Google搜索技巧

站内搜索地址为：
httpwww.google.comcustomdomains=（这里写我们要搜索的站点，比如feelids.com）
进去可以选择www和feelids.com， 当然再选我们要的站内搜索哦！
黑客专用信息和资料搜索地址为：
httpwww.google.comcustomhl=xx-hacker
这里是google关键字的用法，要设置它为中文，则是
httpwww.google.comcustomhl=zh-CN
英文则是httpwww.google.comcustomhl=en

常用的google关键字：
foo1 foo2 (也就是关联，比如搜索xx公司 xx美女)
operatorfoo
filetype123 类型
sitefoo.com 相对直接看网站更有意思，可以得到许多意外的信息
intextfoo
intitle fooltitle 标题哦
allinurlfoo 搜索xx网站的所有相关连接。（踩点必备）
linksfoo 不要说就知道是它的相关链接
allintiltefoo.com

我们可以辅助- +来调整搜索的精确程度

直接搜索密码：(引号表示为精确搜索)
当然我们可以再延伸到上面的结果里进行二次搜索
index of htpasswd  passwd
filetypexls username password email
ws_ftp.log
config.php
allinurladmin mdb
service filetypepwd ....或者某个比如pcanywhere的密码后缀cif等

越来越有意思了，再来点更敏感信息
robots.txt Disallow filetypetxt
inurl_vti_cnf (FrontPage的关键索引啦，扫描器的CGI库一般都有地)
allinurl msadcSamplesselectorshowcode.asp
......passwd
examplesjspsnpsnoop.jsp
phpsysinfo
intitleindex of admin
intitledocumetation
inurl 5800(vnc的端口)或者desktop port等多个关键字检索
webmin port 10000
inurladminlogin.asp
intextPowered by GBook365
intitlephp shell Enable stderr filetypephp 直接搜索到phpwebshell

foo.org filetypeinc

ipsec filetypeconf
intilteerror occurred ODBC request Where (selectinsert) 说白了就是说，可以直接试着查查数据库检索，针对目前流行的sql注射，会发达哦
intitlephp shell Enable stderr filetypephp
Dumping data for table username password
intitleError using Hypernews
Server Software
intitleHTTP_USER_AGENT=Googlebot
HTTP_USER_ANGET=Googlebot THS ADMIN
filetype.doc site.mil classified 直接搜索军方相关word

检查多个关键字：
intitleconfig confixx login password

mydomain.com nessus report
report generated by
ipconfig
winipconfig

google缓存利用（hoho，最有影响力的东西）推荐大家搜索时候多选搜索所有网站
特别推荐：administrator users 等相关的东西，比如名字，生日等……最惨也可以拿来做字典嘛
cachefoo.com

可以查阅类似结果

先找找网站的管理后台地址：
sitexxxx.com intext管理
sitexxxx.com inurllogin
sitexxxx.com intitle管理
sitea2.xxxx.com inurlfile
sitea3.xxxx.com inurlload
sitea2.xxxx.com intextftp
sitea2.xxxx.com filetypeasp
sitexxxx.com 得到N个二级域名
sitexxxx.com intext@xxxx.com 得到N个邮件地址，还有邮箱的主人的名字什么的
sitexxxx.com intext电话 N个电话
intitleindex of etc
intitleIndex of .sh_history
intitleIndex of .bash_history
intitleindex of passwd
intitleindex of people.lst
intitleindex of pwd.db
intitleindex of etcshadow
intitleindex of spwd
intitleindex of master.passwd
intitleindex of htpasswd
# -FrontPage- inurlservice.pwd

allinurlbbs data
filetypemdb inurldatabase
filetypeinc conn
inurldata filetypemdb
intitleindex of data
3) http@www domainname 找一些ISP站点，可以查对方ip的虚拟主机

4) auth_user_file.txt 不实用了，太老了

5) The Master List 寻找邮件列表的

6) intitlewelcome.to.squeezebox 一种特殊的管理系统，默认开放端口90

7) passlist.txt (a better way) 字典

8) A syntax error has occurred filetypeihtml

9) extphp program_listing intitleMythWeb.Program.Listing

10) intitleindex.of abyss.conf

11)extnbe nbe

12)intitleSWW link Please wait.....

