Guest User

LazyDorks V0.2

a guest
Jan 4th, 2013
166
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #LazyDorks Tool v0.2 Written by Itzik Moshe, Jan 2013
  4. #See-Security Hacking Defined Experts 39
  5. try:
  6.     import mechanize
  7. except ImportError:
  8.     print "LazyDorks require Mechanize library.\nPlease Install: 'sudo pip install mechanize'"
  9.     exit()
  10. try:
  11.     from bs4 import BeautifulSoup
  12. except ImportError:
  13.     print "LazyDorks require BeautifulSoup4 library.\nPlease Install: 'sudo pip install beautifulsoup4'\nor 'easy_install beautifulsoup4'"
  14.     exit()
  15. import httplib
  16. import urlparse
  17. import re
  18. import random
  19. import socket
  20. import time
  21. from time import sleep
  22. import csv
  23.  
  24. #### Browser Object Setting ####
  25. socket.setdefaulttimeout(15)
  26. br = mechanize.Browser()
  27. br.set_handle_robots(False)
  28. ####        END             ####
  29. intro       =   '\033[93m'+'''
  30.                                                         _
  31.                                                       ,//)
  32.                                                       ) /
  33.                                                      / /
  34.        ╭╮╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━━━╮╱╱╱╱╭╮             _,^^,/ /              
  35.        ┃┃╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰╮╭╮┃╱╱╱╱┃┃            (C,00<_/
  36.        ┃┃╱╱╭━━┳━━━┳╮╱╭╮╱┃┃┃┣━━┳━┫┃╭┳━━╮       _/\_,_)
  37.        ┃┃╱╭┫╭╮┣━━┃┃┃╱┃┃╱┃┃┃┃╭╮┃╭┫╰╯┫━━┫      / _    \ ,' )        
  38.        ┃╰━╯┃╭╮┃┃━━┫╰━╯┃╭╯╰╯┃╰╯┃┃┃╭╮╋━━┃     / /"\   \/  ,_\
  39.        ╰━━━┻╯╰┻━━━┻━╮╭╯╰━━━┻━━┻╯╰╯╰┻━━╯  __(,/   >  e ) / (_\.oO
  40.        ╱╱╱╱╱╱╱╱╱╱╱╭━╯┃                   \_ /   (   -,_/    \_/
  41.        ╱╱╱╱╱╱╱╱╱╱╱╰━━╯                     U     \_, _)    
  42.                                                   (  /
  43.                                                    >/
  44.                                                    (.oO
  45.        #LazyDorks Tool v0.2 Written by Itzik Moshe
  46.        #See-Security Hacking Defined Experts 39
  47.        #Choose your option and insert the domain you would like to scan.
  48.                 '''+ '\033[0m'
  49.  
  50. admins_list =   ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
  51.                  'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
  52.                  'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
  53.                  'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
  54.                  'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
  55.                  'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
  56.                  'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
  57.                  'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
  58.                  'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
  59.                  'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
  60.                  'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
  61.                  'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
  62.                  'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
  63.                  'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
  64.                  'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
  65.                  'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
  66.                  'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
  67.                  'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
  68.                  'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','wp-admin','moodle/login','?q=admin','?q=user/login','user']
  69.  
  70. agents      =   ['Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11',
  71.                  'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
  72.                  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17',
  73.                  'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15',
  74.                  'Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
  75.                  'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1',
  76.                  'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1']
  77.  
  78. login_dorks =   ['inurl:admin|login|myphp|phpliteadmin|phpadmin|phpmyadmin|administrator|webadmin|adm_auth|sysadmin|user',
  79.                  'intitle:"admin | login | log-in | administrator | phpadmin | phpmyadmin | adminphp"',
  80.                  'intext:"admin | username | password | login | log-in | phpadmin | phpmyadmin | adminphp"']
  81.  
  82. pw_dork     =    'pwd|pass|password|passwords|passwd|user|users|usr|admin|username|usernames'
  83.  
