|
|
|
联系客服020-83701501

Google Hacking!

联系在线客服,可以获得免费在线咨询服务。 QQ咨询 我要预约
Google Hacking!

经过google找web后盾的体例
site:url.com 216;搜查这个web上的信息最佳不加www,兴许搜查到不少的2级域名信息,兴许有不小的收获哈

最佳与inurl,intext等联用,成果更佳..

=============================================================================

intext:测试???? 216;搜查文本种采集221;测试221;的网页
intitle: fooltitle???? 216;标题问题
intitle:config confixx login password??? 216;查抄多个关键字
allinurl:url??? 216;搜索xxweb的全数相干系接。(踩点必备)
links:url??? 216;关连链接
allintilte:url
先找找web的计划后盾地点:
site:xxxx.com intext:计划
site:xxxx.com inurl:login
site:xxxx.com intitle:计划
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //失掉N个2级域名
site:xxxx.com intext:*@xxxx.com //失掉N个邮件地点,尚有邮箱的仆役的名字什么的
site:xxxx.com intext:电话 //N个电话
intitle:221;index of221; etc
intitle:221;Index of221; .sh_history
intitle:221;Index of221; .bash_history
intitle:221;index of221; passwd
intitle:221;index of221; people.lst
intitle:221;index of221; pwd.db
intitle:221;index of221; etc/shadow
intitle:221;index of221; spwd
intitle:221;index of221; master.passwd
intitle:221;index of221; htpasswd
220;# -FrontPage-221; inurl:service.pwd
间接搜索暗码:(引号弘扬解析为粗略搜索)
固然咱们兴许再延伸到下面的了局里休止2次搜索
220;index of221; htpasswd / passwd
filetype:xls username password email
220;ws_ftp.log221;
220;config.php221;?????????? 216;兴许看看此外config 兴许间接看conn兴许不兴许暴
allinurl:admin mdb??? 216;兴许换成此外哈,dvbbs7.mdb等等
service filetype:pwd 230;.兴许某个比如pcanywhere的暗码后缀cif等 216;很罕用
越来越有心思了,再来点更缓慢信息
220;robots.txt221; 220;Disallow:221; filetype:txt
inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库1般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:221;documetation221;
inurl: 5800(vnc的端口)兴许desktop port等多个关键字检索
webmin port 10000
inurl:/admin/login.asp
intextowered by GBook365
intitle:221;php shell*221; 220;Enable stderr221; filetype:php 间接搜索到phpwebshell
foo.org filetype:inc
ipsec filetype:conf
intilte:221;error occurred221; ODBC request WHERE (select|insert) 说白了便是说,兴许间接试着查查数据库检索,针对目前风靡的sql注射,会发达哦??? 216;最佳别搞了,1扫进去的但凡雨哥的文章
intitle:221;php shell*221; 220;Enable stderr221; filetype:php
220;Dumping data for table221; username password
intitle:221;Error using Hypernews221;
220;Server Software221;
intitle:221;HTTP_USER_AGENT=Googlebot221;
220;HTTP_USER_ANGET=Googlebot221; THS ADMIN
filetype:.doc site:.mil classified 间接搜索军方关连word

inurl: 用于搜索网页上采集的URL. 这个语法对寻找网页上的搜索,营救之类的颇无效.
intext: 只搜索网页<body>全数中采集的笔墨(也便是忽略了标题问题,URL等的笔墨).
site: 兴许限度你搜索规模的域名.
filetype: 搜索文件的后缀兴许扩展名
intitle: 限度你搜索的网页标题问题.
allintitle: 搜索全数关键字构成标题问题的网页. 但是保举不要利用
link: 兴许失掉1个全数采集了某个指定URL的页面列表. 比方link:www.google.com 便可
intext:计划
filetype:mdb
inurl:file
site:xx.com filetype:txt 查找TXT文件 其它的按序内推
site:xx.com intext:计划
site:xx.com inurl:login
site:xx.com intitle:后盾

搜查任事器利用的程序
site:xx.com filetype:asp
site:xx.com filetype:php
site:xx.com filetype:jsp

搜查上传裂痕:
site:xx.com inurl:file
site:xx.com inurl:load

查找注射点:
site:xx.com filetype:asp
site:tw inurl:asp?id=??? 这个是找台湾的

site:jp inurl:asp?id=??? 这个是找日本的

site:ko inurl:asp?id=???? 这个是找韩国的

按序类推
intitle:旁注- webxxxfiletype:asp
inurl:editor/db/
inurl:eWebEditor/db/
inurl:bbs/data/
inurl:databackup/
inurl:blog/data/
inurl:bokedata
inurl:bbs/database/
inurl:conn.asp
inc/conn.asp

计划进口:
admin
admin_index
admin_admin
index_admin
admin/index
admin/default
admin/manage
admin/login
manage_index
index_manage
superadmin
admin1
admin_login
login_admin
ad_login
ad_manage
count
manager
guanli
denglu
houtai
houtaiguanli
htgl
adminlogin
adminuserlogin
adm_login
chklogin
chkadmin
users
adduser
admin_user
edituser
adminadduser
member
members
editmember
adminmember
addmember
logout
exit
login_out
adminedit
admin_edit
delete
admindelete
admin_delete
up
upload
upfile
backup
config
test
webmaster
root
aadmin
admintab
admin_main
art
article
databases
db
dbase
devel
files
forum
girl
girls
htdocs
idea
ideas
include
includeinc
includes
incoming
install
manual
misc
mrtg
private
program
programming
programs
public
secret
secrets
server_stats
server-info
server-status
set
setting
setup
***
snmp
source
sources
sql
statistics
Stats
telephone
temp
temporary
tool
tools
usage
weblog
weblogs
webstats
work
wstats
wwwlog
wwwstats
wenzhang
admin/login.asp
admin_index.asp
bbs/admin_index.asp
article/admin/admin.asp
admin/aspcheck.asp
inc/config.asp
eWebEditor/admin_login.asp
editor/admin_login.asp
login/login
login/index
login/super
login1
update
count_admin
add_admin
admin_pass
newbbs/login
down/login
bbs/admin/login
main/login
admin/manage.asp
manage/login.asp
user.asp
conn.asp
logout.asp

manager/login
manager/login.asp
manager/admin.asp
login/admin/admin.asp
houtai/admin.asp
guanli/admin.asp
denglu/admin.asp
admin_login/admin.asp
admin_login/login.asp
admin/manage/admin.asp
admin/manage/login.asp
admin/default/admin.asp
admin/default/login.asp
member/admin.asp
member/login.asp
administrator/admin.asp
administrator/login.asp

本文转自某信息安全文档由网络安全攻防钻研室(www.91ri.org)信息安全小组收集整顿,转载请阐明来因!

数安新闻+更多

证书相关+更多