2020 Google Dorking List

2020 Google Dorking List

A 2020 Google Dorking List.

"Index of" inurl:htdocs inurl:xampp
"Index of" inurl:phpmyadmin
"Index of" inurl:webalizer
"index of" "database.sql.zip"
intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql
intext:"class JConfig {" inurl:configuration.php
intitle: "index of" "./" "./bitcoin"
intitle:"Apache2 Ubuntu Default Page: It works"
intitle:"IIS Windows Server" -inurl:"IIS Windows Server"
intitle:"Index of" inurl:wp-json/oembed
intitle:"Index of" phpmyadmin
intitle:"Index of" wp-admin
intitle:"Swagger UI - " + "Show/Hide"
intitle:"index of /" intext:/backup
intitle:"index of" ".cpanel/caches/config/"
intitle:"index of" "/aws.s3/"
intitle:"index of" admin inurl:login.cgi
intitle:"index of" drupal
intitle:"index of" hosts.csv | firewalls.csv | linux.csv | windows.csv
intitle:"index of" unattend.xml
intitle:"qBittorrent Web UI" inurl:8080
intitle:OmniDB intext:"user. pwd. Sign in."
intitle:Test Page for the Nginx HTTP Server on Fedora
intitle:index.of.?.sql
inurl: /filemanager/dialog.php
inurl: admin/login.aspx
inurl:'/scopia/entry/index.jsp'
inurl:/admin/index.php
inurl:/filedown.php?file=
inurl:/index.aspx/login
inurl:/login/index.jsp -site:hertz.*
inurl:/portal/apis/fileExplorer/
inurl:8443 AND -intitle:8443 AND -intext:8443 prohibited|restricted|unauthorized
inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
inurl:_cpanel/forgotpwd
inurl:app/kibana intext:Loading Kibana
inurl:bc.googleusercontent.com intitle:index of
inurl:cgi/login.pl
inurl:office365 AND intitle:"Sign In | Login | Portal"
inurl:zoom.us/j and intext:scheduled for
s3 site:amazonaws.com filetype:log
s3 site:amazonaws.com intext:dhcp filetype:txt inurl:apollo
site:*/auth intitle:login
site:amazonaws.com inurl:login.php
site:com inurl:jboss filetype:log -github.com
site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
site:https://docs.google.com/spreadsheets edit

intext:Welcome to WildFly 10 & intitle:Welcome to WildFly 10 -jboss.org -stackoverflow.com

Find juicy WildFly 10 instances.

INTEXST PARAMETER + INTITLE PARAMETER

intext:Welcome to WildFly 10 & intitle:Welcome to WildFly 10 -jboss.org -stackoverflow.com

Result :

- Find WildFly 10 instances.

intitle:index of / & filetype:sql

Find juicy files on an index

INTITLE PARAMETER + FILETYPE PARAMETER :

intitle:index of / & filetype:sql

Result :

- Listing of SQL files or dumps.
- Filetype can be modified.

intitle:Login to Webmin & intext:Login to Webmin

Find Webmin login forms

INTEXT PARAMETER + INTEXT PARAMETER :

intext:Webmin & intext:You must enter a username and password to login to the server on
intitle:Login to Webmin & intext:Login to Webmin
intitle:Login to Webmin & intext:Login to Webmin & intext:Remember login permanently?

Result :

Many Webmin login forms.

About Webmin :

Webmin is a web-based system configuration tool for Unix-like systems, although recent versions can also be installed and run on Windows. With it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify and control open source apps, such as the Apache HTTP Server, PHP or MySQL. (© Wikipedia)

inurl:.DS_Store intitle:index.of

Find list of files with a .DS_Store file

Google Dorks to find list of files with a .DS_Store file :

inurl:.DS_Store intitle:index.of
intext:.DS_Store & intitle:index -github

About .DS_Store

In the Apple macOS operating system, .DS_Store is a file that stores custom attributes of its containing folder, such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose.

intext:"WebFig Login" & intitle:"RouterOS router configuration page"

Find Mikrotik login panels

intext:"WebFig Login" & intitle:"RouterOS router configuration page"

About Mikrotik

Mikrotīkls SIA, known internationally as MikroTik, is a Latvian manufacturer of computer networking equipment. It sells wireless products and routers.

inurl:.ssh intitle:index.of authorized_keys

Find SSH keys

inurl:.ssh intitle:index.of authorized_keys

Possible result

About SSH

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.

intitle:"Hamdida X_Shell Backd00r"

Find Hamdida X_Shell Backd00r backdoor

intitle:"Hamdida X_Shell Backd00r"

intext:"[#] Hamdida X_Shell Backd00r [#]"

intext:[#] Hamdida X_Shell Backd00r [#]

Hamdida X_Shell Backd00r backdoor screenshot

intext:"Powered by BOMGAR"

Find online Bomgar devices

intext:"Powered by BOMGAR"

intitle:"Remote Support Portal | Powered by BOMGAR"

About Bomgar

Access is Power. Bomgar keeps it Secure.

