| skipped 63 lines |
64 | 64 | | I hope this helps! |
65 | 65 | | ``` |
66 | 66 | | |
| 67 | + | ### Fast Google Dorks Scan |
| 68 | + | |
| 69 | + | > [https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan](https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan) |
| 70 | + | |
| 71 | + | ``` |
| 72 | + | $ ./FGDS.sh <DOMAIN> |
| 73 | + | $ proxychains bash ./FGDS.sh <DOMAIN> |
| 74 | + | ``` |
| 75 | + | |
| 76 | + | ### |
| 77 | + | |
| 78 | + | ### Google |
| 79 | + | |
| 80 | + | #### |
| 81 | + | |
| 82 | + | #### Google Dorks |
| 83 | + | |
| 84 | + | > [https://cheatsheet.haax.fr/open-source-intelligence-osint/dorks/google\_dorks/](https://cheatsheet.haax.fr/open-source-intelligence-osint/dorks/google\_dorks/) |
| 85 | + | |
| 86 | + | > [https://www.searchenginejournal.com/google-search-operators-commands/215331/](https://www.searchenginejournal.com/google-search-operators-commands/215331/) |
| 87 | + | |
| 88 | + | ``` |
| 89 | + | intitle:index.of <TEXT> // open directory listings |
| 90 | + | ``` |
| 91 | + | |
| 92 | + | ``` |
| 93 | + | ext:php |
| 94 | + | inurl:%3F |
| 95 | + | site:*.*.*.<domain> |
| 96 | + | filetype:txt |
| 97 | + | ``` |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | **Example** |
| 102 | + | |
| 103 | + | ``` |
| 104 | + | site:<DOMAIN> ext:php |
| 105 | + | ``` |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | **Leaks** |
| 110 | + | |
| 111 | + | ``` |
| 112 | + | site:http://jsfiddle.net "<DOMAIN>" |
| 113 | + | site:http://codebeautify.org "<DOMAIN>" |
| 114 | + | site:http://codepen.io "<DOMAIN>" |
| 115 | + | site:http://pastebin.com "<DOMAIN>" |
| 116 | + | ``` |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | **Example** |
| 121 | + | |
| 122 | + | ``` |
| 123 | + | site:http://jsfiddle.net | site:http://codebeautify.org | site:http://codepen.io | site:http://pastebin.com "<DOMAIN>" |
| 124 | + | site:http://jsfiddle.net | site:http://codebeautify.org | site:http://codepen.io | site:http://pastebin.com "<DOMAIN>" "demo" "test" "api" |
| 125 | + | ``` |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | **Open Redirects** |
| 130 | + | |
| 131 | + | ``` |
| 132 | + | inurl:page= | inurl:url= | inurl:return= | inurl:next= | inurl:redir= | inurl:redirect= | inurl:target= | inurl:page= inurl:& inurl:http site:http://<DOMAIN> |
| 133 | + | ``` |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | **Cloud Environments** |
| 138 | + | |
| 139 | + | ``` |
| 140 | + | site:http://s3.amazonaws.com "<DOMAIN>" |
| 141 | + | site:http://blob.core.windows.net "<DOMAIN>" |
| 142 | + | site:http://googleapis.com "<DOMAIN>" |
| 143 | + | site:http://drive.google.com "<DOMAIN>" |
| 144 | + | ``` |
| 145 | + | |
| 146 | + | #### |
| 147 | + | |
| 148 | + | #### Abusing Google ID |
| 149 | + | |
| 150 | + | > [https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e43](https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e43) |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | **Setup** |
| 155 | + | |
| 156 | + | 1. Add a new contact to you google account (email address required) |
| 157 | + | 2. Open developer tools and select the network tab |
| 158 | + | 3. Reload the page |
| 159 | + | 4. Set the right pane to request |
| 160 | + | 5. Check all batchexecute packets |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | **Example** |
| 165 | + | |
