GHDB :: Files containing juicy info
| Date | Title | Summary | |
| 2003-06-24 | squid cache server reports |
These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands … |
 |
| 2003-06-24 | Ganglia Cluster Reports |
These are server cluster reports, great for info gathering. Lesse, what were those server names again? … |
|
| 2003-06-24 | ICQ chat logs, please… |
ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On p … |
|
| 2003-06-24 | Financial spreadsheets: finance.xls |
"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!" … |
|
| 2003-06-24 | Financial spreadsheets: finances.xls |
"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!" … |
|
| 2003-06-24 | sQL data dumps | sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a targe … |
|
| 2003-06-24 | mt-db-pass.cgi files | These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cf … |
|
| 2003-06-24 | AIM buddy lists | These searches bring up common names for AOL Instant Messenger "buddylists". These lists contain screen names of your "online buddies&q … |
|
| 2004-11-18 | phpinfo() | this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system ve … |
|
| 2003-06-27 | robots.txt | The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. … |
|
| 2003-06-27 | "This report was generated by WebLog" |
These are weblog-generated statistics for web sites… A roadmap of files, referrers, errors, statistics… yummy… a schmorgasbord! =P … |
|
| 2003-06-30 | "produced by getstats" |
Another web statistics package. This one originated from a google scan of an ivy league college. *sigh*There's sooo much stuff in here! … |
|
| 2003-06-30 | "generated by wwwstat" |
More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff.You … |
|
| 2003-06-30 | haccess.ctl (one way) |
this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the o … |
|
| 2003-06-30 | haccess.ctl (VERY reliable) |
haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to … |
|
| 2003-07-10 | site:edu admin grades |
I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student … |
|
| 2003-08-19 | mystuff.xml - Trillian data files |
This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one t … |
|
| 2004-03-04 | phpMyAdmin dumps | From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, … |
|
| 2004-03-04 | phpMyAdmin dumps | From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, … |
|
| 2004-03-04 | cgiirc.conf | CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be … |
|
| 2004-03-04 | cgiirc.conf | This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists t … |
|
| 2004-03-04 | ipsec.secrets | from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions … |
|
| 2004-03-04 | ipsec.secrets | from the manpage for ipsec_secrets: "It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions … |
|
| 2004-03-04 | ipsec.conf | The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are protecting…. … |
|
| 2004-03-04 | intitle:"statis tics of" "advanced w… |
the awstats program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produ … |
|
| 2004-03-04 | intitle:"Usage Statistics for" "Gen… |
The webalizer program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes pro … |
|
| 2004-03-04 | "robots.txt&quo t; "Disallow:" ; filet… |
The robots.txt file serves as a set of instructions for web crawlers. The "disallow" tag tells a web crawler where NOT to look, for whatever … |
|
| 2004-03-04 | "phpMyAdmin&quo t; "running on" inur… |
From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, … |
|
| 2004-03-04 | inurl:main.php phpMyAdmin |
From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, … |
|
| 2004-03-04 | inurl:main.php Welcome to phpMyAdmin |
From phpmyadmin.net : "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW." Great, easy to use, … |
|
| 2004-03-04 | intitle:"wbem&q uot; compaq login "Compaq… |
These devices are running HP Insight Management Agents for Servers which "provide device information for all managed subsystems. Alerts are gener … |
|
| 2004-03-04 | intitle:index.of "Apache" "server a… |
This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find … |
|
| 2004-03-04 | intitle:index.of dead.letter |
dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information. … |
|
| 2004-03-04 | intitle:index.of ws_ftp.ini |
