ipsec.secrets
03-04 file…

2004- This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based
cgiirc.conf
03-04 IRC …

2004- CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options
cgiirc.conf
03-04 for…

2004- From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle

phpMyAdmin dumps
03-04 the administ…

2004- From phpmyadmin.net : “phpMyAdmin is a tool written in PHP intended to handle

phpMyAdmin dumps
03-04 the administ…

2003- mystuff.xml – Trillian This particular file contains web links that trillian users have entered into the tool.
08-19 data files Trillia…

2003- I never really thought about this until I started coming up with juicy examples for
site:edu admin grades
07-10 DEFCON 11…..

2003- haccess.ctl (VERY haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file
06-30 reliable) decribe…

2003- this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes
haccess.ctl (one way)
06-30 who can…

2003- More www statistics on the web. This one is very nice.. Lots of directory info, and
“generated by wwwstat”
06-30 client acce…

2003- Another web statistics package. This one originated from a google scan of an ivy
“produced by getstats”
06-30 league college…

2003- “This report was These are weblog-generated statistics for web sites… A roadmap of files, referrers,
06-27 generated by WebLog” errors, s…
2003- The robots.txt file contains “rules” about where web spiders are allowed (and NOT
robots.txt
06-27 all…

2004- this brings up sites with phpinfo(). There is SO much cool stuff in here that you just
phpinfo()
11-18 have to …

2003- These searches bring up common names for AOL Instant Messenger “buddylists”.
AIM buddy lists
06-24 These li…

2003- These folks had the technical prowess to unpack the movable type files, but couldn’t
mt-db-pass.cgi files
06-24 manage to …

2003- sQL database dumps. LOTS of data in these. So much data, infact, I’m pressed to
sQL data dumps
06-24 think of what e…

2003- Financial spreadsheets: “Hey! I have a great idea! Let’s put our finances on our website in a secret directory
06-24 finances.xls so …

2003- Financial spreadsheets: “Hey! I have a great idea! Let’s put our finances on our website in a secret directory
06-24 finance.xls so …

2003- ICQ (http://www.icq.com) allows you to store the contents of your online chats into a
ICQ chat logs, please…
06-24 file. The…

2003- These are server cluster reports, great for info gathering. Lesse, what were those
Ganglia Cluster Reports
06-24 server names…

2003- squid cache server These are squid server cache reports. Fairly benign, really except when you consider
06-24 reports using them…

2012-
inurl:finger.cgi Finger Submitted by: Christy Philip Mathew…
11-02

2012- site*.*.*/webalizer Shows usage statistics of sites. Includes monthy reports on the IP addresses, user
08-21 intitle:”Usage Statistics… agents, and …

2006- intitle:r57shell +uname - compromised servers… a lot are dead links, but pages cached show interesting
05-04 bbpress info, this is r5…

2006- “The statistics were last

Results include many varius Network activity logs…
05-03 updated” “…

2006- inurl:/counter/index.php This is an online vulnerable web stat program called PHPCounter
04-06 intitle:”+PHPCounter… 7.http://www.clydebelt.org.uk/c…

2006- inurl:”NmConsole/Login.asp” Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring,
03-13 | intitle:&q… access beyond the p…

2006- inurl:CrazyWWWBoard.cgi gives tons of private forum configuration information.examples: Global variables
02-08 intext:”detailed debu… installed, wha…
2005- An HP Java network management tool. It is a sign that a network may not be
inurl:ovcgi/jovw
12-31 configured properly….

2005- inurl:proxy | inurl:wpad Information about proxy servers, internal ip addresses and other network
12-21 ext:pac | ext:dat findpro… sensitive stuff….

2005- inurl:webalizer filetype:png - ***WARNING: This search uses google images, disable images unless you want
11-21 .gov -.edu -.mil -op… your IP spewed acros…

2005- intitle:”Retina Report” This googledork finds vulnerability reports produced by eEye Retina Security
10-26 “CONFIDENTI… Scanner. The info…

2005- “Shadow Security Scanner This is a googledork to find vulnerability reports produced by Shadow Security
10-26 performed a vulnerab… Scanner. They c…

2005- “The following report This googledork reveals vunerability reports from many different vendors. These
10-26 contains confidential i… reports can co…

2005- Nagios Status page. See what ports are being monitored as well as ip addresses.Be
inurl:status.cgi?host=all
10-04 sure to check…

2005-
inurl:login.jsp.bak JSP programmer anyone? You can read this!…
09-30

2005- intitle:”Belarc Advisor People who have foolishly published an audit of their machine(s) on the net with
02-15 Current Profile”… some server in…

2005- “Traffic Analysis for” “RMON List of RMON ports produced by MRTG which is a network traffic analysis tool. See
03-05 Port *… also #198…

2005- “powered | performed by This search finds Beyond Security reports. Beyond Security sells a box which
02-03 Beyond Security’s Aut… performs automated…

2004- intitle:”PHPBTTracker This query shows pages which summarise activity on PHPBT-powered BitTorrent
12-30 Statistics” | inti… trackers – all the …

2004- This query shows pages which summarise activity on BNBT-powered BitTorrent
intitle:”BNBT Tracker Info”
12-30 trackers – including…

2004- intitle:”Azureus : Java BitTorrent This query shows machines using the Azureus BitTorrent client’s built-in
12-30 Client Tra… tracker – the pages ar…

2004- This searches for the install.php file. Most results will be a Bulletin board like
inurl:”install/install.php”
12-29 Phpbb etc.T…

2004- intext:”Welcome to the Web see and control JVC webcameras, you can move the camera, zoom… change
12-07 V.Networks” i… the settings, etc…….

2004- intitle:”start.managing.the.device” MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for
12-10 remo… remote PBX access(MCK…
2004- “Radiator is a highly configurable and flexible Radius server that supports
ext:cfg radius.cfg
12-06 authentication…

2004- filetype:php inurl:ipinfo.php Dshield is a distributed intrusion detection system. The ipinfo.php script
12-07 “Distributed In… includes a whois loo…

2004- Mercury SiteScope designed to ensure the availability and performance of

inurl:”sitescope.html” intitle:”sit…
12-03 distributed IT infrast…

2004- intitle:”twiki” TWiki has many security problems, depeding on the version installed. TWiki,
12-02 inurl:”TWikiUsers&q… is a flexible, powe…

2004- “Phorum Admin” “Database Phorum admin pagesThis either shows Information leakage (path info) or it
11-28 Connection… shows Unprotected Adm…

2004- sysWatch is a CGI to display current information about your UNIX system. It
“Output produced by SysWatch *”
11-28 can display drive p…

2004- Testpage / webserver environmentThis is the test cgi for xitami webserver. It
inurl:testcgi xitami
11-28 shows the webserv…

2004- filetype:log ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip
11-28 intext:”ConnectionManager2″ addresses, phon…

2004- intitle:”sysinfo * ” Lots of information leakage on these pages about active network services,
11-12 intext:”Genera… server info, network …

2004- inurl:portscan.php “from This is general search for online port scanners which accept any IP. It does
11-12 Port”|”Por… not find a specifi…

2004- PhotoPost Pro is photo gallery system. This dork finds its installation
inurl:/adm-cfgedit.php
11-07 page.You can use this p…

2004- webutil.pl is a web interface to the following services:* ping* traceroute*

inurl:webutil.pl
11-07 whois* finger* nslo…

2004- Domino is server technology which transforms Lotus Notes® into an

inurl:statrep.nsf -gov
10-20 Internet a…

2004- The finger command on unix displays information about the system users.
inurl:/cgi-bin/finger? “In real life”
10-19 This search displays pr…

2004- inurl:/cgi-bin/finger? Enter The finger command on unix displays information about the system users.
10-19 (account|host|user|us… This search displays th…

2004- filetype:php inurl:nqt Network Query Tool enables any Internet user to scan network information
10-18 intext:”Network Query … using:* Resolve/Revers…

2004- inurl:”map.asp?” “WhatsUp Gold’s new SNMP Viewer tool enables Area-Wide to easily track
10-05 intitle:”WhatsUp G… variables associate…
2004- ext:cgi intext:”nrg-” ” This NRG is a system for maintaining and visualizing network data and other resource
09-29 web pa… utilization dat…

2004- ((inurl:ifgraph “Page ifGraph is a set of perl scripts that were created to fetch data from SNMP agents
09-29 generated at”) OR … and feed a RR…

2004- inurl:”/catalog.nsf” This will return servers which are running versions of Lotus Domino. The catalog.nsf
09-10 intitle:catalog is the ser…

2004- “Powered by phpOpenTracker is a framework solution for the analysis of website traffic and
09-21 phpOpenTracker” Statistics visitor analysis…

site:netcraft.com
2004- Netcraft reports a site’s operating system, web server, and netblock owner together
intitle:That.Site.Running
09-21 with, if av…
Apache

2004- “this proxy is working These are test pages for some proxy program. Some have a text field that allows
08-13 fine!” “ente… you to use that…

2004- This search shows the webserver access stats as the user “admin”. The language
“apricot – admin” 00h
07-29 used i…

2006- “by Reimar Hoven. All

dork: “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta&…
04-15 Rights Reserved. Discla…

2004- intitle:”Microsoft Site Microsoft discontinued Site Server and Site Server Commerce Edition on June 1,
07-16 Server Analysis” 2001 with the in…

2004- Analysis Console for ACID stands for for “Analysis Console for Incident Databases”. It is a php frontend
07-12 Incident Databases f…

2004- A Looking Glass is a CGI script for viewing results of simple queries executed on
Looking Glass
06-22 remote router…

2004- “Version Info” “Boot This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved
06-04 Version” … from this …

2004- intitle:”ADSL Configuration This is the status screen for the Solwise ADSL modem. Information available from
06-04 page” this page incl…

2004- filetype:vsd vsd network - Reveals network maps (or any other kind you seek) that can provide sensitive
05-13 samples -examples information such a…

2004- filetype:pdf “Assessment These are reports from the Nessus Vulnerability Scanner. These report contain
05-03 Report” nessus detailed informat…

2004- inurl:phpSysInfo/ “created This statistics program allows the an admin to view stats about a webserver. Some
04-16 by phpsysinfo”… sites leave t…

2004- snort is an intrusion detection system. SnorfSnarf creates pretty web pages from
“SnortSnarf alert page”
04-16 intrusion dete…
2004- “Network Host Assessment This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
03-30 Report” “I… networks. …

2004- “This report lists” This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and
03-30 “identified by … networks. …

201
4-
inurl:typo3conf/localconf.php
04- typo3 passwords Bruno Schmid …
07

201
Google
4- inurl:/backup intitle:index of
Search:https://www.google.com/search?client=opera&q=admin+username+and
03- backup intext:*sql
+pass&sour…
31

201
3- Passwords for Java Management Extensions (JMX Remote) Used by jconsole,
filetype:password jmxremote
11- Eclipse’s MAT, Java Vi…
25

201
3- ext:sql intext:@gmail.com
author:haji …
11- intext:password
25

201
3- site:github.com inurl:sftp-
Find disclosed FTP login credentials in github repositories Credit: RogueCoder…
11- config.json
25

201
3- site:github.com inurl:sftp- Finds disclosed ftp FTP for WordPress installs, which have been pushed to a
11- config.json intext:/wp-… public repo on GitH…
25

201
3- “BEGIN RSA PRIVATE KEY”
To find private RSA Private SSL Keys …
09- filetype:key -gi…
24

201
3- Google Dork: filetype:sql insite:pass && user We Can get login username and
filetype:sql insite:pass && user
04- password…
22

201
3- ext:sql intext:@hotmail.com By , NItish Mehta , www.illuminativeworks.com/blog
04- intext :password https://www.facebook.com/illuminativework…
09
201
3- filetype:config inurl:web.config This google dork to find sensitive information of MySqlServer , “uid, and
04- inurl:ftp password” …
09

201
3- filetype:inc OR filetype:bak OR Aggregates previous mysql_(p)connect google dorks and adds a new filetype.
02- filetype:old mysql… Searches common fil…
05

201
*Google Search:*
3- ext:xml (“proto=’prpl-‘” | “prpl-
https://www.google.com/search?q=ext:xml%20(%22proto=’prpl-
02- ya…
‘%22%20|%20%22prp…
05

201
2- allinurl:”User_info/auth_user_fil Google dork for find user info and configuration password of DCForum
11- e.txt” allinurl:”User_info/…
05

201
2- A path to a DES encrypted password for DBMan ( http://www.gossamer-
inurl:”/dbman/default.pass”
11- threads.com/products/archiv…
02

201
2- “parent directory” This dork is based on this: http://www.exploit-db.com/ghdb/1212/ but
11- proftpdpasswd intitle… improved cause that is u…
02

201
2- filetype:xls “username | filetype:xls “username | password” This search reveals usernames and/or
11- password” passwords of …
02

201
ext:xml
2-
(“mode_passive”|”mode_defau OffSec: So the dork is: ext:xml (“mode_passive”|”mode_default”) Th…
11-
…
02

201
2- intext:charset_test= email=
08- default_persistent= find facebook email and password …
21

201
2- inurl:”passes” OR Hack the $cr1pt kiddies. There are a lot of Phishing pages hosted on internet ,
08- inurl:”passwords&… this dork wi…
21
201
2- filetype:cfg “radius”
Find config files with radius configs and passwords and secrets… Love Bastich …
05- (pass|passwd|passw…
15

2011- (username=* | username:* |) | (

Logged username, passwords, hashes Author: GhOsT-PR …
12-27 ((password=* | pas…

2011- Search for WordPress MySQL database backup. Author: AngelParrot

filetype:sql inurl:wp-content/backup-*
12-14 …

2011- This dork looks for Roboform password files. Author: Robert
“My RoboForm Data” “index of”
12-12 McCurdy …

2011-
inurl:”/Application Data/Filezilla/*” OR… this dork locates files containing ftp passwords …
11-19

2011- filetype:php~ Backup or temp versions of php files containing you guessed it
10-11 (pass|passwd|password|dbpass|db_pass… passwords or other ripe for the…

2011- this string may be used to find many low hanging fruit on FTP sites
inurl:ftp “password” filetype:xls
09-26 recently indexed by google….

