Skip to content

Instantly share code, notes, and snippets.

@M507

M507/BigBountyReconQueries.md

Last active October 29, 2025 21:37
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save M507/79b35ffd1b135a15393d7dd625622b09 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save M507/79b35ffd1b135a15393d7dd625622b09 to your computer and use it in GitHub Desktop.
Download ZIP
All BigBountyRecon repo queries without GUI
Raw
BigBountyReconQueries.md

BigBountyReconQueries

All BigBountyRecon queries without GUI:

# Google Dorking URL Opener
# https://gist.github.com/M507/79b35ffd1b135a15393d7dd625622b09
# ============================================================
# HOW TO RUN:
# 1. Open PowerShell
# 2. Navigate to the script directory
# 3. Run: .\open_google_dorking.ps1
# 4. Enter the domain you want to search (e.g., example.com)
# 5. Confirm to start opening URLs in batches of 10
# 6. Press Enter after each batch to continue or 'q' to quit
# ============================================================
#
# This script contains all URLs directly. Just edit the $urls array below to add/remove/modify URLs.
#
# ============================================================
# EDIT THE URLs BELOW - Add, remove, or modify URLs as needed
# ============================================================
$urls = @(
    "https://www.google.com/search?q=site:REPLACEME intitle:index.of",
    "https://www.google.com/search?q=site:REPLACEME ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini",
    "https://www.google.com/search?q=site:REPLACEME ext:sql | ext:dbf | ext:mdb",
    "https://www.google.com/search?q=site:REPLACEME inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download",
    "https://www.google.com/search?q=site:REPLACEME ext:log",
    "https://www.google.com/search?q=site:REPLACEME ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup",
    "https://www.google.com/search?q=site:REPLACEME inurl:login | inurl:signin | intitle:Login | intitle: signin | inurl:auth",
    "https://www.google.com/search?q=site:REPLACEME ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv",
    "https://www.google.com/search?q=site:REPLACEME ext:php intitle:phpinfo \published by the PHP Group\",
    "https://www.google.com/search?q=site:REPLACEME  inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor",
    "https://www.google.com/search?q=site:REPLACEME  inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config",
    "https://www.google.com/search?q=site:REPLACEME intext:\sql syntax near\ | intext:\syntax error has occurred\ | intext:\incorrect syntax near\ | intext:\unexpected end of SQL command\ | intext:\Warning: mysql_connect()\ | intext:\Warning: mysql_query()\ | intext:\Warning: pg_connect()\",
    "https://www.google.com/search?q=site:REPLACEME inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http",
    "https://www.google.com/search?q=site:REPLACEME ext:action | ext:struts | ext:do",
    "https://www.google.com/search?q=site:pastebin.com REPLACEME",
    "https://www.google.com/search?q=site:linkedin.com employees REPLACEME",
    "https://www.google.com/search?q=.sharepoint.com/_vti_bin/webpartpages/asmx -docs -msdn -mdsec site:REPLACEME",
    "https://www.google.com/search?q=site:REPLACEME filetype:wsdl | filetype:WSDL | ext:svc | inurl:wsdl | Filetype: ?wsdl | inurl:asmx?wsdl | inurl:jws?wsdl | intitle:_vti_bin/sites.asmx?wsdl | inurl:_vti_bin/sites.asmx?wsdl",
    "https://github.com/search?q=%22astrikREPLACEME%22",
    "https://gist.github.com/search?q=*.%22REPLACEME%22",
    "https://www.google.com/search?q=site:REPLACEME filetype:config %22apache+ %22",
    "https://www.google.com/search?q=site%3Ahttp%3A%2F%2Fideone.com+|+site%3Ahttp%3A%2F%2Fcodebeautify.org+|+site%3Ahttp%3A%2F%2Fcodeshare.io+|+site%3Ahttp%3A%2F%2Fcodepen.io+|+site%3Ahttp%3A%2F%2Frepl.it+|+site%3Ahttp%3A%2F%2Fjustpaste.it+|+site%3Ahttp%3A%2F%2Fpastebin.com+|+site%3Ahttp%3A%2F%2Fjsfiddle.net+|+site%3Ahttp%3A%2F%2Ftrello.com+|+site%3A*.atlassian.net+|+site%3Abitbucket.org+ %22REPLACEME%22",
    "https://www.google.com/search?q=site%3Aatlassian.net+|+site%3Abitbucket.org+%22REPLACEME%22",
