Google Tips - Find Anything!

inurl:index.of.password
Directory listing contains password file(s)?
intitle:”Index of” service.pwd
Directory listing contains service.pwd file(s)
intitle:”Index of” view-source
Directory listing contains view-source file(s)
intitle:”Index of” admin
Direcory listing contains administrative files or directories
intitle:”Index of” .htpasswd
Directory listing contains .htpasswd file!
intitle:”Index of” log.txt
Directory listing contians log text files
intitle:”Index of” stats.html
Directory listing contains stats.html which may contain useful web server statistics
“access denied for user” “using password”
Web page contains error message which might provide useful application information
“A syntax error has occurred” filetype:ihtml
Web page contains error message which might provide useful application information
“ORA-00921: unexpected end of SQL command”
Web page contains error message which might provide useful application information
inurl:passlist.txt
The passlist.txt file may contain user passwords
“Index of /backup”
Directory may contain sensitive backup files
intitle:”Index of” .bash_history
Directory listing contains bash history information
intitle:”Index of” index.html.bak
Directory listing contains backup index file (index.html.bak)
intitle:”Index of” index.php.bak
Directory listing contains backup index file (index.html.bak)
intitle:”Index of” guestbook.cgi
Directory listing contains backup index file (index.html.bak)
intitle”Test Page for Apache”
Default test page for Apache
intitle:index.of.etc
Directory listing of /etc ?
filetype:xls username password
XLS spreadseet containing usernames and passwords?
“This file was generated by Nessus”
Nessus report!
intitle:”Index of” secring.bak
Secret key file
intitle:”Terminal Services Web Connection”
Access terminal services!
intitle:”Remote Desktop Web Connection”
Access Remote Desktop!
intitle:”Index of” access_log
Directory listing contains access_log file which may store sensitive information
intitle:”Index of” finance.xls
Directory listing contains finance.xls which may contain sensitive information
intitle:”Usage Statistics for”
Statistical information may contain sensitive data
intitle:”Index of” WSFTP.LOG
WSFTP.LOG file contains information about FTP transactions
intitle:”Index of” ws_ftp.ini
The ws_ftp.ini file may contain usernames and passwords of FTP users
“not for distribution” confidential
URL may contain confidential or sensitive information
“phpMyAdmin” “running on” inurl:”main.php”
phpMyAdmin allows remote mysql database administration
“#mysql dump” filetype:sql
mysql database dumps

inurl:php.ini filetype:ini
The php.ini file may contain sensitive PHP environment details.
BEGIN (CERTIFICATE|DSA|RSA) filetype:key
Private key(s)!
BEGIN (CERTIFICATE|DSA|RSA) filetype:csr
Private key(s)!
BEGIN (CERTIFICATE|DSA|RSA) filetype:crt
Private key(s)!
intitle:”Index of” passwd passwd.bak
passwd file!
intitle:”Index of” master.passwd
master.passwd file!
intitle:”Index of” pwd.db
pwd.db file may contain password information
intitle:”Index of..etc” passwd
passwd file!
filetype:cfg ks intext:rootpw -sample -test -howto
This file may contain the root password (encrypted)
intitle:”index.of.personal”
Directory may contain sensitive information
intitle:”Index of” login.jsp
The login.jsp file may contain database username or password information
intitle:”Index of” logfile
Directory may contain sensitive log files
filetype:php inurl:”viewfile” -”index.php” -”idfil
File may contain PHP source code
allinurl:intranet admin

“index of/root”
“auth_user_file.txt”
“index of/root”
“Index of /admin”
“Index of /password”
“Index of /mail”
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: “index of/admin”
allintitle: “index of/root”
allintitle: sensitive filetype oc
allintitle: restricted filetype :mail
allintitle: restricted filetype oc site:gov
allinurl: winnt/systpem32/
intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
intitle:”index of” members OR accounts
intitle:”index of” user_carts OR user_cart

INTITLE - search for string in title
intitle:”michael moore”