14) intitleFreifunk.Net - Status -sitecommando.de

15) intitleWorldClient intext (20032004) Alt-N Technologies.

17) intitleopen-xchange inurllogin.pl

20) intitlesite administration please log in site designed by emarketsouth

21) orA-00921 unexpected end of SQL command

22)intitleYALA Yet Another LDAP Administrator

23)welcome.to phpqladmin Please login -cvsweb

24)intitleSWW link Please wait.....

25)inurlport_255 -htm

27)intitleWorldClient intext (20032004) Alt-N Technologies.

这些是新的一些漏洞技巧，在0days公告公布

extphp program_listing intitleMythWeb.Program.Listing

inurlpreferences.ini [emule]

intitleIndex of CFIDE administrator

access denied for user using password

extphp intextPowered by phpNewMan Version 可以看到：pathtonewsbrowse.phpclang=............fileiwant

inurlbecommunitycommunityindex.phppageurl=

intitleASP FileMan Resend -siteiisworks.com

Enter ip inurlphp-ping.php

extconf inurlrsyncd.conf -cvs -man

intitle private, protected, secret, secure, winnt

intitleDocuShare inurldocusharedsweb -faq -gov -edu
#mysql dump filetypesql

allow_call_time_pass_reference PATH_INFO

Certificate Practice Statement inurl(PDF  DOC)

LeapFTP intitleindex.of. sites.ini modified
master.passwd

mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd  etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetypeurl
spwd.db  passwd
trillian.ini
wwwboard WebAdmin inurlpasswd.txt wwwboardwebadmin

# -FrontPage- extpwd inurl(service  authors  administrators  users) # -FrontPage-

inurlservice.pwd
AutoCreate=TRUE password=
http@www domainname
index of ws_ftp.ini parent directory
liveice configuration file extcfg -sitesourceforge.net
powered by ducalendar -siteduware.com
Powered by Duclassified -siteduware.com
Powered by Duclassified -siteduware.com DUware All Rights reserved
powered by duclassmate -siteduware.com
Powered by Dudirectory -siteduware.com
powered by dudownload -siteduware.com
Powered By Elite Forum Version .
Powered by Link Department
sets mode +k
Powered by DUpaypal -siteduware.com
allinurl admin mdb
auth_user_file.txt
config.php
eggdrop filetypeuser user
etc (index.of)
extini eudora.ini
extini Version=... password
exttxt inurlunattend.txt

filetypebak inurlhtaccesspasswdshadowhtusers

filetypecfg mrtg target

-sample -cvs -example

filetypecfm cfapplication name password

filetypeconf oekakibbs
filetypeconf sc_serv.conf

filetypeconf slapd.conf

filetypeconfig config intextappSettings User ID

filetypedat password.dat

filetypedat wand.dat

filetypeinc dbconn

filetypeinc intextmysql_connect
filetypeinc mysql_connect or mysql_pconnect

filetypeinf sysprep

filetypeini inurlserv-u.ini
filetypeini inurlflashFXP.ini
filetypeini ServUDaemon
filetypeini wcx_ftp
filetypeini ws_ftp pwd

filetypeldb admin

filetypelog See `ipsec copyright

filetypelog inurlpassword.log

filetypemdb inurlusers.mdb

filetypemdb wwforum

filetypenetrc password

filetypepass pass intextuserid

filetypepem intextprivate

filetypeproperties inurldb intextpassword

filetypepwd service
filetypepwl pwl

filetypereg reg +intextdefaultusername +intextdefaultpassword
filetypereg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetypesql (values  MD  values  password  values  encrypt)
filetypesql (passwd values  password values  pass values )
filetypesql +IDENTIFIED BY -cvs
filetypesql password