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can … |
|
| 2004-03-14 | inurl:admin intitle:login |
This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a si … |
|
| 2004-03-14 | intitle:admin intitle:login |
This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a si … |
|
| 2004-03-16 | inurl:admin filetype:xls |
This search can find Excel spreadsheets in an administrative directory or of an administrative nature. Many times these documents contain sensitive in … |
|
| 2004-03-22 | "Most Submitted Forms and Scripts" "… |
More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots of good stuff.The … |
|
| 2004-03-24 | inurl:changepassword .asp |
This is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the secur … |
|
| 2004-03-29 | "not for distribution" confidential |
The terms "not for distribution" and confidential indicate a sensitive document. Results vary wildly, but web-based documents are for public … |
|
| 2004-03-29 | "Thank you for your order" +receipt |
After placing an order via the web, many sites provide a page containing the phrase "Thank you for your order" and provide a receipt for fut … |
|
| 2004-03-30 | "Network Vulnerability Assessment Report"… |
This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have b … |
|
| 2004-03-30 | "Host Vulnerability Summary Report" |
This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities h … |
|
| 2004-04-05 | intitle:index.of inbox |
This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may i … |
|
| 2004-04-05 | intitle:index.of inbox dbx |
This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may i … |
|
| 2004-04-05 | intitle:index.of cleanup.log |
This search reveals potential location for mailbox files by keying on the Outlook Express cleanup.log file. In some cases, the data in this directory … |
|
| 2004-04-05 | "#mysql dump" filetype:sql |
This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitiv … |
|
| 2004-04-08 | inurl:vbstats.php "page generated" |
This is your typical stats page listing referrers and top ips and such. This information can certainly be used to gather information about a site and … |
|
| 2004-04-13 | "Index of" / "chat/logs" ; |
This search reveals chat logs. Depending on the contents of the logs, these files could contain just about anything! … |
|
| 2004-04-16 | inurl:"newslett er/admin/" intitle:"… |
These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users … |
|
| 2004-04-16 | inurl:"newslett er/admin/" |
These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users … |
|
| 2004-04-20 | allinurl:/examples/j sp/snp/snoop.jsp |
These pages reveal information about the server including path information, port information, etc. … |
|
| 2004-04-20 | allinurl:servlet/Sno opServlet |
These pages reveal server information such as port, server software version, server name, full paths, etc. … |
|
| 2004-04-21 | "Running in Child mode" |
This is a gnutella client that was picked up by google. There is a lot of data present including transfer statistics, port numbers, operating system, … |
|
| 2004-04-21 | "This is a Shareaza Node" |
These pages are from Shareaza client programs. Various data is displayed including client version, ip address, listening ports and uptime. … |
|
| 2004-04-26 | inurl:server-status "apache" |
This page shows all sort of information about the Apache web server. It can be used to track process information, directory maps, connection data, etc … |
|
| 2004-04-28 | inurl:fcgi-bin/echo | This is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip address … |
|
| 2004-04-28 | inurl:cgi-bin/printe nv |
This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version nu … |
|
| 2004-04-28 | inurl:perl/printenv | This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version nu … |
|
| 2004-04-28 | inurl:server-info "Apache Server Information&… |
This is the Apache server-info program. There is so much sensitive stuff listed on this page that it's hard to list it all here. Some informatino … |
|
| 2004-05-03 | intext:"Tobias Oetiker" "traffic an… |
This is the MRTG traffic analysis pages. This page lists information about machines on the network including CPU load, traffic statistics, etc. This i … |
|
