Dorks

Most used dorks by me

Here is a list of most used dorks by me

Usernames & Passwords

site:example.com intext:"username" intext:"password" -git
site:example.com filetype:txt OR filetype:log "username" OR "password"
site:example.com inurl:admin OR inurl:login OR inurl:portal
site:pastebin.com "password" OR "login" OR "credentials"

Hardcoded Credentials in Configuration Files

site:example.com filetype:env "DB_PASSWORD=" OR "DB_USER="
site:example.com filetype:json "AWS_ACCESS_KEY_ID=" OR "AWS_SECRET_ACCESS_KEY="
site:example.com filetype:config "password=" OR "apikey="

Exposed SSH Keys & Private Keys

site:example.com filetype:pem OR filetype:key "BEGIN RSA PRIVATE KEY"
site:example.com "BEGIN OPENSSH PRIVATE KEY"

Leaked Internal Documents

site:example.com filetype:pdf OR filetype:doc OR filetype:xls "confidential" OR "internal use only"
site:example.com filetype:xls OR filetype:csv "employee salary" OR "payroll"
site:example.com filetype:docx "restricted" OR "not for public release"

Exposed Source Code Containing Secrets

site:example.com filetype:php OR filetype:js OR filetype:env "DB_PASSWORD="
site:example.com intitle:"index of" "config.php"
site:github.com "password" OR "api_key" OR "secret_key"

Banking & Credit Card Data

site:example.com intext:"credit card number" OR "CVV" OR "Visa" OR "MasterCard"
site:example.com intext:"bank account number" OR "routing number"
site:example.com filetype:xls OR filetype:csv "financial report"

Sensitive Logs & Backup Files

site:example.com filetype:log OR filetype:txt "error log" OR "debug log"
site:example.com intitle:"index of" "backup"
site:example.com filetype:sql "database dump" OR "backup"

Cloud & API Keys Exposure

site:example.com filetype:json "google_api_key=" OR "firebase_api_key="
site:github.com "api_key" OR "access_token" OR "client_secret"

Open Directory Listings

site:example.com intitle:"index of" "parent directory"
site:example.com intitle:"index of" "private" OR "confidential"
site:example.com intitle:"index of" "backup" OR "database"

Exposed Admin Panels & Dashboards

site:example.com inurl:admin OR inurl:dashboard OR inurl:secure
site:example.com "admin panel" OR "restricted access"

Sensitive Emails & Contact Information

site:example.com intext:"internal use only" OR "do not distribute"
site:example.com intext:"classified" OR "sensitive information"
site:example.com "employee email" OR "staff contact"

Exposed `.git` Repositories

inurl:"/.git" example.com -github

Backup Files

site:example.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

Exposed Documents

site:example.com ext:doc | ext:docx | ext:pdf | ext:xls | ext:xlsx | ext:csv | ext:sql | ext:txt | ext:conf | ext:key | ext:crt | ext:pfx | ext:py | ext:html | ext:sh

Confidential or Internal-Use Documents

inurl:example.com "not for distribution" | confidential | "employee only" | proprietary | "top secret" | internal | private filetype:xls OR filetype:csv OR filetype:pdf

Configuration Files

site:example.com ext:xml | ext:conf | ext:ini | ext:cfg | ext:env | ext:rdp | ext:reg

Database Files

site:example.com ext:sql | ext:mdb | ext:dbf

Other Sensitive Stuff

site:example.com intitle:"index of" | ext:log | ext:swf | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini

SQL Errors

site:example.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()"

Finding Login Panels

site:target.com intext:"login" | intitle:"login" | inurl:"login" | intext:"username" | intitle:"username" | inurl:"username" | intext:"password" | intitle:"password" | inurl:"password"

Finding API docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"target.com"

Finding API Endpoints

 site:target.com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3

Third party dorking

site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://justpaste.it | site:http://pastebin.com | site:http://jsfiddle.net | site:http://trello.com | site:*.atlassian.net | site:bitbucket.org "target.com"

Google slides

site:*.target.com intext:"docs.google.com/presentation/d"

Google docs

site:*.target.com intext:"docs.google.com/document/"

Google Spreadsheets

site:*.target.com intext:"docs.google.com/spreadsheets"

Google Drive

site:*.target.com intext:"drive.google.com/drive/"

AnteriorBug Bounty Methodology

Última actualización hace 3 meses

hashtagUsernames & Passwords

hashtagHardcoded Credentials in Configuration Files

hashtagExposed SSH Keys & Private Keys

hashtagLeaked Internal Documents

hashtagExposed Source Code Containing Secrets

hashtagBanking & Credit Card Data

hashtagSensitive Logs & Backup Files

hashtagCloud & API Keys Exposure

hashtagOpen Directory Listings

hashtagExposed Admin Panels & Dashboards

hashtagSensitive Emails & Contact Information

hashtagExposed .git Repositories

hashtagBackup Files

hashtagExposed Documents

hashtagConfidential or Internal-Use Documents

hashtagConfiguration Files

hashtag Database Files

hashtagOther Sensitive Stuff

hashtagSQL Errors

hashtagFinding Login Panels

hashtagFinding API docs

hashtagFinding API Endpoints

hashtagThird party dorking

hashtagGoogle slides

hashtagGoogle docs

hashtagGoogle Spreadsheets

hashtagGoogle Drive

Usernames & Passwords

Hardcoded Credentials in Configuration Files

Exposed SSH Keys & Private Keys

Leaked Internal Documents

Exposed Source Code Containing Secrets

Banking & Credit Card Data

Sensitive Logs & Backup Files

Cloud & API Keys Exposure

Open Directory Listings

Exposed Admin Panels & Dashboards

Sensitive Emails & Contact Information

Exposed `.git` Repositories

Backup Files

Exposed Documents

Confidential or Internal-Use Documents

Configuration Files

Database Files

Other Sensitive Stuff

SQL Errors

Finding Login Panels

Finding API docs

Finding API Endpoints

Third party dorking

Google slides

Google docs

Google Spreadsheets

Google Drive