└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Interesting IT Assets Owned by Meta (Facebook) 2 | Meta Platforms, Inc., formerly known as Facebook, Inc., is a highly valuable company and a significant player in the bug bounty domain. According to an [article](https://about.fb.com/news/2022/12/metas-bug-bounty-program-2022/), Meta has paid out over $16 million in bug bounties since 2011. Due to its popularity and reputation, Meta has become a prime target for security researchers and bug bounty hunters. As a result, it has become quite challenging to find even relatively simple bugs mentioned in standard security frameworks such as OWASP. 3 | 4 | Based on my experience and analysis over the past decade, I have observed that most of the bugs rewarded by Facebook are client-side or business logic vulnerabilities. These include **MFA bypass, IDOR via GraphQL, CSRF, DOM XSS, CSP bypass, open redirect, privacy issues, rate limiting, logic flaws, authorization flaws, OAuth/SSO misconfigurations, and information disclosure**, among others. However, server-side high/critical vulnerabilities such as **SQL/LDAP/XPath/XML injection, ELI, SSTI, code/OS command injection, insecure deserialization, file path traversal (LFI/AFR/RFI), SSRF, SSI, buffer overflow/memory leak, SMTP/HTTP header injection (also known as "CRLF"), directory listing, or missing error handling leading to source code/secret leaks** are rarely found. The credit goes to Facebook's strong core architecture and secure logic implementation using the [Hack language](https://hacklang.org/) on top of the [HHVM server](https://hhvm.com/). As a result, it is nearly impossible to obtain a reverse or bind root shell of the facebook.com server. 5 | 6 | Similar to other companies, Facebook does not rely solely on in-house developed software/applications. It also uses third-party applications and hosts them on some subdomains. As these third-party software applications require different server configurations, it is possible for server-side vulnerabilities to arise. The question then becomes: How do we identify such subdomains and find these vulnerabilities? The answer lies in reconnaissance (recon). 7 | 8 | The term "recon" originates from its military usage to describe an information-gathering mission. Reconnaissance can be both fun and time-consuming. Therefore, I would like to share a list of interesting IT assets owned by Meta (formerly Facebook) with the security research community. I have identified all these assets using various tools and platforms, including: 9 | 10 | - [Shodan](https://www.shodan.io/): An internet-connected device search engine. 11 | - [Hurricane Electric BGP Toolkit](https://bgp.he.net/): A network information and IP address lookup tool. 12 | - [DNSDumpster](https://dnsdumpster.com/): A DNS (Domain Name System) information gathering tool. 13 | - [Censys](https://search.censys.io/): An internet-wide search engine for discovering devices and networks. 14 | - [BinaryEdge](https://www.binaryedge.io/): An internet scanning and threat intelligence platform. 15 | - [crt.sh](https://crt.sh/): A certificate search and monitoring tool. 16 | - [SubdomainFinder](https://subdomainfinder.c99.nl/): A subdomain enumeration and discovery tool. 17 | - [YouGetSignal](https://www.yougetsignal.com/tools/web-sites-on-web-server/): A web server hosting multiple websites detection tool. 18 | - [Google Dork](https://en.wikipedia.org/wiki/Google_hacking): Customized search queries using Google's search operators. 19 | - Other open-source programs/tools/frameworks for IT asset discovery. 