| 2004-05-03 | inurl:tdbin | This is the default directory for TestDirector (http://www.mercuryinteractive.com/products/te stdirector/). This program contains sensitive information … |
|
| 2004-05-04 | inurl:"smb.conf " intext:"workgro up&… |
These are samba configuration files. They include information about the network, trust relationships, user accounts and much more. Attackers can use t … |
|
| 2004-05-05 | filetype:conf inurl:firewall -intitle:cvs |
These are firewall configuration files. Although these are often examples or sample files, in many cases they can still be used for information gather … |
|
| 2004-05-06 | "HTTP_FROM=goog lebot" googlebot.com &qu… |
These pages contain trace information that was collected when the googlebot crawled a page. The information can include many different things such as … |
|
| 2004-05-06 | "Request Details" "Control Tree&quo… |
These pages contain a great deal of information including path names, session ID's, stack traces, port numbers, ip addresses, and much much more. … |
|
| 2004-05-10 | filetype:wab wab | These are Microsoft Outlook Mail address books. The information contained will vary, but at the least an attacker can glean email addresses and contac … |
|
| 2004-05-11 | filetype:mbx mbx intext:Subject |
These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made public on purpose, sometimes they are not. Either way, addresses and … |
|
| 2004-05-12 | filetype:eml eml +intext:"Subjec t" +inte… |
These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering … |
|
| 2004-05-13 | intitle:"index of" mysql.conf OR mysql_c… |
This file contains port number, version number and path info to MySQL server. … |
|
| 2004-05-13 | filetype:lic lic intext:key |
License files for various software titles that may contain contact info and the product version, license, and registration in a .LIC file. … |
|
| 2004-05-14 | filetype:log cron.log |
Displays logs from cron, the *nix automation daemon. Can be used to determine backups, full and realtive paths, usernames, IP addresses and port numb … |
|
| 2004-05-14 | filetype:log access.log -CVS |
These are http server access logs which contain all sorts of information ranging from usernames and passwords to trusted machines on the network to fu … |
|
| 2004-05-14 | filetype:blt blt +intext:screenname |
Reveals AIM buddy lists, including screenname and who's on their 'buddy' list and their 'blocked' list. … |
|
| 2004-05-17 | intitle:intranet inurl:intranet +intext:"phon.. . |
These pages are often private intranet pages which contain phone listings and email addresses. These pages can be used as a sort of online "dumps … |
|
| 2004-05-17 | inurl:php.ini filetype:ini |
The php.ini file contains all the configuration for how PHP is parsed on a server. It can contain default database usernames, passwords, hostnames, I … |
|
| 2004-05-18 | "Mecury Version" "Infastructure Gro… |
Mecury is a centralized ground control program for research satellites. This query simply locates servers running this software. As it seems to run … |
|
| 2004-05-24 | intitle:"Big Sister" +"OK Attention… |
This search reveals Internal network status information about services and hosts. … |
|
| 2004-05-24 | inurl:"/cricket /grapher.cgi" |
This search reveals information about internal networks, such as configuration, services, bandwidth. … |
|
| 2004-05-24 | inurl:"cacti&qu ot; +inurl:"graph_v iew.ph… |
This search reveals internal network info including architecture, hosts and services available. … |
|
| 2004-05-24 | intitle:"System Statistics" +"Syste… |
This search reveals internal network information including network configuratino, ping times, services, and host info. … |
|
| 2004-05-26 | inurl:forward filetype:forward -cvs |
Users on *nix boxes can forward their mail by placing a .forward file in their home directory. These files reveal email addresses. … |
|
| 2004-06-10 | 94FBR "ADOBE PHOTOSHOP" |
94FBR is part of many serials. An malicious user would only have to change the programm name (photoshop in this example) in this search to find a perf … |
|
| 2004-06-22 | filetype:ctt ctt messenger |
MSN Messenger uses the file extension *.ctt when you export the contact list. An attacker could use this for social enginering tricks. … |
|
| 2004-06-25 | OWA Public Folders (direct view) |