ALLINTITLE - search strings in title
allintitle:”michael moore” films

INURL - search for string in the url
inurl:”michael moore”

INTEXT - search for the string in the site body
intext:”angry white men”

SITE - search specific domains
“virus” site:infosec.navy.mil

LINK - locate sites linking to the site entered
link:www.pogo.com

CACHE - search google site cache
cache:www.whitehouse.gov

DATERANGE - search within a date range (julian)
“michael moore” daterange:2452389-2452389

FILETYPE - locate files (don’t list any html pages, just the files)
“economic disaster” filetype:pdf -filetype:htm -filetype:html

RELATED - locate pages that are related (similar)
related:www.usatoday.com

INFO - locates links about site
info:www.2600.com

PHONEBOOK - locates phone numbers
phonebook:”fred stanley”

STOCKS - stock info
stocks:msft

BOOLEAN LOGIC

- “AND”, “I”, “a”, “The”, and “Of” are ignored
- a pipe “|” is treated as “OR”
- a minus symbol “-” eliminates the string from results
- wildcard “*” can be used on words, not characters
(”three * mice” = “three blind mice”)
- 10 word limit. Use wildcards like “do as * say not as * do”

Triggers and Switches

- ! = Initializes the “I’m Feeling Lucky” search option
intitle:”Directory of” sexually transmitted diseases -inurl:book -inurl:products

- ?? = searches the google directory
?? “michael moore”

- , = searches usenet database (google groups)
, group:sci.med* hiv

/images = searches google images
intitle:cheerleaders -filetype:htm -filetype:html /images

/news = searches google news
intitle:”saddam hussein” /news

/since = days ago
“george bush” /since:365

Google URLs

The query “three blind mice” returns
http://www.google.com/search?num=100&hl=en&q=%22three+blind+mice%22&as_qdr=m6&safe=off

query = q=%22three+blind+mice%22&as_qdr=m6&safe=off
num = number of results (1-100)
as_qdr=mx =specifies age of site (x= amount of months)
safe=off =content filter (on or off)

The Good Stuff

1. Vulnerable Servers (Mic*ft Based)

http://www.google.com/search?num=100&hl=en&safe=off&q=intitle%3A%22index+of+%2F%22+%22parent+directory%22+intitle%3A%22mp3%22+-filetype%3Ahtm+-filetype%3Ahtml

Runs this Query
intitle:”index of /” “parent directory” intitle:”mp3″ -filetype:htm -filetype:html

DESCRIPTION : searches for misconfigured web-servers with an open “/” root path and a folder named MP3s

2. Vulnerable Apache Servers (UNIX Based)

http://www.google.com/search?num=100&hl=en%safe=off&q=%2B%22index+%2Bof%2Fmp3%22+%2Bbeatles

Runs this Query
+”index +of/mp3″ +beatles

DESCRIPTION : searches for misconfigured paths containing mp3s

3. Password Snatching

http://www.google.com/search?hl=en&as_qdr=all&q=%22http%3A%2F%2Fbob%3Abob%40www%22&btnG=Google+Search

Runs this Query
“http://bob:bob@www” or “http://12345:54321@www”

DESCRIPTION : Searches for password files people save on their hard drives

4. Locate specific site info and passes

http://www.google.com/search?hl=en&q=%22http%3A%2F%2F%2A%3A%2A%40www%22+teenagepanties&btnG=Google+Search

Runs this Query
“http://*:*@www” teenagepanties

5. Warez locator Queries

http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3A%22index+of+%2F%22+%22parent+directory%22+%2B%22%2A.nfo%22+%2B%22%2A.rar%22+%2B%22%2A.r05%22+%2B%22%2A.r10%22+-filetype%3Ahtm+-filetype%3Ahtml&btnG=Google+Search

Runs this Query
intitle:”index of /” “parent directory” +”*.nfo” +”*.rar” +”*.r05″ +”*.r10″ -filetype:htm -filetype:html

intitle:”paris hilton”+”index of ” +”parent directory” +”mpg” -filetype:htm -filetype:html