dorkplus
New Member
Discover how to make combolists using free or paid tools online. From keywords to your own lines.
Step 1 - The keywords
The most important part is making your keywords. Why? Cause this is how you’ll target the niche of your choice. If you’re looking for a specific gaming niche like Valorant or League of Legend you’ll have to target keywords around that theme such as “riot” “league of legend guide” “valorant skins” and so on.
I tend to write the base keywords by myself, searching online which keywords returns good results, how much results and are they matching my niche. When you search online you can either go to blogs, magazines, news or even websites related to your niche, example you're targeting streaming/gaming (kinda the same target) you'll browse steam for the latest games and trends.
Get around 50 keywords, the more the better but 50 is the minimum. Then you can either go to a website like keywordtool.io or twinword.com to get more keywords based on the ones you just made or use the built-in DorkPlus Keyword Scraper to save hours and get UHQ keywords from Amazon, Google, Bing and so on.
Once you’ve got a decent list of keywords, a few thousands will be fine, you can move to the next part, making your dorks.
Step 2 - The dorks
Now it’s time to use all your fresh keywords to make your dorks. Keywords and Dorks are the 2 main points to get relevant links and vulnerable ones, so don’t skip that part.
To make your dorks you’ve got a huge amount of possibilities, you can use Dorky Dorker, TSP Dork Generator or any similar tools. DorkPlus has a built-in utility to make your dorks in a few seconds just by loading your parameters, keywords and page types.
Generate at least 100K dorks to ensure you’ll get a bunch of links ready to be scanned for vulnerabilities, once you got those dorks ready it’s time to parse using a search engine, Google is obviously the best but only one software currently support Google fully and at the highest speed and it’s called “DorkPlus”, that’s what we’ll use in that example.
Step 3 - The parsing/scraping
Let’s use the dorks we freshly generated to scrape some links from Google. You can also use Bing, Yahoo or any other search engines but it’ll return less results and most likely the quality will be worst than Google.
To parse your dorks you can use any Dorking tool, I won’t give any names cause most of them are cracked and infected so we’ll use DorkPlus again for that part.
Step 4 - The scanning
Now we need to scan our scraped links to see if they might be vulnerable to SQL injection, DorkPlus also supports XSS, ADM, ENV and more type of injections but if you’re looking to make a combolist SQL injection will be the best.
This scanning step is really important since it’ll remove the websites that are not vulnerable at all to save time while running the dumper, the Vulnerability Scanner is faster than the Dumper since we’re only performing a scan. Once you got your vulnerable links it’s time to Dump the databases.
Step 5 - The dumping
We’ve got our vulnerable links that’s great. We almost have our combolist, might be the last step if the database isn’t using a hashing system for the sensible information.
You can use any tool to dump the databases such as SQLiDumper, SQLMap, XDG, RustyDumper or DorkPlus which is the most recent tool and the one we’ll be using.
Make sure to set a high time out since websites might take a few seconds to respond. Once you got your dumped rows check if you need to dehash them, if so move on the next step.
Step 6 - The dumping
You’ve got your rows, cool, but sometimes it might be hashed and fortunately there are a bunch of options to dehash your combolist. We’ll use DorkPlus again since everything is built-in but you could use BlueCode or any free/paid tools.
Load your hashed combo, select the proper format and start your task. Obviously you can’t dehash every single lines but you should get a fair amount of clean lines.
Step 1 - The keywords
The most important part is making your keywords. Why? Cause this is how you’ll target the niche of your choice. If you’re looking for a specific gaming niche like Valorant or League of Legend you’ll have to target keywords around that theme such as “riot” “league of legend guide” “valorant skins” and so on.
I tend to write the base keywords by myself, searching online which keywords returns good results, how much results and are they matching my niche. When you search online you can either go to blogs, magazines, news or even websites related to your niche, example you're targeting streaming/gaming (kinda the same target) you'll browse steam for the latest games and trends.
Get around 50 keywords, the more the better but 50 is the minimum. Then you can either go to a website like keywordtool.io or twinword.com to get more keywords based on the ones you just made or use the built-in DorkPlus Keyword Scraper to save hours and get UHQ keywords from Amazon, Google, Bing and so on.
Once you’ve got a decent list of keywords, a few thousands will be fine, you can move to the next part, making your dorks.
Step 2 - The dorks
Now it’s time to use all your fresh keywords to make your dorks. Keywords and Dorks are the 2 main points to get relevant links and vulnerable ones, so don’t skip that part.
To make your dorks you’ve got a huge amount of possibilities, you can use Dorky Dorker, TSP Dork Generator or any similar tools. DorkPlus has a built-in utility to make your dorks in a few seconds just by loading your parameters, keywords and page types.
Generate at least 100K dorks to ensure you’ll get a bunch of links ready to be scanned for vulnerabilities, once you got those dorks ready it’s time to parse using a search engine, Google is obviously the best but only one software currently support Google fully and at the highest speed and it’s called “DorkPlus”, that’s what we’ll use in that example.
Step 3 - The parsing/scraping
Let’s use the dorks we freshly generated to scrape some links from Google. You can also use Bing, Yahoo or any other search engines but it’ll return less results and most likely the quality will be worst than Google.
To parse your dorks you can use any Dorking tool, I won’t give any names cause most of them are cracked and infected so we’ll use DorkPlus again for that part.
Step 4 - The scanning
Now we need to scan our scraped links to see if they might be vulnerable to SQL injection, DorkPlus also supports XSS, ADM, ENV and more type of injections but if you’re looking to make a combolist SQL injection will be the best.
This scanning step is really important since it’ll remove the websites that are not vulnerable at all to save time while running the dumper, the Vulnerability Scanner is faster than the Dumper since we’re only performing a scan. Once you got your vulnerable links it’s time to Dump the databases.
Step 5 - The dumping
We’ve got our vulnerable links that’s great. We almost have our combolist, might be the last step if the database isn’t using a hashing system for the sensible information.
You can use any tool to dump the databases such as SQLiDumper, SQLMap, XDG, RustyDumper or DorkPlus which is the most recent tool and the one we’ll be using.
Make sure to set a high time out since websites might take a few seconds to respond. Once you got your dumped rows check if you need to dehash them, if so move on the next step.
Step 6 - The dumping
You’ve got your rows, cool, but sometimes it might be hashed and fortunately there are a bunch of options to dehash your combolist. We’ll use DorkPlus again since everything is built-in but you could use BlueCode or any free/paid tools.
Load your hashed combo, select the proper format and start your task. Obviously you can’t dehash every single lines but you should get a fair amount of clean lines.