2011- filetype:sql “phpmyAdmin SQL Dump”

phpMyAdmin SQL dump with passwords Bastich …
06-28 (pass…

2011- filetype:sql “MySQL dump”

MySQL database dump with passwords Bastich …
06-28 (pass|password…

2011-
filetype:sql “PostgreSQL database dump” … PostgreSQL database dump with passwords Bastich …
06-28

2011- Asian FTP software -, run the password hash through John etc.
filetype:ini “[FFFTP]” (pass|passwd|pass…
04-18 Author: Bastich …

2011- Total commander wxc_ftp.ini run has through John etc. or even
filetype:ini “FtpInBackground” (pass|pas…
04-18 better use http://wcxftp.org.ru/…

2011-
filetype:ini “precurio” (pass|passwd|pas… plain text passwods …
04-18

2011-
filetype:ini “SavedPasswords” (pass|pass… Unreal Tournament config, plain text passwords Author: Bastich …
04-18

2011- filetype:ini “pdo_mysql”

full details dbname dbuser dbpass all plain text Author:Bastich …
04-18 (pass|passwd|pa…

2011- Google search for web site build with symfony framework and in
inurl:web/frontend_dev.php -trunk
01-09 development environment. In …

2011- inurl:config/databases.yml -trac -trunk - Google search for web site build with symfony framework. This file
01-09 “Goo… contains the login / passwo…
2010- Google search for Cisco config files (some variants below):
inurl:-cfg intext:”enable password”
11-10 inurl:router-confg inurl:-confg…

2006- This returns xls files containing login names and passwords. it works
“login: *” “password: *” filet…
09-06 by showing all the xls fi…

2006- Hacking a phpBB forum. Here you can gather the mySQL connection
ext:php intext:”$dbms””$dbhost”…
08-10 information for their forum dat…

2006- CalenderScript is an overpriced online calender system written in

inurl:”calendarscript/users.txt”
03-21 perl. The passwords are encry…

2006- filetype:sql “insert into”

Looks for SQL dumps containing cleartext or encrypted passwords….
03-06 (pass|passwd|…

2006- filetype:reg reg This can be used to get encoded vnc passwords which can otherwise be
02-05 +intext:â€Å obtained by a local regist…

2006- ext:asa | ext:bak intext:uid

search for plaintext database credentials in ASA and BAK files….
01-02 intext:pwd -“uid…

2006- enable password | secret Another Cisco configuration search. This one is cleaner, gives complete
01-02 “current configurati… configuration files and…

2006- ext:passwd -intext:the -sample - Various encrypted passwords, some plaintext passwords and some private
01-02 example keys are revealed by thi…

2006- inurl:”editor/list.asp” | This search finds CLEARTEXT usernames/passwords for the Results Database
01-02 inurl:”da… Editor. The log in po…

2006- This query searches for files that have been renamed to a .bak extension
filetype:bak createobject sa
01-01 (obviously), but inclu…

2005- inurl:ventrilo_srv.ini This search reveals the ventrilo (voice communication program used by many
12-19 adminpassword online gamers) passw…

2005- “parent directory” User names and password hashes from web server backups generated by
11-30 +proftpdpasswd cpanel for ProFTPd. Passwo…

2005- Ruby on Rails is a MVC full-stack framework for development of web

ext:yml database inurl:config
11-14 applications. There’s a conf…

2005- FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file,
inurl:”Sites.dat”+”PASS=”
11-03 using this…

2005- Yes, people actually post their teamspeak servers on websites. Just look for
server-dbs “intitle:index of”
10-30 the words superadm…

2005- This search will show you the Administrator password (very first line) on YaBB
inurl:/yabb/Members/Admin.dat
09-28 forums whose own…
2005- “admin account info” searches for logs containing admin server account information such as
09-25 filetype:log username and password….

2005- This search finds log files containing the phrase (Your password is). These files
“your password is” filetype:log
09-24 often contain…

2005-
intitle:rapidshare intext:login Rapidshare login passwords….
09-18

2005- some people are that stupid to keep their Cisco routers config files on site.
intext:”enable password 7″
09-13 You can easly fin…

2005- If you want to find out FTP passwords from FlashFXP Client, just type this
filetype:dat inurl:Sites.dat
09-13 query in google and …

2005-
ext:inc “pwd=” “UID=” Database connection strings including passwords…
08-31

2005- [WFClient] Password= The WinFrame-Client infos needed by users to connect toCitrix Application
07-27 filetype:ica Servers (e.g. Metafra…

2005- inurl:cgi-bin CGI Calendar (Perl) configuration file reveals information including passwords for
06-24 inurl:calendar.cfg the program….

2005- intitle:”phpinfo()” This will look throught default phpinfo pages for ones that have a default mysql
06-05 +”mysql.default… password….

2005- Accesses passwords mostly in cgibin but not all the timeCan find passwords +
inurl:pass.dat
06-04 usernames (sometim…

2005- mIRC Passwords For Nicks & Channels in channel\[chanfolder] section of mirc.ini
inurl:perform.ini filetype:ini
06-06 you can fin…

2005- intext:”powered by HTMLJunction EZGuestbook is prone to a database disclosure vulnerability.

05-11 EZGuestbook” Remote users may down…

2005- inurl:server.cfg rcon

Counter strike rcon passwords, saved in the server.cfg….
05-06 password

!Host=*.*
2005- some people actually keep their VPN profiles on the internet…omg… Simply
intext:enc_UserPassword=*
05-02 donwload the pcf f…
ext:pcf

wwwboard WebAdmin
2005- This is a filtered version of previous ‘inurl:passwd’ searches, focusing on
inurl:passwd.txt
03-28 WWWBoard [1]. Ther…
wwwboard|webad…

2005- sysprep is used to drive unanttended MS Windows installations. The files contain
filetype:inf sysprep
03-20 all informatio…

2005- the unattend.txt is used to drive unanttended MS Windows installations. The files
ext:txt inurl:unattend.txt
03-20 contain all i…
2005- filetype:sql ("passwd Find insert statements where the field (or table name) preceding the operator
02-23 values" | … VALUES will be ‘…

2005- filetype:sql (“values * MD5” Locate insert statements making use of some builtin function to encrypt a
02-23 | “val… password. PASSWORD(),…

2005- intitle:”Index of” This dork lists sc_serv.conf files. These files contain information for Shoutcast
02-10 sc_serv.conf sc_serv … servers and o…

2005- “Powered by Link Link management script with advanced yet easy to use admin control panel, fully
02-15 Department” template driven…

"Powered by
2005- Here is another DUware product, DUpaypal. Once you get hold of the database it
DUpaypal" -
02-07 contains the adm…
site:duwa…

2005- filetype:inc mysql_connect INC files have PHP code within them that contain unencrypted usernames,
02-09 OR mysql_pconnect passwords, and addresse…

2005- ext:ini Version=4.0.0.4 The servU FTP Daemon ini file contains setting and session information including
01-27 password usernames, pas…

2004- Well, this is the configuration file for Eudora…may contain sensitive information
ext:ini eudora.ini
12-19 like pop se…

2004- intext:”powered by Web Web Wiz Journal ASP Blog. The MDB database is mostly unprotected and can be
12-13 Wiz Journal” downloaded directly…

2004- filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made
inurl:filezilla.xml -cvs
12-02 with the open…

2004- inurl:”GRC.DAT”
symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords….
11-28 intext:”password&qu…

2004- filetype:log “See `ipsec – BARF log filesMan page:Barf outputs (on standard output) a collection of debugging informa
11-28 copyright” …

2004- “powered by dudownload” Most duware products use Microsoft Access databases in default locations without instructi
11-23 -site:duware.com th…

2004- intitle:dupics inurl:(add.asp Most duware products use Microsoft Access databases in default locations without instructi
11-23 | default.asp | view… th…

2004- “powered by duclassmate” Most duware products use Microsoft Access databases in default locations without instructi
11-23 -site:duware.co… th…

2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi
11-23 site:duware.c… th…

2004- “Powered by Dudirectory” - Most duware products use Microsoft Access databases in default locations without instructi
11-23 site:duware.co… th…
2004- “Powered by Duclassified” - Most duware products use Microsoft Access databases in default locations without instructi
11-23 site:duware.c… th…

2004- “powered by ducalendar” - Most duware products use Microsoft Access databases in default locations without instructi
11-23 site:duware.com th…

2004-
intext:”enable secret 5 $” sometimes people make mistakes and post their cisco configs on “help sites” and don’t…
11-16

2004- “liveice configuration file”

This finds the liveice.cfg file which contains all configuration data for an Icecast server. P…
11-08 ext:cfg -si…

2004-
filetype:ini inurl:”serv-u.ini” serv-U is a ftp/administration server for Windows. This file leaks info about the version, user
11-06

2004-
inurl:pap-secrets -cvs linux vpns store there usernames and passwords for PAP authentification in a file called “…
11-06

2004-
inurl:chap-secrets -cvs linux vpns store their usernames and passwords for CHAP authentification in a file called “…
11-06

2004-
filetype:ini inurl:flashFXP.ini FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an excep
10-10

2004- “Powered By Elite Forum

Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly
09-24 Version *.*”

2004- Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access
filetype:mdb wwforum
09-24 databa…

2004-
“index of/” “ws_ftp.ini” “… This search is a cleanup of a previous entry by J0hnny. It uses “parent directory” to…
09-17

2004- filetype:config config

These files generally contain configuration information for a .Net Web Application. Things lik
09-16 intext:appSettings “Us…

2004-
filetype:ini wcx_ftp This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. On
08-25

2004- LeapFTP intitle:”index.of./” sites.ini The LeapFTP client configuration file “sites.ini” holds the login credentials
08-20 m… for tho…

2004- Oekakibss is a japanese anime creation application. The config file tells an
filetype:conf oekakibbs
08-16 attacker the encry…

2004- This is a query to get inline passwords from search engines (not just
“http://*:*@www” domainname
08-14 Google), you must type in…

2004- filetype:bak This will search for backup files (*.bak) created by some editors or even by
08-14 inurl:”htaccess|passwd|shadow|ht… the administrator …
2004- ASP-Nuke database file containing passwords.This search goes for the
inurl:/db/main.mdb
08-13 direct location and has fe…

2004- This search reveals database dumps that most likely relate to the php-
inurl:nuke filetype:sql
08-10 nuke or postnuke content …

2004- The servU FTP Daemon ini file contains setting and session information
filetype:ini ServUDaemon
08-06 including usernames, pas…

2004- Generally, these are dbman password files. They are not cleartext, but still
filetype:pass pass intext:userid
08-06 allow an attacker …

2004- This searches the password for “Website Access Analyzer”, a Japanese
“AutoCreate=TRUE password=*”
08-05 software that cr…

2004- The software wwwboard stores its passwords in a file called

inurl:/wwwboard
08-01 “passwd.txt”.An attacker …

2004- These are Windows Password List files and have been known to be easy to
filetype:pwl pwl
07-29 crack since the release…

2004- “# -FrontPage-” ext:pwd Frontpage.. very nice clean search results listing !!No further comments
07-26 inurl:(service |… required..changelog:22…

2004- This search reveals channel keys (passwords) on IRC as revealed from IRC
“sets mode: +k”
07-19 chat logs….

