Google Dorks for 2019 – Finding Insecure Websites

Google Dorks for 2019 – Finding Insecure Websites

Find any Microsoft Frontpage website with the username and password exposed. This is amazingly stupid.

intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)

This is an example.

# -FrontPage-
therose:WK7JNgYcDkzac

A Similar search. This also finds websites with the password exposed. This is in the _vti_pvt/service.pwd file.

intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd

An example of this.

# -FrontPage-
admin:$1$E773NX74$OW00c952gkxgBmlitq7yT0

How to find PHPMyAdmin instances that are not secured, this really works well.

intext:"phpMyAdmin" "running on" inurl:"main.php"

Find many MySQl database dumps.

intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"

Yet another search to find various MySQL dumps with passwords and other information.

filetype:sql “insert into” (pass|passwd|password)

The MD5 encryption standard is well outdated by now, but this Google Dork still finds websites using it…

filetype:sql ("values * MD5" | "values * password" | "values * encrypt")

Yet another Google Dork. This one can find backups of .htaccess files. This tells a penetration tester what permissions are existing on a server.

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

Leave a Reply

Your email address will not be published. Required fields are marked *