Scribd
Upload
296 views12 pages

Sensitive Data Expouser

Uploaded by

qaiihaa5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
296 views12 pages

Sensitive Data Expouser

Uploaded by

qaiihaa5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Advance Bug Bounty

Hunting For Sensitive Data

Fusion Security Official


Introduction to Sensitive Data Exposure
Definition: Sensitive data exposure is the unintentional release of
private or confidential information.
Examples: API keys, passwords, tokens, private configurations.
Impact: Data breaches, unauthorized access, and serious security
threats.

Fusion Security Official


What is Google Dorking?
Definition: Using advanced search operators in Google to find
sensitive information that has been accidentally made public.
Common Targets: GitHub repositories, websites with
misconfigured files, and exposed JS files.
Why It’s Useful: Finds hidden or overlooked data without directly
attacking a server.

Fusion Security Official


Common Google Dorking Operators
Basic Operators:
• site: limits searches to specific sites.
• filetype: finds specific file types (e.g., .js, .json).
• inurl: searches for specific terms in the URL.
• intitle: searches for terms in the page title.
• ext: finds specific file extensions (e.g., .env, .php).

Fusion Security Official


Targeting GitHub for Sensitive Data
Manual Approach:
| "Company" password | "Company" key |
|------------------------------|---------------------- |
| "Company" secret | "Company" pass |
| "Company" credentials | "Company" login |
| "Company" token | "Company" ftp |
| "Company" config | "Company" pwd |

Fusion Security Official


Cont...
Search Term Results
"Company" security_credentials LADP (Active Directory)
"Company" connectionstring Database Credentials
"Company" JDBC Database Credentials
"Company" ss2_auth_password Unauthorized Access to Server
"Company" send_keys and send,keys Keywords related to pasword failed

Fusion Security Official


Cont...

Fusion Security Official


Mostly Google Dorks Used by me
• Filetype:env "DB_PASSWORD" site:*.target.com
• Filetype:txt "Passwd" site:*.target.com
• Filetype:pdf "Confidential" site:*.target.com
• Filetype:sql "DUMP" site:*.target.com
• Inurl:"index of /" "Parent Directory" site:*.target.com
• Inurl:"config.php" site:*.target.com
• Filetype:xls "Password" site:*.target.com
• Filetype:bak "backup" site:*.target.com
• Inurl:"file=" inurl:"index.php" site:*.target.com
• Inurl:/.git site:*.target.com

Fusion Security Official


Hunting with Wayback Machine
Use Case:
• Old versions of websites can still have sensitive data like API keys or old
endpoints.
• Look for configurations, hardcoded credentials, or exposed tokens in
earlier versions of JS or HTML files.
How to Use:
Go to archive.org and enter the target site URL.
Browse historical snapshots and inspect the page source

Fusion Security Official


Hunting with Waybackurls

What is Waybackurls?
• A tool used to fetch archived URLs for a given domain from the Wayback
Machine.
• Helps find old URLs that are no longer accessible but still archived.
• Command Usage:
• Install Waybackurls: go install
github.com/tomnomnom/waybackurls@latest
• Command: echo "target.com" | waybackurls
Example:
• echo "example.com" | waybackurls | grep ".js" to find
archived JavaScript files.

Fusion Security Official


Analyzing Archived JS Files for Sensitive Data
Why Archived JS Files?
• JavaScript files in archives can contain hardcoded secrets that
were later removed from the live site but are still accessible in the
Wayback Machine.

Fusion Security Official


End

Fusion Security Official

You might also like