by: 黑客小黑Posted on:

[漏洞挖掘tips]Bug Bounty常用的谷歌黑客搜索语法

  • PHP extension w/ parameters

    site:tesla-space.com ext:php inurl:?

  • Disclosed XSS and Open Redirects

    site:openbugbounty.org inurl:reports intext:”tesla-space.com”

  • Juicy Extensions

    site:”tesla-space[.]com” ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess

  • Code Leaks

    site:pastebin.com “tesla-space.com”
    site:jsfiddle.net “tesla-space.com”
    site:codebeautify.org “tesla-space.com”
    site:codepen.io “tesla-space.com”

  • Cloud Storage

    site:s3.amazonaws.com “tesla-space.com”
    site:blob.core.windows.net “tesla-space.com”
    site:googleapis.com “tesla-space.com”
    site:drive.google.com “tesla-space.com”
    site:dev.azure.com “tesla-space[.]com”
    site:onedrive.live.com “tesla-space[.]com”
    site:digitaloceanspaces.com “tesla-space[.]com”
    site:sharepoint.com “tesla-space[.]com”
    site:s3-external-1.amazonaws.com “tesla-space[.]com”
    site:s3.dualstack.us-east-1.amazonaws.com “tesla-space[.]com”
    site:dropbox.com/s “tesla-space[.]com”
    site:box.com/s “tesla-space[.]com”
    site:docs.google.com inurl:”/d/” “tesla-space[.]com”

  • XSS prone parameters

    inurl:q= | inurl:s= | inurl:search= | inurl:query= inurl:& site:tesla-space.com

  • Open Redirect prone parameters

    inurl:url= | inurl:return= | inurl:next= | inurl:redir= inurl:http site:tesla-space.com

  • SQLi Prone Parameters

    inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:tesla-space.com

  • SSRF Prone Parameters

    inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:tesla-space.com

  • LFI Prone Parameters

    inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:tesla-space.com

  • RCE Prone Parameters

    inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:tesla-space.com

  • High % inurl keywords

    inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php site:tesla-space[.]com

  • Sensitive Parameters

    inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:tesla-space[.]com

  • JFrog Artifactory

    site:jfrog.io “tesla-space[.]com”

  • Firebase

    site:firebaseio.com “tesla-space[.]com”

  • API Docs

    inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:”tesla-space[.]com”

  • File upload endpoints

    site:tesla-space.com ”choose file”

  • Bug Bounty programs and Vulnerability Disclosure Programs

    “submit vulnerability report” | “powered by bugcrowd” | “powered by hackerone”

    site:*/security.txt “bounty”

  • Apache Server Status Exposed

    site:*/server-status apache

  • WordPress

    inurl:/wp-admin/admin-ajax.php

  • Drupal

    intext:”Powered by” & intext:Drupal & inurl:user

  • Joomla

    site:*/joomla/login