google進階找尋用法(不要說出去的Google Hack)

google進階找尋用法 ~






站內搜索地址為：
http://www.google.com/custom?domains=（這裡寫我們要搜索的站點，比如feelids.com）
進去可以選擇www和feelids.com， 當然再選我們要的站內搜索哦！
黑客專用信息和資料搜索地址為：
http://www.google.com/custom?hl=xx-hacker
這裡是google關鍵字的用法，要設置它為中文，則是
http://www.google.com/custom?hl=zh-CN
英文則是http://www.google.com/custom?hl=en

常用的google關鍵字：
foo1 foo2 (也就是關聯，比如搜索xx公司 xx美女)
operator:foo
filetype:123 類型
site:foo.com 相對直接看網站更有意思，可以得到許多意外的信息
intext:foo
intitle: fooltitle 標題哦
allinurl:foo 搜索xx網站的所有相關連接。（踩點必備）
links:foo 不要說就知道是它的相關鏈接
allintilte:foo.com

我們可以輔助"-" "+"來調整搜索的精確程度

直接搜索密碼：(引號表示為精確搜索)
當然我們可以再延伸到上面的結果裡進行二次搜索
"index of" htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd ....或者某個比如pcanywhere的密碼後綴cif等

越來越有意思了，再來點更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf (FrontPage的關鍵索引啦，掃瞄器的CGI庫一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop port等多個關鍵字檢索
webmin port 10000
inurl:/admin/login.asp
intext:Powered by GBook365
intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell

foo.org filetype:inc

ipsec filetype:conf
intilte:"error occurred" ODBC request WHERE (select|insert) 說白了就是說，可以直接試著查查數據庫檢索，針對目前流行的sql注射，會發達哦
intitle:"php shell*" "Enable stderr" filetype:php
"Dumping data for table" username password
intitle:"Error using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot" THS ADMIN
filetype:.doc site:.mil classified 直接搜索軍方相關word

檢查多個關鍵字：
intitle:config confixx login password

"mydomain.com" nessus report
"report generated by"
"ipconfig"
"winipconfig"

google緩存利用（hoho，最有影響力的東西）推薦大家搜索時候多"選搜索所有網站"
特別推薦：administrator users 等相關的東西，比如名字，生日等……最慘也可以拿來做字典嘛
cache:foo.com

可以查閱類似結果

先找找網站的管理後台地址：
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N個二級域名
site:xxxx.com intext:*@xxxx.com //得到N個郵件地址，還有郵箱的主人的名字什麼的
site:xxxx.com intext:電話 //N個電話
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd

allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data
……

一些技巧集合：

3) "http://*:*@www" domainname 找一些ISP站點，可以查對方ip的虛擬主機
3
4) auth_user_file.txt 不實用了，太老了

5) The Master List 尋找郵件列表的

6) intitle:"welcome.to.squeezebox" 一種特殊的管理系統，默認開放端口90
7) passlist.txt (a better way) 字典

8) "A syntax error has occurred" filetype:ihtml

9) ext:php program_listing intitle:MythWeb.Program.Listing
10) intitle:index.of abyss.conf
11)ext:nbe nbe

12)intitle:"SWW link" "Please wait....."
13)

14) intitle:"Freifunk.Net - Status" -site:commando.de

15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

17) intitle:open-xchange inurl:login.pl

20) intitle:"site administration: please log in" "site designed by emarketsouth"
21) ORA-00921: unexpected end of SQL command

22)intitle:"YALA: Yet Another LDAP Administrator"
23)welcome.to phpqladmin "Please login" -cvsweb
24)intitle:"SWW link" "Please wait....."
25)inurl:"port_255" -htm

27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

這些是新的一些漏洞技巧，在0days公告公佈

ext:php program_listing intitle:MythWeb.Program.Listing

inurl:preferences.ini "[emule]"

intitle:"Index of /CFIDE/" administrator

"access denied for user" "using password"

ext:php intext:"Powered by phpNewMan Version" 可以看到：path/to/news/browse.php?clang=../../../../../../file/i/want

inurl:"/becommunity/community/index.php?pageurl="

intitle:"ASP FileMan" Resend -site:iisworks.com

"Enter ip" inurl:"php-ping.php"

ext:conf inurl:rsyncd.conf -cvs -man

intitle: private, protected, secret, secure, winnt

intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql

"allow_call_time_pass_reference" "PATH_INFO"

"Certificate Practice Statement" inurl:(PDF | DOC)

LeapFTP intitle:"index.of./" sites.ini modified
master.passwd

mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin

"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"

inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini Version=... password
ext:txt inurl:unattend.txt