2004- intitle:”Index of” passwords These directories are named “password.” I wonder what you might find in
07-16 modified here. Warning…

2004- inurl:lilo.conf filetype:conf password LILO is a general purpose boot manager that can be used to boot multiple
07-16 -tatercount… operating systems, inc…

2004- NickServ allows you to “register” a nickname (on some IRC networks) and
NickServ registration passwords
07-12 prevent other…

2004- psyBNC is an IRC-Bouncer with many features. It compiles on Linux,

psyBNC config files
07-06 FreeBSD, SunOs and Solaris. …

2004- Everyone has this problem, we need to remember many passwords to

filetype:mdb inurl:users.mdb
06-16 access the resources we use. S…

2004- CCBill.com sells E-tickets to online entertainment and subscription-based

inurl:ccbill filetype:log
06-18 websites. CCBill.com …

2004- inurl:ospfd.conf intext:password - GNU Zebra is free software that manages TCP/IP based routing protocols.
06-10 sample -test -tu… It supports BGP-4 proto…

inurl:zebra.conf
2004- GNU Zebra is free software that manages TCP/IP based routing protocols. It supports
intext:password -sample -
06-10 BGP-4 prot…
test -tu…
2004- Microsoft Frontpage extensions appear on virtually every type of scanner. In the late
filetype:pwd service
06-10 90’s peop…

2004- Database maintenance is often automated by use of .sql files that contain many lines
filetype:sql password
06-04 of batched…

2004- filetype:sql +”IDENTIFIED Database maintenance is often automated by use of .sql files wich may contain
06-04 BY” -cvs many lines of bat…

2004- According to filext.com, the ldb file is “A lock file is used to keep muti-user databases
filetype:ldb admin
06-02 …

2004- filetype:cfg mrtg Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community
06-02 “target[*]” -sample -c… string (ofte…

2004- The world-famous web-browser Opera has the ability to save the password for you,
filetype:dat wand.dat
05-27 and it call th…

2004- Javascript for user validation is a bad idea as it shows cleartext user/pass combos.
signin filetype:url
05-26 There is …

2004- The .netrc file is used for automatic login to servers. The passwords are stored in
filetype:netrc password
05-26 cleartext….

2004- The encryption method used in WS_FTP is _extremely_ weak. These files can be
filetype:ini ws_ftp pwd
05-26 found with the &qu…

2004- inurl:”slapd.conf” slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can
05-25 intext:”rootpw&q… view a clea…

2004- inurl:”slapd.conf” slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key
05-25 intext:”credenti… “crede…

2004- This file contains the username and password the website uses to connect to the db.
filetype:inc dbconn
05-26 Lots of th…

2004- inurl:”wvdial.conf” The wvdial.conf is used for dialup connections.it contains phone numbers,
05-24 intext:”passwor… usernames and passwor…

2004- filetype:pem This search will find private key files… Private key files are supposed to be, well…
05-17 intext:private privat…

2004- slapd.conf is the file that contains all the configuration for OpenLDAP, including the
filetype:conf slapd.conf
05-17 root pas…

2004- filetype:dat This file contains plaintext usernames and password. Deadly information in the
05-17 “password.dat” hands of an atta…

2004- filetype:log These files contain cleartext usernames and passwords, as well as the sites
05-13 inurl:”password.log” associated with tho…

2004- filetype:url +inurl:”ftp://” These are FTP Bookmarks, some of which contain plaintext login names and
05-12 +inurl:&qu… passwords….
2004- inurl:vtund.conf Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an
05-12 intext:pass -cvs encrypted tunne…

filetype:reg reg
2004- This search reveals SSH host key fro the Windows Registry. These files contain
HKEY_CURRENT_USER
05-11 information abou…
SSHHOSTKEYS

2004- filetype:reg reg These pages display windows registry keys which reveal passwords and/or
05-07 +intext:”defaultusername&quo… usernames….

2004- filetype:inc INC files have PHP code within them that contain unencrypted usernames,
05-05 intext:mysql_connect passwords, and addresse…

2004- filetype:properties inurl:db The db.properties file contains usernames, decrypted passwords and even
05-04 intext:password hostnames and ip addres…

2004- intitle:”index of”

contains plaintext user/pass for mysql database…
05-03 intext:globals.inc

2004- Displays the perform.ini file used by the popular irc client mIRC. Often times
inurl:perform filetype:ini
05-03 has channel pass…

2004- intitle:”index of” These files often contain usernames and passwords for connection to mysql
04-26 intext:connect.inc databases. In many ca…

2004- These are eggdrop config files. Avoiding a full-blown descussion about
eggdrop filetype:user user
04-26 eggdrops and IRC bots, s…

2004- filetype:cfm “cfapplication These files contain ColdFusion source code. In some cases, the pages are
04-19 name” passwo… examples that are foun…

2004- Not all of these pages are administrator’s access databases containing
allinurl: admin mdb
04-16 usernames, passwords and…

2004- This file contains usernames and (lame) encrypted passwords! Armed with
intitle:Index.of etc shadow
03-04 this file and a decent …

2004- inurl:secring ext:skr | ext:pgp | This file is the secret keyring for PGP encryption. Armed with this file (and
03-04 ext:bak perhaps a passphr…

2004- intitle:index.of This file contains administrative user names and (weakly) encrypted password
03-04 administrators.pwd for Microsoft Fron…

2004- This is a nifty way to find htpasswd files. Htpasswd files contain usernames
htpasswd
03-04 and crackable pass…

2004-
passlist.txt (a better way) Cleartext passwords. No decryption required!…
01-23

2003- Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC,
trillian.ini
08-19 ICQ, etc. The v…
2003- inurl:config.php dbuname The old config.php script. This puppy should be held very closely. It should
07-29 dbpass never be viewable …

2003- DCForum’s password file. This file gives a list of (crackable) passwords,
auth_user_file.txt
07-11 usernames and email a…

2003- filetype:xls username password This search shows Microsoft Excel spreadsheets containing the words
06-30 email username, password and emai…

2003- This search gets you access to the etc directory, where many many many
etc (index.of)
06-27 types of password files …

2003- I’m not sure what uses this, but the passlist and passlist.txt files contain passwords
passlist
06-27 in CLEAR…

2003-
config.php This search brings up sites with “config.php” files. To skip the technical discussion…
06-24

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
passwd / etc (reliable)
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
spwd.db / passwd
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
htpasswd / htgroup
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
htpasswd / htpasswd.bak
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
pwd.db
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
master.passwd
06-24 grabbed by Google fo…

2003- There’s nothing that defines a googleDork more than getting your PASSWORDS
passwd
06-24 grabbed by Google fo…

2003-
people.lst *sigh*…
06-24

2003- intitle:index.of PGP is a great encryption technology. It keeps secrets safe. Everyone from drug
06-24 intext:”secring.skr”|&q… lords to the he…

2003- The .mysql_history file contains commands that were performed against a mysql
mysql history files
06-24 database. A “…

2014-
intitle:”Zimbra Web Client Log In” Open Source Zimbra Webmail Login pages …
04-21
2014-
intitle:”Zimbra Web Client Sign In” Open Source Zimbra Webmail Login pages …
04-21

2014-
inurl:typo3/install/index.php?mode= typo3 install logins Bruno Schmid …
04-07

2014- Finds login portals for Citrix XenApp. – Andy G –

inurl:”Citrix/XenApp/auth/login.aspx”
03-31 twitter.com/vxhex …

dork submitted by M4RKM3N aka Osama Mahmood revels

2014-
intitle:Admin inurl:login.php site:.co.in
02-28
admin login panels of sites …

2014- zimbra webmail login page lookup

allinurl:”zimbra/?zinitmode=http” -googl…
02-05 allinurl:”zimbra/?zinitmode=http” -google -github …

2014- [+] This dork will help you find Chamilo login portals.
allinurl:”/main/auth/profile.php” -githu…
01-03 Depending on the version, the site co…

2013- Title: google hacking username and password of joomla

inurl:/administrator/index.php?autologin=1
12-03 Google Dork: inurl:/administrator/index….

2013- Hi, I would like to submit this GHDB which allow to find out
“inurl:/data/nanoadmin.php”
11-25 nanoCMS administration pages :…

2013- Finds login pages for Jenkins continuous integration servers.

inurl:”/jenkins/login” “Page genera…
11-25 – Andy G – twitter.com/vxhex …

2013- Finds SimpleSAMLphp login pages. – Andy G –

inurl:”/module.php/core/loginuserpass.php&quo…
11-25 twitter.com/vxhex …

2013- [+] Description – Find OWA login portals Regards,

allinurl:”owa/auth/logon.aspx” -google -…
11-25 necrodamus http://www.twitter.com/ne…

2013- IP Codecs offering “studio quality audio and video over

intitle:”Comrex ACCESS Rack”
09-24 wired and wireless IP circuits&qu…

2013- inurl:phpmyadmin/index.php & (intext:username #Summary: PHP Admin login portals #Author: g00gl3 5c0u7
08-08 … …

2013- #Summary: Surveillance login portals #Author: g00gl3 5c0u7

intitle:”::: Login :::” & intext:&qu…
08-08 …

2013- #Summary: VoIP login portals #Category: Pages containing

inurl:8080 intitle:”login” intext:”…
08-08 login portals #Author: g00gl3 5c0u7 …

2013-
intitle:”WebMail | Powered by Winmail Server … #Summary: Winmail login portals #Author: g00gl3 5c0u7 …
08-08

2013-
intitle:”Login – OTRS” inurl:pl #Summary: OTRS login portals #Author: g00gl3 5c0u7 …
08-08
2013- #Summary: Several Web Pages Login Portal #Category:
inurl:”/secure/login.aspx”
08-08 Pages containing login portals #Author: g…

2013- #Summary: Windows Business Server 2003 Login portal

intext:”I’m using a public or shared computer…
08-08 #Category: Pages containing login portals …

2013- intitle:”.:: Welcome to the #Summary: ZyXEL router login portal #Category: Pages containing login portals
08-08 Web-Based Configu… #Author: g00gl3…

2013- intitle:”Internet Security #Summary: ZyWall Firewall login portal #Category: Various Online Devices
08-08 Appliance” &a… #Author: g00gl3 5c0u…

2013-
inurl:5000/webman/index.cgi Synology nas login …
08-08

2013- “Welcome to phpMyAdmin” +

Finds cPanel login pages. – Andy G – twitter.com/vxhex …
08-08 “Username…

2013- inurl:/secure/Dashboard.jspa Finds login pages and system dashboards for Atlassian’s JIRA. – Andy G –
08-08 intitle:”System … twitter.com/vxhex …

2013- intitle:”Cisco Integrated intitle:”Cisco Integrated Management Controller Login” The Cisco Integrated
08-08 Management Controll… Manage…

2013- inurl:”dasdec/dasdec.csp” DASDEC II Emergency Alert System User Manual:

inurl:”dasdec/dasdec.csp”
08-08 http://www….

2013-
intitle:”VNC Viewer for Java” VNC Viewer for Java ~4N6 Security~ …
08-08

2013- Serv-U (c) Copyright 1995- # Category: FTP Login Portals # Description : Dork for finding FTP Login portals #
04-22 2013 Rhino Software, Inc… Google Dor…

2013- intext:Computer Misuse Act Category : Pages containing login portals Description : Dork for finding sensitive
04-09 inurl:login.aspx login porta…

intext:YOU ARE ACCESSING A

2013- Category : Pages containing login portals Description : Dork for finding
GOVERNMENT INFORMATION
04-09 government login port…
…

intext:THIS IS A PRIVATE
2013- Category : Pages containing login portals Description : Dork for finding sensitive
SYSTEM AUTHORISED ACCESS
04-09 login porta…
…

2013- allintext: “Please login to

Reported by: Jasper Briels…
04-09 continue…”…

2013- DORK:site:login.*.* Description: Allow User To View Login Panel Of Many

site:login.*.*
02-05 WebSites.. Author:MT…

2012- you really should fix this

Gives sites with default username root and no password — nitish mehta …
12-31 security hole by settin…
2012-
inurl:phpliteadmin.php The default password is ‘admin’ …
11-02

2012-
inurl:”InfoViewApp/logon.jsp” Google Hacking *SAP Business Object 3.1 XI* inurl:”InfoViewApp/logon.jsp” tw…
11-02

2012- This dork will find most Linux-based DVR web clients that are accessible to the
intitle:”DVR+Web+Client”
08-21 web and throug…

2012- Please-logon “intitle:zarafa

Zarafa Webaccess logon pages. Greetings, Alrik. …
08-21 webaccess “

2012- intitle:”Log In” “Access

iOmega Storcenter login page: intitle:”Log In” “Access unsecured content with…
08-21 unsecured …

2012- inurl:/app_dev.php/login Search for login screen in web aplications developed with Symfony2 in
08-21 “Environment” a development environment…

