forked from Abacus-Group-RTO/pentest-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdorker.py
116 lines (103 loc) · 6.39 KB
/
dorker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/python
import requests
import argparse
import re
import time
import json
from colorama import Fore, Style, init
import sys
## Check for matches and apply the result logic
def checkMatch(stringToSearch, searches: dict) -> str:
resultObj = []
for searchKey in searches:
if searchKey == "captchaFuckery":
continue
result = re.search(searches[searchKey], stringToSearch)
## Keep in mind we're looking for there to be no results.
## A hit indicates we've matched conditions for no results.
if result:
resultObj.append(True)
else:
resultObj.append(False)
captResult = re.search(searches["captchaFuckery"], stringToSearch)
if resultObj[0] == True or resultObj[1] == True:
result = "NoResults"
elif not captResult == None:
result = "Captcha"
else:
result = "Results"
return result
## Do the request and decode the result
def dorkRequest(baseSearchUrl: str, dorkDeets: str) -> str:
searchUrl = "{0}{1}".format(baseSearchUrl, dorkDeets)
requestObj = requests.get(searchUrl)
requestResult = str(requestObj.content.decode('utf-8','ignore'))
return requestResult
## Drop a report
def dorkReport(baseSearchUrl: str, dorkDeet: str, dorkTarget:str, dorkKey:str, dorkCheckResult: str):
if dorkCheckResult == "NoResults":
print("{0} >> {1} has no {2}.".format(Fore.GREEN, str(dorkTarget), str(dorkKey)))
elif dorkCheckResult == "Captcha":
print("{0} >> {1} has a captcha hit on {2}. Retry by hand.".format(Fore.YELLOW, str(dorkTarget), str(dorkKey)))
print("{0} {1}{2}".format(Fore.WHITE, str(baseSearchUrl), str(dorkDeet)))
elif dorkCheckResult == "Results":
print("{0} >> {1} has {2}.".format(Fore.RED, str(dorkTarget), str(dorkKey)))
print("{0} {1}{2}".format(Fore.WHITE, str(baseSearchUrl), str(dorkDeet)))
return
## Consolidated Dork
def dorkMe(baseSearchUrl: str, dorkTarget:str, dorkKey:str, dorkDeet: str, searches: dict):
print("{0}Dorking {1}...".format(Fore.WHITE, str(dorkDeet)))
dorkResult = dorkRequest(baseSearchUrl, dorkDeet)
checkResult = checkMatch(dorkResult, searches)
dorkReport(baseSearchUrl, dorkDeet, dorkTarget, dorkKey, checkResult)
return
## Submain def
def dork(target: str, delay: int):
init()
## base deets
baseUrl = 'https://www.google.com/search?q=site:'
targetUrl = target
## Result Regex
noMatch1 = r'(\W|^)did\snot\smatch\sany(\W|$)'
noMatch2 = r'(\W|^)No\sresults\sfound\sfor(\W|$)'
captcha = r'(\W|^)unusual\straffic(\W|$)'
## Dorks
exposedDocuments = targetUrl + '+ext:doc+|+ext:docx+|+ext:odt+|+ext:rtf+|+ext:sxw+|+ext:psw+|+ext:ppt+|+ext:pptx+|+ext:pps+|+ext:csv'
directoryListings = targetUrl + '+intitle:index.of'
configFiles = targetUrl + '+ext:xml+|+ext:conf+|+ext:cnf+|+ext:reg+|+ext:inf+|+ext:rdp+|+ext:cfg+|+ext:txt+|+ext:ora+|+ext:ini+|+ext:env'
databaseFiles = targetUrl + '+ext:sql+|+ext:dbf+|+ext:mdb'
logFiles = targetUrl + '+ext:log'
backupFiles = targetUrl + '+ext:bkf+|+ext:bkp+|+ext:bak+|+ext:old+|+ext:backup'
