-
Notifications
You must be signed in to change notification settings - Fork 21
/
dorks.yaml
411 lines (267 loc) · 11.6 KB
/
dorks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
# ------------------------------------------------------------------------------
Cameras:
- title: 'General camera search.'
content: 'camera'
- title: 'Webcams with screenshots.'
content: 'webcam has_screenshot:true'
- title: 'IP Webcams with screenshots.'
content: 'has_screenshot:true IP Webcam'
- title: 'Webcams running on webcamXP'
content: 'server: webcamxp'
- title: 'Webcams running on webcam 7.'
content: 'server: "webcam 7"'
- title: 'Webcams running on Blue Iris.'
content: 'title:"blue iris remote view"'
- title: 'UI3 - the HTML5 web interface for Blue Iris.'
content: 'title:"ui3 -"'
- title: 'Canon-manufactured megapixel security cameras.'
content: 'title:"Network Camera VB-M600"'
- title: 'Yet another WebCAM software.'
content: 'product:"Yawcam webcam viewer httpd"'
- title: 'Webcams running on IPCam Client.'
content: 'title:"IPCam Client"'
- title: 'Older webcams running on GeoVision.'
content: 'server: GeoHttpServer'
- title: 'Vivotek IP cameras.'
content: 'server: VVTK-HTTP-Server'
- title: 'Avigilion-brand camera/monitoring devices.'
content: 'title:"Avigilon"'
- title: 'Various IP camera/video management system products.'
content: 'ACTi'
- title: 'A UK-based IP camera provider.'
content: 'WWW-Authenticate: "Merit LILIN Ent. Co., Ltd."'
- title: 'Unsecured Linksys webcams.'
content: 'title:"+tm01+"'
- title: 'i-Catcher IP-based CCTV systems.'
content: 'server: "i-Catcher Console"'
- title: 'Netwave-make IP cameras.'
content: 'Netwave IP Camera Content-Length: 2574'
- title: 'DVR CCTV cameras accessible via http.'
content: '200 ok dvr port:"81"'
- title: 'Linksys WVC80N cameras.'
content: 'WVC80N'
- title: 'Hikvision IP Cameras.'
content: 'product:"Hikvision IP Camera"'
description: 'Backdoor exploit at https://ipvm.com/reports/hik-exploit'
# ------------------------------------------------------------------------------
Industrial Control Systems:
- title: 'Samsung Electronic Billboards'
content: 'Server: Prismview Player'
description: 'Search for electronic billboards managed by Prismview servers.'
- title: 'Gas Station Pump Controllers'
content: '"in-tank inventory" port:10001'
description: 'Find gas station pump controllers with accessible inventory data.'
- title: 'Fuel Pumps connected to internet'
content: '"privileged command" GET'
- title: 'Automatic License Plate Readers'
content: 'P372 "ANPR enabled"'
- title: 'Traffic Light Controllers / Red Light Cameras'
content: 'mikrotik streetlight'
- title: 'Voting Machines in the United States'
content: '"voter system serial" country:US'
- title: 'Open ATM'
content: 'NCR Port:"161"'
- title: 'Telcos Running Cisco Lawful Intercept Wiretaps'
content: '"Cisco IOS" "ADVIPSERVICESK9_LI-M"'
- title: 'Prison Pay Phones'
content: '"[2J[H Encartele Confidential"'
- title: 'Electric Vehicle Chargers'
content: '"Server: gSOAP/2.8" "Content-Length: 583"'
- title: 'Submarine Mission Control Dashboards'
content: 'title:"Slocum Fleet Mission Control"'
- title: 'CAREL PlantVisor Refrigeration Units'
content: '"Server: CarelDataServer" "200 Document follows"'
- title: 'Nordex Wind Turbine Farms'
content: 'http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"'
- title: 'C4 Max Commercial Vehicle GPS Trackers'
content: '"[1m[35mWelcome on console"'
- title: 'DICOM Medical X-Ray Machines'
content: '"DICOM Server Response" port:104'
- title: 'GaugeTech Electricity Meters'
content: '"Server: EIG Embedded Web Server" "200 Document follows"'
- title: 'Siemens Industrial Automation'
content: '"Siemens, SIMATIC" port:161'
