TryhackmeHackthebox

Index.html

<!DOCTYPE html>

<html>

<head>

<title>Bug Bounty Search Engine</title>

<style>

body {

margin: 0;

padding: 0;

overflow: hidden;

}

.background-video {

position: fixed;

top: 0;

left: 0;

width: 100%;

height: 100%;

z-index: -1;

}

.button-container {

position: absolute;

top: 50%;

left: 50%;

transform: translate(-50%, -50%);

display: flex;

flex-wrap: wrap;

justify-content: center;

align-items: center;

gap: 10px;

}

.button-column {

display: flex;

flex-direction: column;

align-items: flex-start;

margin-right: 10px;

}

.futuristic-button {

padding: 12px 24px;

font-size: 16px;

background-color: transparent;

border: 2px solid #ffffff;

color: #ffffff;

transition: all 0.3s ease;

}

.futuristic-button:hover {

background-color: #ffffff;

color: #000000;

border-color: #000000;

box-shadow: 0 0 10px rgba(0, 0, 0, 0.3);

}

.search-container {

display: flex;

justify-content: center;

margin-top: 20px;

}

.search-label {

font-size: 18px;

color: #ffffff;

margin-right: 10px;

}

.search-input {

padding: 8px;

font-size: 16px;

border: 2px solid #ffffff;

border-radius: 4px;

background-color: transparent;

color: #ffffff;

}

.background-video {

position: fixed;

top: 0;

left: 0;

width: 100%;

height: 100vh;

object-fit: cover;

z-index: -1;

}

.center-container {

display: flex;

justify-content: center;

align-items: center;

height: 100vh;

}

.center-container img {

display: block;

margin: 0 auto;

}

</style>

<script>

function googleSearch(type) {

var targetDomain = document.getElementById('target').value;

if (!targetDomain) {

alert('Please enter a target domain.');

return;

}

var searchQuery = 'site:' + targetDomain;

switch (type) {

case 1:

searchQuery += ' intitle:index.of';

break;

case 2:

searchQuery += ' ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini';

break;

case 3:

searchQuery += ' ext:sql | ext:dbf | ext:mdb';

break;

case 4:

searchQuery += ' ext:log';

break;

case 5:

searchQuery += ' ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup';

break;

case 6:

searchQuery += ' inurl:login';

break;

case 7:

searchQuery += ' intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"';

break;

case 8:

searchQuery += ' ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv';

break;

case 9:

searchQuery += ' ext:php intitle:phpinfo "published by the PHP Group"';

break;

case 10:

searchQuery += ' inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download';

break;

case 11:

searchQuery += ' inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor';

break;

case 12:

searchQuery += ' inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config';

break;

case 13:

searchQuery += ' inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http';

break;

case 14:

searchQuery += ' ext:action | ext:struts | ext:do';

break;

case 15:

var site = 'site:pastebin.com ' + targetDomain;

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 16:

var site = 'site:linkedin.com employees ' + targetDomain;

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 17:

var site = 'inurl:"/phpinfo.php" | inurl:".htaccess" | inurl:"/.git" ' + targetDomain + ' -github';

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 18:

var site = 'site:*.' + targetDomain;

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 19:

var site = 'site:*.*.' + targetDomain;

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 20:

var site = 'inurl:wp-content | inurl:wp-includes ' + targetDomain;

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 21:

var site = '"*.' + targetDomain + '"';

var url = 'https://github.com/search?q=' + encodeURIComponent(site) + '&type=host';

window.open(url, '_blank');

return;

case 22:

var url = 'http://' + targetDomain + '/crossdomain.xml';

window.open(url, '_blank');

return;

case 23:

var url = 'http://threatcrowd.org/domain.php?domain=' + targetDomain;

window.open(url, '_blank');

return;

case 24:

var site = '+inurl:' + targetDomain + ' +ext:swf';

var url = 'https://www.google.com/search?q=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 25:

var site = 'site:' + targetDomain + ' mime:swf';

