Shodan Dorks

Générateur de dorks personnel

Dorks

HTTP Filters

NTP Filters

SSL Filters

Telnet Filters

Bug bounty dorks

#Trouver des directory listing
ssl.cert.subject.CN:".target.com" http.title:"index of/"

#Trouver des gitlab
ssl.cert.subject.CN".target.com" http.title:"gitlab"

#Trouver des accès FTP anonymes
ssl.cert.subject.CN:".target.com" "230 login successful" port:"21"

#Trouver des pages phpinfo
ssl.cert.subject.CN:".target.com" http.title:"phpinfo()"

#Trouver des subdomain takeover github
ssl.cert.subject.CN:".target.com" http.html:"The specified bucket does not exist"
ssl.cert.subject.CN:".target.com" http.html:"Trying to access your account?"
ssl.cert.subject.CN:".target.com" http.html:"With GetResponse Landing Pages, lead generation has never been easier"
ssl.cert.subject.CN:".targer.com" http.html:"No settings were found for this company:"
ssl.cert.subject.CN:".targer.com" http.html:"is not a registered InCloud YouTrack"
ssl.cert.subject.CN:".targer.com" http.html:"No Site For Domain"
ssl.cert.subject.CN:".targer.com" http.html:"It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us."
ssl.cert.subject.CN:".targer.com" http.html:"This job board website is either expired or its domain name is invalid."
ssl.cert.subject.CN:".targer.com" http.html:"Non-hub domain, The URL you've accessed does not provide a hub."
ssl.cert.subject.CN:".targer.com" http.html:"Do you want to register *.wordpress.com?"
ssl.cert.subject.CN:".targer.com" http.html:"Hello! Sorry, but the website you’re looking for doesn’t exist."
ssl.cert.subject.CN:".targer.com" http.html:"There isn't a GitHub Pages site here."

Exemples

Citrix:

Trouver des gateway Citrix. title:"citrix gateway"

Wifi Passwords:

Trouver des mots de passe wifi en clair. html:"def_wirelesspassword"

Surveillance Cams:

With username:admin and password: :P NETSurveillance uc-httpd

Windows RDP Password:

But may contain secondary windows auth "\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"

Mongo DB servers:

It may give info about mongo db servers and dashboard "MongoDB Server Information" port:27017 -authentication

FTP accessibles en anonyme: "220" "230 Login successful." port:21

Jenkins:

Tableau de bord Jenkins ouverts x-jenkins 200

ATM ouverts:

Peut permettre l'accès au guichet automatique NCR Port:"161"

Telnet Accessibles en anonyme: port:23 console gateway

Sites Wordpress mal configurés:

Le wp-config.php si il est accessible peut donner accès aux identifiants de base de données. http.html:"* The wp-config.php creation script uses this file"

API Docker pour accès à distance:

port:2375 product:"docker"

Tips

Augmentation de la surface d'attaque via favicon:

  1. Mettre l'url du favicon.ico dans https://faviconhash.com/.

  2. Recupérer le Hash du favicon.

  3. utiliser la dork https.favicon.hash:<hash> dans shodan.

Plus d'exemples: https://github.com/mathis2001/Dorking/blob/main/ShodanDorks.txt

PrécédentTwitter DorksSuivantRéseaux sociaux (SOCMINT)

Dernière mise à jour