intitle: 从网页标题中搜索指定的关键字,可专门用来搜索指定版本名称的各类web程序,也可用allintitle
inurl: 从url中搜索指定的关键字,可专门用来构造各种形式的漏洞url,也可用allinurl
intext: 从网页中搜索指定的关键字,经常会用它来穿透到漏洞页面……也可用allintext
filetype: 搜索指定的文件后缀,例如:sql mdb txt bak backup ini zip rar doc xls等
site: 在某个特定的网站内中搜索指定的内容
link: 搜索和该链接有关联的链接,比如:友情链接
index of: 找目录遍历时也许会用到
+ 强制匹配
- 忽略特定
"" 精确匹配
. 任意单字符匹配
* 任意字符匹配
| 并列查询,或者
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat
intext:$CATALINA_HOME/webapps/ROOT/ inurl:8080/
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/5.5.27 site:*.hk
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/7.0.32 site:*.gov.br
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/5.0.12 site:*.cn
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/6.0.24 site:*.com
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.edu.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.gov.* 搜特定类型的目标站点,如,学校一般都是edu,各种民间组织一般都是org,政府机构一般都是gov……
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.org.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat/7.0 site:*.org.*
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.jp
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.vn
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:*.ph
intext:$CATALINA_HOME/webapps/ROOT/ intitle:Apache Tomcat site:*.uk
intext:$CATALINA_HOME/webapps/ROOT/ intitle:apache tomcat site:org.tw
inurl:/console/login/LoginForm.jsp
inurl:/console/login/LoginForm.jsp intitle:Oracle WebLogic Server
inurl:/console/login/ intitle:"Oracle WebLogic Server
inurl:/jmx-console/htmladaptor
inurl:/jmx-console/htmladaptor site:*.edu.*
inurl:/jmx-console/htmladaptor site:*.org.*
inurl:/jmx-console/htmladaptor site:*.tw
inurl:/ibm/console/logon.jsp
intitle:Login to Webmin intext:"login to the Webmin server on"
inurl:/wp-login.php site:*.hk
index of /wp-content/uploads inurl:/wp-login.php
inurl:/wp-content/themes/theagency 上传漏洞
思路要灵活,google hacking语法强大,善于利用往往事半功倍。