A hacker use Google dork for finding vulnerability to hack website and a cyber security admin use google dork for making hard security to his website.
1. allintitle - search by title
2. allintext - search by text
3. allinurl - search by URL
4. filetype - search by file type
5. site - search by site
6. inurl - search by url
Log File
Log file is very sensitive and important for any website. If attacker got log file then he can know the PHP version, MySQL version and critical and security hole in your framework or CMS.
See result, I have got all log file with username and password
Here I have use a search command for searching log files. I am using 2 search command for this
For Any kinds of site in the world
allintext:username filetype:log
For specific site
site: karimzi.blogspot.com allintext:username filetype:log
Vulnerable cPanel Search command
inurl: /proc/self/cwd
Vulnerable FTP server searching command
intitle: "index of" inurl:ftp
Email list searching
filetype:xls inurl:"email.xls"
Live Camera searching command
inurl:top.htm inurl:currenttime
intitle:"webcamXP 5"
inurl:"lvappl.htm"
MP3 searching command
intitle: index of mp3
ZOOM video searching command
inurl:zoom.us/j and intext:scheduled for
SQL Dumping command
"index of" "database.sql.zip"
Wordpress admin url searching command
intitle:"Index of" wp-admin
phpmyadmin
"Index of" inurl:phpmyadmin
cpanel password reset
inurl:_cpanel/forgotpwd
Prevention
1. Encrypt your sensitive data.
2. Regular checking your site by Google Dork command.
3. Regular check your website vulnerability and security hole.
4. Sensitive content link remove from Google Search Console
5. Block Sensitive content by robot.txt
Comments
Post a Comment