20 | 21 | This comprehensive list includes relevant details such as the applications running on these assets. For proprietary applications, information about the developer is provided, while open-source applications include links to their source code. These assets were identified during my security research, and I believe that sharing them will save time for testers in discovering subdomains and identifying the software in use. 22 | 23 | It is important to note that **I am not promoting or encouraging anyone to access or test any of the listed assets without proper authorization. Maintain ethical practices and follow authorized access when conducting any security research. Before accessing or testing any of the assets mentioned, please read and comply with the terms, rules, and research scope specified on https://www.facebook.com/whitehat and https://www.facebook.com/security/advisories/Vulnerability-Disclosure-Policy** 24 | 25 | ## List of Meta-Owned IT Assets 26 | 27 | 1. **[BeyondTrust Remote Support Software](https://www.beyondtrust.com/products/remote-support)**: It allows support organizations to access and assist remote computers and mobile devices. The following Facebook assets host this software: 28 | 29 | - https://btremotesupport.thefacebook.com/appliance/login.ns - Virtual Appliance LOGIN 30 | - https://btremotesupport.thefacebook.com/ - Support Portal 31 | - https://btremotesupport-eu.thefacebook.com/ 32 | - https://remoteassist-east.thefacebook.com/ - Support Portal 33 | - https://remoteassist-west.thefacebook.com/ - Support Portal 34 | - https://remoteassist.thefacebook.com/ - Support Portal 35 | - https://remoteassist.thefacebook.com/api/command.xsd 36 | 37 | Additionally, some interesting technical guidelines and product documentation for BeyondTrust Remote Support Software can be found publicly at [rs-admin.pdf](https://www.beyondtrust.com/docs/remote-support/documents/user/rs-admin.pdf). 38 | 39 | 2. **Excalidraw**: Excalidraw is a virtual collaborative whiteboard tool that allows users to easily sketch diagrams with a hand-drawn feel. It is an open-source tool available on GitHub at [excalidraw/excalidraw](https://github.com/excalidraw/excalidraw). The following Facebook assets host Excalidraw: 40 | 41 | - https://whiteboard.facebookrecruiting.com/ 42 | - https://excalidraw.glbx.thefacebook.com/ 43 | - https://excalidraw.thefacebook.com/ 44 | - https://excalidrawsocket.thefacebook.com/ 45 | 46 | 3. **MuleSoft's APIkit**: APIkit is a tool developed by MuleSoft for building Mule REST or SOAP APIs. It is an open-source project available on GitHub at [mulesoft/apikit](https://github.com/mulesoft/apikit). The following Facebook assets expose APIkit Console: 47 | 48 | - https://ash-mulesoftrtuat.thefacebook.com/console/ - UAT 49 | - https://ash-mulesoftrtprd.thefacebook.com/console/ - Prod 50 | - https://metaint.thefacebook.com/console/ 51 | - https://metauatint.thefacebook.com/ 52 | 53 | 4. **Cortex DAM**: Cortex DAM is a digital asset management platform developed by [Orange Logic](https://www.orangelogic.com/). It is hosted on the following Facebook-owned domains: 54 | 55 | - https://cortex.thefacebook.com/CS.aspx?VP3=LoginRegistration&L=True&R=False 56 | - https://cortex.atmeta.com/CS.aspx?VP3=LoginRegistration&L=True&R=False 57 | - https://cortex-uat.atmeta.com/CS.aspx?VP3=LoginRegistration&L=True&R=False 58 | - https://cortex.thefacebook.com/API/Authentication/v1.0/Login 59 | 60 | 5. **[F5 BIG-IP Access Policy Manager](https://www.f5.com/products/big-ip-services/access-policy-manager)**: The F5 BIG-IP Access Policy Manager (APM) is a solution that enables users or organizations to utilize single sign-on (SSO) for accessing