Google Dorks
Google Dorks技术是一种利用Google的高级搜索功能来发现网上隐藏的信息的方法。Google Dorks,或者Google Hacks,是指一些特殊的搜索命令(包括特定的参数和搜索操作符),当输入到Google搜索栏时,可以显示网站的一些不公开的部分。
在线网站
自动化工具
pip3 install -r requirements
# Use --siterestrict if you have configured less than 10 domains in the cseid
python3 gorks.py --cseid <cseid> --dorks ./ghdb.json [--api-key <api_key>|--api-keys-file </path/apikeys>] [--siterestrict] [--json-file </oath/to/json_file>] 2>/dev/null
python googd0rk.py domain
- Dorks Hunter
git clone https://github.com/six2dez/dorks_hunter
cd dorks_hunter
pip3 install -r requirements.txt
> python3 dorks_hunter.py -h
usage: dorks_hunter.py [-h] --domain DOMAIN [--results RESULTS] [--output OUTPUT]
Simple Google dork search
options:
-h, --help show this help message and exit
--domain DOMAIN, -d DOMAIN
Domain to scan
--results RESULTS, -r RESULTS
Number of results per search, default 10
--output OUTPUT, -o OUTPUT
Output file
./goohak domain.com
git clone https://github.com/opsdisk/pagodo.git
cd pagodo
virtualenv -p python3.7 .venv # If using a virtual environment.
source .venv/bin/activate # If using a virtual environment.
pip install -r requirements.txt
python pagodo.py -d example.com -g dorks.txt
Google Dorks 集合
https://github.com/BullsEye0/google_dork_list
https://github.com/rootac355/SQL-injection-dorks-list
https://github.com/unexpectedBy/SQLi-Dork-Repository
https://github.com/thomasdesr/Google-dorks
https://github.com/arimogi/Google-Dorks
https://github.com/aleedhillon/7000-Google-Dork-List
- 漏洞赏金
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt
- 反向链接
https://github.com/alfazzafashion/Backlink-dorks
https://www.techywebtech.com/2021/08/backlink-dorks.html
https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/
- CMS Dorks
WordPress
https://pastebin.com/A9dsmgHQ
Magento
Dorks
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
//代码共享
site:github.com | site:gitlab.com | site:bitbucket.org "company"
site:stackoverflow.com "target.com"
site:http://trello.com | site:*.atlassian.net "company"
//项目管理站点
site:http://justpaste.it | site:http://pastebin.com "company"
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
//配置文件
site:target.com ext:sql | ext:dbf | ext:mdb
//数据库文件
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
//备份文件
inurl:"/.git" target.com -github
//git文件
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
//公开文件
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
//其它文件
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
//SQL 错误
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
//PHP错误
site:target.com inurl:signup | inurl:register | intitle:Signup
//登录页面
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
//重定向
site:target.com ext:action | ext:struts | ext:do
//Apache Struts RCE
site:pastebin.com target.com
site:linkedin.com employees target.com
//领英员工搜索
site:target.com inurl:wp-content | inurl:wp-includes
//WordPress文件
site:*.target.com
//子域名
site:*.*.target.com
//子域名
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
//S3桶
intitle:traefik inurl:8080/dashboard "target"
intitle:"Dashboard [Jenkins]"