filetypeurl +inurlftp +inurl;@

filetypexls username password email

htpasswd
htpasswd  htgroup
htpasswd  htpasswd.bak

intextenable secret $
intextpowered by Web Wiz Journal

intitleindex of intextconnect.inc
intitleindex of intextglobals.inc
intitleIndex of passwords modified

intitledupics inurl(add.asp  default.asp  view.asp  voting.asp) -siteduware.com

intitleindex.of intextsecring.skrsecring.pgpsecring.bak

inurlGRC.DAT intextpassword

inurlslapd.conf intextcredentials -manpage -Manual Page -man -sample

inurlslapd.conf intextrootpw -manpage -Manual Page -man -sample

inurlwvdial.conf intextpassword

inurldbmain.mdb

inurlchap-secrets -cvs

inurlconfig.php dbuname dbpass
inurlfilezilla.xml -cvs

inurllilo.conf filetypeconf password -tatercounter -bootpwd -man

inurlnuke filetypesql

inurlospfd.conf intextpassword -sample -test -tutorial -download 路由配置
inurlpap-secrets -cvs

inurlperform filetypeini
inurlsecring extskr  extpgp  extbak

inurlvtund.conf intextpass -cvs

inurlzebra.conf intextpassword -sample -test -tutorial -download

Generated by phpSystem
generated by wwwstat

Host Vulnerability Summary Report ]

HTTP_FROM=googlebot googlebot.com Server_Software=  Index of  chatlogs 聊天室
Installed Objects Scanner inurldefault.asp

Mecury Version Infastructure Group
Microsoft (R) Windows  (TM) Version  DrWtsn Copyright (C) extlog

Most Submitted Forms and Scripts this section

Network Vulnerability Assessment Report

not for distribution confidential
phone    address  e-mail intitlecurriculum vitae

phpMyAdmin running on inurlmain.php

produced by getstats
Request Details Control Tree Server Variables
robots.txt Disallow filetypetxt

Running in Child mode

sets mode +p
sets mode +s
Thank you for your order +receipt
This is a Shareaza Node
This report was generated by WebLog
( filetypemail  filetypeeml  filetypembox  filetypembx ) intextpasswordsubject

(inurlrobot.txt  inurlrobots.txt ) intextdisallow filetypetxt

-sitephp.net -The PHP Group inurlsource inurlurl extpHp

FBR ADOBE PHOTOSHOP
AIM buddy lists
allinurlexamplesjspsnpsnoop.jsp
allinurlservletSnoopServlet
cgiirc.conf

data filetypemdb -sitegov -sitemil

exported email addresses

extasp inurlpathto.asp

extcgi inurleditcgi.cgi inurlfile=

extconf inurlrsyncd.conf -cvs -man
extconf NoCatAuth -cvs

extdat bpk.dat
extgho gho

extini intextenv.ini
extldif ldif

extlog Software Microsoft Internet Information Services .
--------------------------
extmdb inurl.mdb inurlfpdb shop.mdb

filetypebkf bkf
filetypeblt buddylist
filetypeblt blt +intextscreenname

filetypecfg auto_inst.cfg

filetypeconf inurlfirewall -intitlecvs
filetypeconfig web.config -CVS

filetypectt ctt messenger

filetypefp fp
filetypefp fp -sitegov -sitemil -cvs log

filetypeinf inurlcapolicy.inf
filetypelic lic intextkey

filetypemyd myd -CVS
filetypens ns
filetypeora ora
filetypeora tnsnames
filetypepdb pdb backup (Pilot  Pluckerdb)

filetypepot inurljohn.pot
----------------------------------------
filetypepst inurloutlook.pst
filetypepst pst -from -to -date
filetypeqbb qbb
filetyperdp rdp

filetypereg Terminal Server Client
filetypevcs vcs
filetypewab wab

filetypexls -sitegov inurlcontact
filetypexls inurlemail.xls
Financial spreadsheets finance.xls
Financial spreadsheets finances.xls

Ganglia Cluster Reports

haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...