applications from anywhere. You can find the manual, supplemental documents, and release notes for BIG-IP APM [here](https://my.f5.com/manage/s/tech-documents#t=prodManuals&sort=relevancy&f:@f5_product=[BIG-IP%20APM]). For other interesting technical documents related to F5 products, you can use the following Google dork: [site:f5.com "my.policy" ext:pdf](https://www.google.com/search?q=site%3Af5.com+%22my.policy%22+ext%3Apdf). Subdomains hosting BIG-IP APM: 61 | 62 | - https://snc-agile-ext.thefacebook.com/ 63 | - https://ash-agile-ext.thefacebook.com/ 64 | 65 | 6. **[Verdaccio](https://verdaccio.org/)**: Verdaccio is a lightweight Node.js private proxy registry. It is an open-source project available on GitHub at [verdaccio/verdaccio](https://github.com/verdaccio/verdaccio). Facebook assets hosting Verdaccio: 66 | 67 | - https://npm.developer.glbx.thefacebook.com/ 68 | - https://npm.developer.glbx.thefacebook.com/-/metrics 69 | - https://npm.developer.glbx.thefacebook.com/-/static/manifest.json 70 | - https://npm.developer.oculus.com/ 71 | 72 | 7. **TAP - PROD**: TAP (possibly short for "The Authentication Provider") appears to be an [identity server](https://duendesoftware.com/products/identityserver), but further details are unknown. The unmaintained and archived code related to the identity server is available as an open-source project on GitHub at [IdentityServer](https://github.com/IdentityServer). Subdomains associated with TAP - PROD: 73 | 74 | - https://legal.tapprd.thefacebook.com/ 75 | - https://legal.tapprd.thefacebook.com/tapprd/portal 76 | - https://legal.tapprd.thefacebook.com/tapprd/auth/identity/connect/authorize?client_id=9d7955e505af4cd48be38c2447b35638&response_type=code&scope=web_ui%20offline_access%20openid&redirect_uri=https%3A%2F%2Flegal.tapprd.thefacebook.com%2Ftapprd%2Fportal%2Fauthentication%2Fcallback&state=%2Ftapprd%2FPortal%2F%3Alocal&acr_values=local&prompt=login 77 | - https://lb-snc-tapprdngx.thefacebook.com/ 78 | 79 | 8. **[Neurons for MDM](https://www.ivanti.com/products/ivanti-neurons-for-mdm)**: Neurons for MDM (Mobile Device Management) is a cloud-based platform for modern device management developed by Ivanti (formerly MobileIron). You can find relevant technical documents and information about Neurons for MDM online, such as the [Low User Impact Migration Portal 11 Guide](https://help.ivanti.com/mi/help/en_us/cld/11/mig/LandingPage.htm), [Ivanti Neurons for MDM (N-MDM) Migration Resource Toolkit](https://forums.ivanti.com/s/article/MobileIron-Migration-Resource-Toolkit-4904?language=en_US), and [MobileIron Migration Portal User Guide - Product Documentation](https://help.ivanti.com/mi/legacypdfs/MobileIron%20Low%20User%20Impact%20Migration%20Portal%20R10%20User%20Guide.pdf). Facebook assets related to Neurons for MDM: 80 | 81 | - https://vsp-int.thefacebook.com/ - LUI (Low User Impact) Migration Portal 82 | - https://vsp-int.thefacebook.com/user#!/ - Device Migration Portal 83 | - https://vsp-int.thefacebook.com/auriga/v2/api-docs - Swagger API Documentation (Viewable using [Swagger Editor](https://editor.swagger.io/)) 84 | - https://vsp-int.thefacebook.com/auriga/status 85 | - https://ec2-54-160-23-184.compute-1.amazonaws.com/ 86 | 87 | 9. **[Velociraptor](https://docs.velociraptor.app/)**: Velociraptor is an advanced digital forensic and incident response tool used for collecting host-based state information using the Velociraptor Query Language (VQL) queries. It is an open-source project available on GitHub at [Velocidex/velociraptor](https://github.com/Velocidex/velociraptor). Facebook asset hosting Velociraptor: 88 | 89 | - https://minion.lr-test.atmeta.com/app/index.html 