Using dorks to gather info on target site
#1
Information Gathering with Google Dorks

Searching for public Sub-domains for your target domain.
Site:yoursite.com -site:www.yoursite.com

Getting Open Index or Insecure Information
intitle:”index of /” Parent Directory site:yoursitehere.com
You can search for admin directories
intitle:”Index of /admin” site:yoursitehere.com
You can search for password directories
intitle:”Index of /password” site:yoursitehere.com
You can search for mail directories
intitle:”Index of /mail” site:yoursitehere.com
You can search for files like passwd
intitle:”Index of /” passwd site:yoursitehere.com
You can search for password.txt files
intitle:”Index of /” password.txt site:yoursitehere.com
You can search for htaccess file
intitle:”Index of /” .htaccess site:yoursitehere.com
You can also search for diffrent extensions.
intitle:”index of ftp” .mdb site:yoursitehere.com
You can also try and look for admin pages or the login functionalities
Intitle: “login” “admin” site:yoursitehere.com

Using InURL we can search for diffrent functionalities within the website.
Search for Admin Login Functionality on target domain
inurl:admin site:yoursitehere.com
Search for Login Functionality on target domain
inurl:login site:yoursitehere.com

Using FileType we can search for diffrent files within the website.
Searching for text files containing passwd in URL on target domain
inurl:passwd filetype:txt site:yoursitehere.com
Searching for db files containing admin in URL on target domain
inurl:admin filetype:db site:yoursitehere.com
Searching for logs on target domain
filetype:log site:yoursitehere.com
Searching for Excel and csv files on target domain
filetype:xls csv site:yoursitehere.com

Search for other sites containing links for your target website
link:yoursite.com -site:yoursite.com

You can also use Google Translater as a proxy to access the website
http://translate.google.com/translate?hl...om/urlhere
Reply
#2
Nice, i think these would fit under my thread at https://greysec.net/showthread.php?tid=1507 as well.
Reply
#3
Cool. Thanks!

Some more dorks:

Code:
Information Leaks

ext:pdf intitle:"c users"
ext:pdf intitle:"c documents and settings"
ext:pdf intitle:"file home"

Errors

intext:Fatal error inurl:wp-content/plugins/
intext:"Fatal error" (inurl:/wp-content/themes OR inurl:/wp-content/plugins)

Weak authentication

"your password is the same as" username
Your initial password is

Use translations and search engines like baidu or yandex for more results.
Have a look at Google Hacking Database too, it gets updated constantly.
Reply
#4
Thanks for sharing was looking for these goodies.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  SSH Bruteforce using Putty or Plink. Insider 0 900 04-25-2020, 08:30 PM
Last Post: Insider
  McAfee Institute Partial Site Rip. [45GB][Mega] Hellsing 0 1,078 03-30-2019, 10:17 PM
Last Post: Hellsing
  Using browsers cache to get passwords enmafia2 9 10,112 09-05-2018, 10:56 AM
Last Post: TheD0ctor
  catching private information from anyone using my wifi miker2808 5 6,371 02-05-2018, 12:34 PM
Last Post: hACkABUS