🚨 Free Article Link: Click here 👈
whoami ❓
I am Abhirup Konwar (aka LegionHunter). I work as a full-time bug hunter and dedicate the rest of the time in understanding inner workings of open-source malwares.🥷
I have reported over 1000 bugs on OpenBugBounty as well as on HackerOne and BugCrowd along with numerous Hall Of Fame programs including NASA, State of California, University of Melbourne, American Systems, Monash University, RMIT University, Private HealthCare Company, and self hosted VDP + BBP , with bugs belonging to both Client and Server Injection category, Sensitive Information Disclosure & Broken Access Control.
I decided to write this article after a recent experience, when I recently saw a hunter share bounty screenshot and hashtag bugbountytips, and the tip is to update your fuzzing wordlist regularly, but how exactly to do so❓
While I often see this type of brief tip, but this time I stepped back and thought how🤔Realized I only know dorking, that's it 😂
So let's begin with that saying, dork to find endpoints shared on X and LinkedIn to update your fuzzing wordlist.
1️⃣ GENERAL
site:x.com "Add" "to your wordlist"
site:linkedin.com "Add" "to your wordlist"
2️⃣ EXPOSED
site:x.com "Add" "to your wordlist" "exposed"
site:linkedin.com "Add" "to your wordlist" "exposed"3️⃣ MISCONFIGURED
site:x.com "Add" "to your wordlist" "misconfigured"
site:linkedin.com "Add" "to your wordlist" "misconfigured"4️⃣ UNAUTHENTICATED
site:x.com "Add" "to your wordlist" "unauthenticated"
site:linkedin.com "Add" "to your wordlist" "unauthenticated"5️⃣ BUG SEVERITY BASED
site:x.com "Add" "to your wordlist" "P1"
site:linkedin.com "Add" "to your wordlist" "P1"
Bugcrowd Severity: P1,P2,P3,P4
HackerOne Severity: critical,high,medium,low6️⃣ BUG CATEGORY BASED
site:x.com "Add" "to your wordlist" "broken access control"
site:x.com "Add" "to your wordlist" "remote code execution"7️⃣ TECH STACK
site:x.com "Add" "to your wordlist" "IIS Windows"
site:x.com "Add" "to your wordlist" "nginx"
site:x.com "Add" "to your wordlist" "PHP"8️⃣ SPECIFIC ENDPOINT BASED
site:x.com "Add" "to your wordlist" "dashboard"9️⃣ SENSITIVE KEYWORDS
site:x.com "Add" "to your wordlist" "sensitive"
site:x.com "Add" "to your wordlist" "secret"
site:x.com "Add" "to your wordlist" "JWT"
site:x.com "Add" "to your wordlist" "token"
site:x.com "Add" "to your wordlist" "private"
site:x.com "Add" "to your wordlist" "internal"
site:x.com "Add" "to your wordlist" "leak"🔟 VERSION DISCLOSURES
site:x.com "Add" "to your wordlist" "version"
site:x.com "Add" "to your wordlist" "vulnerable"
site:x.com "Add" "to your wordlist" "outdated"- Instead of X try twitter and get old results as well that got crawled and indexed by our best search engine Google :)
- Google Search Tools: Filter by date, time and custom range , and get results that others might overlook.
- Instead of fuzzing with everything, pick one new endpoint that you didn't fuzzed till now and mass fuzz on all targets with VPS power.
🔗Other Articles you might like:
📱Follow me on X and LinkedIn for daily bug hunting updated tips.
🌐 Subscribe to YT Channel LegionHunter for intermediate to advanced content.
Learn to hack❌ Hack to self learn✅ 🤡
