inurl:9443/vsphere-client

Find VMware vSphere Web Client login portals

inurl:9443/vsphere-client

About VMware vSphere Web Client

The VMware vSphere Web Client is the Web-based application that connects users to the vCenter Server to manage installations and handle inventory objects in a vSphere environment.

inurl:index.php?app=main intitle:sms

Find login portals to playSMS webapp

inurl:index.php?app=main intitle:sms

About playSMS

playSMS is a free and open source SMS management software.

A flexible Web-based mobile portal system that it can be made to fit to various services such as an SMS gateway, bulk SMS provider, personal messaging system, corporate and group communication tools.

default password admin:admin

intitle:Mass Revslider Exl0it1ng

Find websites exploiting the Revslider plugin vulnerability :

intitle:Mass Revslider Exl0it1ng
intext:Mass Revslider Plugin Exl0it1ng
intext:IP Scanner Exploiter Find DB Panel Exploit Dorks Domains 2 IP

Find wordpress websites with the revslider plugin installed :

inurl:wp-content/plugins/revslider/
inurl:revslider
inurl:revslider_admin.php
inurl:revslider_front.php
inurl:plugins/revslider/
intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"

About the Revslider vulnerabilities :

CVE-2015-5151 : Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.

CVE-2014-9735 : The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to upload and execute arbitrary files via an update_plugin action; delete arbitrary sliders via a delete_slider action; and create, update, import, or export arbitrary sliders via unspecified vectors.

CVE-2014-9734 : Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a leak in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

intitle:webcam 7 inurl:8080 -intext:8080

Dorking to find webcams servers.

intitle:webcam 7 inurl:8080 -intext:8080

Webcam 7. Webcams and ip cameras server for windows

Webcam 7 is a brand new product based on webcamXP. The user interface is the same but it offers more interesting improvements such as: flash video streaming MPEG-4/RTSP IP cameras, audio support in MJPEG. The program is available in beta version and you can install it even if webcamXP has been already installed on your computer. The audio and video of some IP cameras are retrieved by DirectShow RTSP filter. Webcam 7 is developed by Moonware Studios and it is a freeware.

inurl:intranet -intext:intranet

Access to intranet pages :

inurl:intranet -intext:intranet

What is an intranet ?

An intranet is a computer network that uses Internet Protocol technology to share information, operational systems, or computing services within an organization. This term is used in contrast to extranet, a network between organizations, and instead refers to a network within an organization.

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

Find shells inserted using the revslider vulnerability :

intitle:"Shell I" inurl:revslider inurl:error.php inurl:cmd

inurl:.DS_Store intitle:index.of

Sensitives directories :

inurl:.DS_Store intitle:index.of
inurl:.DS_Store intitle:index of

.DS_Store is the name of a file in the Apple OS X operating system for storing custom attributes of a folder such as the position of icons or the choice of a background image. The name is an abbreviation of Desktop Services Store, reflecting its purpose. It is created and maintained by the Finder application in every folder, and has functions similar to the file desktop.ini in Microsoft Windows. Starting with a full stop (period) character, it is hidden in Finder and many Unix utilities. Its internal structure is proprietary.

inurl:webgps intitle:"GPS Monitoring System"

GPS Monitoring System Login Portal :

inurl:webgps intitle:"GPS Monitoring System"

inurl:etc -intext:etc ext:passwd

Files containing passwords :

inurl:etc -intext:etc ext:passwd

inurl:5000/webman/index.cgi

Synology NAS login :

inurl:5000/webman/index.cgi

inurl:logon.html "CSCOE"

Logins portals for Cisco ASA Clientless Webvpn :

inurl:logon.html "CSCOE"

inurl:mikrotik filetype:backup

inurl:mikrotik filetype:backup

filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www

filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www

find /WEB-INF/ directory

intext:admin & inurl:gov -github & filetype:sql

intext:admin & inurl:gov -github & filetype:sql

Find SQL backup from .GOV websites related to the word "admin"

filetype:sql & inurl:gov -github

filetype:sql & inurl:gov -github

Find SQL backup from .GOV websites, remove the Github entry...

inurl:"/webcm?getpage="

inurl:"/webcm?getpage="

Actiontec (and often Qwest) branded routers' login pages

intitle:not accepted inurl:"union+select" inurl:"id?="

intitle:not accepted inurl:"union+select" inurl:"id?="

IDS and Mod security

inurl:"/public.php?service=files"

inurl:"/public.php?service=files"

Shared files from ownCloud

intext:"Hikvision" inurl:"login.asp"

intext:"Hikvision" inurl:"login.asp"

Hikvision IP Camera login page

intitle:not accepted inurl:"union+select" inurl:"id?="

intitle:not accepted inurl:"union+select" inurl:"id?="