  84. files_type  =   ['txt','xls','sql','inc','con','cnf']
  85. dork_type   =   ['inurl:','intext:']
  86. results     =   []
  87. adminbf_porxy = []
  88. ###Domain Name Checker####
  89. def domain_check(domain,dorkt):
  90.     if (dorkt is "login") or (dorkt is "pw"):
  91.         url = urlparse.urlsplit(domain)
  92.         if url.netloc == '':
  93.             if 'www.' in url.path:
  94.                 domain  =   url.path.split('www.')[1]
  95.             else:
  96.                 domain  =   url.path
  97.         else:
  98.             if 'www.' in url.netloc:
  99.                 domain  =   url.netloc.split('www.')[1]
  100.             else:
  101.                 domain  =   url.netloc
  102.  
  103.     if (dorkt is "robots") or (dorkt is "adminbf"):
  104.         y = urlparse.urlsplit(domain)
  105.         if y.netloc == '':
  106.             domain = "http://"+domain
  107.             url = urlparse.urlsplit(domain)
  108.             domain = url.netloc
  109.  
  110.     return domain
  111. ####        End         ####
  112.  
  113. ####Log Colors Functions####
  114. def logm(msg):
  115.     print '\033[96m' + msg + '\033[0m'
  116. def erm(msg):
  117.     print '\033[91m' + msg + '\033[0m'
  118. def sysm(msg):
  119.     print '\033[94m' + msg + '\033[0m'
  120. ####        End         ####
  121.  
  122. ###Print Results Function####
  123. def print_results(dorkt):
  124.     if dorkt is "login":
  125.         erm("Results for pages might be a login page:")
  126.     if dorkt is "pw":
  127.         erm("Results for files might contain usernames and passwords")
  128.     if dorkt is "robots":
  129.         erm("Disallowed pages by robots.txt:")
  130.     if dorkt is "adminbf":
  131.         erm("Possible Admin Page:")
  132.     if dorkt is "owndork":
  133.         erm("Your Google Dorking Results:")
  134.     for p in results:
  135.         erm(p)
  136. ####        End         ####
  137.  
  138. ####Proxy Handle####
  139. def proxy_setter():
  140.     proxy = raw_input('\033[94m'+'Please Insert Proxy (IP:Port):'+'\033[0m')
  141.     check = proxy_checker(proxy)
  142.     if check == "Working":
  143.         logm("Setting Proxy...")
  144.         br.set_proxies({"http":proxy})
  145.     elif check == "Bad":
  146.         erm("Your Proxy is not working well,Please try different one.")
  147.         proxy_setter()
  148.  
  149. def proxy_checker(proxy):
  150.     try:
  151.         logm("Testing Proxy, Please Wait...")
  152.         test_br = mechanize.Browser()
  153.         test_br.addheaders = [('User-agent','Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11')]
  154.         test_br.set_proxies({"http": proxy})
  155.         start  = time.gmtime()
  156.         test_br.open('http://google.com')
  157.         finish = time.gmtime()
  158.         logm("Proxy is Online")
  159.         if (finish.tm_min*60+finish.tm_sec) - (start.tm_min*60+start.tm_sec) > 45:
  160.             erm("Proxy is Pretty slow!\nSlow Proxy Might Cause Timeout!!\nContinue?(Yes/No):")
  161.             inp = raw_input('')
  162.             if (inp == "no") or (inp == "No"):
  163.                 erm("\nThank you for using LazyDorks :)")
  164.                 exit()
  165.         return "Working"
  166.     except:
  167.         return "Bad"
  168. ####        End of Proxy Handle     ####
  169.  
  170. ####Export results Functions####
  171. def txt_export(dorkt):
  172.     t = time.gmtime()
  173.     filename = "lazydork_result{}{}{}{}.txt".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
  174.     f = open(filename,'w')
  175.     if dorkt is "login":
  176.         f.write("Results for pages might be a login page:\n")
  177.     if dorkt is "pw":
  178.         f.write("Results for files might contain usernames and passwords:\n")
  179.     if dorkt is "robots":
  180.         f.write("Disallowed pages by robots.txt:\n")
  181.     if dorkt is "adminbf":
  182.         f.write("Possible Admin Page:\n")
  183.     if dorkt is "owndork":
  184.         f.write("Your Google Dork Results:\n")
  185.     for w in results:
  186.         f.write(w+'\n')
  187.     f.close()
  188.     logm('Export Results to {}'.format(filename))
  189.  
