Dorks-Bug-Bounty – A Record Of Google Dorks For Bug Bounty, Internet Software Safety, And Pentesting

Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting

Dorks Bug Bounty A List Of Google Dorks For Bug Bounty

A listing of Google Dorks for Bug Bounty, Internet Software Safety, and Pentesting

Live Tool -www -shop -share -ir -mfa

PHP extension w/ parameters ext:php inurl:?

Disclosed XSS and Open Redirects inurl:reports intext:””

Juicy Extensions

site:”example[.]com” ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess

XSS prone parameters

inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&

Open Redirect prone parameters

inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http

SQLi Prone Parameters

inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:&

SSRF Prone Parameters

inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:&

LFI Prone Parameters

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:&

RCE Prone Parameters

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:&

High % inurl keywords

inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php site:example[.]com

Sensitive Parameters

inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:example[.]com

API Docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:”example[.]com”

Code Leaks “” “” “” “”

Cloud Storage “” “” “” “” “example[.]com” “example[.]com” “example[.]com” “example[.]com” “example[.]com” “example[.]com” “example[.]com” “example[.]com” inurl:”/d/” “example[.]com”

JFrog Artifactory “example[.]com”

Firebase “example[.]com”

File upload endpoints “choose file”

Dorks that work better w/o domain

Bug Bounty programs and Vulnerability Disclosure Programs

“submit vulnerability report” | “powered by bugcrowd” | “powered by hackerone”

site:*/security.txt “bounty”

Apache Server Status Exposed

site:*/server-status apache




intext:”Powered by” & intext:Drupal & inurl:user



Medium articles for more dorks:

Top Parameters:

Proviesec dorks:


Notify of
Inline Feedbacks
View all comments
Previous Post
Python Remote Administration Tool Via Telegram

Python Distant Administration Instrument By way of Telegram

Next Post
An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes

An OSINT Assistant Primarily based On GPT-4-200K Designed To Carry out Queries On Leaked Databases, Thus Offering An Synthetic Intelligence Assistant That Can Be Helpful In Your Conventional OSINT Processes

Related Posts