2012- inurl:”cgi-bin/webcgi/main” This dork finds indexed public facing Dell

inurl:”cgi-bin/webcgi/main”
08-21 Remote Acce…

2012- Hi, By default, while subscribing to a mailing list on a website, running

“mailing list memberships reminder”
05-15 Mailman (GNU) for…

2012-
“Welcome to Sitecore” + “License Ho… Sitecore CMS detection. …
05-15

2011- Search for login screen of default instance: Cyber Recruiter (applicant
intitle:”cyber recruiter” “User ID&…
05-11 tracking and recruitin…

2011- intitle:”Enabling Self-Service Search for login screen of default instance: Puridiom (A Procurement
05-11 Procurement&qu… Web Application) …

2011- “Login Name” Repository Webtop Search for login screen of default instance: Documentum Webtop by
05-11 intitle:l… EMC …

2011- Search for login screen of default instance: Cascade Server CMS by
intitle:”cascade server” inurl:login.act
03-15 Hannon Author: Erik Horton …

2010-
inurl:src/login.php Locates SquirrelMail Login Pages Author: 0daydevilz…
11-13

2010-
inurl:/dana-na/auth/ Juniper SSL Author: bugbear…
11-12

2010- “Remote Supervisor Adapter II”

IBM e-server’s login pages. Author: DigiP…
11-10 inurl:use…

2010- This search identifies clpbpucket installations. They frequently have an

||Powered by [ClipBucket 2.0.91]
11-10 admin/admin default pa…
2006- intitle:ARI “Phone System
Login page for “Asterisk Recording Interface” (ARI)….
10-02 Administrator”

2006- intitle:”AdventNet ManageEngine serviceDesk Plus is a 100 % web-based Help Desk and Asset
10-02 ServiceDesk P… Management software.vendor: h**p://ma…

2006- Customer login pages for what looks like an inhouse eshop. More
inurl:”/?pagename=CustomerLogin”
09-20 information here:h**p://catalin…

2006- Powered by Bariatric AdvantageAdmin Login:Admin login pages for

inurl:”/?pagename=AdministratorLogin”
09-20 what looks like an inhouse esho…

2006- Plesk is a multi platform control panel solution for hosting.More

inurl:+:8443/login.php3
09-27 information: hxxp://www.swsof…

2006- (intitle:”SilkyMail by Cyrusoft silkyMail is a free internet email client, from www.cyrusoft.com, that
08-03 International… runs in your browser. Th…

2006- Webmail is a http based email server made by atmail.com. To get to

intitle:”Login to @Mail” (ext:pl | inurl…
08-03 the admin login instead of t…

2006- surgemail is an email server from netwinsite.com that can be accessed

“SurgeMAIL” inurl:/cgi/user.cgi ext:cgi
08-03 by a web browser. This do…

2006- Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A

intitle:Ampache intitle:”love of music” …
06-29 manager. It allows you to view, edit, and play y…

2006- This simple search brings up lots of online Flash Chat clients.
FlashChat v4.5.7
07-29 Flash Chat’s administration dir…

2006- Login Pages “eXist is an Open Source native XML database

intitle:”eXist Database Administration” …
05-03 featuring efficient, index-based …

2006- Login Pages for WebMyStyle.”WebMyStyle offers a full range of

(intitle:”WmSC e-Cart Administration”)|(…
05-03 web hosting and dedicated se…

2006-
(intitle:”Please login – Forums powered by UB… Logins for Forums powered by UBB.threads…
05-03

2006- Login pages for SHOUTcast”SHOUTcast is a free-of-charge audio

intitle:”SHOUTcast Administrator” inurl:…
05-03 homesteading solution. It pe…

2006- Webmail Login pages for IMP”IMP is a set of PHP scripts that
intitle:IMP inurl:imp/index.php3
05-03 implement an IMAP based webma…

2006- “TWIG is a Web-based groupware suite written in PHP,

intitle:”TWIG Login”
05-03 compatible with both PHP3 and PHP4. I…

2006-
“SquirrelMail version” “By the Squi… More SquirrelMail Logins…
05-03
2006- “TrackerCam® is a software application that lets you
intitle:(“TrackerCam Live Video”)|(“…
05-03 put your webcam on…

2006- “rymo is a small but reliable webmail gateway. It contacts a

(intitle:”rymo Login”)|(intext:”We…
05-03 POP3-server for mail reading …

2006- (intitle:”Please login – Forums powered by “WWWthreads is a high powered, full scalable, customizable
05-03 WW… open source bulletin board pack…

2006- Customer login pages”SalesLogix is the Customer Relationship

inurl:”/slxweb.dll/external?name=(custportal|…
05-03 Management Solution that driv…

2006-
intitle:”Employee Intranet Login” Intranet login pages by decentrix.com…
05-03

2006- “PHP121 is a free web based instant messenger – written

inurl:”php121login.php”
05-03 entirely in PHP. This means that i…

2006- The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script
Please enter a valid password! inurl:polladmin
04-25 for creating and managing polls…

2006- EZPartner is a great marketing tool that will help you increase
intitle:”EZPartner” -netpond
03-21 your sales by sending webmaster…

2006- Webmail is a http based email server made by atmail.com. To

intitle:”Login to @Mail” (ext:pl | inurl…
03-21 get to the admin login instead of r…

2006- Ecommerce templates makes a online shopping cart solution.

inurl:”vsadmin/login” | inurl:”vsad…
03-21 This search finds the admin login….

2006- This dork finds firewall/vpn products from fiber logic. They only
“Web-Based Management” “Please inpu…
03-21 require a one-factor authent…

inurl:2000
2006- RemotelyAnywhere is a program that enables remote control, in the same matter
intitle:RemotelyAnywhere -
03-21 as VNC. Once Log…
site:realvnc….

2006- inurl:”/admin/configuration. simply google inurl trick for Oscommerce for open administrator page.If no
03-07 php?” Mysto… .htpassword is set f…

2006- EasyAccess Web is a application to view radiological images online.Like in hospitals

inurl:ids5web
02-09 or univers…

2006- intext:”Fill out the form The page to change admin passwords. Minor threat but the place to start an
02-08 below completely to… attack….

2006- “Powered by Midmart Midmart Messageboard lets you run a highly customizable bulletin board with a
01-16 Messageboard” “… very nice user in…

2006- intitle:Ovislink
Ovislink vpn login page….
01-16 inurl:private/login
2006- “intitle:3300 Integrated logon portal to the mitel 330 integrated communications
01-14 Communications Platf… platform.[Mitel® 330…

2006- “bp blog admin” intitle:login betaparticle (bp) blog is blog software coded in asp. This google dork finds the
01-02 | intitle:… admin logins….

“Emergisoft web
2005-
applications are a part of Hospital patient management system, in theory it could be dangerous….
12-31
ou…

2005- intitle:”b2evo > Login form” b2evolution is a free open-source blogging system from b2evolution.net. This dork
12-19 “Lo… finds the ad…

2005- intitle:”Admin login” “Web sift Group makes a web site administration product which can be accessed via a
12-19 Site Adm… web browser. Th…

2005- inurl:/Merchant2/admin.mv Miva Merchant is a product that helps buisnesses get into e-commerce. This dork
12-19 | inurl:/Merchant2/admin… locates their …

2005- “site info for” “Enter Admin This will take you to the cash crusader admin login screen. It is my first google
11-21 Passwo… hack.. also t…

2005- “Establishing a secure

iLo and related login pages !? Whoops…..
11-16 Integrated Lights Out …

2005- inurl:webvpn.html “login” The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets
11-16 “Please e… Layer (SSL) VPN ser…

2005- “This is a restricted Access Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic
11-16 Server” &qu… mail program …

2005- intitle:”Merak Mail Server User login pages for Merak Email Server Suite which consists of Merak Email
11-16 Web Administration… Server core and opt…

2005- “Powered by Merak Mail Webmail login portals for Merak Email ServerMerak Email Server Suite consists of
11-13 Server Software” … multiple award…

2005- This search finds the login page for iCONECTnxt, it enables firms to search,
“iCONECT 4.1 :: Login”
11-12 organize, and revi…

2005- intitle:”Novell Web Novell GroupWise is a complete collaboration software solution that provides
11-12 Services” “Grou… information worker…

2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the
11-12 | “You a… user interface and fu…

2005- intitle:”EXTRANET login” -

This search finds many different Extranet login pages….
11-12 .edu -.mil -.g…

2005- intitle:”EXTRANET * – WorkZone Extranet Solution login page. All portals are in french or spanish I
11-12 Identification” belive….
2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment
11-12 Program – Login&q… Solution implemen…

2005- intitle:”Docutek ERes – Docutek Eres is software that helps libaries get an internet end to them. This dork
10-26 Admin Login” -ed… finds the a…

2005- WEBppliance is a software application designed to automate the deployment and

inurl:ocw_login_username
10-13 management of Web…

2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info:
09-26 inurl:super… http://www.supermicro….

2005- intitle:”iDevAffiliate – Affiliate Tracking Software Adding affiliate tracking software to your site is one of
09-25 admin” -demo the most…

2005- “Please login with admin PHPsFTPd is a web based administration and configuration interface for the
09-25 pass” -“le… SLimFTPd ftp serverI…

2005- intitle:”Admin Login” Blogware Login Portal: “An exciting and innovative tool for creating or enhancing
09-25 “admin login&… your web…

2005- intitle:”Login Forum Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula
09-23 Powered By AnyBoard”… Anyboard 9.x &…

2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides
09-23 – @www.aimoo.com… one of the m…

2005-
intitle:”i-secure v1.1″ -edu I-Secure Login Pages…
09-23

2005- inurl:/modcp/ there have been several dorks for vBulletin, but I could not find one in the search
09-23 intext:Moderator+vBulletin that target…

2005- intitle:”PHProjekt – login” PHProjekt is a group managing software for online calenders, chat, forums, etc. I
09-21 login passwo… looked aroun…

2005- GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure
“login prompt” inurl:GM.cgi
09-13 in the a…

2005- “Powered by Monster Top 2 Step dork – Change url to add filename “admin.php” (just remove
09-13 List” MTL numran… index.php&stuff…

2005- intext:”Master Account”

There seems to be several vulns for qmail….
09-13 “Domain Na…

intitle:”Content
2005- iCMS – Content Management System…Create dynamic interactive websites in
Management System”
09-13 minutes without knowi…
&quo…

2005- “Please authenticate

Photo gallery managment system login…
08-30 yourself to get access t…
2005- intitle:”*- HP WBEM Login” HP WBEM Clients are WBEM enabled management applications that provide the
11-12 | “You a… user interface and fu…

2005- intitle:”EXTRANET login” -

This search finds many different Extranet login pages….
11-12 .edu -.mil -.g…

2005- intitle:”EXTRANET * – WorkZone Extranet Solution login page. All portals are in french or spanish I
11-12 Identification” belive….

2005- intitle:”OnLine Recruitment This is the Employer’s Interface of eRecruiter, a 100% Paper Less Recruitment
11-12 Program – Login&q… Solution implemen…

2005- intitle:”Docutek ERes – Docutek Eres is software that helps libaries get an internet end to them. This dork
10-26 Admin Login” -ed… finds the a…

2005- WEBppliance is a software application designed to automate the deployment and

inurl:ocw_login_username
10-13 management of Web…

2005- intitle:”Supero Doctor III” - “Supero Doctor III Remote Management” by Supermicro, Inc.info:
09-26 inurl:super… http://www.supermicro….

