All of this investment is hugely worth it - Burp's user-driven workflow is by the far the most effective way to perform web security testing and will take you way beyond the capabilities of any conventional point-and-click scanner.
Burp is intuitive and user-friendly, and the best way to start learning is by doing.
For example inurl:"login.php".allinurl Same as inurl, but searches for all terms in the url.filetype Searches for specific file types. Similarly filetype:txt looks for files with extension .txtext Similar to filetype.
Lets take a look at the special google search operators that are used to construct those high powered google hack search terms.intitle Specifying intitle, will tell google to show only those pages that have the term in their html title.
For example intitle:"login page" will show those pages which have the term "login page" in the title text.allintitle Similar to intitle, but looks for all the specified terms in the title.inurl Searches for the specified term in the url.
Basic Formula of dork,"inurl:."domain"/"dorks" "So you would normally understand it like this:"inurl" = input URL"domain" = your desired domain ex.
.gov"dorks" = your dork of your choice Here is another example of that You can use following words instead of inurl :intitle:inurl:intext:define:site:phonebook:maps:book:froogle:info:movie:weather:related:link: All these also help yo find other things then vulnerables.
As a passive attack method, Google dorking can return usernames and passwords, email lists, sensitive documents, personally identifiable financial information (PIFI) and website vulnerabilities.
That information can be used for any number of illegal activities, including cyberterrorism, industrial espionage,identity theft and cyberstalking2-OPERATORS as well as programming, google dorks also has its operators, I will not be able to show all operators but here are the most commonly used Operators.
Part Two broadens the discussion of multiculturalism beyond Australia in recognition of the fact that the issues, events, and even rhetoric, that have animated Australian debates about multiculturalism, particularly in the past ten years, transcend national borders and have reverberated in various forms in other parts of the world.
O=0" | inurl:arweb.jsp) -site:-site:mil (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=) "parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory" proftpdpasswd "Index of /" .htaccess "Index of /" passwd "Index of /" "Index of /admin" "Index of /backup" "Index of /mail" "Index Of /network" "last modified" "Index of /password" "index of /private" -site:net -site:com -site:org "index of /private" site:mil "Index of" / "chat/logs" "index of/" "ws_ftp.ini" "parent directory" impex/Imp Ex Data.php?
Version.3.11 intitle: Novell intitle: Web Access "Copyright *-* Novell, Inc" intitle:open-xchange inurl:intitle:"resistance is obsolete" "Report Bugs" "Username" "password" intitle:os Commerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:intitle: Ovislink inurl:private/login intitle:php My Admin "Welcome to php My Admin ***" "running on * as [email protected]*" intitle:phpnews.login intitle:plesk inurl:login.php3 intitle:rapidshare intext:login inurl::2082/frontend -demo inurl:":10000" intext:webmin inurl:"/admin/configuration.
what=" inurl:"Activex/default.htm" "Demo" inurl:"auth_user_file.txt" inurl:"bookmark.htm" inurl:"cacti" inurl:"graph_view.php" "Settings Tree View" -cvs -RPM inurl:"calendar.asp?
| inurl:sake.servlet intitle: Group-Office "Enter your username and password to login" intitle:ilohamail " intitle:ilohamail intext:"Version 0.8.10" " intitle: IMP inurl:imp/index.php3 intitle:"Apache" "server at" intitle:intitle:cgiirc.config intitle:intitle:dead.letter intitle: etc shadow intitle: etc shadow site:passwd intitle:inbox intitle:inbox dbx intitle:intext:"secring.skr"|"secring.pgp"|"secring.bak" intitle:master.passwd intitle:passwd intitle:intitle:intitle:ws_intitle:intranet inurl:intranet intext:"phone" intitle:liveapplet intitle: Login * Webmailer intitle: Login intext:"RT is ?