| 166 | + | > [https://contacts.google.com/\_/ContactsUi/data/batchexecute?rpcids=OSOtuf\&f.sid=-916332265175998083\&bl=boq\_contactsuiserver\_20200707.13\_p0\&hl=en\&soc-app=527\&soc-platform=1\&soc-device=1&\_reqid=765234\&rt=c](https://contacts.google.com/\_/ContactsUi/data/batchexecute?rpcids=OSOtuf\&f.sid=-916332265175998083\&bl=boq\_contactsuiserver\_20200707.13\_p0\&hl=en\&soc-app=527\&soc-platform=1\&soc-device=1&\_reqid=765234\&rt=c) |
| 167 | + | |
| 168 | + | 6. Watch out for a string like the following one |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | **Example** |
| 173 | + | |
| 174 | + | ``` |
| 175 | + | [[["OSOtuf","[\"55fa738b0a752dc5\",\"117395327982835488254\"]",null,"generic"]]] |
| 176 | + | ``` |
| 177 | + | |
| 178 | + | The Google ID's are always `21` characters long and starting with `10` or `11`. |
| 179 | + | |
| 180 | + | > [https://get.google.com/albumarchive/](https://get.google.com/albumarchive/) |
| 181 | + | |
| 182 | + | > [https://www.google.com/maps/contrib/](https://www.google.com/maps/contrib/) |
| 183 | + | |
| 184 | + | ### |
| 185 | + | |
| 186 | + | ### h8mail |
| 187 | + | |
| 188 | + | > [https://github.com/khast3x/h8mail](https://github.com/khast3x/h8mail) |
| 189 | + | |
| 190 | + | ``` |
| 191 | + | $ h8mail -t <EMAIL> |
| 192 | + | ``` |
| 193 | + | |
| 194 | + | ### |
| 195 | + | |
| 196 | + | ### Photon |
| 197 | + | |
| 198 | + | > [https://github.com/s0md3v/Photon](https://github.com/s0md3v/Photon) |
| 199 | + | |
| 200 | + | ``` |
| 201 | + | $ python3 photon.py -u https://<DOMAIN> -l 3 -t 100 --wayback |
| 202 | + | ``` |
| 203 | + | |
| 204 | + | ### |
| 205 | + | |
| 206 | + | ### Recon-ng |
| 207 | + | |
| 208 | + | #### |
| 209 | + | |
| 210 | + | #### Basic Commands |
| 211 | + | |
| 212 | + | ``` |
| 213 | + | $ recon-ng |
| 214 | + | $ recon-ng -w <WORKSPACE> |
| 215 | + | [recon-ng][default] > workspaces create <WORKSPACE> |
| 216 | + | [recon-ng][default] > db schema |
| 217 | + | [recon-ng][default] > db insert domains |
| 218 | + | [recon-ng][default] > marketplace search |
| 219 | + | [recon-ng][default] > marketplace search <NAME> |
| 220 | + | [recon-ng][default] > marketplace info <NAME> |
| 221 | + | [recon-ng][default] > marketplace install <NAME> |
| 222 | + | [recon-ng][default] > marketplace remove <NAME> |
| 223 | + | [recon-ng][default] > modules search |
| 224 | + | [recon-ng][default] > modules load <MODULE> |
| 225 | + | [recon-ng][default][<MODULE>] > info |
| 226 | + | [recon-ng][default][<MODULE>] > options list |
| 227 | + | [recon-ng][default][<MODULE>] > options set <VALUE> |
| 228 | + | [recon-ng][default][<MODULE>] > run |
| 229 | + | [recon-ng][default] > keys list |
| 230 | + | [recon-ng][default] > keys add <KEY> <VALUE> |
| 231 | + | [recon-ng][default] > keys remove <KEY> |
| 232 | + | ``` |
| 233 | + | |
| 234 | + | `Ctrl+c` unloads a module. |
| 235 | + | |
| 236 | + | ### |
| 237 | + | |
| 238 | + | ### Social Analyzer |
| 239 | + | |
| 240 | + | > [https://github.com/qeeqbox/social-analyzer](https://github.com/qeeqbox/social-analyzer) |
| 241 | + | |
| 242 | + | ``` |
| 243 | + | $ python3 app.py --cli --mode "fast" --username "<GIVENNAME> <SURNAME>" --websites "youtube facebook instagram" --output "pretty" --options "found,title,link,rate" |
| 244 | + | ``` |
| 245 | + | |
| 246 | + | ### theHarvester |
| 247 | + | |
| 248 | + | > [https://github.com/laramies/theHarvester](https://github.com/laramies/theHarvester) |
| 249 | + | |
| 250 | + | ``` |
| 251 | + | $ theHarvester -d <DOMAIN> -l 500 -b google -f myresults.html |
| 252 | + | ``` |
| 253 | + | |
| 254 | + | ### |
| 255 | + | |