Monday, December 10, 2018

intext:Welcome to WildFly 10 & intitle:Welcome to WildFly 10

Find juicy WildFly 10 instances.


intext:Welcome to WildFly 10 & intitle:Welcome to WildFly 10

Result :

- Find WildFly 10 instances.

Thursday, February 8, 2018

intitle:index of / & filetype:sql

Find juicy files on an index


intitle:index of / & filetype:sql

Result :

- Listing of SQL files or dumps.
- Filetype can be modified.

Saturday, September 30, 2017

intitle:Login to Webmin & intext:Login to Webmin

Find Webmin login forms


intext:Webmin & intext:You must enter a username and password to login to the server on
intitle:Login to Webmin & intext:Login to Webmin
intitle:Login to Webmin & intext:Login to Webmin & intext:Remember login permanently?

Result :

Many Webmin login forms.

About Webmin :

Webmin is a web-based system configuration tool for Unix-like systems, although recent versions can also be installed and run on Windows. With it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify and control open source apps, such as the Apache HTTP Server, PHP or MySQL. (© Wikipedia)

Tuesday, February 14, 2017

inurl:.DS_Store intitle:index.of

Find list of files with a .DS_Store file

Google Dorks to find list of files with a .DS_Store file :

inurl:.DS_Store intitle:index.of
intext:.DS_Store & intitle:index -github

About .DS_Store

In the Apple macOS operating system, .DS_Store is a file that stores custom attributes of its containing folder, such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose.

Tuesday, June 28, 2016

intext:"WebFig Login" & intitle:"RouterOS router configuration page"

Find Mikrotik login panels

intext:"WebFig Login" & intitle:"RouterOS router configuration page"

About Mikrotik

Mikrotīkls SIA, known internationally as MikroTik, is a Latvian manufacturer of computer networking equipment. It sells wireless products and routers.

Thursday, June 16, 2016

inurl:.ssh intitle:index.of authorized_keys

Find SSH keys

inurl:.ssh intitle:index.of authorized_keys

Possible result

About SSH

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.

intitle:"Hamdida X_Shell Backd00r"

Find Hamdida X_Shell Backd00r backdoor

intitle:"Hamdida X_Shell Backd00r"

intext:"[#] Hamdida X_Shell Backd00r [#]"

intext:[#] Hamdida X_Shell Backd00r [#]

Hamdida X_Shell Backd00r backdoor screenshot

Monday, June 6, 2016

intext:"Powered by BOMGAR"

Find online Bomgar devices

intext:"Powered by BOMGAR"

intitle:"Remote Support Portal | Powered by BOMGAR"

About Bomgar

Access is Power. Bomgar keeps it Secure.

Connections are powerful. Every day, you rely on connections between people and technology to enable operations, support customers, and drive performance. When connections are efficient and effective, people are empowered and productive. But when the power of those connections is compromised, business grinds to a halt...or worse.

Bomgar's Secure Access solutions allow you to unleash the power of access because your connections are secure.

Sunday, April 10, 2016

inurl:meshcms/admin/login.jsp & intitle:login

Find login portal access to MeshCMS

inurl:meshcms/admin/login.jsp & intitle:login


About MeshCMS

MeshCMS is an online editing system written in Java. It provides a set of features usually included in a CMS, but it uses a more traditional approach: pages are stored in regular HTML files and all additional features are file-based, without needing a database.

inurl:backoffice intitle:login

Find login portal access to Backoffice CMS

inurl:backoffice intitle:login

About Backoffice CMS

Backoffice can administer content on any cloud-based installation. For example websites, online software, content on touch-screen info kiosks etc. Once the platform is in place, a variety of modules can be implemented according to your needs - in order to enhance the functionality, behaviour and performance of your website. Modules can be individually adapted in order to work the way you want. Special modules can be developed upon request. Below you find examples of commonly used modules, organised into categories.

