• Diniz Martins

G00gle Dorks | Vulnerable Services

Google serves some 80 percent of all search queries on the Internet, making it by far the most popular search engine. Its popularity is due not only to excellent search effectiveness, but also extensive querying capabilities. However, we should also remember that the Internet is a highly dynamic medium, so the results presented by Google are not always up-to-date – some search results might be stale, while other relevant resources might not yet have been visited by Googlebot (the automatic script that browses and indexes Web resources for Google).

Google Dorks is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites.

You can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data).

Here you have some example:

intitle:"index of" inurl:ftp

allintext:username filetype:log

intitle:"webcamXP 5"

db_password filetype:env

intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"

intitle:"report" ("qualys" | "acunetix" | "nessus" | "netsparker" | "nmap") filetype:pdf

Others examples:

Google queries for locating various Web servers:

"Apache/* Server at" intitle:index.of == any version of Apache

"Microsoft-IIS/* Server at" intitle:index.of == any version of Microsoft Internet Information Services

"Oracle HTTP Server/* Server at" intitle:index.of == any version of Oracle HTTP Server

"IBM _ HTTP _ Server/* * Server at" intitle:index.of == any version of IBM HTTP Server

"Netscape/* Server at" intitle:index.of == any version of Netscape Server

"Red Hat Secure/*" intitle:index.of == any version of the Red Hat Secure server

"HP Apache-based Web Server/*" intitle:index.of == any version of the HP server

Queries for discovering standard post-installation Web server pages:

intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!" == Apache SSL/TLS

intitle:"Test Page for the Apache Web Server on Red HatLinux" == Apache on Red Hat

intitle:"Test Page for the Apache Http Server on Fedora Core" == Apache on Fedora

intitle:"Welcome to Your New Home Page!" Debian == Apache on Debian

Searching for personal data and confidential documents:

filetype:xls inurl:"email.xls" email.xls == files, potentially containing contact information

"phone * * *" "address *" "e-mail" intitle: "curriculum vitae" == CVs

"not for distribution" confidential == documents containing the confidential clause

intitle:index.of mystuff.xml == Trillian IM contacts list

filetype:QDF QDF == database files for the Quicken financial application

intitle:index.of finances.xls == finances.xls files, potentially containing information on bank accounts

Queries for locating network devices:

"Copyright (c) Tektronix, Inc." "printer status" == PhaserLink printers

inurl:"printer/main.html" intext:"settings" == Brother HL printers

intitle:"Dell Laser Printer" ews == Dell printers with EWS technology

intext:centreware inurl:status == Xerox Phaser 4500/6250/8200/8400 printers

inurl:hp/device/this.LCDispatcher == HP printers

intitle:liveapplet inurl:LvAppl == Canon Webview webcams

intitle:"EvoCam" inurl:"webcam.html" == Evocam webcams

inurl:"ViewerFrame?Mode=" == Panasonic Network Camera webcams

intitle:"my webcamXP server!" inurl:":8080" == webcams accessible via WebcamXP Server

allintitle:Brains, Corp. camera == webcams accessible via mmEye

intitle:"active webcam page" == USB webcams

⚠️ This post is for educational and testing purposes only ⚠️

61 views0 comments

Recent Posts

See All

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan

Directory Scanner Enumeration

Directory Scanner is the free Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers running on the local network as well as Internet. In addition to th