Arquivo da categoria: web

dorking (how to find anything on the Internet)

fonte: https://www.alec.fyi/dorking-how-to-find-anything-on-the-internet.html

obs.: esta é uma cópia integral.

dorking (how to find anything on the Internet)

Sat 04 April 2020

tagged dorkingnon-technicalhow-toscrapinggrowth hacksreference

tl;dr: Use advanced Google Search to find any webpage, emails, info, or secrets

cost: $0

time: 2 minutes

Software engineers have long joked about how much of their job is simply Googling things

Now you can do the same, but for free

Below, I’ll cover dorking, the use of search engines to find very specific data

For each example, you can paste it directly into Google to see the result

table of contents:

webpages

Inspired by this Twitter exchange with Gumroad CEO Sahil Lavingia, the next few examples will cover Gumroad and Sahil.

find specific pages within a website (ex: for DynamoDB e-books)

site:gumroad.com dynamodb

find specific pages that must include a phrase in the Title text

allintitle:"support this" site:gumroad.com

find similar sites (Google only)

related:gumroad.com

you can chain operators together (ex: looking for bug bounties with either security or bug-bounty in the URL)

(inurl:security OR inurl:bug-bounty OR site:hackerone.com) + "gumroad"

you can restrict to certain top-level domains (ex: lists of teachers)

site:.edu filetype:xls inurl:"email.xls"

emails

find Gmail accounts

sahil lavingia "@gmail.com"

find work accounts (you’ll need to find their domain first)

sahil lavingia "@gumroad.com"

not finding what you’re looking for with either of those? Try to guess the format of the email (try going to this site, search the domain, and click Identified Name Formats))

"s.lavingia" "@" ".com"

you can always find every page with emails on it (and then use the next snippet below)

site:gumroad.com intext:"@gumroad.com"

find every email on a web page that you’re on. The big kahuna – this works for every website. Inject it into a site with Chrome DevTools (more here)

var elems = document.body.getElementsByTagName("*");
var re = new RegExp("(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)");
for (var i = 0; i < elems.length; i++) {
    if (re.test(elems[i].innerHTML)) {
        console.log(elems[i].innerHTML);
    }
}

this will log every email found, without you having to scan through the whole page.

files

find spreadsheets

filetype:csv OR filetype:xlsx OR filetype:xls OR filetype:xltx OR filetype:xlt OR inurl:airtable.com/universe/

find Google Docs and Google Sheets

site:docs.google.com "gumroad"

find where your competitor’s logo is (ex: partners or customers’ websites)

"Gumroad Logo.png"

find your competitors’ sales pitches and whitepapers

site:intercom.com (filetype:pdf OR filetype:ppt)

find case studies written about competitors

inurl:hubspot-case-study -site:http://hubspot.com

SEO

find sites with specific keywords in the anchor text

inanchor:"cyber security"

research blog posts with specific keywords in their title

inposttitle:"diy slime"

find backlinks (ex: other sites that link to a particular blog post). note: the link operator is now deprecated

intext:intercom.com/intercom-api-reference/reference

find keyword permutations with the wildcard operator

* design tools

find companies using a given widget

intext:"Powered by Intercom" -site:intercom.com

coupons!

search the site itself for codes

site:curology.com ("coupon" | "referral code" | "affiliate code" | "discount code" | "VIP")

next, try twitter

site:twitter.com + "meundies" + ("coupon" | "referral code" | "affiliate code" | "discount code" | "VIP")

next, try Mailchimp emails

site:campaign-archive.com + "blueapron" + ("coupon" | "referral code" | "affiliate code" | "discount code" | "VIP")

secrets

cybersecurity experts use dorking, as one tool among many, to find potential vulnerabilities in a company. I will not be covering any such queries, out of concern for their potential for misuse.

operator review

operators are components of a search query that narrow the results down. You can combine as many as you want in one query. The most useful ones you’ll want to know are:

operatordescription
“phrase”results must include “phrase”
-phraseexclude results with phrase
phrase1 AND phrase2    phrase1 and phrase2 must both be included
phrase1 OR phrase2one of phrase1 and phrase2 must be included (or both)
site:example.comresults must be on domain example.com
filetype:jpgresults must be of type .jpg

AND/OR logic can be used to combine distinct queries

"phrase1" OR "phrase 2" AND "phrase3"
# equivalent to these two searches
>> "phrase1"
>> "phrase 2" AND "phrase3"

dia: WAVEBOX | YOUR WORK BROWSER

dica: https://wavebox.io/download/ https://wavebox.io/

É basicamente um navegador, mas com foco em logar seus perfis de comunicação ou outros.

