Google Dork for instant bounties

HEY! Amazing hackers, let’s talk about instant bounties, the low-hanging fruits. Google Dorking is very powerful and yet people do not like to generally use it in their workflow. Any experienced hunter will tell you that this is one of the quickest ways to know around a system.

What is Google Dorking?

Google dorks used by me:

Some are stolen from various talks while others are modified, but most are custom-made. Let's first discuss tools I use:

Pentest Secrets- Google dorks:

Uses 14 different dorks ranging from publically exposed documents to log files and even directory listing.

Pretty self-explanatory

CUSTOM DORKS:

inurl:.gov password | credential | username filetype:log

This dork checks for password, credential and username in a log file, used .gov as an example, change it to your target.

inurl:nokia not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:pdf

All-time favorite and a worker, i have reported so many using this, again it searches for confidential data within pdfs. QUICK TIP: Try it out with other targets and I'm sure you’ll find something, make sure to check for confidentiality before reporting.

PS: I have taught this to a bunch of noobs and they have reported everything with Nokia but try it with others :)

FLEX

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private | WS_FTP | ws_ftp | log | LOG filetype:log

Another log hunter but its better than most tools which actually gives bugs:)

Spitting my notes out:

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:xls

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:csv

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:doc

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:txt

CONCLUSION:

Are these effective? Yes, with a large company you will find something at least a foothold, keep track of the URLs, i have found multiple IDORS on many occasions. Use this and again a disclaimer if you find stuff, report it.

That’ll be all for today, keep trying out on different hosts and you’ll be good to go- Ravaan:)

--

--

CEH(Practical),Red Teamer/BBHH. Have hacked Governments to fortune 500 companies/UN. Hunt of CVEs occasionally with my team.CVE-2022-30076. Bookworm

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ravaan

CEH(Practical),Red Teamer/BBHH. Have hacked Governments to fortune 500 companies/UN. Hunt of CVEs occasionally with my team.CVE-2022-30076. Bookworm