Big #Bugbountytip / #bugbountytips Google Services Hunting Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as Workspaces / Sheets / Groups / Drives / Etc... In groups: you can access emails / internal data/ credentials In Sheets, you can access PIIs / Edit access In Drive: you can access backups/ PII / Etc... still hard to find and It was an issue how to make good and at the same time fresh dorks for bug bounty programs Then I found out that a lot of links have the same path, and it was like this All Google resources I've found sites.google.com/a/domain.co… docs.google.com/a/domain.com… groups.google.com/a/domain.c… drive.google.com/a/domain.co… mail.google.com/a/domain.com… spreadsheets.google.com/a/do… spreadsheets0.google.com/a/d… spreadsheets1.google.com/a/d… spreadsheets2.google.com/a/d… spreadsheets3.google.com/a/d… spreadsheets4.google.com/a/d… spreadsheets5.google.com/a/d… spreadsheets6.google.com/a/d… spreadsheets7.google.com/a/d… spreadsheets8.google.com/a/d… UrlScan Dorking: page.url:"sites.google.com/a/*" page.url:"docs.google.com/a/*" You can replace * => the program domain Google Dorking: site:sites.google.com/a/* "inurl:/a/" Or for specific domain site:sites.google.com/a/* "inurl:/a/domain.com" GitHub Dorking: "sites.google.com/a/" Or for a specific domain "sites.google.com/a/domain.co…" Shodan Dorking: "sites.google.com/a" Web Archive web.archive.org/cdx/search/c… Don't forget: It's not just sites.google.com still you have to look for docs/groups/mail/drive/spreadsheetsX still working in Google Research and will add more and more soon ...... Happy Hunting♥ #bugbounty

12 API hacking bug bounty tips you must try on your target! 😎 🧵 👇

When a single ID fails, a pair might pass. IDOR bypasses can be that simple 🔥 - Victim's ID: 5200 - Attacker's ID: 5233 GET /api/users/5200/info → Access Denied ❌ GET /api/users/5200,5233/info → Bypassed ✅ #bugbountytips #PenetrationTesting