1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any way to find all php files on a website?

Discussion in 'Black Hat SEO' started by twitter.followers, Nov 15, 2011.

  1. twitter.followers

    twitter.followers Elite Member

    Joined:
    Mar 23, 2011
    Messages:
    1,768
    Likes Received:
    2,208
    Is there any way to find links of all php files uploaded on a website.

    For example,
    lets say www.abc.com is a website and it contains few php pages like abc.com/1.php and abc.com/2.php etc...

    So, any software which can find all these files?
     
  2. upl8t

    upl8t Regular Member

    Joined:
    Apr 9, 2008
    Messages:
    475
    Likes Received:
    84
    Location:
    New Scotland
    There are spiders/scrapers that can do this. But that won't guarantee that you get all the php pages. It's quite possible to run php pages with different extensions to hide them from people trying to find them. eg index.html could actually be a php page and you won't know by looking at the extension.
     
  3. roshansethia

    roshansethia Newbie

    Joined:
    Aug 30, 2011
    Messages:
    41
    Likes Received:
    8
    Location:
    India
    I am not sure if that is something possible.
     
  4. jkwilson78

    jkwilson78 Regular Member Premium Member

    Joined:
    Jun 24, 2010
    Messages:
    224
    Likes Received:
    311
    You could try using the "site" and "inurl" search commands with Google.

    So for the site command you would use the domain you want to look up and in the "inurl" command you would use ".php"

    Sorry for the funky explanation.

    I tried inserting the exact command you should use and it would not let me post it. I guess since my post count is low or something.

    I would think you could use this footprint with scrapebox but not positive. I'm not a heavy SB user.

    You would also be limited to the top 1000 results.
     
  5. RightInTwo

    RightInTwo Power Member

    Joined:
    Feb 23, 2010
    Messages:
    744
    Likes Received:
    381
    Home Page:
    You can find the pages themselves, but you won't actually see any of the php code. That gets generated on the server and returned as HTML to your browser.
     
  6. romocop

    romocop Registered Member

    Joined:
    Mar 16, 2009
    Messages:
    67
    Likes Received:
    7
    Occupation:
    Wep Apps Developer/SEO Guru
    Location:
    Austin, Tx
    If the links to the other pages are on the page, you can just use a sitemap generator.
     
  7. Rahul998

    Rahul998 Newbie

    Joined:
    Oct 23, 2011
    Messages:
    44
    Likes Received:
    3
    Search google "site:domain.com" + filetype : php {remove spaces}
     
  8. DesignEx

    DesignEx Regular Member

    Joined:
    Mar 11, 2011
    Messages:
    256
    Likes Received:
    51
    Occupation:
    Own a web development company
    Location:
    Florida
    This doesn't matter unless the person is masking the .php extension. If the page is being served as .php, it can be crawled. However if the page were say a wordpress URL that is made to not look it is PHP generated, then you'd be right in that there's no real way to tell that it is HTML / PHP.
     
  9. no4h~

    no4h~ Regular Member

    Joined:
    Apr 11, 2011
    Messages:
    456
    Likes Received:
    330
    There's an application from Acunetix called Web Vulnerability Scanner that has a really nice tool that can do this quite nicely... however, it sends a lot of http requests which any good web administrator would oversee and become suspicious.

    I've done it, quite an amazing tool :eek:
     
  10. Rahul998

    Rahul998 Newbie

    Joined:
    Oct 23, 2011
    Messages:
    44
    Likes Received:
    3
    A PHP can't be crawled even if extension is not masked ..... code between <?PHP... ?> can't go outside server .... PHP interpreter will translate it into html ..
     
    Last edited: Nov 15, 2011
  11. DesignEx

    DesignEx Regular Member

    Joined:
    Mar 11, 2011
    Messages:
    256
    Likes Received:
    51
    Occupation:
    Own a web development company
    Location:
    Florida
    He wasn't asking for the actual code, I think most of us know that you cannot retrieve server side code. He was asking for just the existence of the PHP file.
     
  12. Rahul998

    Rahul998 Newbie

    Joined:
    Oct 23, 2011
    Messages:
    44
    Likes Received:
    3
    If there is no masking then the simple google search using "filetype:" keyword will show all ... If there is masking then he have to first know which is web app , if it is php based than simply all pages will be php .