This post is going to talk about how to google dork search using a free tool called ATScan which can be found at github.
What Is ATScan?
ATScan is a free open source Advanced Search / Dork / Mass Exploitation Scanner
It can be used to scan and crawl the internet for websites which contain vulnerable code such as SQLI, XSS or even command injection, this program can be interactive or command line based.
How To Download & Install ATScan?
Libraries to install
Works on all platforms.
git clone https://github.com/AlisamTechnology/ATSCAN
chmod +x atscan.pl
chmod +x ./install.sh
Installed Tool Execution:
Menu: Applications > Web Application analysis > atscan
Can I Use ATScan In Bug Bounty Programs?
YES!!, bug bounty programs such as openbugbounty.org
Only accept certain types of vulnerabilities such as XSS (Cross Site Scripting) but, they do not accept SQLI (SQL Injection) so, ATScan can be very useful to use google dorks to find vulnerable websites to report.
Let’s have a quick talk about openbugbounty.org
openbugbouny.org is a bug bounty program that allows ethical hackers to find any website on the WWW (World Wide Web) that is vulnerable to dangerous attacks like XSS, CSRF, Improper Access Control or Open Redirect vulnerabilities once you have found a website you need to report it. The point of this bug bounty program is to keep the World Wide Web safe from the black hats, Quite often you are rewarded which can be quite satisfying for a hacker.
Here is a list of google dork searching tools that might be useful for different purposes.