This search looks for Outlook Web Access Public Folders directly. These links open public folders or appointments. Of course there are more ways to fi … |
|
| 2004-07-02 | Microsoft Money Data Files |
Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.microsoft.com/money/). The default file extension for th … |
|
| 2004-07-06 | MySQL tabledata dumps |
sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a targe … |
|
| 2004-07-06 | Welcome to ntop! | Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Inte … |
|
| 2004-07-06 | Unreal IRCd | Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was formerly used by the DALnet IRC Network and is designed … |
|
| 2004-07-12 | exported email addresses |
Loads of user information including email addresses exported in comma separated file format (.cvs). This information may not lead directly to an attac … |
|
| 2004-07-12 | private key files (.key) |
This search will find private key files… Private key files are supposed to be, well… private. … |
|
| 2004-07-12 | private key files (.csr) |
This search will find private key files… Private key files are supposed to be, well… private. … |
|
| 2004-07-15 | inurl:ssl.conf filetype:conf |
The information contained in these files depends on the actual file itself. SSL.conf files contain port numbers, ssl data, full path names, logging in … |
|
| 2004-07-19 | "sets mode: +p" |
This search reveals private channels on IRC as revealed by IRC chat logs. … |
|
| 2004-07-19 | "sets mode: +s" |
This search reveals secret channels on IRC as revealed by IRC chat logs. … |
|
| 2004-07-21 | intitle:"index of" +myd size |
The MySQL data directory uses subdirectories for each database and common files for table storage. These files have extensions like: .myd, .myi or .fr … |
|
| 2004-07-26 | data filetype:mdb -site:gov -site:mil |
Microsoft Access databases containing all kinds of 'data'. … |
|
| 2004-07-26 | inurl:email filetype:mdb |
Microsoft Access databases containing email information.. … |
|
| 2004-07-26 | inurl:backup filetype:mdb |
Microsoft Access database backups.. … | |
| 2004-07-26 | inurl:forum filetype:mdb |
Microsoft Access databases containing 'forum' information .. … |
|
| 2004-07-26 | intitle:"Index Of" cookies.txt size |
searches for cookies.txt file. On MANY servers this file holds all cookie information, which may include usernames, passwords, but also gives an attac … |
|
| 2004-07-26 | intext:(password | passcode) intext:(username | us… |
CSV formatted files containing all sorts of user/password combinations. Results may vary, but are still interesting to the casual attacker.. … |
|
| 2004-07-26 | inurl:profiles filetype:mdb |
Microsoft Access databases containing (user) profiles .. … |
|
| 2004-07-28 | intitle:"Index Of" -inurl:maillog maill… |
This google search reveals all maillog files within various directories on a webserver. This search brings back 872 results to-date, all of which cont … |
|
| 2004-08-01 | filetype:ora ora | Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify a oracle database this way and get more juicy informat … |
|
| 2004-08-02 | "allow_call_tim e_pass_reference&quo t; "P… |
Returns publically visible pages generated by the php function phpinfo(). This search differs from other phpinfo() searches in that it doesn't de … |
|
| 2004-08-02 | inurl:*db filetype:mdb |
More Microsoft Access databases for your viewing pleasure. Results may vary, but there have been passwords discovered with this search. … |
|
| 2004-08-02 | filetype:fp5 fp5 -site:gov -site:mil -"cvs lo… |
These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6). … |
|
| 2004-08-05 | filetype:fp3 fp3 | These are FileMaker Pro version 3 Databases. … |
|
| 2004-08-05 | filetype:fp7 fp7 | These are Filemaker Pro version 7 databases files. … |
|
| 2004-08-05 | filetype:cfg auto_inst.cfg |
Mandrake auto-install configuration files. These contain information about the installed packages, networking setttings and even user accounts. … |
|
| 2004-08-09 | (inurl:"robot.t xt" | inurl:"robots.. .. |
Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server … |
|
| 2004-08-09 | intext:"Session Start * * * *:*:* *" fil… |
These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun. … |
|
| 2004-08-09 | mail filetype:csv -site:gov intext:name |
