-
Notifications
You must be signed in to change notification settings - Fork 1
/
dorks.txt
47 lines (47 loc) · 8.22 KB
/
dorks.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
intitle:"Index of/" <> auther: Exploit-db <> link:https://www.exploit-db.com/google-hacking-database <> low
inurl:*.doc | inurl:*.xls | inurl:*.sql <> auther: Paritosh <> link: https://medium.com/@paritoshblogs/40-google-dorks-that-you-can-use-for-various-purposes-a7fb8c0cd9ca <> medium
ext:log | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json <> Authur: TakSec <> https://github.com/TakSec/google-dorks-bug-bounty <> Juicy Extensions (low to meduim)
Dork <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Broad domain search w/ negative search)
Dork ext:php inurl:? <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (PHP extension w/ parameters)
Dork site:"openbugbounty.org" inurl:reports intext:"example.com" <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Disclosed XSS and Open Redirects)
Dork ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Juicy Extensions)
Dork inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (XSS prone parameters)
Dork inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= | inurl:& inurl:http <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Open Redirect prone parameters)
Dork inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (SQLi Prone Parameters)
Dork inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (SSRF Prone Parameters)
Dork inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (LFI Prone Parameters)
Dork inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (RCE Prone Parameters)
Dork inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (High % inurl keywords)
Dork inurl:"error" | intitle:"exception" | intitle:"failure" | intitle:"server at" | inurl:exception | "database error" | "SQL syntax" | "undefined index" | "unhandled exception" | "stack trace" <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Server Errors)
inurl:email= | inurl:phone= | inurl:password= | inurl:secret= <> author: TakSec <> link: https://github.com/TakSec/google-dorks-bug-bounty <> (Sensitive Parameters)
intitle:"Index of" inurl:wp-json/oembed <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Potential sensitive WordPress JSON endpoint exposure)
intitle:"Index of" phpmyadmin <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed phpMyAdmin directories)
intitle:"Index of" wp-admin <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed WordPress admin directories)
intitle:index.of.?.sql <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed SQL database files)
inurl:/filemanager/dialog.php <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (File manager access endpoints)
s3 site:amazonaws.com filetype:log <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed log files on Amazon S3)
inurl:cgi/login.pl <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (CGI scripts for login potentially vulnerable to injection)
inurl:zoom.us/j and intext:scheduled for <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Zoom meeting links and schedules potentially exposed)
site:*/auth intitle:login <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Generic login pages potentially exposed)
inurl: admin/login.aspx <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Admin login pages potentially exposed)
"Index of" inurl:webalizer <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposure of webalizer stats)
"Index of" inurl:htdocs inurl:xampp <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed XAMPP htdocs directories)
s3 site:amazonaws.com intext:dhcp filetype:txt inurl:apollo <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed DHCP configuration files on Amazon S3)
inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software" <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed Jira dashboards)
inurl:app/kibana intext:Loading Kibana <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed Kibana dashboards)
intitle:"index of" unattend.xml <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed unattended installation configurations)
inurl:office365 AND intitle:"Sign In | Login | Portal" <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Office 365 login portals potentially exposed)
intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed email addresses within SQL files)
intitle:"qBittorrent Web UI" inurl:8080 <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed qBittorrent web UI)
intitle:"Swagger UI - " + "Show/Hide" <> author: Cyber Writes <> link: https://gbhackers.com/latest-google-dorks-list/ <> (Exposed Swagger UI documentation)
allinurl:"@gmail.com" <> auther: Unknown <> link: not found (a guy suggested in telegram group <> Possible Idor
ext:conf | ext:doc | ext:docx | ext:xls | ext:xlsx | ext:xml | ext:yml | ext:env | ext:txt | ext:ans | ext:zip | ext:zipx | ext:7z | ext:tar | ext:gz | ext:tgz | ext:rar | ext:database | ext:db | ext:exe | ext:jar | ext:java | ext:js | ext:jsp | ext:rtf | ext:sh <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Potential exposure of sensitive and configuration files)
ext:sys | ext:vb | ext:inc | ext:bak | ext:old | ext:bat | ext:py | ext:json | ext:properties | ext:pem | ext:yaml | ext:ts | ext:c | ext:asa | ext:inc | ext:config | ext:rtf | ext:pptx | ext:bkf | ext:bkp | ext:backup | ext:sql | ext:log <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Potential exposure of system files and backups)
ext:php | ext:php5 | ext:aspx | ext:asp <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Potential exposure of web server-side scripts)
intitle:index.of “parent directory" <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Exposure of directory listings)
intitle:"index of" <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (General directory listing exposure)
intitle:index.of name size <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Directory listings with file names and sizes)
intitle:index.of.admin or intitle:index.of inurl:admin <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Exposure of administrative directories)
intitle:index.of index.php.bak or inurl:index.php.bak <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Exposure of backup PHP files)
inurl:admin <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Exposure of administrative panels)
site:amazonaws.com <> author: MatteoC <> link: https://pastebin.com/09grb2sF <> (Potential exposure of AWS-hosted data)