Last active
January 19, 2021 14:21
-
-
Save S42X/b8bc125d49015b3f0ad90a74dbdb1da9 to your computer and use it in GitHub Desktop.
Compilation of some dorks when doing bug bounty or pentest on a scope. This script will open like 37 tabs with all theses dorks. you can add yours.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * You can test this script by opening your favorite console browser | |
| * Then launch just 3 dorks with: dorksMe('example.com').slice(5,8).map( el => window.open(el)) | |
| * Or all the dorks with: dorksMe('example.com').map( el => window.open(el)) | |
| * Enjoy :) | |
| * @_SaxX_ | |
| */ | |
| function dorksMe(site) { | |
| dorks = [] | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+intitle:index.of' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:xml+|+ext:conf+|+ext:cnf+|+ext:reg+|+ext:inf+|+ext:rdp+|+ext:cfg+|+ext:txt+|+ext:ora+|+ext:ini' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:sql+|+ext:dbf+|+ext:mdb' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:bkf+|+ext:bkp+|+ext:bak+|+ext:old+|+ext:backup|+ext:log'' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:login' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+intext:"sql+syntax+near"+|+intext:"syntax+error+has+occurred"+|+intext:"incorrect+syntax+near"+|+intext:"unexpected+end+of+SQL+command"+|+intext:"Warning:+mysql_connect()"+|+intext:"Warning:+mysql_query()"+|+intext:"Warning:+pg_connect()"' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:doc+|+ext:docx+|+ext:odt+|+ext:pdf+|+ext:rtf+|+ext:sxw+|+ext:psw+|+ext:ppt+|+ext:pptx+|+ext:pps+|+ext:csv' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:wp-content+|+inurl:wp-includes' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:php+intitle:phpinfo+"published+by+the+PHP+Group"' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:wp-+|+inurl:wp-content+|+inurl:plugins+|+inurl:uploads+|+inurl:themes+|+inurl:download' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:shell+|+inurl:backdoor+|+inurl:wso+|+inurl:cmd+|+shadow+|+passwd+|+boot.ini+|+inurl:backdoor' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:readme+|+inurl:license+|+inurl:install+|+inurl:setup+|+inurl:config' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:redir+|+inurl:url+|+inurl:redirect+|+inurl:return+|+inurl:src=http+|+inurl:r=http' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+ext:action+|+ext:struts+|+ext:do' ) | |
| dorks.push( 'https://www.google.com/search?q=site:' + site + '+inurl:"/phpinfo.php"+|+inurl:".htaccess"+|+inurl:"/.git"+' + site + ' -github' ) | |
| dorks.push( 'https://www.google.com/search?q=site:pastebin.com+' + site ) | |
| dorks.push( 'https://www.google.com/search?q=site:linkedin.com+employees+' + site ) | |
| dorks.push( 'https://www.google.com/search?q=site:*.' + site ) | |
| dorks.push( 'https://www.google.com/search?q=site:*.*.' + site ) | |
| dorks.push( 'https://github.com/search?q="*.' + site +'"&type=host' ) | |
| dorks.push( 'http://' + site + '/crossdomain.xml' ) | |
| dorks.push( 'http://threatcrowd.org/domain.php?domain=' + site ) | |
| dorks.push( 'https://www.google.com/search?q=+inurl:' + site + '+ext:swf' ) | |
| dorks.push( 'https://yandex.com/search/?text=site:' + site + '%20mime:swf' ) | |
| dorks.push( 'https://web.archive.org/cdx/search?url=' + site + '/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=urlkey:.*swf&limit=100000' ) | |
| dorks.push( 'https://web.archive.org/cdx/search?url=' + site + '/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=mimetype:application/x-shockwave-flash&limit=100000' ) | |
| dorks.push( 'https://web.archive.org/web/*/(.' + site + ')' ) | |
| dorks.push( 'https://web.archive.org/web/*/' + site + '/*' ) | |
| dorks.push( 'https://crt.sh/?q=%25.' + site ) | |
| dorks.push( 'https://www.openbugbounty.org/search/?search=' + site +'&type=host' ) | |
| dorks.push( 'https://www.reddit.com/search/?q=' + site +'&source=recent' ) | |
| dorks.push( 'http://wwwb-dedup.us.archive.org:8083/cdx/search?url=' + site + '/&matchType=domain&collapse=digest&output=text&fl=original,timestamp&filter=urlkey:.*wp[-].*&limit=1000000&xx=' ) | |
| dorks.push( 'https://censys.io/ipv4?q=' + site ) | |
| dorks.push( 'https://censys.io/domain?q=' + site ) | |
| dorks.push( 'https://censys.io/certificates?q=' + site ) | |
| dorks.push( 'https://www.shodan.io/search?query=' + site ) | |
| //console.log(dorks) | |
| return dorks | |
| } | |
| dorksMe('example.com').slice(5,8).map( el => window.open(el)) | |
| //dorksMe('example.com').map( el => window.open(el)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment