site:url '查看这个站点上的信息最好不加www,可以查看到不少的二级域名信息,可以有不小的收获哈
最好与inurl,intext等联用,效果更佳..
=============================================================================
intext:测试 '查看文本种包含"测试"的网页 intitle: fooltitle '标题 intitle:config confixx login password '检查多个关键字 allinurl:url '搜索xx网站的所有相关连接。(踩点必备) links:url '相关链接 allintilte:url 先找找网站的管理后台地址: site:xxxx intext:管理 site:xxxx inurl:login site:xxxx intitle:管理 site:a2.xxxx inurl:file site:a3.xxxx inurl:load site:a2.xxxx intext:ftp://*:* site:a2.xxxx filetype:asp site:xxxx //得到N个二级域名 site:xxxx intext:*@xxxx //得到N个邮件地址,还有邮箱的主人的名字什么的 site:xxxx intext:电话 //N个电话 intitle:"index of" etc intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd "# -FrontPage-" inurl:service.pwd 直接搜索密码:(引号表示为精确搜索) 当然我们可以再延伸到上面的结果里进行二次搜索 "index of" htpasswd / passwd filetype:xls username password email "ws_ftp.log" "config.php" '可以看看别的config 或者直接看conn可以不可以暴 allinurl:admin mdb '可以换成别的哈,dvbbs7.mdb等等 service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等 '很少用 越来越有意思了,再来点更敏感信息 "robots.txt" "Disallow:" filetype:txt inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地) allinurl: /msadc/Samples/selector/showcode.asp /../../../passwd /examples/jsp/snp/snoop.jsp phpsysinfo intitle:index of /admin intitle:"documetation" inurl: 5800(vnc的端口)或者desktop port等多个关键字检索 webmin port 10000 inurl:/admin/login.asp intextowered by GBook365 intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell foo filetype:inc ipsec filetype:conf intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦 '最好别搞了,一扫出来的都是雨哥的文章 intitle:"php shell*" "Enable stderr" filetype:php "Dumping data for table" username password intitle:"Error using Hypernews" "Server Software" intitle:"HTTP_USER_AGENT=Googlebot" "HTTP_USER_ANGET=Googlebot" THS ADMIN filetype:.doc site:.mil classified 直接搜索军方相关word
inurl: 用于搜索网页上包含的URL. 这个语法对寻找网页上的搜索,帮助之类的很有用. intext: 只搜索网页<body>部分中包含的文字(也就是忽略了标题,URL等的文字). site: 可以限制你搜索范围的域名. filetype: 搜索文件的后缀或者扩展名 intitle: 限制你搜索的网页标题. allintitle: 搜索所有关键字构成标题的网页. 但是推荐不要使用 link: 可以得到一个所有包含了某个指定URL的页面列表. 例如link:www.google 就可 intext:管理 filetype:mdb inurl:file site:xx filetype:txt 查找TXT文件 其他的依次内推 site:xx intext:管理 site:xx inurl:login site:xx intitle:后台
查看服务器使用的程序 site:xx filetype:asp site:xx filetype:php site:xx filetype:jsp
查看上传漏洞: site:xx inurl:file site:xx inurl:load
查找注射点: site:xx filetype:asp site:tw inurl:asp?id= 这个是找台湾的 或 site:jp inurl:asp?id= 这个是找日本的 或 site:ko inurl:asp?id= 这个是找韩国的
依次类推 intitle:旁注- 网站xxxfiletype:asp inurl:editor/db/ inurl:eWebEditor/db/ inurl:bbs/data/ inurl:databackup/ inurl:blog/data/ inurl:\boke\data inurl:bbs/database/ inurl:conn.asp inc/conn.asp
管理入口: admin admin_index admin_admin index_admin admin/index admin/default admin/manage admin/login manage_index index_manage superadmin admin1 admin_login login_admin ad_login ad_manage count manager guanli denglu houtai houtaiguanli htgl adminlogin adminuserlogin adm_login chklogin chkadmin users adduser admin_user edituser adminadduser member members editmember adminmember addmember logout exit login_out adminedit admin_edit delete admindelete admin_delete up upload upfile backup config test webmaster root aadmin admintab admin_main art article databases db dbase devel files forum girl girls htdocs idea ideas include includeinc includes incoming install manual misc mrtg private program programming programs public secret secrets server_stats server-info server-status set setting setup *** snmp source sources sql statistics Stats telephone temp temporary tool tools usage weblog weblogs webstats work wstats wwwlog wwwstats wenzhang admin/login.asp admin_index.asp bbs/admin_index.asp article/admin/admin.asp admin/aspcheck.asp inc/config.asp eWebEditor/admin_login.asp editor/admin_login.asp login/login login/index login/super login1 update count_admin add_admin admin_pass newbbs/login down/login bbs/admin/login main/login admin/manage.asp manage/login.asp user.asp conn.asp logout.asp
manager/login manager/login.asp manager/admin.asp login/admin/admin.asp houtai/admin.asp guanli/admin.asp denglu/admin.asp admin_login/admin.asp admin_login/login.asp admin/manage/admin.asp admin/manage/login.asp admin/default/admin.asp admin/default/login.asp member/admin.asp member/login.asp administrator/admin.asp administrator/login.asp
最好与inurl,intext等联用,效果更佳..
