Last active
April 9, 2024 02:32
-
-
Save JerryShah3/95d3a1baf2d29973286effb491684297 to your computer and use it in GitHub Desktop.
Shodan_Component
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "For finding template injection" | |
| http.component:"AngularJS" | |
| http.component:"Ruby" | |
| http.component:"Ruby on Rails" | |
| http.component:"Python" | |
| ------------------------------- | |
| "For finding php vulnerabilites" | |
| http.component:"PHP" | |
| ---------------------------------------------- | |
| "For finding SAP XSS CVE" | |
| http.component:"SAP" | |
| ---------------------------------------------- | |
| "For finding Log4j" | |
| http.component:"Java" | |
| ---------------------------------------------- | |
| "For finding vulnerable databases | |
| http.component:"MongoDB" | |
| http.component:"MySQL" | |
| ---------------------------------------------- | |
| "For finding unauthentication admin dashboard" | |
| http.component:"Python" | |
| http.component:"Django" | |
| ---------------------------------------------- | |
| "For finding api misconfigurations" | |
| http.component:"Open Graph" | |
| http.component:"Sentry" | |
| http.component:"Google Maps" | |
| ---------------------------------------------- | |
| "For finding prototype pollution" | |
| http.component:"JQuery" | |
| http.component:"Node.js" | |
| http.component:"Loadash" | |
| ---------------------------------------------- | |
| "For finding caching issues" | |
| http.component:"Cloudflare" | |
| http.component:"Cloudfront" | |
| http.component:"Amazon Cloudfront" | |
| http.component:"cdnjs" | |
| http.component:"jsDelivr" | |
| http.component:"CreateJS" | |
| http.component:"Akamai" | |
| http.component:"JQuery CDN" | |
| http.component:"Varnish" | |
| http.component:"Netlify" | |
| http.component:"WP Rocket" | |
| ---------------------------------------------- | |
| "For finding subdomain takeovers" | |
| http.component:"Amazon S3" | |
| http.component:"GitHub Pages" | |
| ---------------------------------------------- | |
| "For finding smuggling/desync attacks" | |
| http.component:"HTTP/2" | |
| http.component:"HTTP/3" | |
| ---------------------------------------------- | |
| "For finding deserialization vulnerabilities" | |
| http.component:"Microsoft ASP.NET" | |
| ---------------------------------------------- | |
| "For finding OAuth squatting" | |
| http.component:"Google Sign-in" | |
| http.component:"Apple Sign-in" | |
| http.component:"Facebook Sign-in" | |
| ---------------------------------------------- | |
| "For finding CMS related vulnerabilities" | |
| http.component:"WordPress" | |
| http.component:"Contentful" | |
| http.component:"Discourse" | |
| http.component:"Joomla" | |
| http.component:"Drupal" | |
| http.component:"WooCommerce" | |
| http.component:"Wix" | |
| http.component:"Shopify" | |
| http.component:"Magento" | |
| http.component:"Contentful" | |
| http.component:"Django CMS" | |
| http.component:"Craft CMS" | |
| ---------------------------------------------- | |
| NOTE 1 : You need to enumerate and look for the vulnerabilities. This dorks will not give you the direct hit to vulnerabilities. | |
| NOTE 2 : This dorks will help you to know what vulnerabilities you can find on your target domains, if any of your target is using the above mentioned components. | |
| NOTE 3 : All dorks mentioned are from the perspective of bug bounty. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment