-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathgoogle_dorking_automatization.py
101 lines (80 loc) · 5.53 KB
/
google_dorking_automatization.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
from googlesearch import search
import json
import time
import argparse
import copy
import yaml
outputDict = {}
def createParser ():
parser = argparse.ArgumentParser()
parser.add_argument('-i', '--input', help='Path to input file')
parser.add_argument('-o', '--output', default='yaml', help='Output settings. Default: YAML in console. Custom: JSON in console ("json" argument).')
parser.add_argument('-c', '--count', help='Count of results from one query')
return parser
def oneRequest(query, count):
responseDict = {}
# -----------
#if you want to use rotating proxy
#proxy = 'http://yourProxy:8080/'
#j = search(query, advanced=True, num_results=count, proxy=proxy, ssl_verify=False)
# -----------
j = search(query, advanced=True, num_results=count)
for i in j:
responseDict[i.url] = i.description
return responseDict
def functionHub(site, resultsCount):
domainDict = {}
domainDict["API Endpoints"] = copy.deepcopy(oneRequest("site:" + site + " inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3", resultsCount))
time.sleep(10)
domainDict["Juicy Extensions"] = copy.deepcopy(oneRequest("site:" + site + " ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json", resultsCount))
time.sleep(10)
domainDict["Server Errors"] = copy.deepcopy(oneRequest("inurl:""error"" | intitle:""exception"" | intitle:""failure"" | intitle:""server at"" | inurl:exception | ""database error"" | ""SQL syntax"" | ""undefined index"" | ""unhandled exception"" | ""stack trace"" site:" + site, resultsCount))
time.sleep(10)
domainDict["XSS Prone Parameters"] = copy.deepcopy(oneRequest("inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["Open Redirect Prone Parameters"] = copy.deepcopy(oneRequest("inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:" + site, resultsCount))
time.sleep(10)
domainDict["SQLi Prone Parameteres"] = copy.deepcopy(oneRequest("inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["SSRF Prone Parameters"] = copy.deepcopy(oneRequest("inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["LFI Prone Parameters"] = copy.deepcopy(oneRequest("inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["RCE Prone Parameters"] = copy.deepcopy(oneRequest("inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["File Upload Endpoints"] = copy.deepcopy(oneRequest("site:" + site + " ""choose file""", resultsCount))
time.sleep(10)
domainDict["API Docs"] = copy.deepcopy(oneRequest("inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:" + site, resultsCount))
time.sleep(10)
domainDict["Login Pages"] = copy.deepcopy(oneRequest("inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:" + site, resultsCount))
time.sleep(10)
domainDict["Test Environments"] = copy.deepcopy(oneRequest("inurl:test | inurl:env | inurl:dev | inurl:staging | inurl:sandbox | inurl:debug | inurl:temp | inurl:internal | inurl:demo site:" + site, resultsCount))
time.sleep(10)
domainDict["Sensitive Documents"] = copy.deepcopy(oneRequest("site:" + site + " ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx intext:“confidential” | intext:“Not for Public Release” | intext:”internal use only” | intext:“do not distribute”", resultsCount))
time.sleep(10)
domainDict["Sensitive Parameters"] = copy.deepcopy(oneRequest("inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:" + site, resultsCount))
time.sleep(10)
domainDict["Adobe Experience Manager"] = copy.deepcopy(oneRequest("inurl:/content/usergenerated | inurl:/content/dam | inurl:/jcr:content | inurl:/libs/granite | inurl:/etc/clientlibs | inurl:/content/geometrixx | inurl:/bin/wcm | inurl:/crx/de site:" + site, resultsCount))
time.sleep(10)
domainDict["Disclosed XSS"] = copy.deepcopy(oneRequest("site:openbugbounty.org inurl:reports intext:""" + site + """""", resultsCount))
time.sleep(10)
domainDict["Google Groups"] = copy.deepcopy(oneRequest("site:groups.google.com """ + site + """""", resultsCount))
return domainDict
if __name__ == '__main__':
parser = createParser()
namespace = parser.parse_args(sys.argv[1:])
inputFileName = namespace.input
outputType = namespace.output
resultsCount = namespace.count
inputFile = open(inputFileName, "r")
while True:
line = inputFile.readline()
if not line:
break
site = line.replace("\n", "")
outputDict[site] = copy.deepcopy(functionHub(site, resultsCount))
inputFile.close()
if outputType == "yaml":
print(yaml.dump(outputDict, sort_keys=False), flush=True)
elif outputType == "json":
print(json.dumps(outputDict), flush=True)