Recopilación MEJORES DORKS para BUG BOUNTY

Anon · 25 Jul 2023

Recopilación de google dorks para encontrar cositas interesantes de páginas web como leaks de código fuente, almacenamiento en la nube, tecnologías, logins, extensiones del dominio, etc.

Google Dorks for Bug Bounty

taksec.github.io

Haze · 25 Jul 2023

Durooo, mando la lista para tenerla mas a mano:

Broad domain search w/ negative search

site:example.com -www -shop -share -ir -mfa

PHP extension w/ parameters

site:example.com exthp inurl:?

Disclosed XSS and Open Redirects

sitepenbugbounty.org inurl:reports intext:"example.com"

Juicy Extensions

site:"example[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | extld | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess

XSS prone parameters

inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example.com

Open Redirect prone parameters

inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurlage= inurl:& inurl:http site:example.com

SQLi Prone Parameters

inurl:id= | inurlid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example.com

SSRF Prone Parameters

inurl:http | inurl:url= | inurlath= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurlage= inurl:& site:example.com

LFI Prone Parameters

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example.com

RCE Prone Parameters

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurling= inurl:& site:example.com

High % inurl keywords

inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurlhp site:example[.]com

Sensitive Parameters

inurl:email= | inurlhone= | inurlassword= | inurl:secret= inurl:& site:example[.]com

API Docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com"

Code Leaks

siteastebin.com "example.com"

site:jsfiddle.net "example.com"

site:codebeautify.org "example.com"

site:codepen.io "example.com"

Cloud Storage

site:s3.amazonaws.com "example.com"

site:blob.core.windows.net "example.com"

site:googleapis.com "example.com"

site:drive.google.com "example.com"

site:dev.azure.com "example[.]com"

sitenedrive.live.com "example[.]com"

site:digitaloceanspaces.com "example[.]com"

site:sharepoint.com "example[.]com"

site:s3-external-1.amazonaws.com "example[.]com"

site:s3.dualstack.us-east-1.amazonaws.com "example[.]com"

site:dropbox.com/s "example[.]com"

site:box.com/s "example[.]com"

site:docs.google.com inurl:"/d/" "example[.]com"

JFrog Artifactory

site:jfrog.io "example[.]com"

Firebase

site:firebaseio.com "example[.]com"

File upload endpoints

site:example.com ”choose file”

Dorks that work better w/o domain

Bug Bounty programs and Vulnerability Disclosure Programs

"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"

site:*/security.txt "bounty"

Apache Server Status Exposed

site:*/server-status apache

WordPress

inurl:/wp-admin/admin-ajax.php

Drupal

intext:"Powered by" & intextrupal & inurl:user

Joomla

site:*/joomla/login

definitivamentenoesunaburner · 2023-08-16T01:56:48+0200

requete duro gracias por compartir jefe

Recopilación MEJORES DORKS para BUG BOUNTY

🏴‍☠️ Consigue una invitación al foro para poder registrarte 🏴‍☠️

✅ Informática · Redes sociales y Emprendimiento · Trading/Forex · Criptomonedas · Códigos y ofertas ✅

Anon

🏴‍☠️

Google Dorks for Bug Bounty

Haze

Miembro muy activo

Broad domain search w/ negative search

PHP extension w/ parameters

Disclosed XSS and Open Redirects

Juicy Extensions

XSS prone parameters

Open Redirect prone parameters

SQLi Prone Parameters

SSRF Prone Parameters

LFI Prone Parameters

RCE Prone Parameters

High % inurl keywords

Sensitive Parameters

API Docs

Code Leaks

Cloud Storage

JFrog Artifactory

Firebase

File upload endpoints

Dorks that work better w/o domain

Bug Bounty programs and Vulnerability Disclosure Programs

Apache Server Status Exposed

WordPress

Drupal

Joomla

definitivamentenoesunaburner

Miembro muy activo

Recopilación MEJORES DORKS para BUG BOUNTY

🏴‍☠️ Consigue una invitación al foro para poder registrarte 🏴‍☠️

✅ Informática · Redes sociales y Emprendimiento · Trading/Forex · Criptomonedas · Códigos y ofertas ✅

Anon

🏴‍☠️

Google Dorks for Bug Bounty

Haze

Miembro muy activo

Broad domain search w/ negative search​

PHP extension w/ parameters​

Disclosed XSS and Open Redirects​

Juicy Extensions​

XSS prone parameters​

Open Redirect prone parameters​

SQLi Prone Parameters​

SSRF Prone Parameters​

LFI Prone Parameters​

RCE Prone Parameters​

High % inurl keywords​

Sensitive Parameters​

API Docs​

Code Leaks​

Cloud Storage​

JFrog Artifactory​

Firebase​

File upload endpoints​

Dorks that work better w/o domain​

Bug Bounty programs and Vulnerability Disclosure Programs​

Apache Server Status Exposed​

WordPress​

Drupal​

Joomla​

definitivamentenoesunaburner

Miembro muy activo

Broad domain search w/ negative search

PHP extension w/ parameters

Disclosed XSS and Open Redirects

Juicy Extensions

XSS prone parameters

Open Redirect prone parameters

SQLi Prone Parameters

SSRF Prone Parameters

LFI Prone Parameters

RCE Prone Parameters

High % inurl keywords

Sensitive Parameters

API Docs

Code Leaks

Cloud Storage

JFrog Artifactory

Firebase

File upload endpoints

Dorks that work better w/o domain

Bug Bounty programs and Vulnerability Disclosure Programs

Apache Server Status Exposed

WordPress

Drupal

Joomla