90 | - https://minion.lr-test.atmeta.com/server.pem 91 | 92 | 10. **[Zendesk](https://www.zendesk.com/in/)**: Zendesk is a customer support platform. Facebook asset hosting Zendesk: 93 | 94 | - https://help.mapillary.com/hc/en-us 95 | - https://facebookbrand-2018-dev.fb.com/ 96 | 97 | 11. **[WordPress](https://wordpress.com/)**: WordPress is a popular content management system. Facebook asset hosting WordPress: 98 | 99 | - https://facebookbrand-2018-release.fb.com/wp-login.php 100 | - https://facebookbrand-2018-preprod.fb.com/wp-login.php 101 | - https://*.facebookbrand-2018-release.fb.com/wp-login.php 102 | - https://*.facebookbrand-2018-preprod.fb.com/wp-login.php 103 | - https://code-dev.fb.com/wp-login.php 104 | - https://abpstories.fb.com/wp-login.php 105 | - https://360.fb.com/wp-login.php 106 | - https://audio360.fb.com/wp-login.php 107 | - https://about.fb.com/wp-login.php 108 | - https://brasil.fb.com/wp-login.php 109 | - https://apacpolicy.fb.com/wp-login.php 110 | - https://360video.fb.com/wp-login.php 111 | - https://access.fb.com/wp-login.php 112 | - https://countryhub.fb.com/wp-login.php 113 | - https://counterspeech.fb.com/wp-login.php 114 | - https://emeapolicycovidhub.fb.com/wp-login.php 115 | - https://engineering.fb.com/wp-login.php 116 | - https://estacaohack.fb.com/wp-login.php 117 | - https://facebookbrand-2018-release.fb.com/wp-login.php 118 | - https://fightcovidmisinfo.fb.com/wp-login.php 119 | - https://facebook360.fb.com/wp-login.php 120 | - https://indonesia.fb.com/wp-login.php 121 | - https://immersivelearningacademy.fb.com/wp-login.php 122 | - https://humanrights.fb.com/wp-login.php 123 | - https://india.fb.com/wp-login.php 124 | - https://myanmar.fb.com/wp-login.php 125 | - https://managingbias.fb.com/wp-login.php 126 | - https://mydigitalworld.fb.com/wp-login.php 127 | - https://programswhatsapp.fb.com/wp-login.php 128 | - https://privacytech.fb.com/wp-login.php 129 | - https://rightsmanager.fb.com/wp-login.php 130 | - https://sustainability.fb.com/wp-login.php 131 | - https://messengernews.fb.com/wp-login.php 132 | - https://surround360.fb.com/wp-login.php 133 | - https://whatsapppolicy.fb.com/wp-login.php 134 | - https://vrforinclusion.fb.com/wp-login.php 135 | - https://wethinkdigital.fb.com/wp-login.php 136 | - https://code.fb.com/wp-login.php 137 | 138 | 12. **[Cisco ASA VPN](https://www.cisco.com/site/us/en/index.html)**: Cisco ASA VPN is a virtual private network solution. The following Facebook assets host this software: 139 | 140 | - https://ams501vpn.thefacebook.com/ 141 | - https://ams501vpn01.thefacebook.com/ 142 | - https://ams501vpn02.thefacebook.com/ 143 | - https://ams501vpn03.thefacebook.com/ 144 | - https://ashvpn.thefacebook.com/ 145 | - https://ashvpn01.thefacebook.com/ 146 | - https://ashvpn02.thefacebook.com/ 147 | - https://ashvpn03.thefacebook.com/ 148 | - https://ashvpn04.thefacebook.com/ 149 | - https://ashvpn05.thefacebook.com/ 150 | - https://ashvpn06.thefacebook.com/ 151 | - https://gruvpn.thefacebook.com/ 152 | - https://gruvpn01.thefacebook.com/ 153 | - https://gruvpn02.thefacebook.com/ 154 | - https://lhr501vpn.thefacebook.com/ 155 | - https://lhr501vpn01.thefacebook.com/ 156 | - https://lhr501vpn02.thefacebook.com/ 157 | - https://nrt502vpn.thefacebook.com/ 158 | - https://nrt502vpn01.thefacebook.com/ 159 | - https://nrt502vpn02.thefacebook.com/ 160 | - https://sin501vpn.thefacebook.com/ 161 | - https://sin501vpn01.thefacebook.com/ 162 | - https://sin501vpn02.thefacebook.com/ 163 | - https://sncvpn.thefacebook.com/ 164 | - https://sncvpn01.thefacebook.com/ 165 | - https://sncvpn02.thefacebook.com/ 166 | - https://sncvpn03.thefacebook.com/ 167 | - https://sncvpn04.thefacebook.com/ 168 | - https://sncvpn05.thefacebook.com/ 169 | - https://sncvpn06.thefacebook.com/ 170 | 171 | > If you're interested in learning about subdomain naming conventions used by Facebook, you can read more about it [here](https://unorde.red/exploring-facebooks-network/). 