var url = 'https://yandex.com/search/?text=' + encodeURIComponent(site);

window.open(url, '_blank');

return;

case 26:

var site = targetDomain;

var url = 'https://web.archive.org/cdx/search?url=' + encodeURIComponent(site) + '/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=urlkey:.*swf&limit=100000&_=1507209148310';

window.open(url, '_blank');

return;

case 27:

var site = targetDomain;

var url = 'https://web.archive.org/cdx/search?url=' + encodeURIComponent(site) + '/&matchType=domain&collapse=urlkey&output=text&fl=original&filter=mimetype:application/x-shockwave-flash&limit=100000&_=1507209148310';

window.open(url, '_blank');

return;

case 28:

var site = '.' + targetDomain;

var url = 'https://web.archive.org/web/*/(.' + encodeURIComponent(site) + ')';

window.open(url, '_blank');

return;

case 29:

var site = targetDomain;

var url = 'https://web.archive.org/web/*/' + encodeURIComponent(site) + '/*';

window.open(url, '_blank');

return;

case 30:

var url = 'https://crt.sh/?q=%25.' + targetDomain;

window.open(url, '_blank');

return;

case 31:

var site = targetDomain;

var url = 'https://www.openbugbounty.org/search/?search=' + encodeURIComponent(site) + '&type=host';

window.open(url, '_blank');

return;

case 32:

var site = targetDomain;

var url = 'https://www.reddit.com/search/?q=' + encodeURIComponent(site) + '&source=recent';

window.open(url, '_blank');

return;

case 33:

var site = '+inurl:' + targetDomain + ' +ext:wp- | +inurl:' + targetDomain + ' +ext:wp-content';

var url = 'http://wwwb-dedup.us.archive.org:8083/cdx/search?url=' + encodeURIComponent(site) + '/&matchType=domain&collapse=digest&output=text&fl=original,timestamp&filter=urlkey:.*wp[-].*&limit=1000000&xx=';

window.open(url, '_blank');

return;

case 34:

var url = 'https://censys.io/ipv4?q=' + targetDomain;

window.open(url, '_blank');

return;

case 35:

var url = 'https://censys.io/domain?q=' + targetDomain;

window.open(url, '_blank');

return;

case 36:

var url = 'https://censys.io/certificates?q=' + targetDomain;

window.open(url, '_blank');

return;

case 37:

var url = 'https://www.shodan.io/search?query=' + targetDomain;

window.open(url, '_blank');

return;

case 38:

searchQuery += ' inurl:"/geoserver/ows?service=wfs"';

break;

case 39:

searchQuery += ' intext:"ArcGIS REST Services Directory" intitle:"Folder: /"';

break;

case 40:

searchQuery += ' inurl:/wp-content/uploads/wpo_wcpdf';

break;

case 41:

searchQuery += ' intitle:"index of "main.yml"';

break;

case 42:

searchQuery += ' inurl:/admin.aspx'

break

case 43:

searchQuery += ' inurl:/wp-content/uploads/wpo_wcpdf'

break

case 44:

searchQuery += ' inurl:uploadimage.php'

break

case 45:

searchQuery += ' inurl:*/wp-content/plugins/contact-form-7/'

break

case 46:

searchQuery += ' intitle:index.of conf.php'

break

case 47:

searchQuery += ' intitle:"Sharing API Info"'

break

case 48:

searchQuery += ' intitle:"Index of" inurl:/backup/ "admin.zip"'

break

case 49:

searchQuery += ' intitle:"index of" github-api'

break

case 50:

searchQuery += ' inurl:wp-content/uploads/wcpa_uploads'

break

case 51:

searchQuery += ' inurl:user intitle:"Drupal" intext:"Log in" -"powered by"'

break

case 52:

searchQuery += ' inurl: /libraries/joomla/database/'

break

case 53:

searchQuery += ' inurl:"php?sql=select" ext:php'

break

case 54:

searchQuery += ' inurl:"wp-content" intitle:"index.of" intext:wp-config.php'

break

case 55 :