CSV Exported mail (user) names and such. … | |
| 2004-08-09 | filetype:xls -site:gov inurl:contact |
Microsoft Excel sheets containing contact information. … |
|
| 2004-08-13 | ext:asp inurl:pathto.asp |
The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave patht … |
|
| 2004-08-19 | "phone * * *" "address *" &qu… |
This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document. … |
|
| 2004-08-25 | Quicken data files | The QDATA.QDF file (found sometimes in zipped "QDATA" archives online, sometimes not) contains financial data, including banking accounts, c … |
|
| 2004-08-26 | ( filetype:mail | filetype:eml | filetype:mbox | f… |
storing emails in your webtree isnt a good idea.with this search google will show files containing emails like mail,eml,mbox or mbx with the keywords … |
|
| 2004-09-06 | filetype:qbb qbb | This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea. … |
|
| 2004-09-06 | filetype:bkf bkf | This search will show backupfiles for xp/2000 machines.Of course these files could contain nearly everything, depending on the user selection and they … |
|
| 2004-09-07 | inurl:snitz_forums_2 000.mdb |
The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: "it is strongly recommended that you change the default database name … |
|
| 2004-09-07 | filetype:rdp rdp | These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using … |
|
| 2004-09-07 | filetype:reg "Terminal Server Client" |
These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses. … |
|
| 2004-09-10 | filetype:pot inurl:john.pot |
John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.This search finds such result … |
|
| 2004-09-10 | filetype:xls inurl:"email.xl s" |
Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses. … |
|
| 2004-09-10 | filetype:pdb pdb backup (Pilot | Pluckerdb) |
Hotsync database files can be found using <filetype:pdb pdb>"All databases on a Palm device, including the ones you create using NS Basic/P … |
|
| 2004-09-18 | filetype:asp DBQ=" * Server.MapPath(" ;*.m… |
This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the res … |
|
| 2004-09-18 | Lotus Domino address books |
This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don' … |
|
| 2004-09-21 | ext:log "Software: Microsoft Internet Informa… |
Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An … |
|
| 2004-09-22 | filetype:vcs vcs | Filext.com says: "Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible … |
|
| 2004-09-11 | filetype:pst inurl:"outlook. pst" |
All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or m … |
|
| 2004-09-23 | ext:ldif ldif | www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in our days, so this file may include some juice info for a … |
|
| 2004-09-23 | inurl:/_layouts/sett ings |
With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage … |
|
| 2004-09-29 | +":8080" +":3128" +":80&q… |
With the string [+":8080" +":3128" +":80" filetype:txt] it is possible to find huge lists of proxies… So, I've wr … |
|
| 2004-10-05 | intext:SQLiteManager inurl:main.php |
sQLiteManager is a tool Web multi-language of management of data bases SQLite. # Management of several data base (Creation, access or upload basic) … |
|
| 2004-10-09 | inurl:odbc.ini ext:ini -cvs |
This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever. … |
|
| 2004-10-16 | intitle:"ASP Stats Generator *.*" "… |
ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information … |
|
| 2004-10-16 | "Installed Objects Scanner" inurl:defaul… |
Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and link … |
|
| 2004-10-16 | ext:ini intext:env.ini |
This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and … |
|
| 2004-10-18 | ext:mdb inurl:*.mdb inurl:fpdb shop.mdb |
The directory "http:/xxx/fpdb/" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databa … |
|
| 2004-10-18 | inurl:cgi-bin/testcg i.exe "Please distribute … |
Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather info … |
|
| 2004-10-19 | intitle:"index. of *" admin news.asp conf… |
With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly withi … |
|
| 2004-10-20 | ext:nsf nsf -gov -mil |
Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings to … |
|