    "https://www.google.com/search?q=inurl:%22/.git %22 REPLACEME -github",
    "https://www.google.com/search?q=intitle:traefik+inurl:8080/dashboard%22REPLACEME%22",
    "https://crt.sh/?q=REPLACEME",
    "https://www.google.com/search?q=site:REPLACEME inurl:%22/phpinfo.php%22 | inurl:%22.htaccess%22",
    "https://www.google.com/search?q=site:astrikREPLACEME",
    "https://www.google.com/search?q=site:astrikREPLACEME",
    "https://www.google.com/search?q=site:REPLACEME inurl:wp-content | inurl:wp-includes",
    "http://wwwb-dedup.us.archive.org:8083/cdx/search?url=REPLACEME/&matchType=domain&collapse=digest&output=text&fl=original,timestamp&filter=urlkey:.*wp[-].*&limit=1000000&xx=",
    "https://www.openbugbounty.org/search/?search=REPLACEME",
    "https://www.reddit.com/search/?q=REPLACEME",
    "https://www.google.com/search?q=REPLACEME/crossdomain.xml",
    "https://www.google.com/search?q=REPLACEME/robots.txt",
    "https://securityheaders.com/?q=REPLACEME&followRedirects=on",
    "https://threatcrowd.org/domain.php?domain=REPLACEME",
    "https://community.riskiq.com/search/REPLACEME",
    "https://www.google.com/search?q=inurl:REPLACEME ext:swf",
    "https://www.youtube.com/results?search_query=REPLACEME",
    "https://yandex.com/search/?text=site:REPLACEME  mime:swf",
    "https://web.archive.org/cdx/search?url=REPLACEME/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=urlkey:.*swf&limit=100000",
    "https://web.archive.org/cdx/search?url=REPLACEME/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=mimetype:application/x-shockwave-flash&limit=100000",
    "https://web.archive.org/web/*/REPLACEME/*",
    "https://viewdns.info/reverseip/?host=REPLACEME&t=1",
    "https://publicwww.com/websites/%22REPLACEME%22/",
    "https://censys.io/ipv4?q=REPLACEME",
    "https://censys.io/domain?q=REPLACEME",
    "https://censys.io/certificates?q=REPLACEME",
    "https://www.shodan.io/search?query=REPLACEME",
    "https://cse.google.com/cse?cx=002972716746423218710:veac6ui3rio#gsc.tab=0&gsc.q=REPLACEME",
    "https://www.google.com/search?q=site:throwbin.io REPLACEME",
    "https://domaineye.com/similar/REPLACEME",
    "https://www.google.com/search?q=inurl:gitlab REPLACEME",
    "https://www.google.com/search?q=site:stackoverflow.com %22REPLACEME%22",
    "https://www.google.com/search?q=site:.s3.amazonaws.com %22REPLACEME%22",
    "https://www.google.com/search?q=site:digitaloceanspaces.com %22REPLACEME%22",
    "https://whatcms.org/?s=REPLACEME",
    "https://www.google.com/search?q=site:REPLACEME filetype:env | filetype:properties | filetype:env.local | filetype:env.production",
    "https://www.google.com/search?q=site:REPLACEME inurl:api_key | inurl:apikey | inurl:access_token | inurl:secret_key",
    "https://www.google.com/search?q=site:REPLACEME filetype:json + %22api_key%22",
    "https://www.google.com/search?q=site:REPLACEME filetype:xls | filetype:xlsx | filetype:xlsm password",
    "https://www.google.com/search?q=site:REPLACEME ext:pem | ext:key | ext:ppk | ext:cer | ext:p12 | ext:pfx",
    "https://www.google.com/search?q=site:REPLACEME inurl:admin | inurl:administrator | inurl:panel",
    "https://www.google.com/search?q=site:REPLACEME inurl:.env -github",
    "https://www.google.com/search?q=site:REPLACEME inurl:/.well-known/security.txt",
    "https://www.google.com/search?q=site:REPLACEME inurl:.git/config -github",
    "https://www.google.com/search?q=site:REPLACEME inurl:app.config | inurl:web.config | inurl:settings.xml",
    "https://www.google.com/search?q=site:REPLACEME inurl:docker-compose.yml | inurl:Dockerfile",
    "https://www.google.com/search?q=site:REPLACEME inurl:/.aws/credentials | inurl:/.aws/config",
    "https://www.google.com/search?q=site:REPLACEME inurl:console | intitle:console | intitle:debug",
    "https://www.google.com/search?q=site:REPLACEME filetype:xml -%22application/%22 -%22text/xml%22",
    "https://www.google.com/search?q=site:REPLACEME inurl:ftp:// | inurl:sftp://",
    "https://www.google.com/search?q=site:REPLACEME intitle:debug | intitle:test | intitle:dashboard",
