Juicy Dorks

Burpsuite Regex

Recon for new Subdomains
1
(http[s]?:\/\/)?((-)?[\w+\.]){1,20}domain\.com
Copied!
Extract endpoints from javascript
1
(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|/][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\?[^"|^']{0,}|)))(?:"|')
Copied!
Internal and External IP Address
1
\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b
Copied!
SQLi Error
1
(Exception (condition )?\d+\. Transaction rollback|com\.frontbase\.jdbc|org\.h2\.jdbc|Unexpected end of command in statement \["|Unexpected token.*?in statement \[|org\.hsqldb\.jdbc|CLI Driver.*?DB2|DB2 SQL error|\bdb2_\w+\(|SQLSTATE.+SQLCODE|com\.ibm\.db2\.jcc|Zend_Db_(Adapter|Statement)_Db2_Exception|Pdo[./_\\]Ibm|DB2Exception|Warning.*?\Wifx_|Exception.*?Informix|Informix ODBC Driver|ODBC Informix driver|com\.informix\.jdbc|weblogic\.jdbc\.informix|Pdo[./_\\]Informix|IfxException|Warning.*?\Wingres_|Ingres SQLSTATE|Ingres\W.*?Driver|com\.ingres\.gcf\.jdbc|Dynamic SQL Error|Warning.*?\Wibase_|org\.firebirdsql\.jdbc|Pdo[./_\\]Firebird|Microsoft Access (\d+ )?Driver|JET Database Engine|Access Database Engine|ODBC Microsoft Access|Syntax error \(missing operator\) in query expression|Driver.*? SQL[\-\_\ ]*Server|OLE DB.*? SQL Server|\bSQL Server[^&lt;&quot;]+Driver|Warning.*?\W(mssql|sqlsrv)_|\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}|System\.Data\.SqlClient\.SqlException|(?s)Exception.*?\bRoadhouse\.Cms\.|Microsoft SQL Native Client error '[0-9a-fA-F]{8}|\[SQL Server\]|ODBC SQL Server Driver|ODBC Driver \d+ for SQL Server|SQLServer JDBC Driver|com\.jnetdirect\.jsql|macromedia\.jdbc\.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception|com\.microsoft\.sqlserver\.jdbc|Pdo[./_\\](Mssql|SqlSrv)|SQL(Srv|Server)Exception|SQL syntax.*?MySQL|Warning.*?\Wmysqli?_|MySQLSyntaxErrorException|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version|Unknown column '[^ ]+' in 'field list'|MySqlClient\.|com\.mysql\.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception|Pdo[./_\\]Mysql|MySqlException|\bORA-\d{5}|Oracle error|Oracle.*?Driver|Warning.*?\W(oci|ora)_|quoted string not properly terminated|SQL command not properly ended|macromedia\.jdbc\.oracle|oracle\.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception|Pdo[./_\\](Oracle|OCI)|OracleException|PostgreSQL.*?ERROR|Warning.*?\Wpg_|valid PostgreSQL result|Npgsql\.|PG::SyntaxError:|org\.postgresql\.util\.PSQLException|ERROR:\s\ssyntax error at or near|ERROR: parser: parse error at or near|PostgreSQL query failed|org\.postgresql\.jdbc|Pdo[./_\\]Pgsql|PSQLException|SQL error.*?POS([0-9]+)|Warning.*?\Wmaxdb_|DriverSapDB|com\.sap\.dbtech\.jdbc|SQLite/JDBCDriver|SQLite\.Exception|(Microsoft|System)\.Data\.SQLite\.SQLiteException|Warning.*?\W(sqlite_|SQLite3::)|\[SQLITE_ERROR\]|SQLite error \d+:|sqlite3.OperationalError:|SQLite3::SQLException|org\.sqlite\.JDBC|Pdo[./_\\]Sqlite|SQLiteException|Warning.*?\Wsybase_|Sybase message|Sybase.*?Server message|SybSQLException|Sybase\.Data\.AseClient|com\.sybase\.jdbc)
Copied!
S3 Bucket
1
site:amazonaws.com inurl:yahoo
Copied!
Github
1
"target.com" "dev"
2
"dev.target.com"
3
"target.com" API_key
4
"target.com" password
5
"target.com" token
6
"target.com" auth_token
7
"api.target.com"
8
site:"github.com" + "target" + password
9
site:"github.com" + "target" + api_key
Copied!
Find Company Users on Github
1
https://github.com/search?q=[CompanyName]&type=Users
Copied!
Find Password
1
"Company name" send_keys or sendkeys
Copied!
Content Discovery
1
site:*.target.com inurl:.php?
2
site:*.target.com inurl:.py | inurl:.docx | inurl:.xlss | inurl:doc | inurl:xls | inurl:.txt | inurl:.log | inurl:portal.php | inurl:register.php | inurl:.do
3
site:*.target.com intext:"login" | intitle:"Login" | intitle:"login"
4
site:*.target.com inurl:login.php | inurl:login.aspx | inurl:login.asp | inurl:login.jsp | inurl:login.do
5
site:*.target.com intext:"index of /"
6
site:*.target.com filetype:txt | filetype:docx | filetype:doc | filetype:xlsx | filetype:xls | filetype:ini | filetype:ppt | filetype:pptx | filetype:swf | filetype:pdf | filetype:ps | filetype:xml | filetype:log
7
site:*.target.com ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator"
Copied!
Sensitive Discovery
1
site:*.target.com inurl:wp-login.php?action=register
2
site:*.target.com intitle: “Index of” intext:log
3
site:*.target.com intitle:"Directory Listing For" "Filename"
4
site:*.target.com inurl:/php-errors.log filetype:log
5
site:*.target.com intitle:"index of" "/aws.s3/"
6
site:*.target.com intitle:'index of' "error_log"
7
site:*.target.com intitle:'index of' "access_log"
8
site:*.target.com intitle:"index of /" intext:/backup
9
site:*.target.com intitle:"index of" "config.yml" | "config.xml" intext:login | auth
10
site:*.target.com ext:cgi OR ext:php OR ext:asp OR ext:aspx OR ext:jsp OR ext:jspx OR ext:swf OR ext:fla OR ext:xml ext:do
11
intext:.google.com/a/company.com
Copied!

Find BugBounty Programs

1
site:.eu responsible disclosure --> Find bug bounty program
2
site:.nl bug bounty
Copied!

Shodan Searchs

Ruby Debug Files
1
html:"secret_key_base"
2
html:"rack.version"
3
http.component:ruby port:3000
Copied!
Elasticsearch Queries
1
port:9200 product:"Elastic"
2
port:9200 product:"Elastichoney"
Copied!

Cloud Instance

1
https://example.com/cloud_metadata.txt
Copied!

Company Instance Dorks

1
inurl:jira AND intitle:login AND inurl:[company_name]
2
inurl:https://trello.com AND intext:@gmail.com AND intext:password intext:[company_name]
Copied!
Last modified 2yr ago
Copy link
Contents