Google Dorks for 2019 – Finding Insecure Websites
Find any Microsoft Frontpage website with the username and password exposed. This is amazingly stupid.
intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
This is an example.
# -FrontPage- therose:WK7JNgYcDkzac
A Similar search. This also finds websites with the password exposed. This is in the
intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
An example of this.
# -FrontPage- admin:$1$E773NX74$OW00c952gkxgBmlitq7yT0
How to find PHPMyAdmin instances that are not secured, this really works well.
intext:"phpMyAdmin" "running on" inurl:"main.php"
Find many MySQl database dumps.
intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
Yet another search to find various MySQL dumps with passwords and other information.
filetype:sql “insert into” (pass|passwd|password)
The MD5 encryption standard is well outdated by now, but this Google Dork still finds websites using it…
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
Yet another Google Dork. This one can find backups of .htaccess files. This tells a penetration tester what permissions are existing on a server.