⚠️ Disclaimer: All techniques included in this blog is only for educational and ethical vulnerability testing purposes. Author not responsible for any misuse!

Check complete series from beginning

ZoomEye Dorking | Advanced Recon Techniques

Learn how to use ZoomEye Search Engine to perform advanced dorking for OSINT, Recon, Bug Bounty & Pentesting

medium.com

👉 Site: zoomeye.ai

http.body="keyword" && http.header=".json"
http.body="keyword" && http.header="Content-Type: application/json"
None
http.header="Content-Type: application/json" && http.body="api."
None
None
http.header="Content-Type: application/json" && http.body="message"
http.header="Content-Type: application/json" && http.body="status"
None
http.header="Content-Type: application/json" && http.body="Cannot GET /"
None
http.header="Content-Type: application/json" && http.body="apiVersion"
None
http.header="Content-Type: application/json" && http.body="/v1"
http.header="Content-Type: application/json" && http.body="/v2"
http.header="Content-Type: application/json" && http.body="/v3"
http.header="Content-Type: application/json" && http.body="/v4"
None
http.header="Content-Type: application/json" && http.body="cluster"
None

wss (Secure web socket protocol)


http.header="Content-Type: application/json" && http.body="wss://"
None
http.header="Content-Type: application/json" && http.body="GET /" && http.body="chainIds"
http.header="Content-Type: application/json" && http.body="GET /" && http.body="POST /"
None

⏳ Target filtering

existing_dork && domain="example.com"
existing_dork && ssl.cert.subject.cn="example.com"
existing_dork && asn="asn number of company/org"
existing_dork && org="organization name"
existing_dork && cidr="x.x.x.x/x"

Favicon Hash Recon

existing_dork && iconhash="12345678"

Best tools for bug bounty & pentesting

Edit description

medium.com

Bug Hunting Methodology

Edit description

medium.com

© Medium Copyright AbhirupKonwar All rights reserved!