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:cfg mrtg "target[*]" -sample -cvs -example

filetype:cfm "cfapplication name" password

filetype:conf oekakibbs
filetype:conf sc_serv.conf

filetype:conf slapd.conf

filetype:config config intext:appSettings "User ID"

filetype:dat "password.dat"

filetype:dat wand.dat

filetype:inc dbconn

filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect

filetype:inf sysprep

filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd

filetype:ldb admin

filetype:log "See `ipsec copyright"

filetype:log inurl:"password.log"

filetype:mdb inurl:users.mdb

filetype:mdb wwforum

filetype:netrc password

filetype:pass pass intext:userid

filetype:pem intext:private

filetype:properties inurl:db intext:password

filetype:pwd service
filetype:pwl pwl

filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password

filetype:url +inurl:"ftp://" +inurl:";@"

filetype:xls username password email

htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak

intext:"enable secret $"
intext:"powered by Web Wiz Journal"

intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified

intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
----------------------------------------------------------------------------------------------------------------------

intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"

inurl:"GRC.DAT" intext:"password"

inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample

inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample

inurl:"wvdial.conf" intext:"password"

inurl:/db/main.mdb

inurl:chap-secrets -cvs

inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs

inurl:lilo.conf filetype:conf password -tatercounter -bootpwd -man

inurl:nuke filetype:sql

inurl:ospfd.conf intext:password -sample -test -tutorial -download 路由配置
inurl:pap-secrets -cvs

inurl:perform filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak

inurl:vtund.conf intext:pass -cvs

inurl:zebra.conf intext:password -sample -test -tutorial -download

"Generated by phpSystem"
"generated by wwwstat"

"Host Vulnerability Summary Report" ]

"HTTP_FROM=googlebot" googlebot.com "Server_Software="

"Index of" / "chat/logs" 聊天室
"Installed Objects Scanner" inurl:default.asp

"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn Copyright (C)" ext:log

"Most Submitted Forms and Scripts" "this section"

"Network Vulnerability Assessment Report"

"not for distribution" confidential
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"

"phpMyAdmin" "running on" inurl:"main.php"

"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt

"Running in Child mode"

"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject

(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp

FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:servlet/SnoopServlet
cgiirc.conf

data filetype:mdb -site:gov -site:mil

exported email addresses

ext:asp inurl:pathto.asp

ext:cgi inurl:editcgi.cgi inurl:file=

ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs

ext:dat bpk.dat
ext:gho gho

ext:ini intext:env.ini
ext:ldif ldif

ext:log "Software: Microsoft Internet Information Services *.*"
------------------------------------------------------------------------------------------
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname

filetype:cfg auto_inst.cfg

filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS

filetype:ctt ctt messenger

filetype:fp fp
filetype:fp fp -site:gov -site:mil -"cvs log"

filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key

filetype:myd myd -CVS
filetype:ns ns
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)

filetype:pot inurl:john.pot
------------------------------------------------------------------------------------------------------------------
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:rdp rdp

filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab

filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls

Ganglia Cluster Reports

haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...

iletype:log cron.log
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"

intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a

intext:SQLiteManager inurl:main.php

intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "- weppos"

intitle:"FTP root at"
intitle:"index of" +myd size

intitle:"Index Of" -inurl:maillog maillog size

intitle:"Index Of" cookies.txt size

intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory

intitle:"index.of" .diz .nfo last modified
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
---------------------------------------------------------------------
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"

intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"welcome.to.squeezebox"

intitle:admin intitle:login
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx

intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"

inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
----------------------------------------------------------------------------------------------------------

Welcome to ntop!

"adding new user" inurl:addnewuser -"there are no domains"
(inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")

filetype:php HAXPLORER "Server Files Browser"
intitle:"Web Data Administrator - Login"

inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
PHP Shell (unprotected)
PHPKonsole PHPShell filetype:php -echo
Public PHP FileManagers

"index of" / picasa.ini
"index of" inurl:recycler
"Index of" rar r nfo Modified
"intitle:Index.Of /" stats merchant cgi-* etc
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
"Web File Browser" "Use regular expression"

filetype:ini Desktop.ini intext:mydocs.dll

intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"Powered By: TotalIndex" intitle:"TotalIndex"
intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat
intitle:"HFS /" +"HttpFileServer"
intitle:"Index of *" inurl:"my shared folder" size modified
-------------------------------------------------------------------------------------------------------------------

"File Upload Manager v." "rename to"

ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com
ext:asp inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com
ext:cgi inurl:ubb_test

ezBOO "Administrator Panel" -cvs

filetype:cgi inurl:cachemgr.cgi
filetype:cnf my.cnf -cvs -example
filetype:inc inc intext:setcookie

filetype:php inurl:"viewfile" -"index.php" -"idfil
filetype:wsdl wsdl

intitle:"ASP FileMan" Resend -site:iisworks.com

intitle:"Index of /" modified php.exe

intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"

inurl:" WWWADMIN.PL" intitle:"wwwadmin"
inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"
inurl:"plog/register.php"
inurl:cgi.asx?StoreID

inurl:robpoll.cgi filetype:cgi

The Master List

"More Info about MetaCart Free"

搜尋： 所有網頁 中文網頁 繁體中文網頁 搜尋種類 一般搜尋 "parent directory" 搜尋 "index of" 搜尋 搜尋規則 不包括 html 不包括 asp 不包括 wiki 不包括 ringtone 不包括 htm 不包括 posts 不包括 lyrics 不包括 shtml 不包括 php 不包括 doc 不包括 pdf 不包括 txt 檔案類型 mp3 mov mpg jpg torrent tar m4a divx mpeg gif swf iso wma avi wmv png zip dmg