BOOK THIS SPACE FOR AD
ARTICLE ADUncover hidden endpoints and sensitive data using these Google dorks
1. My favorite Google dork
Start with “site:<domain>” and then exclude boring pages with “-www” or other terms until you get to the juicy stuff:
site:tesla.com -www -shop -share -ir -mfa
2. Pastebin leaks
Check out sites like pastebin, jsfiddle, and codebeautify for code left over from developers:
site:pastebin.com | site:jsfiddle.net | site:codebeautify.org | site:codepen.io “tesla.com”
3. PHP extension w/ parameters
Use “ext:php” and “inurl:?” along with the domain to find .php files with a question mark in the url:
site:tesla.com ext:php inurl:?
5. Already disclosed XSS and Open Redirects
Look through both fixed and unfixed XSS and open redirects publicly disclosed through OpenBugBounty:
site:openbugbounty.org inurl:reports intext:”yahoo.com”
Then bypass filters for previously “fixed” XSS or use open redirects to escalate SSRF and other vulnerabilities.
4. Combine your dorks
Use the “|” operator to include both queries and the “&” operator to require both queries. An example looking for file upload endpoints across multiple domains:
(site:tesla.com | site:teslamotors.com) & ”choose file”
Bonus Dork: Alternative search engines
Try other search engines like DuckDuckGo, Bing, Baidu, and Dogpile to further expand your findings.
Be sure to check out the following resources for even more dorking tips and tricks:
Follow me on Twitter for daily hacking tips:
Happy hunting!