2005- intitle:”iDevAffiliate – Affiliate Tracking Software Adding affiliate tracking software to your site is one of
09-25 admin” -demo the most…

2005- “Please login with admin PHPsFTPd is a web based administration and configuration interface for the
09-25 pass” -“le… SLimFTPd ftp serverI…

2005- intitle:”Admin Login” Blogware Login Portal: “An exciting and innovative tool for creating or enhancing
09-25 “admin login&… your web…

2005- intitle:”Login Forum Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula
09-23 Powered By AnyBoard”… Anyboard 9.x &…

2005- intitle:”Login to the forums Aimoo Login Pages. “Looking for a free message board solution? Aimoo provides
09-23 – @www.aimoo.com… one of the m…

2005-
intitle:”i-secure v1.1″ -edu I-Secure Login Pages…
09-23

2005- inurl:/modcp/ there have been several dorks for vBulletin, but I could not find one in the search
09-23 intext:Moderator+vBulletin that target…

2005- intitle:”PHProjekt – login” PHProjekt is a group managing software for online calenders, chat, forums, etc. I
09-21 login passwo… looked aroun…

2005- GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure
“login prompt” inurl:GM.cgi
09-13 in the a…

2005- “Powered by Monster Top 2 Step dork – Change url to add filename “admin.php” (just remove
09-13 List” MTL numran… index.php&stuff…
2005- intext:”Master Account”
There seems to be several vulns for qmail….
09-13 “Domain Na…

intitle:”Content
2005- iCMS – Content Management System…Create dynamic interactive websites in
Management System”
09-13 minutes without knowi…
&quo…

2005- “Please authenticate

Photo gallery managment system login…
08-30 yourself to get access t…

2005- “You have requested to

Terracotta web manager admin login portal….
08-30 access the management …

2005- intitle:”web-cyradm”|”by Web-cyradm is a software that glues topnotch mailing technologies together. The
08-30 Luc de Lou… focus is on adm…

2005- intext:”Master Account” qmail mail admin login pages.There are several vulnerabilities relating to this
08-30 “Domain Nam… software…

intitle:”Content
2005- iCMS – Content Management System…Create websites without knowing HTML or
Management System”
08-30 web programming….
&quo…

2005-
inurl:csCreatePro.cgi Create Pro logon pages….
08-28

2005- intitle:”xams 0.0.0..15 – This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being the latest
08-14 Login” version as …

2005- “HostingAccelerator” This will find the login portal for HostingAccelerator ControlPanel I have not looked
08-14 intitle:”login… for explo…

2005- “inspanel” intitle:”login” -

This finds all versions of the inspanel login page….
08-15 &q…

2005- intitle:”communigate pro * Just reveals the login for Communigate Pro webmail. A brute force attack could be
08-11 *” intitle:&q… attempted. Th…

2005-
intitle:”AlternC Desktop” This finds the login page for AlternC Desktop I dont know what versions….
08-15

2005- Vulnerable script auth.php (SQL injection)— from rst.void.ru —Possible scenario of
intitle:phpnews.login
08-10 attack:[…

2005- intitle:”Cisco CallManager [quote]Cisco CallManagerCallManager is a FREE web application/interface included

08-08 User Options Log O… with your VoIP…

2005- inurl:”default/login.php” This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-of-
07-26 intitle:”… the-art gro…

2005- intitle:”Member Login” Pretty standered login pages, they all have various differences but it appears that
07-24 “NOTE: Your … they use th…
2005- “This section is for Nothing special, just one more set of login pages, but the “Administrators only”
07-24 Administrators only. If … line…

2005- intitle:”Welcome to Mailtraq WebMail is just another a web-based e-mail client. This is the login
07-22 Mailtraq WebMail” page….

2005- intitle:”TOPdesk Topdesk is some kind of incident ticket system with a webinterface. It requires:
07-22 ApplicationServer” Windows 98 and…

2005- “You have requested access BackgroundEasySite is a Content Management System (CMS) build on PHP and
07-20 to a restricted ar… MySQL. Many easysite s…

2005-
inurl:textpattern/index.php Login portal for textpattern a CMS/Blogger tool….
06-09

2005- Cacti is a complete network graphing solution designed to harness the power of
intitle:”Login to Cacti”
06-24 RRDTool’s data s…

2005- intitle:”XMail Web Administration This search will find the Web Administration Interface for servers
06-09 Interface&q… running XMail.”XMail is…

2005- This gives results for hosting plans that don’t have associated fees,
intext:”Welcome to” inurl:”cp”…
06-05 so anyone can sign up wit…

2005- This query reveals login pages for the administration of XcAuction
intitle:”XcAuctionLite” | “DRIVEN B…
06-07 and XcClassified Lite..”…

2005- This search reveals the login page for the Cyclades TS1000 and
allintitle:”Welcome to the Cyclades”
06-02 TS2000 Web Management Service. T…

2005- VisNetic WebMail is a built-in web mail server that allows VisNetic
intitle:”VisNetic WebMail” inurl:”/…
06-06 Mail Server account holders…

2005- inurl:/SUSAdmin intitle:”Microsoft Software Microsoft SUS Server is a Patch Management Tool for Windows
05-23 U… 2000, XP and 2003 systems.It can be…

2005-
inurl:exchweb/bin/auth/owalogon.asp Outlook Web Access Login POrtal…
05-15

2005-
inurl:Citrix/MetaFrame/default/default.aspx MetaFrame Presentation Server…
05-15

2005-
inurl::2082/frontend -demo This allows you access to CPanel login dialogues/screens….
05-11

2005- MDaemon , Windows-based email server software, contains full

intitle:”WorldClient” intext:”Ã�…
05-02 mail server functionality and cont…

2005- Open-Xchange 5 is a high performance substitute for costly and

intitle:open-xchange inurl:login.pl
05-02 inflexible Microsoft Exchange de…
2005- intitle:”site administration: please log
Real Estate software package, with the admin login screen…
05-02 in&q…

2005- GNU GNATS is a set of tools for tracking bugs reported by users to
inurl:gnatsweb.pl
05-02 a central site. It allows pr…

2005- “Powered by DWMail” password What is DWmailâ„¢?: DWmailâ„¢ is

05-02 intitle:dwm… an ‘…

2005- Just another logon page search, this one is for SFX®, a link
intitle:”SFXAdmin – sfx_global” | intitl…
04-27 server from Ex …

2005- By itself, this returns Zope’s help pages. Manipulation of the URL,
intitle:”Zope Help System” inurl:HelpSys
04-27 changing ‘HelpSys’ to ‘mana…

2005- IlohaMail is a light-weight yet feature rich multilingual webmail

intitle:ilohamail “Powered by IlohaMail”
04-17 system designed for ease of u…

2005-
intitle:ilohamail intext:”Version 0.8.10″… some version of ilohamail are vulnerable….
04-11

2005- intitle:"inc. vpn 3000 This search will show the login page for Cisco VPN 3000
04-11 concentrator&q… concentrators. Since the default user …

2005-
intext:"vbulletin" inurl:admincp vBulletin Admin Control Panel…
04-09

2005- Dell OpenManage enables remote execution of tasks such as system configuration,
inurl:”usysinfo?login=true”
01-25 imaging, applic…

2005- intext:”Mail admins login

Another way to locate Postfix admin logon pages….
01-24 here to administrat…

2005- PhotoPost was designed to help you give your users exactly what they want. Your
PhotoPost PHP Upload
01-13 users will be t…

2005- PHPhotoalbum is a picturegallery script. You can upload pictures directly from your
PHPhotoalbum Statistics
01-13 webbrowser….

2005- Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a

PHPhotoalbum Upload
01-13 picturegallery script. You can…

2005- inurl:”631/admin” Administration pages for CUPS, The Common UNIX Printing System. Most are
01-18 (inurl:”op=*”… password protected….

2005- intitle:”VNC viewer for VNC (Virtual Network Computing) allows a pc to be controlled remotely over the
01-15 Java” Internet. These …

2005- inurl:”Activex/default.htm” This search will reveal the active X plugin page that allows someone to access PC
01-15 “Demo&q… Anywhere from…
2005- “pcANYWHERE EXPRESS This search will reveal the java script program that allows someone to access PC
01-15 Java Client” Anywhere from,…

2004- intext:””BiTBOARD v2.0″ The bitboard2 is a board that need no database to work. So it is useful for
12-19 BiTSHiFTERS… webmaster that have…

2004- intitle:Login intext:”RT is RT is an enterprise-grade ticketing system which enables a group of people to
12-19 ÂÂ�… intelligently and…

2004- intitle:”Athens Athens is an Access Management system for controlling access to web based
12-19 Authentication Point” subscription services…

2004- intitle:”Novell Web

“Novell® GroupWise is an enterprise collaboration system that provides …
12-19 Services” intext:&qu…

2004- inurl:1810 “Oracle Enterprise Manager 10g Grid Control provides a single tool that can monitor and
12-19 Enterprise Manager” manage not only…

2004- intitle:”WebLogic Server” BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure
12-19 intitle:”… for developi…

2004- intitle:”MX Control MX Logic’s customizable and easy-to-use MX Control

12-19 Console” “If yo… Console…

2004- Quicktime streaming server is uhhhhh…..well it’s a streaming server and it can be
inurl:”1220/parse_xml.cgi?”
12-10 managed via…

2004- intitle:”vhost” intext:”vHost vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD
12-13 . 200… server with …

2004- intitle:”VitalQIP IP The VitalQIP Web Client Interface provides a World Wide Web interface for the
12-07 Management System” VitalQIP IP Manag…

2004- intext:”Storage These pages can reveal information about the operating system and patch level, as
11-30 Management Server for” i… well as provi…

2004- intitle:”PHP Advanced Transfer” PHP Advacaned Transfer is GPL’d software that claims to be the “The ultimate
11-28 inurl:&q… PHP download …

2004- inurl:coranto.cgi intitle:Login Coranto is one of the most powerful Content Management System (CMS)
11-28 (Authorized Users … available on the market. It…

2004- inurl:/webedit.* intext:WebEdit

WebEdit is a content management system. This is the login portal search….
11-18 Professional -html

2005- intitle:”phpPgAdmin – Login” phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect
03-03 Language for PostgreSQL DBAs…

2004- inurl:postfixadmin intitle:”postfix

Postfix Admin login pages. Duh….
11-16 admin&quo…
2004- intitle:”Icecast Administration Icecast streaming audio server web admin.This gives you a list of connected
11-07 Admin Page&qu… clients. Interestin…

2004- CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker

inurl:irc filetype:cgi cgi:irc
11-04 could communicate a…

2004- intitle:”php icalendar This is the adminstration login portal search for PHP iCalendar. It is
10-31 administration” -… compatible with Evolutio…

2004- intitle:”php icalendar PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF
10-31 administration” -… spec. It displays …

2004- inurl:login.php “SquirrelMail squirrelMail is a standards-based webmail package written in PHP4. It

10-20 version” includes built-in pure PH…

2004- inurl:/dana- Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site
10-20 na/auth/welcome.html scripting vulne…

2004- Plesk is server management software developed for the Hosting Service
intitle:plesk inurl:login.php3
10-20 Industry. Various vulnera…

2004- “OPENSRS Domain OpenSRS Domain Management SystemNo vulnerabilities are reported to
10-19 Management” inurl:manage… security focus….

2004- The famous Sun linux appliance. Nice clean portal search.Various
“Login – Sun Cobalt RaQ”
10-19 vulnerabilities are reported t…

2004- intitle:”ISPMan : Unauthorized ISPMan is a distributed system to manage components of ISP from a central
10-19 Access prohibi… management interface….

2004- sysCP: Open Source server management tool for Debian LinuxNo
“SysCP – login”
10-19 vulnerabilities are reported to se…

2004- intitle:”Virtual Server VISAS, German control panel software like confixx.No vulnerabilities are
10-19 Administration System… reported to security f…

2004- VHCS is professional Control Panel Software for Shared, Reseller, vServer and
“VHCS Pro ver” -demo
10-19 Dedicated Servers…

2004- inurl:confixx Confixx is a webhosting management tool and has the following features: *
10-19 inurl:login|anmeldung create resellers, * e…

2004- aspWebCalendar is a browser based software package that runs over a

inurl:”calendar.asp?action=login”
10-06 standard web browser, such …

2004- “IMail Server Web IMail Server from Ipswitch is a messaging solution with 60 million users worldwide.
10-19 Messaging” intitle:log… It contains…

intitle:”remote
2004- The Aanval Intrusion Detection Console is an advanced intrusion detection monitor
assessment” OpenAanval
10-16 and alerting …
C…
2004- “WebExplorer Server – WebExplorer Server is a web-based file management system for sharing files with
10-16 Login” “Welco… user permission…

2004- intitle:”Philex 0.2*” -script - Philex (phile ‘file’ explorer) is a web content manager based php what philex can
10-14 site:free… do ? – eas…

2004- inurl:default.asp Polycom WebCommander gives you control over all aspects of setting up
10-14 intitle:”WebCommander” conferences on Polycom MG…

2004- MailMan is a product by Endymion corporation that provides a web based

intitle:”MailMan Login”
10-11 interface to email via P…

2004- intitle:”oMail-admin oMail-webmail is a Webmail solution for mail servers based on qmail and
10-05 Administration – Login&q… optionally vmailmgr or …

2004- intitle:”microsoft certificate Microsoft Certificate Services Authority (CA) software can be used to issue digital
09-24 services”… certificate…

2004- MailEnable Standard Edition provides robust SMTP and POP3 services for Windows
inurl:mewebmail
09-23 NT/2000/XP/2003 …

2005- What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses
W-Nailer Upload Area
01-13 a graphica…

2004- inurl:”typo3/index.php?u=” TYPO3 is a free Open Source content management system for enterprise purposes
09-21 -demo on the web and in…

2004- inurl:administrator Mambo is a full-featured content management system that can be used for
09-21 “welcome to mambo” everything from simple …

2004- Thousands of enterprises, governmental offices, non-profit organizations, small

ez Publish administration
09-21 and middle size…

2004- intitle:”Tomcat Server This finds login portals for Apache Tomcat, an open source Java servlet container
09-18 Administration” which can run…

2004- intitle:”Login – powered by Easy File Sharing Web Server is a file sharing software that allows visitors to
09-18 Easy File Sharing… upload/download…

2004- “Login to Usermin” Usermin is a web interface that can be used by any user on a Unix system to easily
09-18 inurl:20000 perform task…

2004- TUTOS stands for “The Ultimate Team Organization Software.” This search finds
intitle:”TUTOS Login”
09-18 the log…

2004- filetype:pl “Download: SuSE this search will get you on the web administration portal of linux open exchange
09-10 Linux Openexchang… servers….