Connections are powerful. Every day, you rely on connections between people and technology to enable operations, support customers, and drive performance. When connections are efficient and effective, people are empowered and productive. But when the power of those connections is compromised, business grinds to a halt...or worse.

Bomgar's Secure Access solutions allow you to unleash the power of access because your connections are secure.

inurl:meshcms/admin/login.jsp & intitle:login

Find login portal access to MeshCMS

inurl:meshcms/admin/login.jsp & intitle:login

inurl:meshcms/admin/login.jsp

About MeshCMS

MeshCMS is an online editing system written in Java. It provides a set of features usually included in a CMS, but it uses a more traditional approach: pages are stored in regular HTML files and all additional features are file-based, without needing a database.

inurl:backoffice intitle:login

Find login portal access to Backoffice CMS

inurl:backoffice intitle:login

About Backoffice CMS

Backoffice can administer content on any cloud-based installation. For example websites, online software, content on touch-screen info kiosks etc. Once the platform is in place, a variety of modules can be implemented according to your needs - in order to enhance the functionality, behaviour and performance of your website. Modules can be individually adapted in order to work the way you want. Special modules can be developed upon request. Below you find examples of commonly used modules, organised into categories.

intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army

Find uploaded cPanel Finder/Cracker script and find cracked cpanel :

intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army

About cPanel :

cPanel is a Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides capabilities for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.

filetype:asp intitle:" Microsoft Outlook Web Access"

Get access to "Microsoft Outlook Web Access" Panels :

filetype:asp intitle:" Microsoft Outlook Web Access"

About Microsoft Outlook Web Access :

Outlook on the web, previously called Exchange Web Connect, Outlook Web Access, and Outlook Web App in Office 365 and Exchange Server 2013) is a suite of Outlook web apps from Microsoft. It spans across Office 365, Outlook.com, Exchange Server, and Exchange Online. It includes a web-based email client, a calendaring tool, a contact manager, and a task manager. As of November 2015, Microsoft is in process of upgrading Outlook.com to Outlook on the web and the Office 365 infrastructure through the Outlook.com Preview It also includes add-in integrations, Skype on the web, and alerts as well as new themes that span across all the web apps. Ootw is navigated using the App Launcher icon which brings down a list of web apps for the user to choose from.

intitle:Mass Revslider Exl0it1ng

Find websites exploiting the Revslider plugin vulnerability :

intitle:Mass Revslider Exl0it1ng
intext:Mass Revslider Plugin Exl0it1ng
intext:IP Scanner Exploiter Find DB Panel Exploit Dorks Domains 2 IP

Find wordpress websites with the revslider plugin installed :

inurl:wp-content/plugins/revslider/
inurl:revslider
inurl:revslider_admin.php
inurl:revslider_front.php
inurl:plugins/revslider/
intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"

About the Revslider vulnerabilities :

CVE-2015-5151 : Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.

CVE-2014-9735 : The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to upload and execute arbitrary files via an update_plugin action; delete arbitrary sliders via a delete_slider action; and create, update, import, or export arbitrary sliders via unspecified vectors.

CVE-2014-9734 : Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a leak in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

intitle:webcam 7 inurl:8080 -intext:8080

Dorking to find webcams servers.

intitle:webcam 7 inurl:8080 -intext:8080

Webcam 7. Webcams and ip cameras server for windows

Webcam 7 is a brand new product based on webcamXP. The user interface is the same but it offers more interesting improvements such as: flash video streaming MPEG-4/RTSP IP cameras, audio support in MJPEG. The program is available in beta version and you can install it even if webcamXP has been already installed on your computer. The audio and video of some IP cameras are retrieved by DirectShow RTSP filter. Webcam 7 is developed by Moonware Studios and it is a freeware.

intitle: Index of /awstats/data

Awstats Log file's directory can reveal file/directory :

intitle: Index of /awstats/data

What is Awstats ?

AWStats is an open source Web analytics reporting tool, suitable for analyzing data from Internet services such as web, streaming media, mail, and FTP servers. AWStats parses and analyzes server log files, producing HTML reports. Data is visually presented within reports by tables and bar graphs. Static reports can be created through a command line interface, and on-demand reporting is supported through a Web browser CGI program. AWStats supports most major web server log file formats including Apache (NCSA combined/XLF/ELF log format or Common Log Format (CLF)), WebStar, IIS (W3C log format), and many other common web server log formats.

intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED

Link to DDOS SHELL :

intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED

What is a DDOS ?

DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

Find shells inserted using the revslider vulnerability :

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

inurl:.DS_Store intitle:index.of

Sensitives directories :

inurl:.DS_Store intitle:index.of
inurl:.DS_Store intitle:index of

.DS_Store is the name of a file in the Apple OS X operating system for storing custom attributes of a folder such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose. It is created and maintained by the Finder application in every folder, and has functions similar to the file desktop.ini in Microsoft Windows. Starting with a full stop (period) character, it is hidden in Finder and many Unix utilities. Its internal structure is proprietary.

inurl:webgps intitle:"GPS Monitoring System"

GPS Monitoring System Login Portal :

inurl:webgps intitle:"GPS Monitoring System"