Attacking organisations with big scope: Part 2

Dorking/Google hack would be a lot more interesting & creative when using your own creative dorks . So, dorking and web fuzzing were the last two topics left from my last article, “Attacking Organisations with big scope:part 1”.

WEB FUZZING:

Create custom wordlist for the applicationgather all urls you can find of the target using katana, gau(getallurls) and others. Save all into one file(nba or any_name) and sort uniqNow, run LinkFinder on all of the URLs : https://github.com/Gerbenjavado/LinkFinder//The following commna takes each line from the file nba(nba file contains all urls),
runs the linkfinder.py script on it (up to 10 instances at once),
sorts the output, removes duplicates,
and appends the results to an output file.

cat nba | rush -j10 "python3 /home/son_of_anton/LinkFinder/linkfinder.py -o cli -i {} | sort -u >> output"

Finally, sort uniq URLs + Endpoints found LinkFinder and crawling and create the wordlist.cat nba output | tr "/" "\n" | sort -u | moreFuzzing all subdomains/IPs of the org with this wordlist.Keep adding new paths/file names found.

Brute force using FFUF , crawl using katana, use archives such as waybackmachine & use URL shortners

Dorking/Google Hack:

Be creative when using dorksUse multiple search engines ( Google, Duck, Bing etc)Create your own dorks

Some powerful yet less known dorks:

site:*<example>* ( The dork will match any domain or subdomain that contains the word “example”.)site:example>* (powerful less known dorks)site:*<example.*>*site:*<*example*>*site:*example.* (The dork will match any subdomain and any top-level domain associated with Example.)

“site:” This operator restricts the search result to a specific site or domain.

Here, “example” would be your target domain name such as “nba.com” ,“nba”, ”nba2k” etc.