    "https://www.google.com/search?q=site:REPLACEME filetype:sh history | bash_history",
    "https://searchcode.com/?q=REPLACEME",
    "https://www.google.com/search?q=site:github.com REPLACEME password -ext:md",
    "https://www.google.com/search?q=site:github.com REPLACEME secret -ext:md",
    "https://www.google.com/search?q=site:github.com REPLACEME api_key -ext:md",
    "https://www.google.com/search?q=site:github.com REPLACEME config -ext:md",
    "https://grep.app/search?q=REPLACEME",
    "https://www.google.com/search?q=site:sourceforge.net REPLACEME",
    "https://www.google.com/search?q=site:scribd.com REPLACEME",
    "https://www.google.com/search?q=site:REPLACEME inurl:status | inurl:health | inurl:ping",
    "https://www.google.com/search?q=site:REPLACEME inurl:api/v1 | inurl:api/v2 | inurl:/v1/ | inurl:/v2/",
    "https://www.google.com/search?q=site:REPLACEME inurl:graphql | inurl:graphiql",
    "https://www.google.com/search?q=site:REPLACEME intitle:swagger | inurl:/swagger/",
    "https://www.google.com/search?q=site:REPLACEME intitle:postman | inurl:postman",
    "https://www.google.com/search?q=site:REPLACEME inurl:/_cat/ | inurl:/_search/",
    "https://www.google.com/search?q=site:REPLACEME inurl:solr | inurl:elasticsearch",
    "https://www.google.com/search?q=site:REPLACEME inurl:phpmyadmin | inurl:adminer",
    "https://www.google.com/search?q=site:REPLACEME inurl:jboss | inurl:tomcat | inurl:weblogic",
    "https://www.google.com/search?q=site:REPLACEME intitle:jenkins | intitle:teamcity",
    "https://www.google.com/search?q=site:REPLACEME intitle:kubernetes | intitle:k8s",
    "https://www.google.com/search?q=site:REPLACEME inurl:portainer | intitle:portainer",
    "https://www.google.com/search?q=site:REPLACEME inurl:.svn/ | inurl:.svn/entries",
    "https://www.google.com/search?q=site:REPLACEME inurl:.hg/ | inurl:.bzr/",
    "https://www.google.com/search?q=site:REPLACEME intitle:index of %22/htdocs%22",
    "https://www.google.com/search?q=site:REPLACEME inurl:backup | inurl:dump | inurl:copy",
    "https://builtwith.com/?REPLACEME",
    "https://searchdns.netcraft.com/?host=REPLACEME&position=limited",
    "https://www.ssllabs.com/ssltest/analyze.html?d=REPLACEME",
    "https://urlscan.io/search/#REPLACEME",
    "https://www.virustotal.com/gui/domain/REPLACEME",
    "https://www.alienvault.com/open-threat-exchange/dashboard/domain/REPLACEME",
    "https://passivetotal.org/search?q=REPLACEME",
    "https://www.abuseipdb.com/search/REPLACEME",
    "https://bgp.he.net/dns/REPLACEME",
    "https://securitytrails.com/domain/REPLACEME/dns",
    "https://www.rapid7.com/research/projectdiscovery/",
    "https://www.google.com/search?q=REPLACEME inurl:%22/discovery/json%22 | inurl:%22/discovery/rest%22",
    "https://www.google.com/search?q=site:REPLACEME inurl:.well-known/openapi.json | inurl:.well-known/openapi.yaml",
    "https://www.google.com/search?q=site:REPLACEME filetype:sitemap sitemap.xml",
    "https://www.google.com/search?q=site:REPLACEME filetype:keychain | filetype:keychain-db",
    "https://www.google.com/search?q=site:dropbox.com REPLACEME",
    "https://www.google.com/search?q=site:onedrive.live.com REPLACEME",
    "https://www.google.com/search?q=site:drive.google.com REPLACEME",
    "https://www.google.com/search?q=site:slideshare.net REPLACEME",
    "https://www.google.com/search?q=site:medium.com REPLACEME",
    "https://www.google.com/search?q=site:gist.github.com REPLACEME",
    "https://www.google.com/search?q=site:REPLACEME inurl:db.php | inurl:database.php | inurl:config.php",
    "https://www.google.com/search?q=site:REPLACEME inurl:manage | inurl:manager | inurl:control",
    "https://www.google.com/search?q=site:REPLACEME ext:jsp | ext:jspx | ext:action | ext:do",
    "https://www.google.com/search?q=site:REPLACEME filetype:log %22GET /%22 | %22POST /%22"
)
# ============================================================
# SCRIPT LOGIC - Don't modify below unless you know what you're doing
# ============================================================

