GOOGLE HACKING

1. Google Hacking 
2. allintitle:Brains, Corp. camera 
3. allintitle:"index of/admin"
4. allintitle:"index of/root"
5. allintitle:restricted filetype:doc site:gov
6. allintitle:restricted filetype :mail
7. allintitle:sensitive filetype:doc
8. allinurl:/bash_history
9. allinurl:winnt/system32/ (get cmd.exe)
10. ext:ini eudora.ini
11. ext:pwd inurl:(service|authors|administrators |users) "# -FrontPage-" 
12. filetype:bak inurl:"htaccess|passwd|shadow|htusers"
13. filetype:conf slapd.conf
14. filetype:ctt "msn"
15. filetype:mdb inurl:"account|users|admin|administrators|passwd|password"
16. filetype:mdb inurl:users.mdb
17. filetype:QDF QDF
18. filetype:pdf "Host Vulnerability Summary Report" "Assessment Report"
19. filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )
20. filetype:xls inurl:"email.xls"
21. filetype:user eggdrop user
22. "Index of /admin"
23. "Index of /" +.htaccess
24. "Index of /mail"
25. "Index of /" "Parent Directory" "WS_FTP.ini" filetype:ini
26. "Index of /" +passwd
27. "Index of /password"
28. "Index of /" +password.txt
29. intext:"BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board"
30. intext:centreware inurl:status
31. intext:"MOBOTIX M1"
32. intext:"MOBOTIX M10"
33. intext:"Open Menu"
34. intext:"powered by Web Wiz Journal"
35. intext:"Tobias Oetiker" "traffic analysis"
36.  
37. intitle:index.of "Apache/1.3.28 Server at"
38. intitle:index.of "Apache/2.0 Server at"
39. intitle:index.of "Apache/* Server at"
40. intitle:index.of "HP Apache-based Web Server/*"
41. intitle:index.of "IBM _ HTTP _ Server/* * Server at"
42. intitle:index.of "Microsoft-IIS/4.0 Server at"
43. intitle:index.of "Microsoft-IIS/5.0 Server at"
44. intitle:index.of "Microsoft-IIS/6.0 Server at"
45. intitle:index.of "Microsoft-IIS/* Server at"
46. intitle:index.of "Netscape/* Server at"
47. intitle:index.of "Oracle HTTP Server/* Server at"
48. intitle:index.of "Red Hat Secure/*" 
49. intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
50. intitle:"Welcome to IIS 4.0!"
51. intitle:"Welcome to Windows 2000 Internet Services"
52. intitle:"Welcome to Windows XP Server Internet Services"
53. intitle:"Welcome to Your New Home Page!"
54. intitle:"Test Page for Apache Installation" "It worked!" "this Web site!"
55. intitle:"Test Page for Apache Installation" "Seeing this instead"
56. intitle:"Test Page for Apache Installation" "You are free"
57. intitle:"Test Page for the Apache Http Server on Fedora Core"
58. intitle:"Test Page for the Apache Web Server on RedHat Linux"
59. intitle:"Test Page for the SSL/TLS-aware Apache Installation" "Hey, it worked!" 
60. intitle:"index of" .bash_history
61. intitle:"index of" etc/shadow
62. intitle:"index.of" finances.xls
63. intitle:"index of" htpasswd
64. intitle:"Index Of" inurl:maillog
65. intitle:"index of" master.passwd
66. intitle:"index of" members OR accounts
67. intitle:"index.of" mystuff.xml
68. intitle:"index of" passwd
69. intitle:"index of" people.lst
70. intitle:"index of" pwd.db
71. intitle:"Index of" pwd.db
72. intitle:"Index of" .sh_history
73. intitle:"index of" spwd
74. intitle:"index.of" trillian.ini
75. intitle:"index of" user_carts OR user_cart
76. intitle:"active webcam page"
77. intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"
78. intitle:"curriculum vitae" "phone * * *" "address *"
79. intitle:"Dell Laser Printer" ews
80. intitle:"EvoCam" inurl:"webcam.html"
81. intitle:liveapplet inurl:LvAppl
82. intitle:"Multimon UPS status page"
83. intitle:"my webcamXP server!" inurl:":8080"
84. intitle:"statistics of" "advanced web statistics"
85. intitle:"System Statistics" +"System and Network Information Center"
86. intitle:"Terminal Services Web Connection"
87. intitle:"Usage Statistics for" "Generated by Webalizer"
88. intitle:"VNC Desktop" inurl:5800
89. intitle:"Web Server Statistics for ****"
90. inurl:admin filetype:db
91. inurl:admin inurl:backup intitle:index.of
92. inurl:"auth_user_file.txt"
93. inurl:"/axs/ax-admin.pl" -script
94. inurl:"/cricket/grapher.cgi"
95. inurl:hp/device/this.LCDispatcher
96. inurl:iisadmin
97. inurl:indexFrame.shtml Axis
98. inurl:"main.php" "phpMyAdmin" "running on"
99. inurl:passwd filetype:txt
100. inurl:"printer/main.html" intext:"settings"
101. inurl:server-info "Apache Server Information"
102. inurl:"ViewerFrame?Mode="
103. inurl:"wvdial.conf" intext:"password"
104. inurl:"wwwroot/*."
