BBHT Resources

site:WEBSITE ext:php inurl:?
Disclosed XSS and Open Redirects

site:WEBSITE inurl:reports intext:"WEBSITE"
Juicy Extensions

site:"WEBSITE" ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess
Code Leaks

site:pastebin.com "ccsuniversity.ac.in"
site:jsfiddle.net "ccsuniversity.ac.in"
site:codebeautify.org "ccsuniversity.ac.in"
site:codepen.io "ccsuniversity.ac.in"
Cloud Storage

site:s3.amazonaws.com "ccsuniversity.ac.in"
site:blob.core.windows.net "ccsuniversity.ac.in"
site:googleapis.com "ccsuniversity.ac.in"
site:drive.google.com "ccsuniversity.ac.in"
site:dev.azure.com "ccsuniversity.ac.in"
site:onedrive.live.com "ccsuniversity.ac.in"
site:digitaloceanspaces.com "ccsuniversity.ac.in"
site:sharepoint.com "ccsuniversity.ac.in"
site:https://lnkd.in/e8YtGqdX "ccsuniversity.ac.in"
site:https://lnkd.in/evKFV7KK "ccsuniversity.ac.in"
site:dropbox.com/s "ccsuniversity.ac.in"
site:box.com/s "ccsuniversity.ac.in"
site:docs.google.com inurl:"/d/" "ccsuniversity.ac.in"
XSS prone parameters

inurl:q= | inurl:s= | inurl:search= | inurl:query= inurl:& site:WEBSITE
Open Redirect prone parameters

inurl:url= | inurl:return= | inurl:next= | inurl:redir= inurl:http site:WEBSITE
SQLi Prone Parameters

inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:WEBSITE
SSRF Prone Parameters

inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:WEBSITE
LFI Prone Parameters

inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:WEBSITE
RCE Prone Parameters

inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:WEBSITE High % inurl keywords

inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php site:WEBSITE
Sensitive Parameters

inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:WEBSITE
JFrog Artifactory

site:jfrog.io "WEBSITE"
Firebase

site:firebaseio.com "WEBSITE"
API Docs

inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"WEBSITE"
File upload endpoints

site:WEBSITE ”choose file”
Bug Bounty programs and Vulnerability Disclosure Programs

"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"
site:*/security.txt "bounty"
Apache Server Status Exposed

site:*/server-status apache
WordPress

inurl:/wp-admin/admin-ajax.php
Drupal

intext:"Powered by" & intext:Drupal & inurl:user
Joomla

site:*/joomla/login