Shodan is a popular search engine for internet-connected devices, often referred to as the “search engine for IoT.” It can be a valuable tool for bug bounty hunters, helping to identify potential vulnerabilities and targets. One of the most powerful features of Shodan is its ability to filter searches using special search queries known as “dorks.” In this blog post, we’ll explore and expand on a list of Shodan dorks that can be useful in bug bounty programs.
org:””
This dork filters results based on the organization that owns the target domain. Replace with the domain you’re interested in.
http.status:””
This dork filters results based on the HTTP status code. For example, you can use http.status:”404″ to find pages that return a 404 Not Found error.
product:””
This dork filters results based on the product name. Replace with the name of the product you’re interested in, such as product:”Apache”.
port: “”
This dork filters results based on the open port number and the service message. For example, you can use port:80 “Microsoft IIS” to find IIS servers running on port 80.
port: “”
This dork filters results based on the open port number and the service name. For example, you can use port:22 ssh to find SSH servers running on port 22.
http.component:””
This dork filters results based on the HTTP component name. Replace with the name of the component you’re interested in, such as http.component:”PHP”.
http.component_category:””
This dork filters results based on the HTTP component category. Replace with the category you’re interested in, such as http.component_category:”Database”.
http.waf:””
This dork filters results based on the web application firewall (WAF) name. Replace with the name of the WAF you’re interested in, such as http.waf:”ModSecurity”.
http.html:””
This dork filters results based on the HTML content. Replace with the name of the HTML content you’re interested in, such as http.html:”Login”.
http.title:””
This dork filters results based on the HTML title. Replace with the name of the title you’re interested in, such as http.title:”Admin Panel”.
ssl.alpn:””
This dork filters results based on the SSL Application Layer Protocol Negotiation (ALPN) protocol. Replace with the protocol you’re interested in, such as ssl.alpn:”h2″.
http.favicon.hash:””
This dork filters results based on the SHA-1 hash of the favicon. Replace with the hash you’re interested in, such as http.favicon.hash:”a9d3e3″.
net:””
This dork filters results based on the net range. Replace with the net range you’re interested in, such as net:”104.16.100.52/32″.
http.ssl.cert.subject.cn:”<http://Domain .com>”
This dork filters results based on the SSL certificate’s common name. Replace <http://Domain .com> with the domain you’re interested in, such as http.ssl.cert.subject.cn:”<http://example.com>”.
In conclusion, while exploring Google dorks can be an exciting way to uncover hidden information on the internet, it is crucial to remember that hacking is generally considered an illegal activity. To stay on the right side of the law and protect people’s privacy, always ensure that any investigative efforts are carried out ethically, with proper written permission, and without revealing personally identifiable information. By adhering to these principles, you can help maintain the security and integrity of the online world while still satisfying your curiosity and expanding your knowledge. Happy dorking!
