Wednesday, December 2, 2015

SQLI Oriented Dorking

1) SQLI Hunter


SQLI Hunter is an automation tool to scan for an Sql Injection vulnerability in a website. It automates the search of sqli vulnerable links from Google using google dorks! SQLI Hunter can also find admin page of any website by using some predefined admin page lists.


2) ICFsqLi CRAWLER


This tool helps u to scan sql injection vulnerablity on 1000s of websites , by just giving the ip of the server .

This is one of the best & worlds fastest mass sqli scanner , coded by INDiAn CyBER FORCE (b47chguru)

Friday, October 30, 2015

inurl:.DS_Store intitle:index.of

Sensitives directories :


inurl:.DS_Store intitle:index.of
inurl:.DS_Store intitle:index of

.DS_Store is the name of a file in the Apple OS X operating system for storing custom attributes of a folder such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose. It is created and maintained by the Finder application in every folder, and has functions similar to the file desktop.ini in Microsoft Windows. Starting with a full stop (period) character, it is hidden in Finder and many Unix utilities. Its internal structure is proprietary.

inurl:webgps intitle:"GPS Monitoring System"

GPS Monitoring System Login Portal :


inurl:webgps intitle:"GPS Monitoring System"

inurl:etc -intext:etc ext:passwd

Files containing passwords :


inurl:etc -intext:etc ext:passwd

Tuesday, June 9, 2015

intext:powered by joomla & filetype:sql -github

Find SQL dumps from Joomla :

intext:powered by joomla & filetype:sql -github

intext:powered by joomla & filetype:sql -github

intext:Black Stealer v2.0 & filetype:txt

Find Black Stealer files :

Juicy passwords...


intext:Black Stealer v2.0 & filetype:txt
intext:Black Stealer & filetype:txt

Monday, June 1, 2015

Best Google Dorking tools

4 Great Google Dorking tools



1) GooDork

https://github.com/k3170makan/GooDork

GooDork is a simple python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. GooDork offers powerfull use of googles search directives, by analyzing results from searches using regular expressions that you supply. So basically the purpose of GooDork is to combined Dorking with Regular expressions


2) BinGoo

https://github.com/Hood3dRob1n/BinGoo

BinGoo is my version of an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities. The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations I made in bash or you can use the SQLMAP and FIMAP wrapper tools I wrote which work much better and with greater accuracy and results. I have also included a few neat features to make life easy, such as Geo dorking based on domain type or domain country codes or shared hosting checker which uses preconfigured Bing search and a dork list to find possible vulns on other sites on same server. I also included a simple admin page finder which simply works based on a provided list and server response codes for confirmation of existance. Together I think it all works as a nice little package!

3) Dork Searcher

http://sourceforge.net/projects/dorksearcher/

Dork Searcher is a small utility that enables you to easily use Google to search for SQLi vulnerable web servers. Saves the results in a text or XML file. Uses the Tor VPN/Proxy client or your own Socks 4a or 5 proxy server for anonymity. Over 350 Google Dorks included. Easily add your own to the list by simply editing a text file.

4) Xcode Scanner

http://sourceforge.net/projects/xcodescanner/

Thursday, May 21, 2015

site:login.*.*

Login Panel :

site:login.*.*

inurl:5000/webman/index.cgi

Synology NAS login :


inurl:5000/webman/index.cgi

inurl:logon.html "CSCOE"

Logins portals for Cisco ASA Clientless Webvpn :


inurl:logon.html "CSCOE"

ext:csv intext:"password"

Extract passwords from csv files :


ext:csv intext:"password"