“inurl” is used to search within a site’s URL itself. This is very useful if you are familiar with a URL string or with standard URL strings used by different content management systems.
There are a host of other keywords in directory listings that you can use to explore web servers. Of course, we don’t recommend using these for malicious intent. Everything is for academic purposes only, okay? Also, if you’re a webmaster, it helps to know if your own servers are not vulnerable to these “Google attacks.” You can even play the good samaritan by contacting owners of hosting accounts that blatantly put out their directory listings and thus endanger their host’s security.
Of course, it goes without saying that directory listings that aren’t at the root folder cannot be crawled by Google unless they are linked to directly on any other open website that Google can crawl. This means you can theoretically hide your directory from prying eyes even if it’s not locked out from viewing as long as you do not link to it from other sites. Also, it helps if you use long directory names that cannot be found in the dictionary.
You can search for the words “admin” and “userlist” within the URL to come up with open directories that contain userlists.
You can also search for websites that use WordPress as their CMSes (even sites that are non-blogs).
You can use this in conjunction with the site: operator to get sites in that domain or domainspace that use WordPress as CMS (and perhaps you can try to hack them using known WordPress vulnerabilities, if any).
For example, this would give you a results page of all .US sites that use WordPress.