Thursday, February 8, 2018

inurl:/admin/login.asp & intext:password

Find admin portals


inurl:/admin/login.asp & intext:password

Result :

Monday, December 4, 2017

inurl:composer.json filetype:json

Find juicy composer.json and composer.lock files


inurl:composer.json filetype:json

FOR composer.lock :

inurl:composer.lock filetype:lock

Result :

Sensitive files

About :

The root package is the package defined by the composer.json at the root of your project. It is the main composer.json that defines your project requirements.

(© Getcomposer)

inurl:"zfs://www." "index of /"

Find ZFS directories


inurl:"zfs://www." "index of /"

Result :

Sensitive directories

About :

ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include protection against data corruption, support for high storage capacities, efficient data (© Wikipedia)

Tuesday, September 5, 2017

inurl:login.php & intitle:Admin Login

Find admin login forms


inurl:login.php & intitle:Admin Login
inurl:login.aspx & intitle:Admin Login
inurl:login & intitle:Admin Login

Result :

We obtain many forms.

Tuesday, May 23, 2017

intext:© 2016 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443

Find Plesk panels


intext:© 2016 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2016 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443

Tests with a different year :

intext:© 2017 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2015 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2014 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2013 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2012 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2011 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443
intext:© 2010 Parallels IP Holdings GmbH. All rights reserved. & inurl:8443

Tuesday, February 14, 2017

inurl:.DS_Store intitle:index.of

Find list of files with a .DS_Store file

Google Dorks to find list of files with a .DS_Store file :

inurl:.DS_Store intitle:index.of
intext:.DS_Store & intitle:index -github

About .DS_Store

In the Apple macOS operating system, .DS_Store is a file that stores custom attributes of its containing folder, such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose.

Monday, November 21, 2016

intext:admin login

Find login portals


intext:admin login
intext:admin login & inurl:admin/login.asp
intext:admin login & inurl:admin/login.php
intext:admin login & intitle:Admin Portal
intext:admin login & intitle:Admin Login




find login portals
login portals

Monday, July 25, 2016


Find precious informations with DIGIR


What is DiGIR ?

Distributed Generic Information Retrieval (DiGIR) - developing and testing a protocol for single point access to distributed data sources. Based on HTTP, XML, and UDDI.

What can you find with DIGIR ?

  • phones
  • emails
  • ip
  • titles

Thursday, June 30, 2016

inurl:top.htm inurl:currenttime

Find webcams & devices from D-Link Corporation.

inurl:top.htm inurl:currenttime

inurl:IMAGE.JPG & inurl:cidx inside the Google images section.

About D-Link webcams

If you need to monitor your home while you are away, D-Link’s Cloud Cameras allow you to do just that. Designed to fit seamlessly into your home environment, many of our cameras now come with the industry leading mydlink™ Cloud Services, that provides the most simple way of monitoring what matters to you most, from wherever you are. With night vision and on-board recording available, D-Link’s range of Cloud Cameras now offer you the means to simply watch over your baby while they asleep in the nursery or secure your home while you are on an extended vacation.

Tuesday, June 28, 2016

intitle:"IPCam Client"

Find IPCam Client

intext:"Hikvision" inurl:"login.asp"

inurl:axis.cgi ext:cgi

Find webcams

inurl:axis.cgi ext:cgi


inurl:login inurl:user inurl:pass -intext:pass -intext:user

Find cPanel portals

inurl:login inurl:user inurl:pass -intext:pass -intext:user

About cPanel

Globally Empowering Hosting Providers through Fully Automated Point-And-Click Hosting Platforms by Hosting Centric Professionals

Monday, June 27, 2016

Zixmail inurl:/s/login?

Find login portals

Zixmail inurl:/s/login?

inurl:/s/login? & zixmail

About Zixmail

ZixMail is the desktop email encryption solution that provides individuals with a high level of email security. It's an easy-to-use solution that lets users encrypt and decrypt emails and attachments with a single click. ZixMail features include: Secure and private email messages.


Find Mitel systems





Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and scalable audio and web conferencing solution for small, medium, or large-sized businesses. AWC supports up to 200 audio and web conferencing ports and is the perfect solution for connecting people quickly and simply regardless of their location.

Thursday, June 16, 2016

inurl:.ssh intitle:index.of authorized_keys

Find SSH keys

inurl:.ssh intitle:index.of authorized_keys

Possible result

About SSH

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.

Sunday, April 10, 2016

inurl:meshcms/admin/login.jsp & intitle:login

Find login portal access to MeshCMS

inurl:meshcms/admin/login.jsp & intitle:login


About MeshCMS

MeshCMS is an online editing system written in Java. It provides a set of features usually included in a CMS, but it uses a more traditional approach: pages are stored in regular HTML files and all additional features are file-based, without needing a database.

inurl:backoffice intitle:login

Find login portal access to Backoffice CMS

inurl:backoffice intitle:login

About Backoffice CMS

Backoffice can administer content on any cloud-based installation. For example websites, online software, content on touch-screen info kiosks etc. Once the platform is in place, a variety of modules can be implemented according to your needs - in order to enhance the functionality, behaviour and performance of your website. Modules can be individually adapted in order to work the way you want. Special modules can be developed upon request. Below you find examples of commonly used modules, organised into categories.


Find VMware vSphere Web Client login portals


About VMware vSphere Web Client

The VMware vSphere Web Client is the Web-based application that connects users to the vCenter Server to manage installations and handle inventory objects in a vSphere environment.

inurl:index.php?app=main intitle:sms

Find login portals to playSMS webapp

inurl:index.php?app=main intitle:sms

About playSMS

playSMS is a free and open source SMS management software.

A flexible Web-based mobile portal system that it can be made to fit to various services such as an SMS gateway, bulk SMS provider, personal messaging system, corporate and group communication tools.

default password admin:admin

Friday, March 11, 2016

intitle:Mass Revslider Exl0it1ng

Find websites exploiting the Revslider plugin vulnerability :

intitle:Mass Revslider Exl0it1ng
intext:Mass Revslider Plugin Exl0it1ng
intext:IP Scanner Exploiter Find DB Panel Exploit Dorks Domains 2 IP

Find wordpress websites with the revslider plugin installed :

intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"

About the Revslider vulnerabilities :

CVE-2015-5151 : Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.

CVE-2014-9735 : The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to upload and execute arbitrary files via an update_plugin action; delete arbitrary sliders via a delete_slider action; and create, update, import, or export arbitrary sliders via unspecified vectors.

CVE-2014-9734 : Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a leak in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.