One basic small thing that some hunters fail to do so, or when they are in hurry. Spending 10–15 min atleast to read the scope, the guidelines, the domains where reports are already been submitted and resolved along with the bug type category, any scope changes and much more… This is also part of my information gathering initial stages to guide myself to point into things that others overlooked.
Many domains were in scope, you can see majority of the hunters are busy in nasa.gov , and the rest of the domains were almost untouched back in Feb or March 2024 when I was hunting compared to the well known.
So I decided to monitor the remaining domains first, started searching for exposed documents one by one using combination of dorks below. You can calculate by yourself how many number of different dork combinations possible.
site:domain.com "INTERNAL USE ONLY"
site:domain.com "PRIVATE AND CONFIDENTIAL"
site:domain.com "ONLY FOR"
site:domain.com "HIGHLY CONFIDENTIAL"
site:domain.com "CONFIDENTIAL"
site:domain.com "STRICTLY CONFIDENTIAL"
site:domain.com "SENSITIVE"
site:domain.com "COMPANY SENSITIVE"
site:domain.com "PRIVATE ASSET"
#inurl keywords
inurl:internal
inurl:private
inurl:folder
inurl:asset
inurl:_data
inurl:upload
inurl:uploads
inurl:userdata
inurl:content
#file extensions
ext:pdf
ext:doc
ext:docx
ext:txt
ext:odt
ext:odf
ext:xls
ext:xlsx
ext:csv
ext:ppt
ext:pptx
#negative filtering removing the unwanted ones
-public -sample -doc -docs -documentation -template -draft -application -form -support -default
Many documents were available, giving me hope that I will get something. Hopefully, within 1–2 weeks I got a document in a secondary domain that seem worth to report about. What exactly was the data can’t be elaborated further to respect the guidelines & policies and get rid of unnecessary program violations.
VRT: Sensitive Data Exposure > Disclosure of Secrets > For Internal Asset
I keep repeating in most of the google dorking articles that I published previously, you may get new results when you keep monitoring daily two times for new data (google search tools: filter by date,time and custom range) and that’s how you get rid of duplicates most of the time.
Hall of Fame among 2500+ other hunters
Bug State Timeline
Letter of Appreciation
This was my first valid report on BugCrowd and since then I started to love Google Dorking just like music and as time passed by , dorking became one of my niche recon area to deeply focus on.
Hopefully coming months, I received 2 bounties just performing dedicated manual recon via Google Dorking (also I mean bing, duckduckgo, yahoo, yandex, as well..)
And I concluded that DORKING IS THE RECON KING👑