Http://www.feelids.com By swap 站内搜索地址为: http://www.google.com/custom?domains=(这里写我们要搜索的站点,比如feelids.com) 进去可以选择www和feelids.com, 当然再选我们要的站内搜索哦! 黑客专用信息和资料搜索地址为: http://www.google.c
Http://www.feelids.com
By swap
站内搜索地址为:
http://www.google.com/custom?domains=(这里写我们要搜索的站点,比如feelids.com)
进去可以选择www和feelids.com, 当然再选我们要的站内搜索哦!
黑客专用信息和资料搜索地址为:
http://www.google.com/custom?hl=xx-hacker
这里是google关键字的用法,要设置它为中文,则是
http://www.google.com/custom?hl=zh-CN
英文则是http://www.google.com/custom?hl=en
常用的google关键字:
foo1 foo2 (也就是关联,比如搜索xx公司 xx美女)
operator:foo
filetype:123 类型
site:foo.com 相对直接看网站更有意思,可以得到许多意外的信息
intext:foo
intitle: fooltitle 标题哦
allinurl:foo 搜索xx网站的所有相关连接。(踩点必备)
links:foo 不要说就知道是它的相关链接
allintilte:foo.com
我们可以辅助"-" "+"来调整搜索的精确程度
直接搜索密码:(引号表示为精确搜索)
当然我们可以再延伸到上面的结果里进行二次搜索
"index of" htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等
越来越有意思了,再来点更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop port等多个关键字检索
webmin port 10000
inurl:/admin/login.asp
intext:Powered by GBook365
intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell
foo.org filetype:inc
ipsec filetype:conf
intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦
intitle:"php shell*" "Enable stderr" filetype:php
"Dumping da
intitle:"Error using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot" THS ADMIN
filetype:.doc site:.mil classified 直接搜索军方相关word
检查多个关键字:
intitle:config confixx login password
"mydomain.com" nessus report
"report generated by"
"ipconfig"
"winipconfig"
google缓存利用(hoho,最有影响力的东西)推荐大家搜索时候多"选搜索所有网站"
特别推荐:administrator users 等相关的东西,比如名字,生日等……最惨也可以拿来做字典嘛
cache:foo.com
可以查阅类似结果
先找找网站的管理后台地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N个二级域名
site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的
site:xxxx.com intext:电话 //N个电话
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd
allinurl:bbs da
filetype:mdb inurl:database
filetype:inc conn
inurl:da
intitle:"index of" da
……
一些技巧集合:
3) "http://*:*@www" domainname 找一些ISP站点,可以查对方ip的虚拟主机
3
4) auth_user_file.txt 不实用了,太老了
5) The Master List 寻找邮件列表的
6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统,默认开放端口90
7) passlist.txt (a better way) 字典
8) "A syntax error has occurred" filetype:ihtml
9) ext:php program_listing intitle:MythWeb.Program.Listing
10) intitle:index.of abyss.conf
11)ext:nbe nbe
12)intitle:"SWW link" "Please wait....."
13)
14) intitle:"Freifunk.Net - Status" -site:commando.de
15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
17) intitle:open-xchange inurl:login.pl
20) intitle:"site administration: please log in" "site designed by emarketsouth"
21) ORA-00921: unexpected end of SQL command
22)intitle:"YALA: Yet Another LDAP Administrator"
23)welcome.to phpqladmin "Please login" -cvsweb
24)intitle:"SWW link" "Please wait....."
25)inurl:"port_255" -htm
27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."