  190. def csv_export(dorkt):
  191.     t = time.gmtime()
  192.     filename = "lazydork_result{}{}{}{}.csv".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
  193.     f = open(filename,'wb')
  194.     w = csv.writer(f, dialect='excel')
  195.     if dorkt is "login":
  196.         w.writerow(['Results for pages might be a login page:',])
  197.     if dorkt is "pw":
  198.         w.writerow(['Results for files might contain usernames and passwords:',])
  199.     if dorkt is "robots":
  200.         w.writerow(['Disallowed pages by robots.txt:',])
  201.     if dorkt is "adminbf":
  202.         w.writerow(['Possible Admin Page:',])
  203.     if dorkt is "owndork":
  204.         w.writerow(['Your Google Dork Results:',])
  205.     for item in results:
  206.         w.writerow([item,])
  207.     f.close()
  208.     logm('Export Results to {}'.format(filename))
  209.  
  210. ####        End         ####
  211.  
  212. ####Admin Brute Force Function####
  213. def adminbf(domain):
  214.     logm("Brute Forcing {} for Admin page(in case no results try with 'www.')\nIt might take a few minutes, Please Wait...".format(domain))
  215.     for a in admins_list:
  216.         con = httplib.HTTPConnection(domain)
  217.         con.request("GET",'/'+a)
  218.         logm("{}/{}".format(domain,a))
  219.         res = con.getresponse()
  220.         if res.status == 200:
  221.             results.append("{}/{}".format(domain,a))
  222. ####        End         ####
  223.  
  224. ###Google Scraping Functions###
  225. def dorker(query,dorkt):
  226.     if dorkt is "owndork":logm("Google Dorking your query: {}\nPlease Wait...".format(query))
  227.     br.addheaders = [('User-agent', agents[random.randrange(0,len(agents))])]
  228.     br.open('http://www.google.com')
  229.     br.select_form(nr=0)
  230.     br.form['q'] = query
  231.     try:
  232.         br.submit()
  233.     except:
  234.         erm("Something Went Wrong,Check Your internet connection or Proxy")
  235.         exit()
  236.     scrapper(br,dorkt)
  237.     n_t = random.randrange(5,9)
  238.     sleep(int(n_t))    
  239.  
  240. def scrapper(br,dorkt):
  241.     while(True):
  242.         Get_Links(br,dorkt)
  243.         next = get_Npage(br)
  244.         if next is 'Done' : break
  245.         n_t  = random.randrange(1,4)
  246.         sleep(int(n_t))
  247.         try:
  248.             br.open(next)
  249.         except:
  250.             erm("Something Went Wrong, Please Check your internet connection or replace Proxy")
  251.             exit()
  252.  
  253. def Get_Links(br,dorkt):
  254.     html = br.response().read()
  255.     soup = BeautifulSoup(html)
  256.     for link in soup.find_all('h3',{"class":"r"}):
  257.         for links in link.find_all('a'):
  258.             if not "http://" in links.get('href') and not "https://" in links.get('href'):
  259.                 continue
  260.             if 'google.com/' in links.get('href'):
  261.                 continue
  262.             if not '/url?q=' in links.get('href'):
  263.                 results.append(links.get('href'))
  264.             if '/url?q=' in links.get('href')
  265.                 results.append(links.get('href').split('/url?q=')[1].split('&sa=U')[0])
  266.  
  267. def get_Npage(br):
  268.     html  = br.response().read()
  269.     soup  = BeautifulSoup(html)
  270.     Npage = 'Done'
  271.     try:
  272.         for link in soup.find_all('td',{"class":"b"}):
  273.             for links in link.find_all('a'):
  274.                 if links.get('id')   == 'pnnext':
  275.                     Npage = links.get('href')
  276.                     if not "http://www.google.com" in Npage:
  277.                         Npage = "http://www.google.com{}".format(Npage)
  278.         return Npage
  279.     except:
  280.         return 'Done'
  281. ####            End             ####
  282.    
