Using Google and Bing Dorking could get leads for pretty big bounties! Do you know you can customize those search engines only to show you the bug bounty targets? Let’s explore the way how you can set up custom search engines.

Programmable Search Engine by Google

The first custom search that you could use is a programmable search engine by Google. You could create a search field that would only show your specified websites. It’s pretty useful for bug bounties. If you never used this tool and tried to access it directly – you will see a view like this:

Let’s click on “add” to start and name the search engine. I will mine the Bug Bounty Targets:

When you are creating it the first time, I only recommend adding one wildcard domain:

For search settings, I do not select anything, since you don’t need the image search and safe search – would only limit your results. Lastly, what’s left to do is just fill in CAPTCHA and press “Create”:

I only fill one target since it’s more convenient to use a custom search engine in edit mode. Next, let’s click on “Customize”:

Now we are in the edit mode… If you click on “Add” near the sites to search, it will be more convenient right now:

What I recommend you to do, is just add as many targets as possible. I suggest you use the BBSCOPE tool as it could help you to gather a lot of wildcard domains even from private programs. I also recommend adding in chunks of like 50, because if you try to add a lot of targets at once – this search engine could crash:

After adding your targets, you could use a public URL of your search engine:

This search bar will be only applicable to your specified websites. It’s pretty much convenient just to do like simple search on that website. For example, if you are looking for API endpoints, you could just write down “api” or maybe you are looking for admin endpoints… Keep in mind that you cannot do the same as regular or Google Dorking.

Bing Custom Search

My second favorite custom search engine is Bing Custom Search. It is useful if you are going after two to three large programs since it does have some limitations, unlike Google. It has a limit of 100 targets, so I suggest only using this on high bounty-paying programs. Let’s click on “get started”:

You will be prompted to log in with your Microsoft account. After that, you will see this page, if you are accessing it first time:

Click on “create new instance”. Give it a name like “S-Tier targets” and click “okay”:

Wait until it loads and then you can start adding your URLs. I will use fisglobal as the example and make sure your check “includes sub pages” and click on the plus symbol:

After adding the first website, you can really add more targets by Type in a URL (up to 100):

You can use the right side of the screen to search “API” endpoints:

Last Thoughts

We have looked into two custom search engines. Even though it’s not the same as regular Dorking, you can still apply this to filter out some assets.

If you find this information useful, please share this article on your social media, I will greatly appreciate it! I am active on Twitter, check out some content I post there daily! If you are interested in video content, check my YouTube. Also, if you want to reach me personally, you can visit my Discord server. Cheers!