172 | 173 | 13. **[Phabricator](https://phacility.com/phabricator/)**: Phabricator is an open-source software development collaboration platform. Available on GitHub at [phacility/phabricator](https://github.com/phacility/phabricator). Facebook assets related to Phabricator: 174 | 175 | - https://phabricatorfiles.internmc.fb.com/ 176 | - https://phabricatorfiles.cstools.fb.com/ 177 | - https://phabricatorfiles.intern.fb.com/ 178 | - https://phabricator.internmc.fb.com/ 179 | - https://phabricator.cstools.fb.com/ 180 | - https://phabricator.intern.fb.com/ 181 | 182 | 14. **Facebook Employee Login**: 183 | 184 | - https://fb.workplace.com/ 185 | - https://fb.alpha.workplace.com/ 186 | - https://work.meta.com/ 187 | 188 | 15. **Open Source Software Repositories**: 189 | 190 | - https://mirror.facebook.net/ 191 | - http://mirror.t.tfbnw.net/ 192 | - https://mirror.glbx.thefacebook.com/ 193 | - https://github.com/facebook/ 194 | - https://github.com/facebookincubator/ 195 | 196 | 16. **Google Dorks**: _(Note: Google search results may vary based on locality and ISP.)_ 197 | 198 | - [site:go.facebookinc.com](https://www.google.com/search?q=site%3Ago.facebookinc.com) OR [site:legal.tapprd.thefacebook.com inurl:ShowWorkFlow](https://www.google.com/search?q=site:legal.tapprd.thefacebook.com+inurl:ShowWorkFlow) - Google dork to find interesting Forms. 199 | - [site:facebook.com inurl:"facebook.com/ajax" ext:php](https://www.google.com/search?q=site:facebook.com+inurl:%22facebook.com/ajax%22+ext:php) - Google dork to find interesting PHP controller files. 200 | - [site:facebook.com inurl:"security/advisories" intitle:CVE](https://www.google.com/search?q=site:facebook.com+inurl:%22security/advisories%22+intitle:CVE) - Google dork to find security advisories published by Facebook. 201 | 202 | 17. **URL shortening service**: Shortened URL service provided by Facebook. 203 | 204 | - https://fb.me/ 205 | - https://on.fb.me/ 206 | - https://go.fb.me/ 207 | - https://fburl.com/ 208 | 209 | 18. **Critical assets**: These in-house developed assets are hosting user-sensitive data: 210 | 211 | - https://graph.facebook.com/ - It is a key subdomain used for GraphQL API requests. It serves as the entry point for making GraphQL queries. A beta version of Facebook's Graph API is available at https://graph.beta.facebook.com/. Similarly, for Instagram, the subdomains https://graph.instagram.com/ and https://graphql.instagram.com/ are utilized for interacting with Instagram's GraphQL API. 212 | - https://www.internalfb.com/ - It is a domain Facebook uses internally. 213 | - https://www.facebook.com/records/login/ - This portal is used to respond to matters involving imminent harm to a child or risk of death or serious physical injury to any person. Law enforcement officials can submit requests for information disclosure without delay. It is likely an in-house developed portal. 214 | - https://external-disputes.meta.com/ - It is appears to be Meta's portal for handling external dispute resolutions, possibly related to advertising, content moderation, or account restrictions 215 | - https://www.metacareers.com/ and http://www.facebookrecruiting.com/ - Meta Careers is a portal for recruitment, internships, and joining Meta. 216 | - https://developers.facebook.com/tools/ - It provides various interesting debugging and validation tools helpful for developers. 