All categories

DorkOps — query catalog

This is an interactive panel; JavaScript is required for the live UI. The full catalog of 18 categories and 230+ dorks is described below for reference (and for indexing).

🧰 Recon Tools

🧩 Favicon Hash Lab — Shodan / FOFA / ZoomEye pivot

Compute MurmurHash3 (Shodan) + MD5 (Censys) of a favicon. Two modes: URL (fetch — needs CORS-permissive origin) or file upload (always works, save the favicon locally first).

file upload bypasses CORS

Drop a favicon URL above OR select a local file. Hash and pivot links will appear here.

🛰️ ASN Lab — discover the netblock

Click through to BGP / ASN explorers, then pivot Shodan / FOFA / Censys by ASN.

Enter target above (or ASN here) and click Go.

🧬 Permutation Generator — AlterX-light

Generates dev/staging/typo permutations of the target. Click any to swap target.

📜 Bug Bounty Scope Importer

Paste H1 structured_scope JSON, Bugcrowd asset list, or one domain per line. Out-of-scope items are skipped. Click a chip to set as target. "Run on all" opens the current view × every target (max 50 tabs, requires confirm).

🔬 JS Recon Pack — LinkFinder / SecretFinder client-side

Paste JS file content (or a URL — it will fetch). Extracts endpoints, secrets and revealing comments. 100% local regex.

Awaiting input.

📅 Wayback Param Wordlist Generator

Fetches Wayback CDX for *.{target}/* with query strings since 2018, extracts unique parameter names, sorts by frequency, downloads as params-{target}-{date}.txt ready for ffuf/burp.

Click "Generate" to fetch from web.archive.org and parse parameters client-side. May take 10-30 s for active domains.

📚 Google Hacking Database (Exploit-DB) — curated live picks

Browse upstream GHDB by category, or run a curated still-working dork against your current target.