It is important to clarify upfront:
url:*.shtml AND date:2021-* Find .shtml pages from 2021:
"2021" filetype:shtml Or combine site and path: inurl view index shtml 14 2021
/view/index.shtml?page=../../../../etc/passwd The server processed SSI directives inside the included file, exposing system files. The attacker found this entry point by searching inurl:view index.shtml on Bing (which still supported it at the time).
<!--#include virtual="/cgi-bin/log.cgi?file=../logs/access_14_2021.log" --> If an attacker finds an index.shtml with editable include paths, they could read arbitrary files. Searching for inurl:view index.shtml was a way to find such endpoints. Some older content management systems (CMS) or intranet portals stored daily logs as 14_2021.html inside /logs/view/ . If index.shtml had directory listing enabled, a search engine would index: It is important to clarify upfront: url:*
intitle:"index of" shtml To find SHTML files containing a specific year:
site:example.com intitle:"index.shtml" "log" Search historical URL scans: Searching for inurl:view index
http.title:"Index of" .shtml To restrict to 2021 data, use Shodan’s timestamp: filter (only available to paid tiers). While inurl: is crippled, intitle: and filetype: partially remain.