iletypelog cron.log
intextSession Start      filetypelog
intextTobias Oetiker traffic analysis

intext(password  passcode) intext(username  userid  user) filetypecsv
intextgmail invite intexthttpgmail.google.comgmaila

intextSQLiteManager inurlmain.php

intitleApacheStatus (inurlserver-status  inurlstatus.html  inurlapache.html)

intitleAppServ Open Project -sitewww.appservnetwork.com
intitleASP Stats Generator . ASP Stats Generator - weppos

intitleFTP root at
intitleindex of +myd size

intitleIndex Of -inurlmaillog maillog size

intitleIndex Of cookies.txt size

intitleindex of mysql.conf or mysql_config
intitleIndex of upload size parent directory

intitleindex.of .diz .nfo last modified
intitleMultimon UPS status page
intitlePHP Advanced Transfer (inurlindex.php  inurlshowrecent.php )
intitlePhpMyExplorer inurlindex.php -cvs
---------------------------------------------------------------------
intitlestatistics of advanced web statistics
intitleSystem Statistics +System and Network Information Center
intitleUsage Statistics for Generated by Webalizer
intitlewbem compaq login Compaq Information Technologies Group

intitleWeb Server Statistics for 
intitleweb server status SSH Telnet
intitlewelcome.to.squeezebox

intitleadmin intitlelogin
intitleindex.of Apache server at
intitleindex.of cleanup.log
intitleindex.of dead.letter
intitleindex.of inbox
intitleindex.of inbox dbx

intitleintranet inurlintranet +intextphone
inurlaxsax-admin.pl -script
inurlcricketgrapher.cgi
inurlbookmark.htm

inurlcacti +inurlgraph_view.php +Settings Tree View -cvs -RPM
inurlnewsletteradmin
inurlnewsletteradmin intitlenewsletter admin
inurlputty.reg
inurlsmb.conf intextworkgroup filetypeconf conf
----------------------------------------------------------------------------------------------------------

Welcome to ntop!

adding new user inurladdnewuser -there are no domains
(inurlcgi-bin.cobalt)  (intextWelcome to the Cobalt RaQ)

filetypephp HAXPLORER Server Files Browser
intitleWeb Data Administrator - Login

inurlConnectComputerprecheck.htm  inurlRemotelogon.aspx
PHP Shell (unprotected)
PHPKonsole PHPShell filetypephp -echo
Public PHP FileManagers

index of  picasa.ini
index of inurlrecycler
Index of rar r nfo Modified
intitleIndex.Of  stats merchant cgi- etc
Powered by Invision Power File Manager (inurllogin.php)  (intitleBrowsing directory  )
Web File Browser Use regular expression

filetypeini Desktop.ini intextmydocs.dll

intextd.aspxid  inurld.aspxid
intextPowered By TotalIndex intitleTotalIndex
intitlealbum permissions Users who can modify photos EVERYBODY
intitleDirectory Listing For intextTomcat -intitleTomcat
intitleHFS  +HttpFileServer
intitleIndex of  inurlmy shared folder size modified
-------------------------------------------------------------------------------------------------------------------

File Upload Manager v. rename to

extasp powered by DUForum inurl(messagesdetailslogindefaultregister) -siteduware.com
extasp inurlDUgallery intitle. -sitedugallery.com -siteduware.com
extcgi inurlubb_test

ezBOO Administrator Panel -cvs

filetypecgi inurlcachemgr.cgi
filetypecnf my.cnf -cvs -example
filetypeinc inc intextsetcookie

filetypephp inurlviewfile -index.php -idfil
filetypewsdl wsdl

intitleASP FileMan Resend -siteiisworks.com

intitleIndex of  modified php.exe

intitlephpremoteview filetypephp Name, Size, Type, Modify

inurl WWWADMIN.PL intitlewwwadmin
inurlnph-proxy.cgi Start browsing through this CGI-based proxy
inurlplogregister.php
inurlcgi.asxStoreID

inurlrobpoll.cgi filetypecgi

The Master List

More Info about MetaCart Free