2004- 4images Administration 4images Gallery – 4images is a web-based image gallery management system. The
08-25 Control Panel 4images administr…
 intitle:Novell
2004-
intitle:WebAccess search to show online Novell Groupwise web access portals….
08-21
“Copyright *…

2004- GradeSpeed seems to be a .NET application to administer school results for

inurl:”gs/adminlogin.aspx”
08-20 several schools usin…

2004- 1&1 Webmail login portals. This is made by a german company called Internet
intitle:Login * Webmailer
08-20 United active i…

2004- Login (“Powered by Jetbox Jetbox is a content management systems (CMS) that uses MySQL or equivalent
08-20 One CMS âÃ�… databases. There is …

2004- intitle:”ITS System

Frontend for SAP Internet Transaction Server webgui service….
08-16 Information” “P…

Novell NetWare
2004- Netware servers ( v5 and up ) use a web-based management utility called Portal
intext:”netware
08-16 services, which …
management por…

2004- “powered by CuteNews” This finds sites powered by various CuteNews versions. An attacker use this list
08-16 “2003..2005 C… and search the…

2004- inurl:cgi- These are login pages for Infopop’s message board UBB.classic. For the
08-13 bin/ultimatebb.cgi?ubb=login UBB.threads you can use …

2004- intitle:”please login” “your

These administrators were friendly enough to give hints about the password….
08-13 passwo…

2004-
Ultima Online loginservers This one finds login servers for the Ultima Online game….
08-09

2004- “WebSTAR Mail – Please Log @stake, Inc. advisory: “4D WebSTAR is a software product that provides Web,
08-09 In” FTP, and Mail …

2004- intitle:”teamspeak server- TeamSpeak is an application which allows its users to talk to each other over the
08-09 administration internet and …

2004- inurl:/cgi-
sQWebmail login portals….
08-06 bin/sqwebmail?noframes=1

2004- (inurl:”ars/cgi-
From the vendor site: “Remedy’s Action Request System…
08-05 bin/arweb?O=0″ | inurl:a…

2004- intitle:Node.List synchronet Bulletin Board System Software is a free software package that can
08-05 Win32.Version.3.11 turn your persona…

2004- From the marketing brochure: “UltiPro Workforce Management offers you the
inurl:”utilities/TreeView.asp”
07-29 most comprehensi…

2004- ASP.login_aspx .NET based login pages serving the whole environment and process trace for your
07-26 “ASP.NET_SessionId” viewing pleasur…
2004- From the sales department: “INDEXU is a portal solution software that allows you
Powered by INDEXU
07-22 to build …

2004- PhpWebMail is a php webmail system that supports imap or pop3. It has been
phpWebMail
07-12 reported that PHP…

2004- filetype:php
This is a standard login portal for the webadmin program….
07-09 inurl:”webeditor.php”

2004- CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could
CGI:IRC Login
06-22 communicate a…

2004- According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a

Outlook Web Access (a better way)
06-18 Microsoft Exchange Acti…

2004- Tarantella is a family of enterprise-class secure remote access software

“ttawlogin.cgi/?action=”
06-04 products. This Google-…

2004- intitle:”Welcome Site/User service providers worldwide use Ensim’s products to automate the
06-10 Administrator”… management of their hosting s…

2004-
intitle:”ZyXEL Prestige Router” “En… This is the main authentication screen for the ZyXEL Prestige Router….
06-04

2004- WRQ Reflection gives you a standard desktop that includes web- and
filetype:r2w r2w
06-04 Windows-based terminal emula…

2004- phpMySearch is a personal search engine that one can use to provide a
inurl:search/admin.php
05-30 search feature for one’s …

2004- silkRoad Eprise is a dynamic content management product that simplifies

inurl:/eprise/
05-26 the flow of content to …

2004- intitle:”Dell Remote Access This is the Dell Remote Access Controller that allows remote
05-17 Controller” administration of a Dell server….

2004- This is a simple search for a login page. Attackers view login pages as the
“please log in”
05-13 “front door&qu…

2004- This search reveals sites which may be using Shockwave (Flash) as a login
inurl:login filetype:swf swf
05-12 mechanism for a site….

2004-
inurl:”webadmin” filetype:nsf This is a standard login page for Domino Web Administration….
05-11

2004- This iks the login page for eMule, the p2p file-sharing program. These
intitle:”eMule *” intitle:”- Web Co…
05-11 pages forego the login n…

2004- These are Citrix Metaframe login portals. Attackers can use these to profile
inurl:/Citrix/Nfuse17/
05-10 a site and can use…
2004- inurl:metaframexp/default/login.asp These are Citrix Metaframe login portals. Attackers can use these to profile
05-10 | intitle:&quo… a site and can use…

2004- A Login portal for Lotus Domino servers. Attackers can attack this page or
inurl:names.nsf?opendatabase
05-04 use it to gather inf…

2004- intitle:”Remote Desktop Web This is the login page for Microsoft’s Remote Desktop Web Connection,
04-28 Connection” … which allows remote users…

2004- intitle:”MikroTik RouterOS

This is the front page entry point to a “Mikro Tik” Router….
04-26 Managing Webpage&q…

2004- VNC is a remote-controlled desktop product. Depending on the

“VNC Desktop” inurl:5800
04-21 configuration, remote users may no…

2004- This is a typical login page. It has recently become a target for SQL
inurl:/admin/login.asp
04-21 injection. Comsec’s artic…

2004- This is a typical login page. It has recently become a target for SQL
inurl:login.asp
04-21 injection. Comsec’s artic…

2004- Webmin is a html admin interface for Unix boxes. It is run on a proprietary web
inurl:”:10000″ intext:webmin
04-20 server listenin…

2004- This is the default login page for ColdFusion. Although many of these are secured,
inurl:login.cfm
04-19 this is an i…

2004- intitle:”ColdFusion This is the default login page for ColdFusion administration. Although many of
04-19 Administrator Login” these are secure…

2004- According to Microsoft “Microsoft (R) Outlook (TM) Web Access is a Microsoft
allinurl:”exchange/logon.asp”
04-16 Exchange Acti…

2014- intitle:not accepted Find IDS and Mod security dork: intitle:not accepted inurl:”union+select”
02-05 inurl:”union+select”… inurl:…

2013- Java Web Start (Java Network Launch Protocol) — -[Voluntas Vincit Omnia]-
filetype:jnlp
11-25 website http:/…

2013- intitle:”RT at a glance” RT Request Tracker Ticket Database http://www.bestpractical.com/rt/ — -

11-25 intext:”qu… [Voluntas Vincit …

2013- Foscam IPCam By default these cameras attach to the myfoscam.org DDNS.
intitle:”IPCam Client”
11-25 So you could add sit…

2013- inurl:*/graphs* intitle:”Traffic With this search you can view results for mikrotik graphics interfaces
09-24 and system r… *Obrigado,*…

2013-
intitle:”Web Client for EDVS” Yet another DVR system. Probably requires Java to display. 4N6 Security …
09-24
2013- Returns various Actiontec (and often Qwest) branded routers’ login pages.
inurl:”/webcm?getpage=”
09-24 4N6 Security …

2013- intitle:”RouterOS router Returns login portals for Microtik routers running RouterOS version 5 and up.
09-24 configuration page&q… 4N6 Security …

2013- Returns login pages for various Barracuda Networks branded hardware spam
inurl:”/cgi-mod/index.cgi”
09-24 filters and mail arch…

2013- Dork : intitle:”SPA504G Configuration” Result : Gives access to Cisco SPA504G

intitle:”SPA504G Configuration”
09-24 Config…

2013- intitle:”Web Image Monitor” & #Summary: Several printers that use “Web Image Monitor” control panel (
08-08 inurl:… http://ricoh…

2013- intitle:”Transponder/EOL #Summary: Cheeta Technologies Transponder Configuration Portal (*

08-08 Configuration:”… http://www.cheetahtech.com)….

2013- intitle:”NetBotz Network #Summary:Various Online Divices #Category: Pages containing login portals
08-08 Monitoring Appliance… #Author: g00gl3 5c0…

2013- #Summary:Weather Wing (http://www.meteo-system.com/ws2.php) Portal.

intitle:”Weather Wing WS-2″
08-08 #Category: Various Online …

2013- inurl:/voice/advanced/
This allows you to look at linksys VOIP Router Config pages. …
04-22 intitle:Linksys SPA configu…

2013-
inurl:/control/userimage.html Mobotix webcam search. yet another newer search …
02-05

2012- inurl:”Orion/SummaryView.aspx” Hello, Enumerate Solarwinds Orion network monitoring portals. In some
11-02 intext:&q… cases, the portal ca…

2012- inurl:”/level/13|14|15/exec/” Cisco IOS HTTP Auth Vulnerability .. Command

inurl:”/level/13|14|15/exec/”
11-02 before …

2012- intitle:”dd-wrt info” This dork finds web interfaces of various routers using custom firmware DD-
11-02 intext:”Firmw… WRT. Default login…

2012- Submitting this for the GHDB. These are web accessible Plex Media Servers
inurl:32400/web/index.html
11-02 where you can watch…

2012- intitle:”Pyxis Mobile Test Page” Pyxis Mobile Test Page intitle:”Pyxis Mobile Test Page”
11-02 inurl:&… inurl:”mpTest.aspx&qu…

2012- This dork will locate Unsecured PHP APC Installations. With regards, Shubham
‘apc info’ ‘apc.php?SCOPE=’
08-21 Mittal (Hack …

2012- intext:”You may also donate

Still find alot of equipment running v24 sp1 …
08-21 through the Money…
2012- intitle:”hp laserjet”
HP LaserJet printers …
08-21 inurl:info_configu…

2012- inurl:Settings.aspx intitle:Beyond Beyond TV gives you the capability to turn your PC into a high quality, digital
05-15 TV video recorder…

2012- This dork finds Wireless Security/Webcams that are accessible from the web.
intitle:”HtmlAnvView:D7B039C1″
05-15 The interesting p…

2011-
inurl:cgi-bin/cosmobdf.cgi? COSMOView for building management. Author: GhOsT-PR …
12-28

2011- inurl:RgFirewallRL.asp |
Gateway Routers Author: GhOsT-PR …
12-27 inurl:RgDmzHost.asp | inu…

2011- Google dork for pelco SpectraIV-IP Dome Series cameras Default
intitle:SpectraIV-IP
12-26 username/password “admin/a…

2011- Brings up listings for Iomgea NAS devices. Password protected folders are
inurl:/cgi-bin/makecgi-pro
12-12 susceptible to authe…

2011- allintitle:”UniMep Station UniMep is a device for managing fuel station. You can see process of fueling
12-10 Controller” cars and you can …

2011- inurl:”:9000″ PacketVideo inurl:”:9000″ PacketVideo corporation About: This provides Twonky Server
07-26 corporation Media int…

2010-
inurl:/level/15/exec/- Default Cisco 2800 Series page…
11-21

2010- inurl:/exec/show/tech-
Default Cisco 2800 Series page…
11-21 support/cr

2010- inurl:/level/15/exec/-
Default Cisco 2800 Series page…
11-21 /configure/http

2010-
allintitle:”SyncThru Web Service” This search finds Internet-connected Samsung printer control panels….
11-11

2010- intitle:”EvoCam” This search identifies EvoCam cameras accessible over the Internet. There are
11-10 inurl:”webcam.html” also public explo…

2006- intitle:Top “Vantage Service VSG1200 Vantage Service Gateway (topframe), go up one level for the login
10-02 Gateway” -i… page. Vendor page at …

2006- Net2Phone CommCenter® is software that allows you to make phone

intitle:”Net2Phone Init Page”
10-02 calls and se…

2006- intitle:”Your Network Device” Login page for the Solwise Sar715+ ADSL Router from solwise.co.uk. Thanks to
10-02 Status (LA… jeffball55 for the…
2006- “SnapGear Management “Welcome to the SnapGear Unit! To begin configuring your SnapGear unit now,
10-02 Console” “Welc… use the menu t…

2006- “Welcome to the CyberGuard “Welcome to the CyberGuard unit! To begin configuring your CyberGuard unit
10-02 unit!” now, use the me…

2006- “LANCOM DSL/*-* Office *” h**p://www.lancom-systems.de/Login page for these Lancom online DSL
10-02 “Entry Pa… devices….

