Database breaches are becoming more and more common, and the information inside is becoming more sensitive.
Bug bounty programs are willing to pay lots of money for vulnerabilities involving user data. What’s better than finding the entire database?
I have written a guide on Github detailing my methods of finding databases. The types of databases that are currently detailed are:
However, this is just the starting point. I am hoping to update this repository with many more databases, with equally detailed instructions on discovery.
I have also included information on how to find these with services like Censys, Shodan, and more. However, the only documented service is Censys at the moment.
For each Database, I have included information on:
- Data exfiltration
- Identifiers (HTML/JSON, etc.)
Here’s the repository at of the date of this post (22/03/2021):
So, what are you waiting for? Head to the Github repository to see what you can discover: