Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting
Live Tool

Broad domain search w/ negative search​

site:example.com -www -shop -share -ir -mfa

PHP extension w/ parameters​

site:example.com exthp inurl:?

Disclosed XSS and Open Redirects​

sitepenbugbounty.org inurl:reports intext:"example.com"

Juicy Extensions​

site:"example[.]com" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | extld | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess

XSS prone parameters​

inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example.com

Open Redirect prone parameters​

inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurlage= inurl:& inurl:http site:example.com

SQLi Prone Parameters​

inurl:id= | inurlid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example.com

SSRF Prone Parameters​

inurl:http | inurl:url= | inurlath= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurlage= inurl:& site:example.com

LFI Prone Parameters​

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example.com

RCE Prone Parameters​

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurling= inurl:& site:example.com

High % inurl keywords​

inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurlhp site:example[.]com

Sensitive Parameters​

inurl:email= | inurlhone= | inurlassword= | inurl:secret= inurl:& site:example[.]com

API Docs​

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com"

Code Leaks​

siteastebin.com "example.com"
site:jsfiddle.net "example.com"
site:codebeautify.org "example.com"
site:codepen.io "example.com"

Cloud Storage​

site:s3.amazonaws.com "example.com"
site:blob.core.windows.net "example.com"
site:googleapis.com "example.com"
site:drive.google.com "example.com"
site:dev.azure.com "example[.]com"
sitenedrive.live.com "example[.]com"
site:digitaloceanspaces.com "example[.]com"
site:sharepoint.com "example[.]com"
site:s3-external-1.amazonaws.com "example[.]com"
site:s3.dualstack.us-east-1.amazonaws.com "example[.]com"
site:dropbox.com/s "example[.]com"
site:box.com/s "example[.]com"
site:docs.google.com inurl:"/d/" "example[.]com"

JFrog Artifactory​

site:jfrog.io "example[.]com"

Firebase​

site:firebaseio.com "example[.]com"

File upload endpoints​

site:example.com "choose file"

Dorks that work better w/o domain​

Bug Bounty programs and Vulnerability Disclosure Programs​

"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"
site:*/security.txt "bounty"

Apache Server Status Exposed​

site:*/server-status apache

WordPress​

inurl:/wp-admin/admin-ajax.php

Drupal​

intext:"Powered by" & intextrupal & inurl:user

Joomla​

site:*/joomla/login

---

Medium articles for more dorks:

5 Google Dorks Every Hacker Should Know

Uncover hidden endpoints and sensitive data using these Google dorks

thegrayarea.tech

Reveal the Cloud with Google Dorks

Find sensitive data in Amazon AWS, Google Cloud, and more

infosecwriteups.com

10 Google Dorks for Sensitive Data

Discover Exposed Documents on Cloud Platforms with Google Dorks for Cybersecurity

infosecwriteups.com

Top Parameters:

GitHub - lutfumertceylan/top25-parameter: For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙 - lutfumertceylan/top25-parameter

github.com

Proviesec dorks:

GitHub - Proviesec/google-dorks: Useful Google Dorks for WebSecurity and Bug Bounty

Useful Google Dorks for WebSecurity and Bug Bounty - Proviesec/google-dorks

github.com