Searching for Subdomain Vulnerabilities using Censys

TL;DR- A ‘how-to’ on utilizing a great tool that takes the concept of ‘Google dorking’ to a whole new level. This article is highly suggested reading for bug bounty hunters.

Censys is like using Shodan or Google dorking, but on steroids. It’s search feature is hosted online at https://search.censys.io/, and I’m going to document a full walkthrough on finding a bug.