2006-
inurl:wrcontrollite Browse up to 16 security cameras at one time :)…
09-11

2006- softwell Technology “Wit-Eye” DVR.Default user/pass is admin:adminRequires

allintitle:”DVR login”
06-30 ActiveX…

2006- intitle:”stingray fts login” | ( The Stingray File Transfer Server: Open communication regardless of platform,
06-29 login.j… protocol or locat…

2006- Near broadcast quality video over the internet. A full 30fps at the 320 X 240 size.
intitle:”BlueNet Video Viewer”
06-25 12fps at th…

2006- allintitle: Axis 2.10 OR 2.12 OR

No one search will reveal all Axis cameras. This is a variant for the 2xxx series….
06-25 2.30 OR 2.31 OR 2…

2006- intitle:”Live View / – AXIS” | No one search will reveal all Axis cameras. This is my mod of one of the queries. It
06-25 inurl:vie… usualy ret…

2006-
intitle:”Divar Web Client” Boshe/Divar Net Cameras. Uses ActiveX – IE only….
06-25

2006- allintitle: EDR400 login |

Everfocus EDR400…
06-25 Welcome

2006- allintitle: EDR1600 login |

Everfocus EDR1600…
06-25 Welcome

2006- allintitle:Edr1680 remote Everfocus EDR1680. Only returns 2 or 3 results, but submitted for completeness
06-25 viewer sake….

2006- allintitle: EverFocus | EDSR | Modified Everfocus search, pulls in EDSR400’s as well s a few strays missed by
06-25 EDSR400 Applet original query….

2006- intitle:”SNC-RZ30 HOME” - This search will reveal Sony’s SNC-RZ30 IP camera’s web interface. Quite a few of
06-22 demo these camera…

2006-
inurl:cgi-bin/guestimage.html just more more MOBOTIX’s…
05-04

2006- (intitle:(EyeSpyFX|OptiCamFX)
just more cameras vendor site: http://www.eyespyfx.com/…
05-04 “go to camera&q…
2006- intitle:”Veo Observer XT” - just more results for
05-04 inurl:shtml|p… this:http://johnny.ihackstuff.com/index.php?module=prodreviews&func=s…

2006- intitle:”iGuard Fingerprint vendor:http://www.iguardus.com/dome information disclosure: employeers list

05-04 Security System&q… & free camera a…

2006- intitle:”Device Status hxxp://www.netbotz.com/products/index.htmlNetwork/server/room security

05-03 Summary Page” -de… and enviromental alarm d…

(intitle:MOBOTIX
2006- more cams…vendor site:
intitle:PDAS) |
04-19 http://www.mobotix.com/layout/set/index/language/index…
(intitle:MOBOTIX …

2006-
intitle:”IVC Control Panel” this searches for security cameras, vendor site:http://www.ivcco.com/…
04-18

2006- intitle:”Edr1680 remote

This search finds the 1680 series digital video recorder from EverFocus….
03-21 viewer”

2006- “OK logout” This is a google dork for Hunt Electronics web cams. To get to the cameras remove
03-21 inurl:vb.htm?logout=1 the vb.htm?l…

2006- intitle:”DVR Client” -the -

This dork finds digital video recording client from Nuvico….
03-21 free -pdf -do…

2006-
intitle:”GigaDrive Utility” Linksys GigaDrive network storage utility….
03-18

2006- intitle:”Ethernet Network

Linksys network storage utility….
03-18 Attached Storage U…

2006- intitle:”Skystream Networks

skystream Networks Edge Media Router….
03-18 Edge Media Router…

2006- intitle:”NAS”
Disk Online Server NAS device….
03-18 inurl:indexeng.html

2006- intext:”you to handle

ELSA DSL lan modems….
03-18 frequent configuration …

2006- intitle:”WxGoos-” (“Camera This is used in serverrooms and such where climate conditions are crucial to
03-18 image&qu… hardware health. I…

2006- intitle:”AR-*” “browser of

A few Sharp printers …..
03-18 frame de…

2006- intitle:”Webview Logon

This is the web interface for Alcatel’s Omniswitch. Default login is: admin/switch….
03-18 Page”

2006- inurl:setdo.cgi intext:”Set Dcs-2100 camerasBy removing “intext:Set DO OK” you will get more hits but they
02-08 DO OK” will r…
2006- intext:”Welcome to Taurus” Celestix Networks, Inc., the premier supplier of network server appliance,
02-08 “The Tau… announces the Taurus…

2006- intitle:”::::: INTELLINET IP A variation on Jeffball55’s original Intellinet Ip Camera.This search finds several
01-16 Camera Homepage … more web ca…

2006- intitle:”Dell Laser Printer *”

Dell laser printers. This search finds different results that dork id 1077….
01-02 port_0 -j…

2005- Login pages for the DCS-950 Web Camera. Even comes with a built in
DCS inurl:”/web/login.asp”
12-31 microphone….

2005- intitle:Axis similar searchs exist. This search finds a few more results as well as access to the
12-31 inurl:”/admin/admin.shtml” Admin area…

2005-
inurl:/img/vr.htm Linksys wireless G Camera….
12-31

2005-
inurl:Printers/ipp_0001.asp Thanks to Windows 2003 Remote Printing…
12-08

2005- This an online device, you can search for unpassworded shares on
intitle:”Snap Server” intitle:”Home…
11-28 Snap Appliance Server.Moderato…

2005- intitle:”Sony SNT-V304 Video Network The SNT-V304 Video Network Station.Sony’s network camera control
11-21 Station&… station….

2005- Display Cameras intitle:”Express6 Live Express6 live video controller.Displays video from “Netlive Cameras”
11-21 Image&… found in this se…

2005- intitle:”Iomega NAS Manager” - Login page dork for Iomega NAS Manager.. There’s only 1 result for it
11-16 ihackstuff… now, but this could chang…

2005- intitle:Cisco “You are using an old

Login pages for Ciso VPN Concentrator stuff…
11-16 browser o…

2005- intitle:”Summit Management Interface” Extreme Networks Summit Switches Web admin pages. Server:
11-16 -g… Allegro-Software-RomPager/2.10…

2005- intitle:”SNOIE Intel Web Netport

Intel Netport Express Print Server….
11-16 Manager”…

2005- “This page is for configuring Samsung

several different samsung printers…
11-11 Network…

2005-
(“port_255/home”)|(inurl:”home?port… standered printer search. Moderator note: see also dork id=1221…
11-05

2005- intitle:”IQeye302 | IQeye303 | This is a googledork for IQeye netcams. Some of which you can control
10-03 IQeye601 | IQe… how they tilt/zoom. The …
2005- (intitle:”VisionGS Webcam I don’t know if the google query got submitted right because it looks
09-29 Software”)|(in… truncated. here it is ag…

2005- intitle:”Biromsoft WebCam” -4.0 -serial Brimsoft webcam software enables anyone with a webcam to easily
09-29 … create a webcam http server. T…

2005-
intitle:”Netcam” intitle:”user logi… just yet other online cam….
09-26

2005-
intitle:”Orite IC301″ | intitle:”OR… This search finds orite 301 netcams with audio capabilities….
09-21

2005- Phaser numrange:100-100000 Name This is a search for various phaser network printers. With this search
09-21 DNS IP “More … you can look for printe…

2005- Netbotz devices are made to monitor video, temperature, electricity

intitle:”netbotz appliance” -inurl:.php …
09-16 and door access in server r…

2005- intitle:”NetCam Live Image” -.edu -.gov This is a googledork for StarDot netcams. You can watch these cams
09-06 … and if you have the admin p…

2005- This googledork finds INTELLINET ip cameras. They are used to monitor
intitle:”INTELLINET” intitle:”IP Ca…
08-27 things and have a web in…

2005- Online camera. Default login is administrator and password blank.

intitle:iDVR -intitle:”com | net | shop”…
08-17 Video server runs default on …

2005- Networked USB hard drives (NSLU2). Be sure to

intitle:”Network Storage Link for USB 2.0 Dis…
08-12 disable Google’s filter (&filters=0) as that…

sensorProbe is a SNMP enabled and Web based

2005-
“Summary View of Sensors” | “sensor… Environmental Monitoring Device. The sensors
08-07
attach…

2005- HP ProCurve Switch web management pages, found by

intitle:”HP ProCurve Switch *” “Thi…
08-07 their [noscript] html tags. Please note: this…

2005- This is a small search for the Italk BB899 Phone

intitle:”V1″ “welcome to phone sett…
08-07 Adaptor login page. iTalkBB is a local and lon…

2005- DVR is a generic name used to describe the recording

intitle:”WEBDVR” -inurl:product -inurl:d…
07-22 process with a digital cam (digitial video…

2005- Another Standalone Network Camera.Default Login:

intitle:”Java Applet Page” inurl:ml
07-22 remove wg_jwebeye.ml to get a nice clue ..Serv…

2005- Another online camera search. This one uses ActiveX

intitle:”Veo Observer Web Client”
07-22 thingies, so you need a M$ browser. Append …

2005- Tandberg is a manufacturer of videoconferencing A

intitle:”Middle frame of Videoconference Mana…
07-22 videoconference (also known as a video teleco…
2005- Tandberg is a manufacturer of videoconferencing A
intitle:”TANDBERG” “This page requi…
07-22 videoconference (also known as a video teleco…

2005- A small modification to the AXIS camera search – it

tilt intitle:”Live View / – AXIS” | inur…
07-07 now returns cameras with pan / tilt, which …

2005- This search finds AXIS 240 Camera Servers (as opposed
intitle:”AXIS 240 Camera Server” intext:…
06-10 to just the cameras) which can host many …

2005-
intitle:”GCC WebAdmin” -gcc.ru All sorts of various printer status information…
06-08

2005-
“RICOH Network Printer D model-Restore Factor… Not a whole lot here….
06-07

2005- some interesting information on printer status

printers/printman.html
06-07 including Name, Location, Model, Pagecount, Acti…

2005-
intitle:”Dell Laser Printer M5200″ port_… Dell Laser Printer M5200…
06-07

2005- More dell and lexmark printers, The usual things

intitle:”configuration” inurl:port_0
06-07 included….

2005-
inurl:”CgiStart?page=” This search reveals even more Panasonic IP cameras!…
06-08

2005- Mobile cameras? Not sure what camera type this is for
inurl:”S=320×240″ | inurl:”S=160×12…
06-07 but they are all from Asia and no passwor…

2005- Kpix Java Based Traffic Cameras. Based at CBS

(cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5j…
06-01 broadcasting for San Fransisco, Oakland, and San…

2005- Web admin for netopia routersThis Web tool provides

intitle:”Netopia Router (*.)””to vi…
06-03 access to information about the current sta…

2005- ( intitle:”PacketShaper Packeteer’s PacketShaper is an application traffic management system that

05-20 Login”)|(intitle… monitors, controls, a…

2005- intitle:”PacketShaper
PacketShaper Login.Provides login access for PacketShaper Customers….
05-19 Customer Login”

2005- oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual..
intitle:”Dell *” inurl:port_0
05-31 (Lexmark and De…

“To view the Web

2005- speedtouch 510 DSL modem devices that were once unprotected. That may have
interface of the
05-20 changed by now….
SpeedTouch,…

2005- VPON (Video Picture On Net) is a video surveillance setup which seems to be used
inurl:start.htm?scrw=
05-14 by a lot of bu…
2005- intitle:”— VIDEO WEB AVTech Video Web Server is a surveillance producted that is directly connected to
05-14 SERVER —” intex… the internet …

2005- intext:”Powered by: Adobe Printers equipped with Adobe’s PrintGear technologyAdobe’s PrintGear technology
05-14 PrintGear” inu… is a new printi…

2005- intitle:”InterJak Web

A router device by Uroam (formerly FilaNet), with email and VPN possibilities….
05-20 Manager”

2005- intitle:”SWW link” “Please

Zyxel Zywall…
05-02 wait…….

2005- Another way to dig up some not yet dorked Lexmark and a couple of Dell
inurl:”port_255″ -htm
05-02 printers.http://johnny.i…

2005- intitle:”Freifunk.Net – Hacked WRT54G Freifunk firmware. The router is based on Linux so after the GPL
05-02 Status” -site:co… the source code …

ext:dhtml
2005-
intitle:"document Various Online Devices>Xerox (*Centre)…
05-02
centre|(home)…

2005- “Please use Netscape 2.0 A search for some HTML code used in a variety of D-link network devices (webcams
04-27 or enhance !!” … and such)….