这些是新的一些漏洞技巧,在0days公告公布
ext:php program_listing intitle:MythWeb.Program.Listing
inurl:preferences.ini "[emule]"
intitle:"Index of /CFIDE/" administrator
"access denied for user" "using password"
ext:php intext:"Powered by phpNewMan Version" 可以看到:path/to/news/browse.php?clang=../../../../../../file/i/want
inurl:"/becommunity/community/index.php?pageurl="
intitle:"ASP FileMan" Resend -site:iisworks.com
"Enter ip" inurl:"php-ping.php"
ext:conf inurl:rsyncd.conf -cvs -man
intitle: private, protected, secret, secure, winnt
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini Version=... password
ext:txt inurl:unattend.txt
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target[*]" -sample -cvs -example
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf sc_serv.conf
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable secret $"
intext:"powered by Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
----------------------------------------------------------------------------------------------------------------------
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
inurl:"GRC.DAT" intext:"password"
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:/db/main.mdb
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download 路由配置
inurl:pap-secrets -cvs
inurl:perform filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report" ]
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / "chat/logs" 聊天室
"Installed Objects Scanner" inurl:default.asp
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn Copyright (C)" ext:log
"Most Submitted Forms and Scripts" "this div"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"phpMyAdmin" "running on" inurl:"main.php"
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp
FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:servlet/SnoopServlet
cgiirc.conf
da
exported email addresses
ext:asp inurl:pathto.asp
ext:cgi inurl:editcgi.cgi inurl:file=
ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs
ext:dat bpk.dat
ext:gho gho
ext:ini intext:env.ini
ext:ldif ldif
ext:log "Software: Microsoft Internet Information Services *.*"
------------------------------------------------------------------------------------------
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname
filetype:cfg auto_inst.cfg
filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS
filetype:ctt ctt messenger
filetype:fp fp
filetype:fp fp -site:gov -site:mil -"cvs log"
filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key
filetype:myd myd -CVS
filetype:ns ns
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)
filetype:pot inurl:john.pot
------------------------------------------------------------------------------------------------------------------
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:rdp rdp
filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab
filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls
Ganglia Cluster Reports
haccess.ctl (on
haccess.ctl (VERY reliable)
ICQ chat logs, please...
iletype:log cron.log
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"
intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a
intext:SQLiteManager inurl:main.php
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)
intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "- weppos"
intitle:"FTP root at"
intitle:"index of" +myd size
intitle:"Index Of" -inurl:maillog maillog size
intitle:"Index Of" cookies.txt size
intitle:"index of" mysql.conf OR mysql_config
intitle:"Index of" upload size parent directory
intitle:"index.of" .diz .nfo last modified
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
---------------------------------------------------------------------
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"
intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"welcome.to.squeezebox"
intitle:admin intitle:login
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx
intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