- title: 'Siemens HVAC Controllers'
content: '"Server: Microsoft-WinCE" "Content-Length: 12581"'
- title: 'Door / Lock Access Controllers'
content: '"HID VertX" port:4070'
- title: 'Railroad Management'
content: '"log off" "select the appropriate"'
- title: 'Tesla Powerpack charging Status'
content: 'http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2'
- title: 'XZERES Wind Turbine'
content: 'title:"xzeres wind"'
- title: 'PIPS Automated License Plate Reader'
content: '"html:"PIPS Technology ALPR Processors""'
- title: 'Modbus'
content: '"port:502"'
- title: 'Niagara Fox'
content: '"port:1911,4911 product:Niagara"'
- title: 'GE-SRTP'
content: '"port:18245,18246 product:"general electric""'
- title: 'MELSEC-Q'
content: '"port:5006,5007 product:mitsubishi"'
- title: 'CODESYS'
content: '"port:2455 operating system"'
- title: 'S7'
content: '"port:102"'
- title: 'BACnet'
content: '"port:47808"'
- title: 'HART-IP'
content: '"port:5094 hart-ip"'
- title: 'Omron FINS'
content: '"port:9600 response code"'
- title: 'IEC 60870-5-104'
content: '"port:2404 asdu address"'
- title: 'DNP3'
content: '"port:20000 source address"'
- title: 'EtherNet/IP'
content: '"port:44818"'
- title: 'PCWorx'
content: '"port:1962 PLC"'
- title: 'Crimson v3.0'
content: '"port:789 product:"Red Lion Controls""'
- title: 'ProConOS'
content: '"port:20547 PLC"'
- title: 'VNC Servers'
content: '"authentication disabled" "RFB 003.008"'
description: 'While not always 100% guaranteed to be a system, lots of embedded systems can show up here, along with personal systems.'
- title: 'More VNC Servers'
content: '"authentication disabled" port:5900,5901'
description: 'Another search term for VNC servers - most are on port 5900 or 5901 as these are VNC display ports.'
# ------------------------------------------------------------------------------
Network Infastructure:
- title: 'General MySQL Database Search'
content: 'product:MySQL'
- title: 'Default MongoDB Instances'
content: 'mongodb port:27017'
- title: 'MongoDB Server Information on Default Port'
content: '"MongoDB Server Information" port:27017'
- title: 'Exposed MongoDB Express Web Interfaces'
content: '"Set-Cookie: mongo-express=" "200 OK"'
- title: 'Accessible Kibana Dashboards'
content: 'kibana content-length:217'
- title: 'Open Elasticsearch Databases'
content: 'port:"9200" all:elastic'
- title: 'Remote PostgreSQL Connections'
content: 'port:5432 PostgreSQL'
- title: 'Listed Apache CouchDB'
content: 'product:"CouchDB"'
- title: 'Vulnerable CouchDB Instances'
content: 'port:"5984"+Server: "CouchDB/2.1.0"'
- title: 'Weave Scope Dashboards'
content: 'title:"Weave Scope" http.favicon.hash:567176827'
- title: 'Jenkins CI'
content: '"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"'
- title: 'Docker APIs'
content: '"Docker Containers:" port:2375'
- title: 'Docker Private Registries'
content: '"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab'
- title: 'Pi-hole Open DNS Servers'
content: '"dnsmasq-pi-hole" "Recursion: enabled"'
- title: 'Already Logged-In as root via Telnet'
content: '"root@" port:23 -login -password -name -Session'
- title: 'Android Root Bridges'
content: '"Android Debug Bridge" "Device" port:5555'
- title: 'Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords'
content: 'Lantronix password port:30718 -secured'
- title: 'Citrix Virtual Apps'
content: '"Citrix Applications:" port:1604'
- title: 'Cisco Smart Install'
content: '"smart install client active"'
- title: 'PBX IP Phone Gateways'
content: 'PBX "gateway console" -password port:23'
- title: 'Polycom Video Conferencing'
content: 'http.title:"- Polycom" "Server: lighttpd"'
- title: 'Telnet Configuration'
content: '"Polycom Command Shell" -failed port:23'
