These easy to use Google Searches make finding insecure web servers very easy.
This one finds servers with publicly accessible pages that show web site status. They even have a complete listing of all ports and whether they are open or not!
intitle:"web server status" SSH Telnet |
Why would a web server have a panel that is accessible to anyone that shows all open ports? This is not good security wise. I know that you can nmap scan a website and find this info, but why have this in a constantly updating format?
This Google Dork will find all open instances of a database manager.
intext:SQLiteManager inurl:main.php |
This can allow a user to view installed databases and add tables. Good SQL practice I guess.
Another Google Dork that could allow someone to find usernames and passwords if you are lucky.
intext:(password | passcode) intext:(username | userid | user) filetype:csv |
Find unfinished Joomla web installers. Fun to play with.
intitle:"Joomla - Web Installer" |
yet another Google Dork, this one will find all PHPMyAdmin instances that are running openly on a web server.
"phpMyAdmin" "running on" inurl:"main.php" |
These examples got to show why a web server operator must secure everything. This is very important. Update your server software all the time and apart from using Cloudflare, always change default passwords and secure server software properly, remove any unneeded files after web software installation and properly close all unneeded ports.
There are many more examples on this page.
https://www.reddit.com/r/google/comments/1gcu6t/part_2_of_14_the_power_of_google_how_to_search/.