217 | - https://upload.facebook.com/ - It is responsible for handling file uploads to Facebook. When users upload photos or videos, the files are typically processed and stored through this subdomain. 218 | - https://www.beta.facebook.com/ - Used to test new features and updates before they are rolled out to the main Facebook platform. Read more [here](https://developers.facebook.com/blog/post/438/). 219 | - https://auth.meta.com/ - Authentication purposes in the Meta ecosystem. 220 | 221 | 19. **[Microsoft Exchange Autodiscover](https://learn.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019)**: 222 | 223 | - http://autodiscover.thefacebook.com/autodiscover/ 224 | - http://autodiscover.fb.com/autodiscover/ 225 | 226 | 20. **Other Interesting Domains and Endpoints**: 227 | - https://www.facebook.com/diagnostics 228 | - https://b-api.facebook.com/method/auth.login 229 | - https://api.facebook.com/restserver.php?api_key=win3zz&format=XML&method=facebook.fql.query&query=SELECT 230 | - https://www.facebook.com/status.php - Endpoint for checking the status of Facebook's services. 231 | - https://www.facebook.com/ai.php 232 | - https://www.facebook.com/plugins/serverfbml.php 233 | - https://www.facebook.com/osd.xml 234 | - https://m.facebook.com/.well-known/keybase.txt - Endpoint for accessing the Keybase verification file on mobile Facebook. 235 | - https://facebooksuppliers.com/ - Endpoint for accessing information related to Facebook's suppliers. 236 | - https://www.facebook.com/suppliers/diversity/enroll - Endpoint for enrolling in Facebook's diversity supplier program. 237 | - https://www.facebookblueprint.com/ 238 | - https://code.facebook.com/cla - Endpoint for accessing Facebook's Contributor License Agreement. 239 | - https://phishme.thefacebook.com/ 240 | - https://trac.thefacebook.com/ 241 | - https://pki.thefacebook.com/ 242 | - https://badge.thefacebook.com/ 243 | - https://vip.thefacebook.com/ 244 | - https://trunkstable.facebook.com/ 245 | - https://www.trunkstable.instagram.com/ 246 | - https://trunkstable.freebasics.com/ 247 | - https://connect-staging.internet.org/ 248 | - https://edge-chat.internalfb.com/ 249 | - https://s-static.internalfb.com/ 250 | - https://apacpolicy.fb.com/login-page/ 251 | - https://whatsapppolicy.fb.com/login-page/ 252 | - https://emeapolicycovidhub.fb.com/vpn/ 253 | - https://dev.freebasics.com/ 254 | - https://cinyour.facebook.com/ 255 | - https://content.facebookinc.com/ 256 | - https://instagram-engineering.com/ 257 | - https://maps.instagram.com/ 258 | - https://gateway.horizon.meta.com/ 259 | - https://gateway.quest.meta.com/ 260 | - https://gateway.spark.meta.com/ 261 | - https://gateway.internalfb.com/ 262 | - https://gateway.work.meta.com/ 263 | - https://communityforums.atmeta.com/ 264 | - https://communityforums-stage.atmeta.com/ 265 | - https://forum.mapillary.com/ 266 | - https://simulator.freebasics.com/ 267 | - https://spark.meta.com/ 268 | - https://datastories.fb.com/ 269 | - https://middlemileinfra.fb.com/ 270 | - https://npe.fb.com/ 271 | - https://qpdemocheckin.fb.com/ 272 | - https://vestibule.fb.com/ 273 | - https://test.supernova.fb.com/ 274 | - https://vsp.fb.com/ 275 | - https://rightsmanager.fb.com/ 276 | - https://developerevents.atmeta.com/ 277 | - [https://developerevents.atmeta.com/gql?query={__schema{types{name}}}](https://developerevents.atmeta.com/gql?query={__schema{types{name}}}) - This GraphQL endpoint that allows processing introspection queries. 278 | - https://ec2-52-86-181-233.compute-1.amazonaws.com/ - An AWS host owned by Facebook. It hosts a Node.js application named Mango Harvest. 