谷歌hack

0x00

网上搜集整理的一些可能会用到的Googlehack语法

0x01

intitle: 从网页标题中搜索指定的关键字,可专门用来搜索指定版本名称的各类 web 程序,也可用 allintitle
inurl: 从 url 中搜索指定的关键字,可专门用来构造各种形式的漏洞 url,也可用 allinurl
intext: 从网页中搜索指定的关键字,经常会用它来穿透到漏洞页面……也可用 allintext
filetype: 搜索指定的文件后缀,例如:sql mdb txt bak backup ini zip rar doc xls……
site: 在某个特定的网站内中搜索指定的内容
link: 搜索和该链接有关联的链接,比如:友情链接
index of: 找目录遍历时也许会用到
tomcat：
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat 直接这样搜结果肯定会非常多
intext:$CATALINA_HOME/webapps/ROOT/ inurl:8080/ 我们可以带指定端口号去搜,因为有些 web 并非在默认端口上,这样搜的话,可以尽量防止有漏网之鱼
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/5.5.27 site:*.hk 针对特定版本特定国家去搜,比如爆出某个版本有远程执行类的漏洞就可以利用这种方式来批量进行
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/7.0.32 site:*.gov.br
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/5.0.12 site:*.cn
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/6.0.24 site:*.com
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.edu.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.gov.* 搜特定类型的目标站点,如,学校一般都是 edu,各种民间组织一般都是 org,政府机构一般都是 gov……
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.org.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/7.0 site:*.org.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.jp
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.vn
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.ph
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat site:*.uk
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:baidu.com 无意发现百度的某个子域,竟然是个博彩站
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:org.tw

weblogic：
inurl:/console/login/LoginForm.jsp 这样范围太大,可根据上面的示例随意变形
inurl:/console/login/LoginForm.jsp intitle:Oracle WebLogic Server
inurl:/console/login/ intitle:"Oracle WebLogic Server 管理控制台"
jboss：
inurl:/jmx-console/htmladaptor
inurl:/jmx-console/htmladaptor site:*.edu.*
inurl:/jmx-console/htmladaptor site:*.org.*
inurl:/jmx-console/htmladaptor site:*.tw
websphere：
inurl:/ibm/console/logon.jsp
phpmyadmin：
inurl:/phpMyAdmin/index.php
inurl:/phpMyAdmin/index.php db+information_schema 指定命中数据
inurl:/phpMyAdmin/index.php intext:phpMyAdmin 2.7.0 直接针对特定版本号去搜索,更加精准
inurl:/phpMyAdmin/index.php site:*.tw
inurl:/phpMyAdmin/index.php site:*.org
inurl:/phpMyAdmin/index.php site:*.hk
webmin 入口[其实就是一个 web 版的 linux 系统管理工具,默认情况下工作在 web 端的 10000 端口上]:
intitle:Login to Webmin intext:"login to the Webmin server on"
wordpress：
inurl:/wp-login.php site:*.hk
index of /wp-content/uploads inurl:/wp-login.php
inurl:/wp-content/themes/theagency 上传漏洞
joomla：
inurl:/administrator/index.php
inurl:index.php?option=com_advertisementboard 找注入
inurl:index.php?option=com_carocci
inurl:index.php?option=com_product
inurl:/administrator/index.php site:*.hk
drupal：
inurl:CHANGELOG.txt intext:drupal intext:"SA-CORE" -site:github.com -site:drupal.org
开源知名 cms：
power by wordpress
powered by discuz x3.2
powered by phpcms 2008
powered by drupal 7
powered by dedecmsv57_gbk
powered by CubeCart 3.0.6
Powered by phpBB 2.0.6
powered by paBugs 2.0 Beta 3
inurl:wp-login.php
inurl:/administrator/index.php
inurl:/admina.php
owa：
inurl:/owa/auth/logon.aspx
inurl:/owa/auth/logon.aspx site:*.org.*
mirapoint(ShellShock)：
inurl:/cgi-bin/search.cgi site:*.org.*
inurl:/cgi-bin/madmin.cgi
Zimbra(本地包含):
inurl:7071/zimbraAdmin/
inurl:/help/en_US/standard/version.htm
通用后台：
inurl:/manager/login.php site:*.jp
inurl:/cms/login.php site:*.jp
inurl:/manage/index.php site:*.jp
inurl:/system/login.php site:*.jp
inurl:/webadmin/login.php site:*.tw
inurl:admin_login.php intitle:admin login
inurl:admin_login.php intitle:admin page
inurl:/admin/login.php site:*.tw
inurl:/admin/index.php site:*.tw
inurl:/system/adminlogin.asp site:*.tw
inurl:/manage/login.aspx site:*.tw
inurl:/sysadm/index.php site:*.com
SVN：
inurl:/.svn/entries
inurl:/.svn/entries site:*.org.*
inurl:/.svn/entries site:*.gov.br
inurl:/.svn/entries site:*.hk
后台未授权：
intext:"Website Design & Developed By : WebSay" 默认后台/admin
intext:"Powered b聵}Р訹}訹Ё訸鉅轕]訹B7>SV6'$ńAYA8rd輽>ń}Ё鱽饹蘌饹陱a@饹MU饹饹}}Ё鱽n7:ń訹訹訹訹訹訹訹兑訹兑訹ń}1ф5 MQФI085085MME0蘌P蘌蘌QA蘌QA蘌蘌QA((5餽