Thursday, March 31, 2016

intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army

Find uploaded cPanel Finder/Cracker script and find cracked cpanel :

cPanel Found = 0 : Search again...

intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army

About cPanel :

cPanel is a Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides capabilities for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.

filetype:asp intitle:" Microsoft Outlook Web Access"

Get access to "Microsoft Outlook Web Access" Panels :

filetype:asp intitle:" Microsoft Outlook Web Access"

About Microsoft Outlook Web Access :

Outlook on the web, previously called Exchange Web Connect, Outlook Web Access, and Outlook Web App in Office 365 and Exchange Server 2013) is a suite of Outlook web apps from Microsoft. It spans across Office 365,, Exchange Server, and Exchange Online. It includes a web-based email client, a calendaring tool, a contact manager, and a task manager. As of November 2015, Microsoft is in process of upgrading to Outlook on the web and the Office 365 infrastructure through the Preview It also includes add-in integrations, Skype on the web, and alerts as well as new themes that span across all the web apps. Ootw is navigated using the App Launcher icon which brings down a list of web apps for the user to choose from.

Friday, March 11, 2016

intitle:Mass Revslider Exl0it1ng

Find websites exploiting the Revslider plugin vulnerability :

intitle:Mass Revslider Exl0it1ng
intext:Mass Revslider Plugin Exl0it1ng
intext:IP Scanner Exploiter Find DB Panel Exploit Dorks Domains 2 IP

Find wordpress websites with the revslider plugin installed :

intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"

About the Revslider vulnerabilities :

CVE-2015-5151 : Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.

CVE-2014-9735 : The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to upload and execute arbitrary files via an update_plugin action; delete arbitrary sliders via a delete_slider action; and create, update, import, or export arbitrary sliders via unspecified vectors.

CVE-2014-9734 : Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a leak in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

Monday, February 22, 2016

intitle:webcam 7 inurl:8080 -intext:8080

Dorking to find webcams servers.

intitle:webcam 7 inurl:8080 -intext:8080

Webcam 7. Webcams and ip cameras server for windows

Webcam 7 is a brand new product based on webcamXP. The user interface is the same but it offers more interesting improvements such as: flash video streaming MPEG-4/RTSP IP cameras, audio support in MJPEG. The program is available in beta version and you can install it even if webcamXP has been already installed on your computer. The audio and video of some IP cameras are retrieved by DirectShow RTSP filter. Webcam 7 is developed by Moonware Studios and it is a freeware.

Friday, January 15, 2016

intitle: Index of /awstats/data

Awstats Log file's directory can reveal file/directory :

intitle: Index of /awstats/data

What is Awstats ?

AWStats is an open source Web analytics reporting tool, suitable for analyzing data from Internet services such as web, streaming media, mail, and FTP servers. AWStats parses and analyzes server log files, producing HTML reports. Data is visually presented within reports by tables and bar graphs. Static reports can be created through a command line interface, and on-demand reporting is supported through a Web browser CGI program. AWStats supports most major web server log file formats including Apache (NCSA combined/XLF/ELF log format or Common Log Format (CLF)), WebStar, IIS (W3C log format), and many other common web server log formats.


Link to DDOS SHELL :


What is a DDOS ?

DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

Find shells inserted using the revslider vulnerability :

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

Friday, October 30, 2015

inurl:.DS_Store intitle:index.of

Sensitives directories :

inurl:.DS_Store intitle:index.of
inurl:.DS_Store intitle:index of

.DS_Store is the name of a file in the Apple OS X operating system for storing custom attributes of a folder such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose. It is created and maintained by the Finder application in every folder, and has functions similar to the file desktop.ini in Microsoft Windows. Starting with a full stop (period) character, it is hidden in Finder and many Unix utilities. Its internal structure is proprietary.

inurl:webgps intitle:"GPS Monitoring System"

GPS Monitoring System Login Portal :

inurl:webgps intitle:"GPS Monitoring System"

Tuesday, April 21, 2015