风飞扬  梦起航

风飞扬个人博客——专注Java

呵呵呵

intitle:"index of" pwd.db                      直接搜索其对方的ftp或者root的密码
"# -FrontPage-" inurl:service.pwd              FrontPage的密码,不过需要L0pht或者john配合破解密码
intitle:"index of" htpasswd                      一些/下的密码相关的 文件 
"access denied for user" "using password"    配合sql注射可以暴对方路径。
intitle:"index of" inurl:ftp (pub | incoming) 配合pub公布的内容,可以查看其系统版本和网段
Error 404    asp?= 1  / 0                搜索sql注射的,找韩国kr和瑞典se的肉鸡,多是sa权限注射
intilte:"error occurred" ODBC request Where (select|insert)    找sql注射的,和肉鸡的------------推荐
"ORA-00921: unexpected end of SQL command"
"A syntax error has occurred" filetype:ihtml
"You have an error in your SQL syntax near"
ext:asp  inurlmessages|details|login|default|register|admin)    -site:xxxxxxxxxxx.com  查找登陆入口
site:.com    filetype:asp    intitle:"tank" -inurl:product 找目标
---------------------------------------------------------------------------------------
site:.mil  filetype:doc classified          可以加日期的,比如:filetypeDF site:mil 2005-2006
      com            mdb  可以为灵活运用,比如坦克的单词,飞机的单词
      gov            pdf        敏感域名isr.hqda.pentagon.mil 
      org            ppt
---------------------------------------------------------------------------------------- 
intitle:upload inurl:upload intext:upload -forum -shop -support -wc 
intitle: private, protected, secret, secure, winnt      
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu  
"Certificate Practice Statement" inurlPDF | DOC) mil 
filetype:mdb inurl:.mdb    mil
filetype:log inurl:"password.log"
filetype:bak inurl:"htaccess|passwd|shadow|htusers" 
filetype:ini inurl:"serv-u.ini" 
filetype:ini inurl:flashFXP.ini 
filetype:ini ServUDaemon 
filetype:ini wcx_ftp 
filetype:ini ws_ftp pwd
filetype:pem intext:private  搜索加密密匙
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"    找肉鸡,看admin密码
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS    
filetype:url +inurl:"ftp://" +inurl:";@"      此技巧最好分开使用 
intitle:"index of" intext:connect.inc 
intitle:"index of" intext:globals.inc 
intitle:"Index of" passwords modified    推荐  
intitle:"index of" intext:welcome      如有pub和etc一般都有welcome
intitle:Index.of etc shadow 
site:.gov filetype:sql 
"HTTP_FROM=googlebot" googlebot.com "Server_Software="      好的很啊
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject    site:edu 2005
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To" 
inurl:forward filetype:forward -cvs    找密码和ftp最好的技巧
top secret site:mil 
confidential site:mil 
inurl:
private 
protected 
secret 
secure 
--------------------------------------------------------------------
filetype:xls username password email
"config.php"
service filetype:pwd (frontpage)
inurl:_vti_cnf (frontpage files)
allinurl:/msadc/samples/selector/showcode.asp
allinurl:/examples/jsp/snp/snoop.jsp
ipsec filetype:conf
"mydomain.com" nessus report
"report generated by" 
"ws_ftp.log" 
inurl:server-info "Apache Server Information"
inurl:ssl.conf filetype:conf 
ipsec.conf 
Lotus Domino address books            用户数据库,重要
robots.txt        看目录
filetype:url +inurl:"ftp://"  +inurl:"@"
          