# ------------------------------------------------------------------------------
Printers:
- title: 'General Printer Search'
content: 'printer'
- title: 'HP LaserJet Printers via HTTP'
content: '"HP-ChaiSOE" port:"80"'
- title: 'Samsung Printers with SyncThru Web Service'
content: 'title:"syncthru web service"'
- title: 'Brother Printers Admin Interface'
content: '"Location: /main/main.html" debut'
- title: 'HP Printers Remote Restart'
content: 'port:161 hp'
- title: 'Unsecured Telnet Access to Printers'
content: 'port:23 "Password is not set"'
- title: 'Printers with FTP Access'
content: '"Laser Printer FTP Server"'
- title: 'Lexmark Printer Control Panels'
content: 'Printer Type: Lexmark'
- title: 'HTTP Accessible Epson Printers'
content: 'http 200 server epson -upnp'
- title: 'Epson Printers via HTTP Server'
content: '"Server: EPSON-HTTP" "200 OK"'
- title: 'Remote Access to Xerox Printers'
content: 'ssl:"Xerox Generic Root"'
- title: 'Canon Printer HTTP Servers'
content: '"Server: CANON HTTP Server"'
# ------------------------------------------------------------------------------
Files and Directories:
- title: 'Open Lists of Files and Directories'
content: 'http.title:"Index of /"'
- title: 'Open Lists on Port 80'
content: 'port:80 title:"Index of /"'
- title: 'FTP Access Without Credentials'
content: '"220" "230 Login successful." port:21'
- title: 'Anonymous Access Allowed FTP'
content: '"Anonymous access allowed" port:"21"'
- title: 'Vulnerable vsftpd Service'
content: 'vsftpd 2.3.4'
- title: 'NDMP on FTP Port 10000'
content: 'ftp port:"10000"'
- title: 'Samba Shares with Authentication Disabled'
content: '"Authentication: disabled" port:445 product:"Samba"'
- title: 'QuickBooks Files Shared Over Network'
content: '"QuickBooks files OverNetwork" -unix port:445'
- title: 'Filezilla FTP'
content: 'filezilla port:"21"'
# ------------------------------------------------------------------------------
Compromised devices and websites:
- title: 'General Hacked Label Search'
content: '"hacked"'
- title: 'Variation of Hacked By Label Search'
content: '"hacked by"'
- title: 'Hacked By in HTTP Title'
content: 'http.title:"Hacked by"'
- title: 'Owned By Label in HTTP Title'
content: 'http.title:"0wn3d by"'
- title: 'Compromised Routers Labeled HACKED-ROUTER'
content: '"HACKED-ROUTER"'
- title: 'MongoDB Ransom Demand'
content: 'port:"27017" "send_bitcoin_to_retrieve_the_data"'
- title: 'Bitcoin Ransomware with Screenshot'
content: 'bitcoin has_screenshot:true'
- title: 'Compromised Legacy Systems on Port 4444'
content: 'port:4444 system32'
- title: 'Ransomware Infected RDP Services'
content: '"attention" "encrypted" port:3389'
- title: 'Compromised Hosts Advertising Default Password'
content: '"HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD"'
- title: 'Compromised FTP Servers'
content: '"HACKED FTP server"'
- title: 'Compromised Routers'
content: 'hacked-router-help-sos'
# ------------------------------------------------------------------------------
Miscellaneous:
- title: 'Ethereum Miners'
content: '"ETH - Total speed"'
- title: 'Misconfigured WordPress Installations'
content: 'http.html:"* The wp-config.php creation script uses this file"'
- title: 'EIG Electricity Meters'
content: '"Server: EIG Embedded Web Server" "200 Document follows"'
- title: 'Tesla-related Interfaces'
content: 'http.title:"Tesla"'
- title: 'General Dashboard Interfaces'
content: 'http.title:"dashboard"'
- title: 'Control Panel Access Points'
content: 'http.title:"control panel"'
- title: 'Minecraft Servers'
content: '"Minecraft Server" "protocol 340" port:25565'
- title: 'Everything in North Korea'
content: 'net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24'