2005- intitle:”NeroNET – burning NeroNet is an online burning device by Nero. Basically with this query you’ll get a
04-20 online” listing of …

2005- Just a bit of fun, should reveal a few instances of a Winamp HTTP control program.
Winamp Web Interface
04-11 Without logi…

2005- intitle:”OfficeConnect This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the
04-16 Cable/DSL Gateway”… browser-check p…

2005- webserver detection for GeoHttpServer, the page is the login page or guest cam.
inurl:JPGLogin.htm
04-12 Don’t ask why t…

2005- “display printer status”

Xerox Phaser printers….
04-16 intitle:”H…

2005- intitle:jdewshlp “Welcome

HP Officejet help page. Remove “help.html” for main page….
04-12 to the Embedded Web…

2005-
inurl:/en/help.cgi “ID=*” Aficio printers (this search locates the help pages)..
04-12

2005-
intitle:”Lexmark *” inurl:port_0 Lexmark printers (4 models)…
04-12

2005- intitle:”OfficeConnect Wireless

OfficeConnect Wireless 11g Access Point…
04-12 11g Access Po…
2005-
“Webthru User Login” samsung webthru cameras…
03-20

2005- intitle:”actiontec” main setup

Actiontec Routers….
03-20 status &q…

2005- intitle:”BorderWare MXtreme BorderWare MXtreme Mail firewallMXtreme is a hardened appliance with a
03-20 Mail Firewall Log… highly robust mail trans…

2005- intitle:”Service Managed Gateway

service Managed Gateway from VirtualAccess login page…
03-20 Login”

2005- intitle:”Flash Operator Panel” - Flash Operator Panel is a switchboard type application for the Asterisk PBX.
03-20 ext:php … It runs on a web b…

2005- intitle:asterisk.management.portal Coalescent Systems Inc. launched The Asterisk Management Portal project
03-20 web-access to bring together best-…

2005- intitle:HomeSeer.Web.Control | HomeSeer (http://www.homeseer.com/) provides a well known home

03-18 Home.Status.Events…. automation solution (software + …

2005- searches for “Active Webcam” feeds on websites, a popular USB webcam
intitle:”active webcam page”
02-15 interface….

2005- Finds Dell’s printers with EWS.EWS : Embedded Web Server technology
intitle:”Dell Laser Printer” ews
03-04 enables the usage of a stan…

2005- mmEye webcam / cam servermmEye is a multifunction multimedia server

allintitle:Brains, Corp. camera
03-05 equipped with 32bit RISC CP…

2005-
inurl:camctrl.cgi Vivotec web cams…
03-05

2005- intext:”Please enter correct

Finds SMC Routers….
02-12 password for Adm…

2005- “SupervisionCam captures and compares images from video cameras,

intitle:”supervisioncam protocol”
02-22 (internet) image files or…

2005-
intitle:Linksys site:ourlinksys.com Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras…
02-15

2005-
intitle:”DEFAULT_CONFIG – HP” High scalable Ethernet switches by HP running in the default configuration…
02-15

2005- intitle:”switch login” “IBM Fast

IBM 8275 Model 416 High Performance Ethernet Workgroup Switch…
02-15 Et…

2005- intitle:"Brother"
Finds a real bunch of Brother printers…
02-04 intext:&qu…
2005- intitle:"Connection This is an intriguing way of finding various ‘5861 DMT Routers’ – the
02-02 Status" inte… presence of a web-interfa…

2005- This searches for the admin pages for a “Network Appliance” box. An
inurl:na_admin
02-01 authenticated use…

2005-
intitle:”EpsonNet WebAssist Rev” This reveals the Epson Web Assist page (internal to the machine)…
01-28

2005- The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6-
intitle:”EverFocus.EDSR.applet”
01-27 channel) digital video rec…

2005- Norton AntiVirus for GatewaysEasily administered from anywhere via an

inurl:”8003/Display?what=”
01-27 HTML interface, it scans …

2005- This will find webcams made by Sweex, Orite and others. Supports motion
allinurl:index.htm?cus?audio
01-27 detection, ftp, smtp an…

2005-
intitle:”Browser Launch Page” An ActiveX based webcam – so use MS IE…
01-21

2005- intitle:”Network Print Server”

Axis Network Print Server devices (a better shorter search)….
01-12 intext:&q…

2005- intitle:”Network Print Server” Axis Network Print Server devices. This search has all the possible urls (more
01-12 filetype:… than strictly ne…

2005- intitle:”Setup Home” “You will This should reveal Belkin routers. Interestingly, Belkin routers by default
01-10 need… have remote adminis…

2005- Digital Video Recorder by SnapStream. It is possible on misconfigured

filetype:cgi transcoder.cgi
01-11 machines to stream video …

2004- inurl:”next_file=main_fs.htm”
Linksys Wireless-G web cams….
12-30 inurl:img …

2005- intitle:”SpeedStream *
a lot of Speed stream routers :)…
01-08 Management Interface&q…

2004- intitle:”Sipura.SPA.Configuration” Query returns configuration pages for online Voice over IP devices. Discloses
12-30 -.pdf an obscene amount…

2004- some of the sites are very, very interesting – try a search substituting
12-08 site:gov instead of si…

2004- Cayman DSL modems. Many Cayman units have a weakness where even if
intitle:”Cayman-DSL.home”
12-19 remote administration is dis…

2004- intitle:”Spam Firewall” The Barracuda Spam Firewall is an integrated hardware and software
12-13 inurl:”8000… solution for complete protec…
2004- And again another webcam search. MOst of these cams seem to be security
intitle:”iVISTA.Main.Page”
12-13 cams…

2004- CUPS provides a portable printing layer for UNIX®-based operating

inurl:”:631/printers” -php -demo
12-13 systems. I…

2004- Audio ReQuest home CD/MP3 player. Various information about the
intitle:”AudioReQuest.web.server”
12-06 configuration of the host and s…

2004-
intitle:”V-Gear BEE” V-Gear Bee Web Cameras…
12-06

2004- intitle:”Live NetSnap Cam-

Netsnap Online Cameras…
12-06 Server feed”

2004- axis storpoint “file view” The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or
12-04 inurl:/volume… writers) into …

2004- inurl:”printer/main.html”
Brother HL Printers….
12-03 intext:”s…

2004- intext:”MaiLinX Alert

Xerox DocuPrint printer models….
12-03 (Notify)” -site:ne…

2004- “Copyright (c) Tektronix,

Captain, the Phasers are online :)…
12-03 Inc.” “pr…

2004- Providing a standout printing solution, Novell iPrint offers secure print services that
inurl:”ipp/pdisplay.htm”
11-30 extend …

intext:”Videoconference
2004- Tandberg video conferencing appliancesThe webinterface enables you to drop calls
Management
11-28 and to browse …
System&quo…

2004- intitle:”Smoothwall smoothwall is a firewall operating system distribution based on Linux. (Not many
11-24 Express” inurl:cgi-b… results for th…

2004- IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed
intitle:”ipcop – main”
11-23 from a simple …

2004- intitle:”EvoCam”
Evocams !…
11-18 inurl:”webcam.html…

2004-
“Starting SiteZAP 6.0” siteZap webcams !…
11-16

2004- Just another search string to detect the infamous Axis netcams. This company
inurl:axis-cgi
11-16 actually changed t…

2004- “intitle:Cisco Systems, Inc. The Cisco VPN 3000 Concentrator is a remote access VPN. The ‘Concentrator’ is a
11-09 VPN 3000 Concent… piece of hardw…
2004- intext:”UAA (MSB)” Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616,
11-13 Lexmark -ext:pdf T520 and Optra S …

2004- intext:”Ready with 10/100T

Xerox 860 and 8200 Printers….
11-13 Ethernet”

2004- intitle:”Home” “Xerox CentreWare Internet Services is an interactive service that uses Internet technology
11-07 Corporation&q… to extend …

2004- WebControl intitle:”AMX AMX Netlink is a server appliance which connects various devices like a beamer,
11-06 NetLinx” laptop or video…

2004- “please visit” intitle:”i-

CCTV webcams by ICode….
11-03 Catcher C…

2004- intitle:”toshiba network

Web interface of Toshiba network cameras….
10-25 camera – User Login&…

2004- inurl:”level/15/exec/- This search finds Cisco devices which have level 15 access open via webinterface. If
10-20 /show” an attacke…

2004- site:.viewnetcam.com - The FREE viewnetcam.com service allows you to create a personal
10-19 www.viewnetcam.com web address (e.g., http://bob.v…

2004- This embedded DVR is quick plug and play. Just plug it in and it will
intitle:”DVR Web client”
10-19 start recording. You can …

2004- Tivo is a the digital replacement for your analog videorecorder. It’s a
inurl:TiVoConnect?Command=QueryServer
10-18 digital media system th…

2004- An Axis Network Camera captures and transmits live images directly
inurl:netw_tcp.shtml
10-12 over an IP network (e.g. LAN…

2004- (inurl:webArch/mainFrame.cgi ) | The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may
10-11 (intitle:”we… read faxes and can get informat…

2004- intitle:”my webcamXP server!”

“my webcamXP server!”Is there really an explantation needed?…
10-11 inurl:&quo…

2004-
camera linksys inurl:main.cgi Another webcam, Linksys style….
10-10

2004-
intitle:”DEFAULT_CONFIG – HP” searches for the web interface of HP switches….
10-09

2004- Most cisco switches are shipped with a web administration

intitle:”switch home page” “cisco s…
10-09 interface. If a switch is reachable f…

2004- Axis’ network CD/DVD servers are faster, less costly and easier to
intitle:”axis storpoint CD” intitle:&quo…
10-05 manage than using full-blown…
2004-
intitle:webeye inurl:login.ml This one gets you on the webinterface of Webeye webcams….
10-05

2004-
inurl:hp/device/this.LCDispatcher This one gets you on the web interface of some more HP Printers….
10-05

2004- The “large” Canon ImageReady machines with model versions 3300,
Canon ImageReady machines
09-29 5000 & 60000….

2004- The Lantronix web manager home pages show the print server
intitle:”lantronix web-manager”
09-29 configuration (Server Name, Boot Cod…

2004- intitle:RICOH intitle:”Network Network Administration pages for several Ricoh Afficio printer
09-29 Administration… models, for example the Aficio 1…

2004- The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily
Aficio 1022
09-29 upgraded to include n…

2004- This finds Konica Network Printer Administration pages. There is one
Konica Network Printer Administration
09-29 result at the time of writ…

2004- Fiery WebTools offers many of the same capabilities of the

(“Fiery WebTools” inurl:index2.html) | &…
09-29 Command WorkStationââ₅

2004- The Axis 200 HOME pages reside within the AXIS 200 device and
intitle:”The AXIS 200 Home Page”
09-29 hold information about the curre…

2004- More Axis Netcams, this search combines the cams with the default
More Axis netcams !
09-29 title (Live View) and extends…

2004- this search will show web administration interfaces of linux dream boxes.The
intitle:”dreambox web”
09-10 Dreambox is one of…

2004- Phasers More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the
08-05 4500/6250/8200/8400 webinterface with…

2004- Canon has a series of netcams that all use the “WebView LiveScope” software. They
Canon Webview netcams
07-29 are…

2004- Xerox Phaser® This product is supported but no longer sold by Xerox in the United States. Support
07-22 840 Color Printer and supplie…

2004- Brochure info: “The Phaser 8200 uses solid ink, an alternative technology to laser
Xerox Phaser 8200
07-22 printin…

2004- Xerox Phaser® This product is supported but no longer sold by Xerox in the United States.
07-22 740 Color Printer Replacement Product…

2004- Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm
Xerox Phaser 6250
07-22 Color/B&W (24…
2004- intitle:”BorderManager This is an Informational message produced by the Novell BorderManager
07-19 Information alert”… firewall/proxy server. At…

2004- These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button
intitle:”Live View / – AXIS”
07-19 can be hidden…

2004- “powered by webcamXP” webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most

07-16 “Pro|Broadcas… advanced version of the s…

2004- Panasonic WJ-NT104 The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More
07-10 netcams vendor informat…

2004- Mobotix netcams use the thttpd-2.x. server

Mobotix netcams
07-10 (http://www.acme.com/software/thttpd/). The latest v…

2004- sony SNC-RZ20 network sony NC RZ20 cameras, only one result for this cam at the moment, a nice street
07-10 cameras view from a sky…

2004- seyeon FlexWATCH seyeon provides various type of products and software to build up a remote video
07-10 cameras monitoring and…

2004- sony SNC-RZ30 Network sony NC RZ30 camera’s require a java capable browser. The admin panel is found at
07-10 Cameras http://[siten…

2004- Panasonic Network Panasonic Network Cameras can be viewed and controlled from a standard web
07-10 Cameras browser. These camer…

2004- intitle:”View and These printer’s configuration is wide open. Attackers can change just about any
07-08 Configure PhaserLink” value through t…

2004- The AXIS 2400 is a Web server of its own. This means that the server is secured like
Axis Network Cameras
06-06 any other …

Taken from http://www.exploit-db.com/google-dorks/ all categories in 1