How I Got Sensitive Directory Using Shodan

Hello Everyone,

I am very Happy For good response my 1st article U can read

This is my 2nd article. in this article will talk about how to find Sensitive Directory bug using Shodan dork. Let’s introduce myself I’m Ch4ndan das & I’m web penetration tester. From India | My English is not well so please don’t mind it.

So I was testing a company’s domain let’s call it redacted.com. I started Hunting with Shodan. I request all of u please don’t ignore shodan. I also ignore shodan. Then I realized missing something. So I research on shodan I got some dorks like this

1. Ssl.cert.subject.CN:”redacted.com” http.title:”IIS”
2. asn= AS12345 http.title:”redacted”
3. ip= 127.0.0.1 http.title:”redacted”
4. Ssl.cert.subject.CN:”redacted.com” http.title:”index of/”
5. Ssl.cert.subject.CN:”redacted.com” http.title:”gitlab”
6. Ssl.cert.subject.CN:”redacted.com” “230 login successful” port:”21"
7. Ssl.cert.subject.CN:”*.redacted.com”+200 http.title:”Admin”

You Can more research on shodan. | and suggest you choose own target like this *.redacted.com I mean wildcard domain.

Lets start !

I pick a domain from Bugcrowd then start recon shodan. Then I used this dork Ssl.cert.subject.CN:”redacted.com” http.title:”index of/” see in image

I Open link I got very interesting directory see in image

Then I checked manual I think this is sensitive directory

Quickly I report this bug on bugcrowd after two days ago. I received reply from Bugcrowd this bug is valid But again Duplicate.😞😞

I also tried another domain again got sensitive directory then I report on bugcrowd. But I have not any response receive from bugcrowd see in image

Thank you everyone for Reading 🧡

Join My Telegram Chanel For Latest Update https://t.me/ch4ndan_das

U can view my LinkedIn Profile

Happy Hunting :)))