searchQuery += ' intext:"index of" inurl:json-rpc'

break

case 56 :

searchQuery += ' intitle:"index of" "download.php?file="'

break

case 57 :

searchQuery += ' intext:"index of" inurl:jwks-rsa'

break

case 58 :

searchQuery += ' inurl:"wp-content" intitle:"index.of" intext:backup"'

break

case 59 :

searchQuery += ' intitle:index.of conf.mysql'

break

case 60 :

searchQuery += ' intitle:"index of" "users.yml" | "admin.yml" | "config.yml"'

break

case 61 :

searchQuery += ' intitle:"index of" "docker-compose.yml"'

break

case 62 :

searchQuery += ' intext:pom.xml intitle:"index of /"'

break

case 63 :

searchQuery += ' intext:"Index of" intext:"/etc"'

break

case 64 :

searchQuery += ' "sql" "parent" intitle:index.of -injection'

break

default:

alert('Invalid option.');

return;

}

var url = 'https://www.google.com/search?q=' + encodeURIComponent(searchQuery);

window.open(url, '_blank');

}

</script>

</head>

<body>

<div class="background-video">

<video autoplay loop muted class="background-video">

<source src="https://nitinyadav00.github.io/Bug-Bounty-Search-Engine/Untitled%20design%20(1).mp4" type="video/mp4">

<!-- Add additional source tags for other video formats if needed -->

</video>

</div>

<h1 style="text-align: center; color: #ffffff; margin-top: 50px;">Search Engine For Bug Bounty Hunters</h1>

<h2 style="display: flex; color: #ffffff; margin-top: 20px;" for="target">Enter Target Domain:</h2>

<input type="text; margin-top: 20px;" id="target">

<br>

<br>

<button class="futuristic-button" onclick="googleSearch(1)">Directory listing vulnerabilities</button>

<button class="futuristic-button" onclick="googleSearch(2)">Exposed Configuration files</button>

<button class="futuristic-button" onclick="googleSearch(3)">Exposed Database files</button>

<button class="futuristic-button" onclick="googleSearch(4)">Exposed log files</button>

<button class="futuristic-button" onclick="googleSearch(5)">Backup and old files</button>

<button class="futuristic-button" onclick="googleSearch(6)">Login pages</button>

<button class="futuristic-button" onclick="googleSearch(7)">SQL errors</button>

<button class="futuristic-button" onclick="googleSearch(8)">Publicly exposed documents</button>

<button class="futuristic-button" onclick="googleSearch(9)">phpinfo()</button>

<button class="futuristic-button" onclick="googleSearch(10)">Find WordPress</button>

<button class="futuristic-button" onclick="googleSearch(11)">Finding Backdoors</button>

<button class="futuristic-button" onclick="googleSearch(12)">Install / Setup files</button>

<button class="futuristic-button" onclick="googleSearch(13)">Open Redirects</button>

<button class="futuristic-button" onclick="googleSearch(14)">Apache STRUTS RCE</button>

<button class="futuristic-button" onclick="googleSearch(15)">Find Pastebin entries</button>

<button class="futuristic-button" onclick="googleSearch(16)">Employees on LINKEDIN</button>

<button class="futuristic-button" onclick="googleSearch(17)">.htaccess sensitive files</button>

<button class="futuristic-button" onclick="googleSearch(18)">Find Subdomains</button>

<button class="futuristic-button" onclick="googleSearch(19)">Find Sub-Subdomains</button>

<button class="futuristic-button" onclick="googleSearch(20)">Find WordPress #2</button>

<button class="futuristic-button" onclick="googleSearch(21)">Search in GITHUB</button>

<button class="futuristic-button" onclick="googleSearch(22)">Test CrossDomain</button>

<button class="futuristic-button" onclick="googleSearch(23)">Check in ThreatCrowd</button>

<button class="futuristic-button" onclick="googleSearch(24)">Find SWF</button>

<button class="futuristic-button" onclick="googleSearch(25)">Find MIME-SWF</button>

