Start with “site:<domain>”. Then, exclude boring pages with “-www” or other terms until you get to the juicy stuff:
Look through both fixed and unfixed bug bounties publicly disclosed through OpenBugBounty:
Use the “|” operator to include both queries or the “&” operator to require both queries. Here’s an example of attempting to search for file upload endpoints across multiple domains:
Code:
site:tesla.com -www -shop -share -ir -mfa
Pastebin Leaks.
Check out sites like pastebin, jsfiddle, and codebeautify for code left over from developers:
Bash:
site:pastebin.com
site:jsfiddle.net
site:codebeautify.org
site:codepen.io "tesla.com"
PHP extension w/ parameters.
Use “ext:php” and “inurl:?” along with the domain to find .php files with a question mark in the url:
Bash:
site:tesla.com ext:php inurl:?
Disclosed XSS and Open Redirect Bug Bounties.
Look through both fixed and unfixed bug bounties publicly disclosed through OpenBugBounty:
Bash:
site:openbugbounty.org inurl:reports intext:"yahoo.com"
Combine your dorks.
Use the “|” operator to include both queries or the “&” operator to require both queries. Here’s an example of attempting to search for file upload endpoints across multiple domains:
Bash:
(site:tesla.com | site:teslamotors.com) & ”choose file”