----------------------------------------------------------------------------------------------------------
Welcome to ntop!
"adding new user" inurl:addnewuser -"there are no domains"
(inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")
filetype:php HAXPLORER "Server Files Browser"
intitle:"Web Da
inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
PHP Shell (unprotected)
PHPKonsole PHPShell filetype:php -echo
Public PHP FileManagers
"index of" / picasa.ini
"index of" inurl:recycler
"Index of" rar r nfo Modified
"intitle:Index.Of /" stats merchant cgi-* etc
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
"Web File Browser" "Use regular expr
filetype:ini Desktop.ini intext:mydocs.dll
intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"Powered By: TotalIndex" intitle:"TotalIndex"
intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat
intitle:"HFS /" +"HttpFileServer"
intitle:"Index of *" inurl:"my shared folder" size modified
-------------------------------------------------------------------------------------------------------------------
"File Upload Manager v." "rename to"
ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com
ext:asp inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com
ext:cgi inurl:ubb_test
ezBOO "Administrator Panel" -cvs
filetype:cgi inurl:cachemgr.cgi
filetype:cnf my.cnf -cvs -example
filetype:inc inc intext:setcookie
filetype:php inurl:"viewfile" -"index.php" -"idfil
filetype:wsdl wsdl
intitle:"ASP FileMan" Resend -site:iisworks.com
intitle:"Index of /" modified php.exe
intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"
inurl:" WWWADMIN.PL" intitle:"wwwadmin"
inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"
inurl:"plog/register.php"
inurl:cgi.asx?StoreID
inurl:robpoll.cgi filetype:cgi
The Master List
"More Info about MetaCart Free"
MySQL與Sqlite有何不同?Apr 24, 2025 am 12:12 AMMySQL和SQLite的主要區別在於設計理念和使用場景:1.MySQL適用於大型應用和企業級解決方案,支持高性能和高並發;2.SQLite適合移動應用和桌面軟件,輕量級且易於嵌入。
MySQL中的索引是什麼?它們如何提高性能?Apr 24, 2025 am 12:09 AMMySQL中的索引是數據庫表中一列或多列的有序結構,用於加速數據檢索。 1)索引通過減少掃描數據量提升查詢速度。 2)B-Tree索引利用平衡樹結構,適合範圍查詢和排序。 3)創建索引使用CREATEINDEX語句,如CREATEINDEXidx_customer_idONorders(customer_id)。 4)複合索引可優化多列查詢,如CREATEINDEXidx_customer_orderONorders(customer_id,order_date)。 5)使用EXPLAIN分析查詢計劃,避
說明如何使用MySQL中的交易來確保數據一致性。Apr 24, 2025 am 12:09 AM在MySQL中使用事務可以確保數據一致性。 1)通過STARTTRANSACTION開始事務,執行SQL操作後用COMMIT提交或ROLLBACK回滾。 2)使用SAVEPOINT可以設置保存點,允許部分回滾。 3)性能優化建議包括縮短事務時間、避免大規模查詢和合理使用隔離級別。
在哪些情況下,您可以選擇PostgreSQL而不是MySQL?Apr 24, 2025 am 12:07 AM選擇PostgreSQL而非MySQL的場景包括:1)需要復雜查詢和高級SQL功能,2)要求嚴格的數據完整性和ACID遵從性,3)需要高級空間功能,4)處理大數據集時需要高性能。 PostgreSQL在這些方面表現出色,適合需要復雜數據處理和高數據完整性的項目。
如何保護MySQL數據庫?Apr 24, 2025 am 12:04 AMMySQL數據庫的安全可以通過以下措施實現:1.用戶權限管理:通過CREATEUSER和GRANT命令嚴格控制訪問權限。 2.加密傳輸:配置SSL/TLS確保數據傳輸安全。 3.數據庫備份和恢復:使用mysqldump或mysqlpump定期備份數據。 4.高級安全策略:使用防火牆限制訪問,並啟用審計日誌記錄操作。 5.性能優化與最佳實踐:通過索引和查詢優化以及定期維護兼顧安全和性能。
您可以使用哪些工具來監視MySQL性能?Apr 23, 2025 am 12:21 AM如何有效監控MySQL性能?使用mysqladmin、SHOWGLOBALSTATUS、PerconaMonitoringandManagement(PMM)和MySQLEnterpriseMonitor等工具。 1.使用mysqladmin查看連接數。 2.用SHOWGLOBALSTATUS查看查詢數。 3.PMM提供詳細性能數據和圖形化界面。 4.MySQLEnterpriseMonitor提供豐富的監控功能和報警機制。
MySQL與SQL Server有何不同?Apr 23, 2025 am 12:20 AMMySQL和SQLServer的区别在于:1)MySQL是开源的,适用于Web和嵌入式系统,2)SQLServer是微软的商业产品,适用于企业级应用。两者在存储引擎、性能优化和应用场景上有显著差异,选择时需考虑项目规模和未来扩展性。
在哪些情況下,您可以選擇SQL Server而不是MySQL?Apr 23, 2025 am 12:20 AM在需要高可用性、高級安全性和良好集成性的企業級應用場景下,應選擇SQLServer而不是MySQL。 1)SQLServer提供企業級功能,如高可用性和高級安全性。 2)它與微軟生態系統如VisualStudio和PowerBI緊密集成。 3)SQLServer在性能優化方面表現出色,支持內存優化表和列存儲索引。
熱AI工具
Undresser.AI Undress
人工智慧驅動的應用程序,用於創建逼真的裸體照片
AI Clothes Remover
用於從照片中去除衣服的線上人工智慧工具。
Undress AI Tool
免費脫衣圖片
Clothoff.io
AI脫衣器
Video Face Swap
使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!
熱門文章
熱工具
禪工作室 13.0.1
強大的PHP整合開發環境
Dreamweaver CS6
視覺化網頁開發工具
EditPlus 中文破解版
體積小,語法高亮,不支援程式碼提示功能
SublimeText3 英文版
推薦:為Win版本,支援程式碼提示!
MinGW - Minimalist GNU for Windows
這個專案正在遷移到osdn.net/projects/mingw的過程中,你可以繼續在那裡關注我們。 MinGW:GNU編譯器集合(GCC)的本機Windows移植版本,可自由分發的導入函式庫和用於建置本機Windows應用程式的頭檔;包括對MSVC執行時間的擴展,以支援C99功能。 MinGW的所有軟體都可以在64位元Windows平台上運作。