| 2004-10-20 | inurl:log.nsf -gov | Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings to … |
|
| 2004-10-24 | intitle:"Index of" upload size parent di… |
Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff. … |
|
| 2004-10-31 | intitle:"AppSer v Open Project" -site:www… |
AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages. … |
|
| 2004-10-31 | intitle:"Web Server Statistics for ****" |
These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages, SQL statements, etc. … |
|
| 2004-10-31 | filetype:php inurl:index inurl:phpicalendar -site:… |
PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, we … |
|
| 2004-11-05 | filetype:inf inurl:capolicy.inf |
The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a C … |
|
| 2004-11-05 | "Certificate Practice Statement" inurl:(… |
Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can con … |
|
| 2004-11-07 | ext:conf NoCatAuth -cvs |
NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes. … |
|
| 2004-11-07 | inurl:"putty.re g" |
This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here. … |
|
| 2004-11-12 | filetype:pst pst -from -to -date |
Finds Outlook PST files which can contain emails, calendaring and address information. … |
|
| 2004-11-16 | ext:cgi inurl:editcgi.cgi inurl:file= |
This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (g … |
|
| 2004-11-16 | filetype:ns1 ns1 | Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +"Creator" +"Format" +"DateGM … |
|
| 2004-11-16 | filetype:config web.config -CVS |
Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site. T … |
|
| 2004-11-18 | filetype:myd myd -CVS |
MySQL stores its data for each database in individual files with the extension MYD.An attacker can copy these files to his machine and using a tool li … |
|
| 2004-11-18 | intitle:"PhpMyE xplorer" inurl:"inde… |
PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product a … |
|
| 2004-11-21 | intitle:"Apache ::Status" (inurl:server-s… |
The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official docum … |
|
| 2004-11-23 | "Microsoft (R) Windows * (TM) Version * DrWts… |
This file spills a lot of juicy info… in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a com … |
|
| 2004-11-20 | inurl:report "EVEREST Home Edition " |
Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lis … |
|
| 2004-11-28 | ext:txt "Final encryption key" |
IPSec debug/log data which contains user data and password hashes.Can be used to crack passwords. … |
|
| 2004-11-28 | intitle:"DocuS hare" inurl:"docusha. .. |
some companies use a Xerox Product called DocuShare. The problem with this is by default guest access is enabled and it appears a lot of companies eit … |
|
| 2004-11-28 | intitle:"PHP Advanced Transfer" (inurl:i… |
PHP Advacaned Transfer is GPL'd software that claims to be the "The ultimate PHP download & upload manager". This is a search for t … |
|
| 2004-12-03 | ext:gho gho | Norton Ghost allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard driv … |
|
| 2004-12-03 | ext:pqi pqi -database |
PQ DriveImage allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard dri … |
|
| 2004-12-03 | ext:vmdk vmdk | VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images which essentially contain a copy of an entire PC, which c … |
|
| 2004-12-03 | ext:vmx vmx | VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a virtual PC, and reveal information about that PC's … |
|
| 2004-12-04 | inurl:"/axs/ax- admin.pl" -script |
This system records visits to your site. This admin script allows you to display these records in meaningful graph and database formats. … |
|
| 2004-12-05 | "Generated by phpSystem" |
PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connections, Who Is Logged In, Memory, Swap and active mounts. … |
|
| 2004-12-05 | php-addressbook "This is the addressbook for… |
php-addressbook shows user address information without a password. … |
|
| 2004-12-04 | intitle:"Multim on UPS status page" |
Multimon provide UPS monitoring services … | |
| 2004-12-13 | ext:dat bpk.dat | Perfect Keylogger is as the name says a keylogger :)This dork finds the corresponding datafiles which can be read with the free downloadable lite vers … |
|
| 2004-12-13 | inurl:ds.py | Affordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Managem … |
|