Por exemplo, estou usando para gmail, whats, slack e trello.

Mas dá para usar qualquer coisa.

 

Criando Botões com Hyperlinks no Google Spreadsheet

dica do youtube: Silvio Rocha

1) Abra uma planilha qualquer do Google Docs, clique no menu inserir, Desenho….

2) Ao abrir uma janela com o fundo transparente (Quadriculado), desenhe ou insira a forma que vai ser o botão na planilha, altere a cor, insira um nome….., após terminar,
clique no botão Salvar e fechar.

3) O Botão é gerado na planilha, clique no menu ferramenta, Editor de script…, após carregar clique em Projeto em branco e apague todo o esqueleto de uma função vazia e adicione o código abaixo:

function botao() {
var sheet = SpreadsheetApp.getActiveSpreadsheet();
var planilha = sheet.getSheetByName(‘Página2’);
SpreadsheetApp.setActiveSheet(planilha);
}

4) Pressione CTRL + S, dê um nome para o projeto e clique em Salvar.
5) Clique no menu Executar, opção Botao.
6) Clique no botão continuar para autorizar, botão Aceitar.
7) Volte até a planilha, na página onde está o botão, clique no botão, em seguida, na seta acima do botão do lado direito, opção Transferir script…, insira o nome da função criada botao e clique em OK.
8) Basta clicar no botão o script será executado direcionando a página da planilha definida.

Continuar lendo

dica: velocidade do apache

dicas dos sites:

https://stackoverflow.com/questions/24283025/slow-apache-on-ubuntu

http://oxpedia.org/wiki/index.php?title=Tune_apache2_for_more_concurrent_connections

Continuar lendo

dicas para sincronização de bancos mysql com SJA

urls:

https://www.vivaolinux.com.br/artigo/Sincronizacao-segura-entre-bancos-de-dados-MySQL-utilizando-SJA?pagina=1

http://faq.webyog.com/category/15/sja-for-linux.html

https://desmontacia.wordpress.com/2010/08/29/sincronizao-segura-entre-bancos-de-dados-mysql-utilizando-sja/

https://github.com/webyog/sqlyog-community/wiki/Downloads

ativar limite de tempo de cache no apache

dica ativando modulos: http://www.matrudev.com/post/enable-apache-mod_headers-expires/

To enable mod_headers:
sudo a2enmod headers

To enable mod_expires:
sudo a2enmod expires

sudo /etc/init.d/apache2 restart

adicionando limite no .htacces: https://stackoverflow.com/questions/4480304/how-to-set-http-headers-for-cache-control

Use:

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>

Where: 604800 = 7 days

 

dica: pegar ip do cliente em php

dica do site: http://itman.in/en/how-to-get-client-ip-address-in-php/

Continuar lendo

dicas de uso do curl via linha de comando

dicas de uso do curl via linha de comando

exemplo usando post:
curl -X POST -F var1=”adadad” -F var2=”babbaba” http://url/form.php

Continuar lendo

dica: expondo localhost

https://localtunnel.github.io/www/
https://techmonger.github.io/13/localtunnel-ubuntu/

 

ngrok: https://ngrok.com

nohup ./ngrok http 80 -log ngrok.log -auth=”user:senha” &

ultimo_host=”$(cat ngrok.log | grep ‘url=http://’|tail -1|sed ‘s/^.*url\=//g’)”

echo “$ultimo_host”

Adicionando seu usuário ao /var/www


dica do site: https://loc4n.wordpress.com/2014/06/01/adicionando-seu-usuario-ao-varwww/

Se você tem um servidor dedicado, e está configurando o apache, mas sempre chega a aquele problema, o seu usuário não tem permissão para mecher na /var/www do apache ou na pasta onde os seus hosts virtuais estão configurados. Ai você parte ou para o chmod 777 ou para usar o root para trabalhar nesses arquivos. Saiba que, existe uma solução muito mais segura e não é tão difícil de ser implementada.