The SecOps Group CAPenX - Certified AppSec Pentesting eXpert (CAPenX) Certification Exam
Question #1 (Topic: demo questions)
Demonstrate how to use Google Dorking to discover exposed camera or printer interfaces over the
internet. Explain how you confirm that the device is actually vulnerable.
Correct Answer: A
Explanation:
Use:inurl:/view.shtml or intitle:"webcamXP" -download.
Thesetarget webcam interfaces; many lack auth by default.
Clicklinks to access live feed or control panels.
Confirminteractivity like pan/tilt or live video without login.
Reportthepublic exposure with IP, model, and CVE (if any) responsibly.
Question #2 (Topic: demo questions)
Find Git repositories accidentally exposed online using Google Dorking. Provide the steps to identify and
extract sensitive commit history or source code
Correct Answer: A
Explanation:
Usethedork: intitle:"index of" ".git" or inurl:.git/config.
Usethedork: intitle:"index of" ".git" or inurl:.git/config.
Thisfindssites where .git directories are publicly browsable.
Openthe.git/config file to confirm repo existence.
Usetoolslike git-dumper or wget --mirror to download the full repo.
Analyzelogs/HEAD, refs/heads, or objects/ for hardcoded credentials or secrets.
Question #3 (Topic: demo questions)
Your goal is to identify documents indexed by Google that may contain sensitive credentials. Show how
to use Google Dorking to locate exposed .env or configuration files.
Correct Answer: A
Explanation:
Usethedork: intitle:index.of ".env" or filetype:env intext:DB_PASSWORD.
Usethedork: intitle:index.of ".env" or filetype:env intext:DB_PASSWORD.
Thesetarget environment config files often contain database/user credentials.
Openresults and inspect the raw text or file directory to locate variables like DB_USERNAME,
DB_PASSWORD, or APP_KEY.
Validate if credentials appear plaintext; never misuse the data.
Document the findings as a vulnerability and recommend file exclusion via robots.txt.
Openresults and inspect the raw text or file directory to locate variables like DB_USERNAME,
DB_PASSWORD, or APP_KEY.
Validate if credentials appear plaintext; never misuse the data.
Document the findings as a vulnerability and recommend file exclusion via robots.txt.
Question #4 (Topic: demo questions)
You are tasked with finding exposed login portals of web applications using Google Dorking.
Demonstrate how to identify pages that contain login forms using Google Search. Explain the logic
behind the dork and how to validate your results.
Correct Answer: A
Explanation:
1. OpenGoogle Search and enter the dork: inurl:login OR inurl:signin filetype:php | filetype:aspx |