| 2004-12-19 | ext:conf inurl:rsyncd.conf -cvs -man |
rsync is an open source utility that provides fast incremental file transfer.rsync can also talk to "rsync servers" which can provide anonym … |
|
| 2004-12-19 | inurl:preferences.in i "[emule]" |
This finds the emule configuration file which contains some general and proxy information.Sometimes proxy user and password are stored. … |
|
| 2004-12-19 | intitle:"welcom e.to.squeezebox" ; |
squeezebox is the easiest way for music lovers to enjoy high-quality playback of their whole digital music collection. Stream music from your computer … |
|
| 2004-12-30 | filetype:cnf inurl:_vti_pvt access.cnf |
The access.cnf file is a "weconfigfile" (webconfig file) used by Frontpage Extentions for Unix. The install script called change_server.sh p … |
|
| 2004-12-30 | filetype:blt "buddylist" ; |
AIM buddylists. … | |
| 2004-12-30 | intitle:"index. of" .diz .nfo last modifi… |
File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Although rooted in legitimacy, it is used largely by softw … |
|
| 2005-01-02 | filetype:ctt Contact | This is for MSN Contact lists… … | |
| 2005-01-02 | Peoples MSN contact lists |
This will give msn contact lists .. modify the "msn" to what ever you feel is messenger related … |
|
| 2005-01-02 | intext:gmail invite intext:http://gmail. google.com… |
This is a dork I did today. At first, I wanted to find out the formula for making one, but … It got boring, so I just made a dork that finds invites … |
|
| 2005-01-13 | intitle:"FTP root at" |
This dork will return some FTP root directories. The string can be made more specific by adding additional keywords like password. … |
|
| 2005-01-22 | ext:txt inurl:dxdiag | This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of the computer, and goes into quite a bit of detail listin … |
|
| 2005-01-27 | ext:reg "username=*&quo t; putty |
Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, xterm, etc). … |
|
| 2005-01-27 | intitle:"edna:s treaming mp3 server" -for… |
Edna allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports pl … |
|
| 2005-01-27 | inurl:netscape.ini | There's a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the firm or people are using2.Cookies3.Address Book4.Mail … |
|
| 2005-01-27 | inurl:netscape.hst | Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list … |
|
| 2005-01-27 | inurl:"bookmark .htm" |
Bookmarks for Netscape and various other browsers. … |
|
| 2005-01-27 | inurl:netscape.hst | History for Netscape – So an attacker can read a user's browsing history. … |
|
| 2005-02-15 | -site:php.net -"The PHP Group" inurl:sou… |
scripts to view the source code of PHP scripts running on the server. Can be very interesting if it is also allowed to open configuration files ;-) … |
|
| 2005-02-15 | intitle:"web server status" SSH Telnet |
simple port scanners for most common ports … |
|
| 2005-02-28 | +"HSTSNR" -"netop.com&quo t; |
This search reveals NetOp license files. From the netop website: "NetOp Remote Control is the most comprehensive, effective and security-consciou … |
|
| 2005-03-02 | inurl:getmsg.html intitle:hotmail |
These pages contain hotmail messages that were saved as HTML. These messages can contain anything from personal data to cleartext passwords. … |
|
| 2005-02-15 | filetype:ora tnsnames |
This searches for tns names files. This is an Oracle configuration file that sets up connection strings for someone's Oracle client to contact t … |
|
| 2005-02-28 | "#mysql dump" filetype:sql 21232f297a57a… |
this is a mod of one of the previous queries posted in here. the basic thing is, to add this:21232f297a57a5a743894a0e4a801fc3to your query, that orygi … |
|
| 2005-03-30 | WebLog Referrers | ExpressionEngine is a modular, flexible, feature-packed web publishing system that adapts to a broad range of needs. … |
|
| 2005-04-26 | "MacHTTP" filetype:log inurl:machttp.log |
MacHTTP is an webserver for Macs running OS 6-9.x. It's pretty good for older Macs but the default install leaves the MacHTTP.log file open to ac … |
|
| 2005-04-26 | ext:plist filetype:plist inurl:bookmarks.plis t |
These Safari bookmarks that might show very interesting info about a user's surfing habits … |
|
| 2005-04-26 | ext:ics ics | ICalender Fileder that can contain a lot of useful information about a possible target. … |
