Google Hacking

Google Hacking

目录

• Google Hacking
• 1 网站目录结构
• 2 目录遍历漏洞
• 3 查找特定文件
• 4 配置文件泄漏
• 5 数据库文件泄露
• 6 日志文件泄露
• 7 备份和历史文件泄露
• 8 登录页面
• 9 SQL 错误
• 10 公开文件信息
• 11 phpinfo()
• 12 搜索Pastebin.com和其他粘贴站点
• 13 搜索Github.com和Gitlab.com

在线Google Hacking小工具 (se7ensec.cn)

1 网站目录结构

parent directory site:example.com

2 目录遍历漏洞

site:example.com intitle:index.of

3 查找特定文件

site:example.com filetype:xls

4 配置文件泄漏

site:example.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini

5 数据库文件泄露

site:example.com ext:sql | ext:dbf | ext:mdb

6 日志文件泄露

site:example.com ext:log

7 备份和历史文件泄露

site:example.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

8 登录页面

site:example.com inurl:login | inurl:admin | intitle:登陆 | intitle:后台 | intitle:管理 | intitle:认证

9 SQL 错误

site:example.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"

10 公开文件信息

site:example.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

11 phpinfo()

site:example.com ext:php intitle:phpinfo "published by the PHP Group"

12 搜索Pastebin.com和其他粘贴站点

site:pastebin.com | site:paste2.org | site:pastehtml.com | site:slexy.org | site:snipplr.com | site:snipt.net | site:textsnip.com | site:bitpaste.app | site:justpaste.it | site:heypasteit.com | site:hastebin.com | site:dpaste.org | site:dpaste.com | site:codepad.org | site:jsitor.com | site:codepen.io | site:jsfiddle.net | site:dotnetfiddle.net | site:phpfiddle.org | site:ide.geeksforgeeks.org | site:repl.it | site:ideone.com | site:paste.debian.net | site:paste.org | site:paste.org.ru | site:codebeautify.org | site:codeshare.io | site:trello.com "example.com"

13 搜索Github.com和Gitlab.com

site:github.com | site:gitlab.com "example.com"