• Skip to main content
  • Skip to footer
  • Google Dorks
  • Shodan Queries
  • Malware Sources
  • Privacy Policy

PenTestIT

Your source for all things Information Security!

You are here: Home / Google Dorks

Google Dorks

Continuing what was left the last time around. This is a list of Google Dorks that you will find helpful in your activities. Now, there may be some that I have found online and added them here as I found them useful. If you posted it somewhere else and want me to remove it, let me know.

I also maintain an interesting page that deals with Shodan Queries. Feel free to check it out.

Google Dorks
Google Dorks!
  • allintext: “Pixie Powered”
  • “script_filename” “HTTP Headers Information” “allow_url_fopen” ext:php
  • intitle:”Index of” “/ .WNCRY”
  • inurl:/help/readme.nsf intitle:”release notes” intitle:domino
  • “Apache Server Status for” “Server Version” -“How to” -Guide -Tuning
  • inurl:”/web.config” ext:config
  • inurl:logs/gravityforms
  • “not for public release” filetype:pdf
  • “pcANYWHERE EXPRESS Java Client”
  • wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
  • filetype:pem “PRIVATE KEY”
  • inurl:/t/ (portal OR intranet OR login)
  • intitle:”index of” “places.sqlite” “key3.db” -mozilla.org
  • inurl:”?db_backup” | inurl:”dbbackup” -site:http://github.com  “sql.gz” | “sql.tgz” | “sql.tar” | “sql.7z”
  • inurl:.php? intext:CHARACTER_SETS,COLLATIONS intitle:”phpmyadmin”
  • intitle:”=[ 1n73ct10n privat shell ]=”
  • filetype:rdp password
  • filetype:sh inurl:cgi-bin
  • allinurl:index.php?db=information_schema
  • inurl:index.rb
  • ext:json OR inurl:format=json
  • inurl:”server-status” intitle:”Apache Status” intext:”Apache Server Status for”
  • inurl:”.s3.amazonaws.com/”
  • site:http://s3.amazonaws.com  intitle:index.of.bucket
  • site:http://blob.core.windows.net 
  • site:* inurl:/user/register
  • intext:”There isn’t a Github Pages site here”
  • intitle:”Site not found · GitHub Pages”
  • inurl:%26 inurl:%3D
  • inurl:& inurl:%3D
  • intitle:”Dashboard [Hudson]”
  • intitle:”Dashboard [Jenkins]” intext:”Manage Jenkins”
  • “or greater is required”+”You have no flash plugin installed”
  • site:target.com filetype:”xls | xlsx | doc | docx | ppt | pptx | pdf”
Share this post on:
witteracebookhatsAppufferLinkedin It

Footer

Featured Post

Domi-Owned: A IBM/Lotus Domino Exploitation Tool!

June 29, 2017 By Black

While at work today I had to deal with a Lotus Domino web application installation that I knew nothing about. This is where I searched a bit and found an open source tool – Domi-Owned. Share this post on: witteracebookhatsAppufferLinkedin It

Recent

  • UPDATE: Empire v3.4.0
  • UPDATE: Merlin v0.9.0
  • UPDATE: Kali Linux 2020.3 Release
  • UPDATE: FudgeC2 0.5.7
  • UPDATE: PoshC2 v6.0

Tags

Adversary Emulation (18) Anchore (9) APT2 (15) Brute Force (15) CALDERA (9) Cross-Site Scripting (8) cuc (11) docker (34) docker scan (10) dockerscan (12) Empire (11) Empire Project (10) Infection Monkey (7) Invoke-Phant0m (8) Kali Linux (25) malware analysis (9) man-in-the-middle (8) Metasploit (32) Microsoft Windows (38) Mimikatz (28) MITRE ATT&CK™ (20) Nmap (34) open source (109) OSINT (14) OSRFramework (17) OWASP (13) OWASP Dependency-Check (14) penetration testing (26) penetration testing toolkit (25) post-exploitation (27) PowerShell (42) python (73) Raspberry Pi (10) RedSnarf (13) Responder (14) Shodan (7) Short Post (10) software composition analysis (13) SQL injection (10) Sysdig Falco (9) vulnerability assessment (21) Web Application Security (20) WiFi (12) Wireshark (11) WordPress (9)

Copyright © 2022 - PenTestIT | Information shared to be used for LEGAL purposes only!