  283. def dork(domain,dorkt):
  284.     if dorkt is "login":
  285.         logm("Google Dorking Login Pages\nIt might take a few minutes, Please Wait...")
  286.         for login_dork in login_dorks:
  287.             dorker("site:{} {}".format(domain,login_dork),dorkt)
  288.     elif dorkt is "pw":
  289.         logm("Google Dorking Pages that might contain Passwords or Usernames\nIt might take a few minutes, Please Wait...")
  290.         for files in files_type:
  291.             for dork_t in dork_type:
  292.                 dorker("site:{} filetype:{} {}{}".format(domain,files,dork_t,pw_dork),dorkt)
  293.     elif dorkt is "robots":
  294.         br.addheaders = [('User-agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')]
  295.         try:
  296.             logm("Searching For Robots.txt")
  297.             br.open('http://{}/robots.txt'.format(domain))
  298.             for x in br.response().readlines():
  299.                 if "Disallow:" in x:
  300.                     results.append(x.split('Disallow:')[1].split('\n')[0].strip())
  301.         except:
  302.             erm("Couldn't Find Robots.txt")
  303.     elif dorkt is "adminbf":
  304.         adminbf(domain)
  305.  
  306. def choosedork():
  307.     sysm('''    Please Choose Your Option:
  308.     1)Google Dork Login Pages
  309.     2)Google Dork Pages Might Contain Usernames/Passwords
  310.     3)Google Dork Your Own Query
  311.     4)Disallowed Pages in robots.txt
  312.     5)Admin Page Brute Force (does not support proxies)
  313.     ''')
  314.     o = raw_input('\033[94m' +'Your Option: '+ '\033[0m')
  315.     if o is "1":
  316.         return 'login'
  317.     elif o is "2":
  318.         return 'pw'
  319.     elif o is "4":
  320.         return 'robots'
  321.     elif o is "5":
  322.         return 'adminbf'
  323.     elif o is "3":
  324.         return 'owndork'
  325.     else:
  326.         erm('No Such Option, Please Choose Again.')
  327.         choosedork()
  328.  
  329. def result_handler(dorkt):
  330.     sysm('''LazyDorks Found Results, What would you like to do:
  331. 1)Export Results to .txt File
  332. 2)Export Results to .csv File
  333. 3)Print Results Here
  334.     ''')
  335.     o = raw_input('\033[94m' +'Your Option:'+ '\033[0m')
  336.     if o is "1":
  337.         txt_export(dorkt)
  338.     elif o is "2":
  339.         csv_export(dorkt)
  340.     elif o is "3":
  341.         print_results(dorkt)
  342.     else:
  343.         erm("No such option, please choose again")
  344.         result_handler(dorkt)
  345.  
  346. def owndork(dorkt):
  347.     query = raw_input('\033[94m' +"Insert Your Google Dorking Query: "+ '\033[0m')
  348.     dorker(query,dorkt)
  349.  
  350. def main():
  351.     print intro
  352.     dorkt  = choosedork()
  353.     if not dorkt is "adminbf":
  354.         px     = raw_input('\033[94m' +'Would you like to use a proxy?\nPlease type Yes/No: '+ '\033[0m')
  355.         if (px == "yes") or (px == "Yes"):
  356.             proxy_setter()
  357.     if not dorkt is "owndork":
  358.         domain = raw_input('\033[94m'+'Insert Domain (Example.com): '+ '\033[0m')
  359.         domain = domain_check(domain,dorkt)
  360.         dork(domain,dorkt)
  361.         logm("Done Searching")
  362.     elif dorkt is "owndork":
  363.         owndork(dorkt)
  364.         logm("Done Searching")
  365.     if results:
  366.         result_handler(dorkt)
  367.     else:
  368.         erm("LazyDorks Couldn't Find Any Results")
  369.  
  370.     erm("\nThank you for using LazyDorks :)")
  371.  
  372. if "__main__" : main()
RAW Paste Data