=============================================================================
intext:测试 '查看文本种包含"测试"的网页 intitle: fooltitle '标题 intitle:config confixx login password '检查多个关键字 allinurl:url '搜索xx网站的所有相关连接。(踩点必备) links:url '相关链接 allintilte:url 先找找网站的管理后台地址: site:xxxx intext:管理 site:xxxx inurl:login site:xxxx intitle:管理 site:a2.xxxx inurl:file site:a3.xxxx inurl:load site:a2.xxxx intext:ftp://*:* site:a2.xxxx filetype:asp site:xxxx //得到N个二级域名 site:xxxx intext:*@xxxx //得到N个邮件地址,还有邮箱的主人的名字什么的 site:xxxx intext:电话 //N个电话 intitle:"index of" etc intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd "# -FrontPage-" inurl:service.pwd 直接搜索密码:(引号表示为精确搜索) 当然我们可以再延伸到上面的结果里进行二次搜索 "index of" htpasswd / passwd filetype:xls username password email "ws_ftp.log" "config.php" '可以看看别的config 或者直接看conn可以不可以暴 allinurl:admin mdb '可以换成别的哈,dvbbs7.mdb等等 service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等 '很少用 越来越有意思了,再来点更敏感信息 "robots.txt" "Disallow:" filetype:txt inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地) allinurl: /msadc/Samples/selector/showcode.asp /../../../passwd /examples/jsp/snp/snoop.jsp phpsysinfo intitle:index of /admin intitle:"documetation" inurl: 5800(vnc的端口)或者desktop port等多个关键字检索 webmin port 10000 inurl:/admin/login.asp intextowered by GBook365 intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell foo filetype:inc ipsec filetype:conf intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦 '最好别搞了,一扫出来的都是雨哥的文章 intitle:"php shell*" "Enable stderr" filetype:php "Dumping data for table" username password intitle:"Error using Hypernews" "Server Software" intitle:"HTTP_USER_AGENT=Googlebot" "HTTP_USER_ANGET=Googlebot" THS ADMIN filetype:.doc site:.mil classified 直接搜索军方相关word
inurl: 用于搜索网页上包含的URL. 这个语法对寻找网页上的搜索,帮助之类的很有用. intext: 只搜索网页<body>部分中包含的文字(也就是忽略了标题,URL等的文字). site: 可以限制你搜索范围的域名. filetype: 搜索文件的后缀或者扩展名 intitle: 限制你搜索的网页标题. allintitle: 搜索所有关键字构成标题的网页. 但是推荐不要使用 link: 可以得到一个所有包含了某个指定URL的页面列表. 例如link:www.google 就可 intext:管理 filetype:mdb inurl:file site:xx filetype:txt 查找TXT文件 其他的依次内推 site:xx intext:管理 site:xx inurl:login site:xx intitle:后台
查看服务器使用的程序 site:xx filetype:asp site:xx filetype:php site:xx filetype:jsp
查看上传漏洞: site:xx inurl:file site:xx inurl:load
查找注射点: site:xx filetype:asp site:tw inurl:asp?id= 这个是找台湾的 或 site:jp inurl:asp?id= 这个是找日本的 或 site:ko inurl:asp?id= 这个是找韩国的
依次类推 intitle:旁注- 网站xxxfiletype:asp inurl:editor/db/ inurl:eWebEditor/db/ inurl:bbs/data/ inurl:databackup/ inurl:blog/data/ inurl:\boke\data inurl:bbs/database/ inurl:conn.asp inc/conn.asp
管理入口: admin admin_index admin_admin index_admin admin/index admin/default admin/manage admin/login manage_index index_manage superadmin admin1 admin_login login_admin ad_login ad_manage count manager guanli denglu houtai houtaiguanli htgl adminlogin adminuserlogin adm_login chklogin chkadmin users adduser admin_user edituser adminadduser member members editmember adminmember addmember logout exit login_out adminedit admin_edit delete admindelete admin_delete up upload upfile backup config test webmaster root aadmin admintab admin_main art article databases db dbase devel files forum girl girls htdocs idea ideas include includeinc includes incoming install manual misc mrtg private program programming programs public secret secrets server_stats server-info server-status set setting setup *** snmp source sources sql statistics Stats telephone temp temporary tool tools usage weblog weblogs webstats work wstats wwwlog wwwstats wenzhang admin/login.asp admin_index.asp bbs/admin_index.asp article/admin/admin.asp admin/aspcheck.asp inc/config.asp eWebEditor/admin_login.asp editor/admin_login.asp login/login login/index login/super login1 update count_admin add_admin admin_pass newbbs/login down/login bbs/admin/login main/login admin/manage.asp manage/login.asp user.asp conn.asp logout.asp
manager/login manager/login.asp manager/admin.asp login/admin/admin.asp houtai/admin.asp guanli/admin.asp denglu/admin.asp admin_login/admin.asp admin_login/login.asp admin/manage/admin.asp admin/manage/login.asp admin/default/admin.asp admin/default/login.asp member/admin.asp member/login.asp administrator/admin.asp administrator/login.asp
发布评论