.png)
1 month ago
21 BOOK THIS SPACE FOR AD
ARTICLE ADGoogle Dorking is often underestimated, yet it can be a mine gold. Whether you’re hunting for vulnerabilities as a bug bounty hunter or strengthening the security of your own organization, dorking queries can be a powerful tool in your arsenal.
Basic Content Discovery:site:airbnb.com2. Exposed Directories:
site:airbnb.com intitle:index.of3. Sensitive Configuration Files:
site:airbnb.com ext:conf | ext:cnf | ext:config | ext:ini4. Database Files:
site:airbnb.com ext:sql | ext:db | ext:dbf | ext:mdb5. Log files:
site:airbnb.com ext:log6. Backup Files:
site:airbnb.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup7. Source Code Files:
site:airbnb.com ext:php | ext:jsp | ext:asp | ext:aspx | ext:js | ext:java | ext:py | ext:c | ext:cpp | ext:pl8. Sensitive Document Files:
site:airbnb.com ext:doc | ext:docx | ext:pdf | ext:xls | ext:xlsx | ext:ppt | ext:pptx9. Usernames and Passwords:
site:airbnb.com intext:username | intext:password | intext:passwd10. XMLPRC.PHP file:
site:airbnb.com inurl:xmlrpc.php11. Admin Panels:
site:airbnb.com inurl:admin | inurl:login | inurl:dashboard12. Exposed APIs:
site:airbnb.com inurl:api | inurl:rest | inurl:graphql13. Exposed .git Repos:
site:pro.opensea.io inurl:.git14. Sensitive Development Files:
site:pro.opensea.io ext:env | ext:yaml | ext:json15. Potential SSRF Parameters:
site:pro.opensea.io inurl:link= | inurl:url= | inurl:path= | inurl:dest= | inurl:redirect= | inurl:next= | inurl:redirectto=16. Error Pages:
site:pro.opensea.io intext:"error" | intext:"warning" | intext:"not found" | intext:"exception"17. PHP Information Disclosures:
site:pro.opensea.io ext:php intext:"phpinfo()" | intext:"PHP Version"18. Session IDs in URLs:
site:pro.opensea.io inurl:sessionid | inurl:JSESSIONID | inurl:PHPSESSID19. Directory Listing:
site:tesla.cn "parent directory"20. CMS Exposure:
site:pro.opensea.io inurl:wp- | inurl:joomla | inurl:drupal | inurl:magentoNow if you find a domain and a path that looks something like “/assets/scripts/” or “/private/documents/” you can use any of these combinations:
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" filetype:phpsite:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" filetype:doc
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" filetype:xls
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" filetype:txt
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intext:"password"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intext:"config"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"config"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"backup"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"database"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"setup"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intitle:"index of"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intext:"error"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intext:"log"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" intext:"debug"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"shell"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"php"
site:urs.testing-only.nasa.gov inurl:"/assets/documentation/scripts/" inurl:"cgi
Thanks for reading!
Bengali (Bangladesh) · 
English (United States) ·