Write-Host "=== Google Dorking URL Opener ===" -ForegroundColor Cyan

# Prompt user for the domain to search
$domain = Read-Host "Enter domain to search (e.g., example.com)"

if ([string]::IsNullOrWhiteSpace($domain)) {
    Write-Host "Error: Domain cannot be empty!" -ForegroundColor Red
    exit
}

# Remove protocol if present
$domain = $domain -replace '^https?://', ''

Write-Host "`nDomain: $domain" -ForegroundColor Green
Write-Host "Total URLs: $($urls.Count)`n" -ForegroundColor Cyan

# Ask user for confirmation
$confirm = Read-Host "Do you want to open all $($urls.Count) URLs? (Y/N)"
if ($confirm -ne 'Y' -and $confirm -ne 'y') {
    Write-Host "Operation cancelled." -ForegroundColor Yellow
    exit
}

Write-Host "`nOpening URLs in batches of 10... Press Ctrl+C to stop at any time.`n" -ForegroundColor Yellow
Start-Sleep -Seconds 2

$count = 0
$batchSize = 10
$totalUrls = $urls.Count

# Process URLs in batches of 10
for ($i = 0; $i -lt $totalUrls; $i += $batchSize) {
    # Calculate batch info
    $batchStart = $i + 1
    $batchEnd = [Math]::Min($i + $batchSize, $totalUrls)
    $currentBatch = $batchEnd - $batchStart + 1
    
    Write-Host "`n=== BATCH: URLs $batchStart-$batchEnd of $totalUrls ===" -ForegroundColor Magenta
    
    # Open URLs in current batch
    for ($j = $i; $j -lt $batchEnd; $j++) {
        $url = $urls[$j]
        
        # Skip empty strings
        if ([string]::IsNullOrWhiteSpace($url)) {
            continue
        }
        
        # Replace REPLACEME with the domain
        $modifiedUrl = $url -replace 'REPLACEME', $domain
        $modifiedUrl = $modifiedUrl -replace 'astrik', '*'
        
        $count++
        Write-Host "[$count/$totalUrls] Opening: $modifiedUrl" -ForegroundColor Cyan
        
        try {
            # Use Start-Process to open URL in default browser
            Start-Process $modifiedUrl -ErrorAction Stop
            Start-Sleep -Milliseconds 300  # Small delay to prevent overwhelming the system
        }
        catch {
            Write-Host "Error opening: $modifiedUrl" -ForegroundColor Red
            Write-Host $_.Exception.Message -ForegroundColor Red
        }
    }
    
    # Check if there are more URLs to open
    if ($batchEnd -lt $totalUrls) {
        Write-Host "`n--- Batch Complete ---" -ForegroundColor Yellow
        Write-Host "Opened $currentBatch URLs. $($totalUrls - $batchEnd) URLs remaining." -ForegroundColor Yellow
        $continue = Read-Host "Press Enter to continue with next 10 URLs, or 'q' to quit"
        
        if ($continue -eq 'q' -or $continue -eq 'Q') {
            Write-Host "`nOperation cancelled by user." -ForegroundColor Yellow
            break
        }
    }
}

Write-Host "`n=== Complete ===" -ForegroundColor Green
Write-Host "Opened $count URLs" -ForegroundColor Green
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment