The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is
ghdb_scraper.py
that retrieves Google Dorks and the second portion is pagodo.py
that leverages the information gathered by ghdb_scraper.py
.What are Google Dorks?
The awesome folks at Offensive Security maintain the Google Hacking Database (GHDB) found here: https://www.exploit-db.com/google-hacking-database. It is a collection of Google searches, called dorks, that can be used to find potentially vulnerable boxes or other juicy info that is picked up by Google's search bots.
Installation
Scripts are written for Python 3.6+. Clone the git repository and install the requirements.
git clone https://github.com/opsdisk/pagodo.git
cd pagodo
virtualenv -p python3 .venv # If using a virtual environment.
source .venv/bin/activate # If using a virtual environment.
pip install -r requirements.txt
Google is blocking me!
If you start getting HTTP 503 errors, Google has rightfully detected you as a bot and will block your IP for a set period of time. The solution is to use proxychains and a bank of proxies to round robin the lookups.
Install proxychains4
apt install proxychains4 -y
/etc/proxychains4.conf
configuration file to round robin the look ups through different proxy servers. In the example below, 2 different dynamic socks proxies have been set up with different local listening ports (9050 and 9051). Don't know how to utilize SSH and dynamic socks proxies? Do yourself a favor and pick up a copy of The Cyber Plumber's Handbook to learn all about Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.vim /etc/proxychains4.conf
round_robin
chain_len = 1
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
socks4 127.0.0.1 9051
proxychains4
in front of the Python script and each lookup will go through a different proxy (and thus source from a different IP). You could even tune down the -e
delay time because you will be leveraging different proxy boxes.proxychains4 python3 pagodo.py -g ALL_dorks.txt -s -e 17.0 -l 700 -j 1.1
ghdb_scraper.py
To start off,
pagodo.py
needs a list of all the current Google dorks. A datetimestamped file with the Google dorks and the indididual dork category dorks are also provided in the repo. Fortunately, the entire database can be pulled back with 1 GET request using ghdb_scraper.py
. You can dump all dorks to a file, the individual dork categories to separate dork files, or the entire json blob if you want more contextual data about the dork.To retrieve all dorks
python3 ghdb_scraper.py -j -s
python3 ghdb_scraper.py -i
categories = { 1: "Footholds", 2: "File Containing Usernames", 3: "Sensitives Directories", 4: "Web Server Detection", 5: "Vulnerable Files", 6: "Vulnerable Servers", 7: "Error Messages", 8: "File Containing Juicy Info", 9: "File Containing Passwords", 10: "Sensitive Online Shopping Info", 11: "Network or Vulnerability Data", 12: "Pages Containing Login Portals", 13: "Various Online devices", 14: "Advisories and Vulnerabilities", }
pagodo.py
Now that a file with the most recent Google dorks exists, it can be fed into
pagodo.py
using the -g
switch to start collecting potentially vulnerable public applications. pagodo.py
leverages the google
python library to search Google for sites with the Google dork, such as:intitle:"ListMail Login" admin -demo
The -d
switch can be used to specify a domain and functions as the Google search operator:site:example.com
Performing ~4600 search requests to Google as fast as possible will simply not work. Google will rightfully detect it as a bot and block your IP for a set period of time. In order to make the search queries appear more human, a couple of enhancements have been made. A pull request was made and accepted by the maintainer of the Python google
module to allow for User-Agent randomization in the Google search queries. This feature is available in 1.9.3 and allows you to randomize the different user agents used for each search. This emulates the different browsers used in a large corporate environment.The second enhancement focuses on randomizing the time between search queries. A minimum delay is specified using the
-e
option and a jitter factor is used to add time on to the minimum delay number. A list of 50 jitter times is created and one is randomly appended to the minimum delay time for each Google dork search.categories = {
1: "Footholds",
2: "File Containing Usernames",
3: "Sensitives Directories",
4: "Web Server Detection",
5: "Vulnerable Files",
6: "Vulnerable Servers",
7: "Error Messages",
8: "File Containing Juicy Info",
9: "File Containing Passwords",
10: "Sensitive Online Shopping Info",
11: "Network or Vulnerability Data",
12: "Pages Containing Login Portals",
13: "Various Online devices",
14: "Advisories and Vulnerabilities",
}
intitle:"ListMail Login" admin -demo
To run it:
site:example.com
Conclusion
Comments, suggestions, and improvements are always welcome. Be sure to follow @opsdisk on Twitter for the latest updates.
via KitPloit
More articles
- Hack Tools Online
- Hacking Tools For Mac
- Hacker Tools Windows
- Nsa Hack Tools
- Pentest Tools Nmap
- Hacker Search Tools
- Android Hack Tools Github
- Hack Apps
- Hacker Tools 2019
- Easy Hack Tools
- Pentest Tools
- Hacking Tools Download
- Hack Website Online Tool
- Hak5 Tools
- Hacking Tools Online
- Pentest Tools For Windows
- Pentest Tools Website
- Bluetooth Hacking Tools Kali
- Hacking Tools Github
- Pentest Tools Android
- Hacking Tools For Beginners
- Hacker Search Tools
- Hacking Tools And Software
- Hack Tool Apk No Root
- Hacking Tools Kit
- Hack Tools 2019
- Best Hacking Tools 2019
- Hacker Tools For Mac
- Pentest Tools Download
- Pentest Tools Android
- Hacking Tools For Windows
- Hacking Tools For Mac
- Hacking Tools Github
- Pentest Tools Subdomain
- Hacker Search Tools
- Hacks And Tools
- Pentest Tools Find Subdomains
- Pentest Tools List
- Hacker Hardware Tools
- How To Make Hacking Tools
- Hacking Tools Software
- Hack Tool Apk No Root
- Hackers Toolbox
- Hacker Search Tools
- Hacking Tools Hardware
- Hacker Search Tools
- Ethical Hacker Tools
- Free Pentest Tools For Windows
- Hackers Toolbox
- Nsa Hacker Tools
- Hacker Tools
- Hacking Tools For Pc
- Pentest Tools Website Vulnerability
- Hack Tools For Pc
- Pentest Tools Github
- Pentest Tools For Ubuntu
- Hack App
- Hacking Tools Usb
- Android Hack Tools Github
- Hacking Tools Windows 10
- Ethical Hacker Tools
- Nsa Hack Tools Download
- Pentest Automation Tools
- New Hack Tools
- Pentest Tools Review
- Nsa Hack Tools
- Top Pentest Tools
- Game Hacking
- Pentest Tools Find Subdomains
- Github Hacking Tools
- Hack And Tools
- Hack Tool Apk No Root
- Hacker Tools 2020
- Hacking Tools 2019
- Tools Used For Hacking
- Hak5 Tools
- Hack App
- Pentest Tools Open Source
- Hacker Tools Software
- Hack Tools Download
- Best Hacking Tools 2019
- Tools Used For Hacking
- Ethical Hacker Tools
- Pentest Tools Subdomain
- Easy Hack Tools
- What Is Hacking Tools
- Pentest Recon Tools
- Hack Tools Download
- Hack And Tools
- Hacking Tools For Windows 7
- Pentest Tools Website
- Hacker Tools
- Pentest Tools Review
- Nsa Hack Tools Download
- Hacker Tools Software
- Hack And Tools
- Pentest Tools Alternative
- Pentest Tools Linux
- How To Make Hacking Tools
- Hack Tools Download
- Github Hacking Tools
- Hacking Tools And Software
- Free Pentest Tools For Windows
- Pentest Tools List
- Hacking Tools 2019
- Game Hacking
- New Hacker Tools
- Pentest Tools Github
- Pentest Tools Linux
- Pentest Tools Open Source
- Hacking Tools Kit
- Growth Hacker Tools
- Pentest Tools For Android
- Install Pentest Tools Ubuntu
- Pentest Tools Subdomain
- Hack Tools Online
- Hacker Tools Mac
- Pentest Tools Open Source
- Pentest Tools Linux
- Pentest Tools Kali Linux
- Hacking Tools Windows 10
- Hacking Tools Online
- Pentest Tools Windows
- Pentest Tools List
- Hackrf Tools
- Hacker
- Hacker Tools Github
- Hack App
- World No 1 Hacker Software
- Hacking Tools Hardware
- Hacker Techniques Tools And Incident Handling
No comments:
Post a Comment