Tips google dorks bug bounty

Tips & Trick

Casual

313

Tips google dorks bug bounty

Sandidi As GM7eG4Crw0
Freelancer

04-Apr-2023 00:21:31

Broad domain search w/ negative search

site:example.com -www -shop -share -ir -mfa

Code leaks

site:pastebin.com "example.com"

site:jsfiddle.net "example.com"

site:codebeautify.org "example.com"

site:codepen.io "example.com"

PHP extension w/ parameters

site:example.com ext:php inurl:?

Disclosed XSS and Open Redirect Bug Bounties

site:openbugbounty.org inurl:reports intext:"example.com"

File upload endpoints

site:example.com ”choose file”

Cloud Storage

site:s3.amazonaws.com "example.com"

site:blob.core.windows.net "example.com"

site:googleapis.com "example.com"

site:drive.google.com "example.com"

site:dev.azure.com "example[.]com"

site:onedrive.live.com "example[.]com"

site:digitaloceanspaces.com "example[.]com"

site:sharepoint.com "example[.]com"

site:s3-external-1.amazonaws.com "example[.]com"

site:s3.dualstack.us-east-1.amazonaws.com "example[.]com"

site:dropbox.com/s "example[.]com"

site:box.com/s "example[.]com"

site:docs.google.com inurl:"/d/" "example[.]com"

Bug Bounty programs and Vulnerability Disclosure Programs

"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"

site:*/security.txt "bounty"

WordPress

inurl:/wp-admin/admin-ajax.php

Drupal

intext:"Powered by" & intext:Drupal & inurl:user

Joomla

site:*/joomla/login

XSS prone parameters

inurl:q= | inurl:s= | inurl:search= | inurl:query= inurl:& site:example.com

Open Redirect prone parameters

inurl:url= | inurl:return= | inurl:next= | inurl:redir= inurl:http site:example.com

Apache Server Status Exposed

site:*/server-status apache

JFrog Artifactory

site:jfrog.io "example[.]com"

Firebase

site:firebaseio.com "example[.]com"

Extensions

API Docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com"

High % inurl keywords

*Beware click the link!

DISCUSSION

Chime Livinus - 5652
NONE

16-Apr-2023 11:39:28

Pls I will like to ask about how to search for particular information like bank details or documents/Recent Check Payment? Or Credit Cards used For Recent Payment via Google Dorks Search?

Djie sam soe - 5653

16-Apr-2023 23:39:43

From what I know and from my experience, the answer is that you can't do dorking. But this can happen if there is a data leak and someone spreads it to the internet and gets indexed by search engines. For the case you asked "Pls I would like to ask about how to search for particular information like bank details or documents/Recent Check Payment? Or Credit Cards used For Recent Payment via Google Dorks Search?" Things like this are not indexed in search engines. History like this is stored on the deep web, for example, I have a history of posts and comments on this site, this data will not be indexed by Google or search engines because of this. Archive engines like wayback urls also can't do that because they can't do deep instances of those pages protected by a session

The conclusion is that if you have an endpoint or a data leak occurs, we can do it, but if you use Google Dork to find information such as transfer history, credit cards and other payments, you can't.

Note : Deepweb and darkweb is diffrent. Try search on this forum

Djie sam soe - 5654

16-Apr-2023 23:41:29

https://forum.seccodeid.com/?_token=C0Q5xfnmTckX5YokrA2bhvNZbHcyiTUUtG3NoA6Q&q=deepweb

https://forum.seccodeid.com/?_token=C0Q5xfnmTckX5YokrA2bhvNZbHcyiTUUtG3NoA6Q&q=darkweb&page=2

Djie sam soe - 5655

16-Apr-2023 23:47:57

This also applies to messages. The message content cannot be indexed by search engines. Maybe you can clarify the question again or reply to this comment

Thank You

Login for report, comment and join discussion
Login Here

Tips google dorks bug bounty

Sponsored

Popular Posts

Related Post

Youtube Video

Subscribe