|
| 2005-04-27 | ext:jbf jbf | There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulnerability, but it becomes interesting when uploaded or us … |
|
| 2005-04-27 | ext:DBF DBF | Dbase DAtabase file. Can contain sensitive data like any other database. … |
|
| 2005-04-27 | ext:CDX CDX | Visual FoxPro database index … | |
| 2005-04-27 | ext:ccm ccm -catacomb |
Lotus cc:Mail Mailbox file … | |
| 2005-04-27 | ext:DCA DCA | IBM DisplayWrite Document Content Architecture Text File … |
|
| 2005-06-07 | inurl:XcCDONTS.asp | This query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of th … |
|
| 2005-06-21 | filetype:QBW qbw | Quickbooks is software to manage your business's financials. Invoicing, banking, payroll, etc, etc. Its a nice software package but their files ( … |
|
| 2005-07-08 | filetype:PS ps | PS is for "postscript"…which basically means you get the high quality press data for documents. Just run 'adobe distiller' or al … |
|
| 2005-07-21 | allinurl:cdkey.txt | cdkeys … | |
| 2005-07-24 | site:www.mailinator. com inurl:ShowMail.do |
Mailinator.com allows people to use temporary email boxes. Read the site, I won't explain here. Anyway, there are emails in this site that have n … |
|
| 2005-07-30 | ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw … |
Although this search is a bit broken (the file extensions don't always work), it reveals interesting-looking documents which may contain potentia … |
|
| 2005-08-16 | intitle:"admin panel" +"Powered by … |
This finds all versions of RedKernel Referer Tracker(stats page) it just gives out some nice info … |
|
| 2005-08-12 | intitle:"curric ulum vitae" filetype:doc |
Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails, how many children one has:). Full curriculum vitae. I tried many … |
|
| 2005-08-23 | contacts ext:wml | Forget Bluetooth Hacking! You'll be amazed, at how many people sync their Cell Phones to the same Computers they run some type of Server on. This … |
|
| 2005-09-08 | rdbqds -site:.edu -site:.mil -site:.gov |
Ceasar encryption is a rather simple encryption. You simply shift letters up or down across the entire length of the message… In the url I did this … |
|
| 2005-10-04 | intitle:"urchin (5|3|admin)" ext:cgi |
Gain access to Urchin analysis reports. … | |
| 2005-10-22 | intitle:Bookmarks inurl:bookmarks.html "Bookm… |
AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often uploaded to serve as a backup, so it could reveal some … |
|
| 2005-11-16 | intitle:"Welcom e to F-Secure Policy Manager S… |
An attacker may want to know about the antivirus software running. The description says he can check the status of the F-Secure Policy Manager Server … |
|
| 2005-11-24 | inurl:wp-mail.php + "There doesn't seem… |
This is the WordPress script handling Post-By-Email functionality, the search is focussed on the message telling that there's nothing to process. … |
|
| 2005-12-19 | (intitle:WebStatisti ca inurl:main.php) | (intitle:… |
WebStatistica provides detailed statistics about a web page. Normally you would have to login to view these statistics but the sites have put autolog … |
|
| 2005-12-22 | inurl:/cgi-bin/pass. txt |
Passwords … | |
| 2006-01-16 | inurl:build.err | General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be f … |
|
| 2006-01-16 | intext:ViewCVS inurl:Settings.php |
CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is poss … |
|
| 2006-02-22 | "not for public release" -.edu -.gov -.m… |
if you search through lots of these then you find some really juicy things, there files from police, airports, government companies all kind of stuff … |
|
| 2006-03-18 | intitle:"Joomla - Web Installer" |
Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CMS. This dork finds the Web Installer page. On newer ver … |
|
| 2006-03-18 | (intitle:"PRTG Traffic Grapher" inurl:&q… |
PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long … |
|
| 2006-03-21 | intitle:"LOGREP - Log file reporting system&q… |
Logrep is an open source log file Extraction and Reporting System by ITeF!x. This dork finds the logs that it creates. … |
|
| 2006-10-02 | intitle:"AppSer v Open Project *" "A… |
Often includes phpinfo and unsecured links to phpmyadmin. … |
|