loginPages = targetUrl + '+inurl:login+|+inurl:signin+|+intitle:Login+|+intitle:"sign+in"+|+inurl:auth'
sqlErrors = targetUrl + '+intext:"sql+syntax+near"+|+intext:"syntax+error+has+occurred"+|+intext:"incorrect+syntax+near"+|+intext:"unexpected+end+of+SQL+command"+|+intext:"Warning:+mysql_connect()"+|+intext:"Warning:+mysql_query()"+|+intext:"Warning:+pg_connect()"'
phpErrors = targetUrl + '+"PHP+Parse+error"+|+"PHP+Warning"+|+"PHP+Error"'
phpinfo = targetUrl + '+ext:php+intitle:phpinfo+"published+by+the+PHP+Group"'
pastebin = 'pastebin.com%20|%20site:paste2.org%20|%20site:pastehtml.com%20|%20site:slexy.org%20|%20site:snipplr.com%20|%20site:snipt.net%20|%20site:textsnip.com%20|%20site:bitpaste.app%20|%20site:justpaste.it%20|%20site:heypasteit.com%20|%20site:hastebin.com%20|%20site:dpaste.org%20|%20site:dpaste.com%20|%20site:codepad.org%20|%20site:jsitor.com%20|%20site:codepen.io%20|%20site:jsfiddle.net%20|%20site:dotnetfiddle.net%20|%20site:phpfiddle.org%20|%20site:ide.geeksforgeeks.org%20|%20site:repl.it%20|%20site:ideone.com%20|%20site:paste.debian.net%20|%20site:paste.org%20|%20site:paste.org.ru%20|%20site:codebeautify.org%20%20|%20site:codeshare.io%20|%20site:trello.com%20"' + targetUrl + '"'
github = 'github.com%20|%20site:gitlab.com%20"' + targetUrl + '"'
stackoverflow = 'stackoverflow.com%20"' + targetUrl + '"'
signupPages = targetUrl + '+inurl:signup+|+inurl:register+|+intitle:Signup'
subdomains = 'site:*."' + targetUrl + '"'
subsubdomains = 'site:*.*."' + targetUrl +'"'
awsFiles = targetUrl + '+intitle:"index.of" aws/'
S3Buckets = targetUrl + '+intitle:"index.of" "/aws.s3/"'
dorks = {"Exposed Documents": exposedDocuments, "Directory Listings": directoryListings, "Exposed Configs": configFiles, "Exposed Databases": databaseFiles, "Exposed Logs": logFiles, "Exposed Backups": backupFiles, "Login Pages": loginPages, "SQL Errors": sqlErrors , "PHP Errors": phpErrors, "PHP Info": phpinfo, "Pastes": pastebin , "Exposed Github Pages": github, "Stackoverflow Hits": stackoverflow, "Signup Pages": signupPages, "Sub Domains": subdomains, "Sub-Sub Domains": subsubdomains, "AWS Files": awsFiles, "AWS S3 Buckets": S3Buckets}
searches = {"noMatch1": noMatch1, "noMatch2": noMatch2, "captchaFuckery": captcha}
# Dork for exposed documents that might be interesting
for dorkKey in dorks:
dorkDeet = dorks[dorkKey]
dorkMe(baseUrl, target, dorkKey, dorkDeet, searches)
time.sleep(delay)
def main():
parser = argparse.ArgumentParser(description='Google Dork a list of URLs for goodies.')
parser.add_argument('--file',help='Text file containing a list of URLs, preferably with the http/https portion removed',required=True)
parser.add_argument('--delay',help='Time to wait between operations to avoid throttling and Captcha bullshit', default=5, required=False)
args = parser.parse_args()
print("Dorking from the file {0}".format(str(args.file)))
print("Request delay is {0} seconds".format(str(args.delay)))
if args.file:
with open(args.file) as f:
for i in f.readlines():
i = i.strip()
dork(i, args.delay)
if __name__=="__main__":
main()