<button class="futuristic-button" onclick="googleSearch(26)">Find SWF links in the past</button>

<button class="futuristic-button" onclick="googleSearch(27)">Find MIME-SWF links in the past</button>

<button class="futuristic-button" onclick="googleSearch(28)">Search in Web Archive #1</button>

<button class="futuristic-button" onclick="googleSearch(29)">Search in Web Archive #2</button>

<button class="futuristic-button" onclick="googleSearch(30)">Certificate Transparency</button>

<button class="futuristic-button" onclick="googleSearch(31)">Search OpenBugBounty</button>

<button class="futuristic-button" onclick="googleSearch(32)">Search in Reddit</button>

<button class="futuristic-button" onclick="googleSearch(33)">Search WP Config Backup</button>

<button class="futuristic-button" onclick="googleSearch(34)">Search in Censys (IPv4)</button>

<button class="futuristic-button" onclick="googleSearch(35)">Search in Censys (Domain)</button>

<button class="futuristic-button" onclick="googleSearch(36)">Search in Censys (Certificates)</button>

<button class="futuristic-button" onclick="googleSearch(37)">Search in SHODAN</button>

<button class="futuristic-button" onclick="googleSearch(38)">Vulnerable Servers</button>

<button class="futuristic-button" onclick="googleSearch(39)">ArcGIS REST Services Directory</button>

<button class="futuristic-button" onclick="googleSearch(40)">wp-content Juicy Info</button>

<button class="futuristic-button" onclick="googleSearch(41)">main.yml file</button>

<button class="futuristic-button" onclick="googleSearch(42)">Admin Portal</button>

<button class="futuristic-button" onclick="googleSearch(43)">Wordpress Juicy file 1</button>

<button class="futuristic-button" onclick="googleSearch(44)">File Upload</button>

<button class="futuristic-button" onclick="googleSearch(45)">Vulnerable Wordpress Plugin</button>

<button class="futuristic-button" onclick="googleSearch(46)">Sensitive File</button>

<button class="futuristic-button" onclick="googleSearch(47)">Sharing API Info</button>

<button class="futuristic-button" onclick="googleSearch(48)">Sensitive Admin Backup</button>

<button class="futuristic-button" onclick="googleSearch(49)">Github API</button>

<button class="futuristic-button" onclick="googleSearch(50)">Wordpress Juicy file 2</button>

<button class="futuristic-button" onclick="googleSearch(51)">Drupal Login</button>

<button class="futuristic-button" onclick="googleSearch(52)">Joomla Database/</button>

<button class="futuristic-button" onclick="googleSearch(53)">Sql File</button>

<button class="futuristic-button" onclick="googleSearch(54)">Wordpress Juicy file 3</button>

<button class="futuristic-button" onclick="googleSearch(55)">Remote procedure call protocol</button>

<button class="futuristic-button" onclick="googleSearch(56)">Sensitive File</button>

<button class="futuristic-button" onclick="googleSearch(57)">jwks-rsa file</button>

<button class="futuristic-button" onclick="googleSearch(58)">Wordpress Backup</button>

<button class="futuristic-button" onclick="googleSearch(59)">Mysql file</button>

<button class="futuristic-button" onclick="googleSearch(60)">Sensitive File</button>

<button class="futuristic-button" onclick="googleSearch(61)">Docker-Compose yml file</button>

<button class="futuristic-button" onclick="googleSearch(62)">Sensitive File</button>

<button class="futuristic-button" onclick="googleSearch(63)">Sensitive File</button>

<button class="futuristic-button" onclick="googleSearch(64)">Directories containing SQL Installs and/or SQL databases</button>

<br>

<br>

<div style="display: flex; justify-content: center;">

<a href="https://www.youtube.com/@CyberHacks200" target="_blank">

<img src="https://nitinyadav00.github.io/Bug-Bounty-Search-Engine/Youtube-01.svg" width="150" height="150">

</a>

</div>

</body>

</html>

PreviousBug BountyNextLinks

Last updated