105. site:gov confidential
106. site:mil confidential
107. site:mil "top secret"
108. "Copyright (c) Tektronix, Inc." "printer status"
109. "Host Vulnerability Summary Report"
110. "http://*:*@www"
111. "Network Vulnerability Assessment Report"
112. "not for distribution"
113. "Output produced by SysWatch *"
114. "These statistics were produced by getstats"
115. "This file was generated by Nessus"
116. "This report was generated by WebLog"
117. "This summary was generated by wwwstat"
118. "Generated by phpSystem"
119. "Host Vulnerability Summary Report"
120.  "my webcamXP server!"
121.  sample/LvAppl/
122. "TOSHIBA Network Camera - User Login"
123. /home/homeJ.html
124. /ViewerFrame?Mode=Motion
125. This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search
126.  
127. These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty
128.  
129. These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22
130.  
131. This file contains port number, version number and path info to MySQL server. http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config
132.  
133. This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file. http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf
134.  
135. These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target. http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22
136.  
137. This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases. http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager
138.  
139.  
140.  
141.  
142. Footprinting Websites and Information Gathering Resources
143.  
144. A hacker or pen tester  may also do a Google search or a site search to locate information about employees. Some sites useful to find more information about an organization and its employees include:
145.  
146. www.trula.com - real estate
147.  
148. www.zillow.com - real estate
149.  
150. www.netronline.com - real estate
151.  
152. www.whosarat.com - informants
153.  
154. www.zabaseach.com - name, address, location info
155.  
156. www.zoominfo.com - person & company data
157.  
158. www.vitalrec.com - people info
159.  
160. www.pipl.com - people search
161.  
162. www.skipease.com/blog/ - people search
163.  
164. www.pretrieve.com - people search
165.  
166. www.publicdata.com - people search
167.  
168. www.urapi.com - people search
169.  
170. https://addons.mozilla.org/en-US/firefox/addon/1912 (who is this person)
171.  
172. www.nndb.com – people activity tracker
173.  
174. www.willyancey.com/finding.htm  online info
175.  
176. www.courthousedirect.com  - property records
177.  
178. www.turboscout.com - multisearch engine tool
179.  
180. www.theultimates.com - phone number lookup
181.  
182. http://skipease.whitepages.com/reverse_address - address lookup
183.  
184. www.thevault.com - company search / profile
185.  
186. www.blogsearchengine.com - search blogs for info or person
187.  
188. www.ccrs.info - China based company search /profile
189.  
190. www.hoovers.com - company search / profile
191.  
192. www.lexisnexis.com - company search / profile
193.  
194. www.topix.net - region specific news articles
195.  
196. www.pacer.uscourts.gov/natsuit.html - Court records
197.  
198. www.oihweb.com - online investigation techniques
199.  
200. www.linkedin.com - business person's network
201.  
202.  
203. Footprinting Links
204.  
205. Google Hacking Database
206. A search that finds password hashes
207. Nessus Reports from Google
208. More Passwords from Google
209. Google Hacks Volume III by Halla
210. G-Zapper Blocks the Google Cookie to Search Anonymously
211. SiteDigger 2.0 searches Google’s cache to look for vulnerabilities
212. BeTheBot - View Pages as the Googlebot Sees Them
213. An experts-exchange page to demonstrate the Googlebot
214. HTTP Header Viewer
215. Masquerading Your Browser
216. User Agent Switcher :: Firefox Add-ons
217. Modify Headers :: Firefox Add-ons
218. User Agent Sniffer for Project 1
219. GNU Wget - Tool to Mirror Websites
220. Teleport Pro - Tool to Mirror Websites
221. Google Earth
222. Finding Subdomains (Zone Transfers)
223. Dakota Judge rules that Zone Transfers are Hacking
224. Internet Archive - Wayback Machine
225. Wikto - Web Server Assessment Tool - With Google Hacking
226. VeriSign Whois Search from VeriSign, Inc.
227. whois.com
228. ARIN: WHOIS Database Search
229. Border Gateway Protocol (BGP) and AS Numbers
230. Internic | Whois - the only one that finds hackthissite.org
231. Teenager admits eBay domain hijack
232. NeoTrace
233. VisualRoute traceroute: connection test, trace IP address, IP trace, IP address locations

Tweet