filetype:cnf inurl:_vti_pvt access.cnf
allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"    推荐
"access denied for user" "using password"      mysql暴错,暴出路径
intitleogin intext:"RT is ? Copyright"      找登陆页子
intitle:index.of WEB-INF              目录
intitle:"Index of" config.php
"Index of /admin" + passwd 
inurl:passwd.txt wwwboard|webadmin 
master.passwd
filetype:cfg mrtg "target
" -sample -cvs -example    看MRTG的配置的
ext:ini Version=... password 
filetype:cfm "cfapplication name" password 
filetype:config config intext:appSettings "User ID" 
filetype:dat "password.dat" 
filetype:inc dbconn    推荐
"#mysql dump" filetype:sql 
"allow_call_time_pass_reference" "ATH_INFO" 
filetype:inc intext:mysql_connect 
filetype:inc mysql_connect or mysql_pconnect 
filetype:mdb inurl:users.mdb 
filetype:pass pass intext:userid 
filetype:properties inurl:db intext:password ]
filetype:sql ("values * MD" | "values * password" | "values * encrypt") 
filetype:sql ("passwd values" | "password values" | "pass values" ) 
filetype:sql +"IDENTIFIED BY" -cvs 
filetype:sql password 
filetype:xls username password email    mil
htpasswd 
htpasswd / htgroup 
htpasswd / htpasswd.bak 
inurljspdemos private protected secret secure 
intitle:dupics inurladd.asp | default.asp | view.asp | voting.asp) -site:duware.com
inurl:config.php dbuname dbpass    phpnuke的漏洞
"Welcome to phpMyAdmin" " Create new database" 
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"    跟踪
"phpMyAdmin" "running on" inurl:"main.php"  
"robots.txt" "Disallow:" filetype:txt    可以查看漏洞
ext:reg "username=*" putty
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp
ext:log "Software: Microsoft Internet Information Services *.*"
filetype:asp DBQ=" * Server.MapPath("*.mdb") 
filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net    泄露源代码
haccess.ctl (one way) 
haccess.ctl (VERY reliable) 
intext:gmail invite intext:http://gmail.google.com/gmail/a
-------------------------------------------------------------------------------------
intitle:"Index of" upload size parent directory 
intitle:"System Statistics" +"System and Network Information Center"
intitle:"wbem" compaq login "Compaq Information Technologies Group" 
intitle:index.of "Apache" "server at" 
intitle:index.of cleanup.log 
intitle:index.of dead.letter 
intitle:index.of inbox 
intitle:index.of inbox dbx 
"intitle:Index.Of /" stats  cgi-* etc
intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat      mil
intitle:"Index of *" inurl:"my shared folder" size modified  
intitle:"index of" "parent directory" "desktop.ini" site:gov      NASA
"Index of /backup"
intitle:"Index of /" modified php.exe 
intitle:"index of" -inurl:htm -inurl:html mp 
intitle:"Index of" cfide 
intitle:"index of" intext:"content.ie" 
intitle:"index.of.personal" 
intitle:"webadmin - /*" filetype:php directory filename permission 
intitle:index.of (inurl:fileadmin | intitle:fileadmin) 
intitle:index.of /AlbumArt_ 
intitle:index.of /maildir/new/ 
intitle:index.of abyss.conf 
intitle:intranet inurl:intranet +intext:"human resources" 
inurl:/tmp 
filetype:pl -intext:"/usr/bin/perl" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)   
inurl:explorer.cfm inurl:(dirpath|This_Directory) 
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"AutoCreate=TRUE password=*" 
"index of cgi-bin" 
+htpasswd +WS_FTP.LOG filetype:log 
filetype:cfg ks intext:rootpw -sample -test -howto    gov
config.inc.php                          偶自己发现地
site:mil admin grades 
inurl:backup filetype:mdb 
inurl:perl/printenv 
inurldbc.ini ext:ini -cvs 
"Index Of /network" "last modified" 
filetype:mbx mbx intext:Subject      查看 新闻组
inurl:forward filetype:forward -cvs    找linux向导
inurl:php.ini filetype:ini 
filetype:inc inc intext:setcookie 
inurl:"CgiStart?page=" 
"Enter ip" inurl:"php-ping.php"
mail filetype:csv -site:gov intext:name 
MySQL tabledata dumps 
OWA Public Folders (direct view)
phpinfo() 
private key files (.csr) 
private key files (.key) 
"Windows XP Professional" 94FBR  
site:edu admin grades
site:mil admin grades 
SQL data dumps 
Squid cache server reports
inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx        Windows2003登陆
"Index of" rar r nfo Modified
filetype:ini Desktop.ini intext:mydocs.dll
filetype:php inurl:"viewfile" -"index.php" -"idfil 
filetype:wsdl wsdl    关于xml的聚合
intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"  edu
inurl:" WWWADMIN.PL" intitle:"wwwadmin"
inurl:robpoll.cgi filetype:cgi

posted on 2016-11-30 20:24 风飞扬(windfly) 阅读(189) 评论(0)  编辑  收藏 所属分类: 网络安全与测试

公告



网名:风飞扬

英文名:windfly

博客:windfly.blogjava.net

个人简介:不讲究 , 不将就

导航

最新评论

风飞扬
  • 首页
  • 未命名
  • 笔记
  • 未命名
  • 笔记
  • 未命名
  • 音乐