279 | - https://ec2-52-86-181-233.compute-1.amazonaws.com/api/docs/ - Swagger UI instance 280 | - https://ec2-52-86-181-233.compute-1.amazonaws.com/api/api/ - Stacktrace 281 | - https://cloud.internal.metamail.com/FAQ 282 | 283 | 21. **[ServiceNows](https://www.servicenow.com/)**: Following URL hosts Meta's ServiceNow instance. ServiceNow is widely used for IT Service Management (ITSM), request tracking, incident management, and workflow automation: 284 | 285 | - https://meta.service-now.com/InstanceInfo.do 286 | 287 | 22. **[GitHub Enterprise Login - Oculus (DEV/PROD)](https://github.com/enterprise)**: Following URLs hosts a development (PROD and DEV) environment of Oculus GitHub Enterprise (GHE) instance. GHE is a self-hosted version of GitHub used for managing source code and repositories within the enterprise. 288 | 289 | - https://dev.ghe.oculus-rep.com/login 290 | - https://ghe.oculus-rep.com/login 291 | 292 | 293 | ## Other Information 294 | 295 | - **Snapshot of Facebook from February 12, 2004**: You can explore the early days of Facebook by viewing a snapshot of the website. 296 | - https://web.archive.org/web/20040212031928/http://www.thefacebook.com/ 297 | - **Facebook Inventory**: A collection of Facebook assets available on GitHub. 298 | - https://github.com/TricksterShubi/inventory/tree/main/Facebook 299 | - **Facebook Bug Bounty Writeups**: A collection of vulnerability reports on Facebook. 300 | - https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups 301 | - https://infosecwriteups.com/tagged/facebook-bug-bounty 302 | - **Facebook Source Code Leaked**: 303 | - https://gist.github.com/nikcub/3833406 304 | - https://gist.github.com/philfreo/7257723 305 | - **Algolia API Keys**: 306 | - https://github.com/facebook/create-react-app/blob/0a827f69ab0d2ee3871ba9b71350031d8a81b7ae/docusaurus/website/docusaurus.config.js#L48 307 | - https://aujyiq70hn-dsn.algolia.net/1/keys/25243dbf9049cf036e87f64b361bd2b9?X-Algolia-Application-Id=AUJYIQ70HN&X-Algolia-API-Key=25243dbf9049cf036e87f64b361bd2b9 308 | - https://github.com/facebook/flipper/blob/b55d730dd7589e533d742b4fb883c28ee9064b4b/desktop/plugin-lib/src/getNpmHostedPlugins.tsx#L13 309 | - https://ofcncog2cu-dsn.algolia.net/1/keys/f54e21fa3a2a0160595bb058179bfb1e?X-Algolia-Application-Id=OFCNCOG2CU&X-Algolia-API-Key=f54e21fa3a2a0160595bb058179bfb1e 310 | - https://github.com/facebook/Ax/blob/36285eb26b80d6ae6d0b5e23f0619c6c9796209d/website/siteConfig.js#L97 311 | - https://bh4d9od16a-dsn.algolia.net/1/keys/467d4f1f6cace3ecb36ab551cb44905b?x-algolia-application-id=BH4D9OD16A&x-algolia-api-key=467d4f1f6cace3ecb36ab551cb44905b 312 | - **Email ID of Mark Zuckerberg**: zuck@thefacebook.com (Ref: https://twitter.com/testerfo1/status/1538880004536139776) 313 | - **Facebook Profile of Mark Zuckerberg**: https://www.facebook.com/profile.php?id=4 OR https://www.facebook.com/zuck 314 | 315 | _Please note that at the time of writing, all the URLs mentioned in the list are accessible. However, keep in mind that the availability of these URLs may change over time. I will do my best to update if any URLs become inaccessible._ 316 | 317 | ### Contribution 318 | If you know any interesting assets/URLs that are dynamic in nature, host open-source or third-party applications, or if you know of applications developed by Meta itself, please feel free to submit a pull request. Additionally, individuals can share PoC they consider important or security-sensitive, even if they haven't been accepted by Facebook as bugs. 319 | --------------------------------------------------------------------------------