Search gov* Domain

Discovers security contact pages on government domains that accept vulnerability reports and may offer rewards.

Intermediate

Safe to use

files

Google Dork Query:

site:*.gov* inurl:/security intext:contact intext:reward

Not verified

What It Does

This dork uses the 'site:' operator to restrict results to a specific domain or TLD, the 'inurl:' operator to filter results by URL path keywords, and the 'intext:' operator to search for specific text within page content. Results return specific files indexed by Google that were likely unintentionally exposed on public web servers.

Common Use Cases

Sensitive File Detection: Locate CONTACT files that have been inadvertently exposed on public web servers.
Data Exposure Assessment: Assess whether CONTACT files containing sensitive data are accessible without authentication.
Compliance Monitoring: Verify that CONTACT files are properly secured and not violating data protection policies.

How to Use Safely

Run this dork in Google to find publicly indexed CONTACT files.
Examine the results to identify files containing sensitive or confidential information.
Assess the severity of each exposure based on the type of data contained in the files.
Notify affected organizations and recommend access controls or file removal.

Responsible Use Required

This dork should only be used on systems you own or have explicit authorization to test. Unauthorized access to computer systems is illegal. Always follow ethical guidelines and obtain proper permission before testing.

Related Dorks

Find MODERATOR Files

Finds exposed vBulletin moderator control panels that may allow unauthorized forum moderation actions.

Exposed Configuration Files

Finds exposed configuration files (.config, .cfg, .ini) containing plaintext passwords and database credentials.

Find Backup-Management (phpMyBackup v.0.4 beta * ) Pages

Finds exposed phpMyBackup management interfaces that could allow unauthorized access to MySQL database backup operations.