LazyDorks V0.2

1. #!usr/bin/python
2. # -*- coding: utf-8 -*-
3. #LazyDorks Tool v0.2 Written by Itzik Moshe, Jan 2013
4. #See-Security Hacking Defined Experts 39
5. try:
6.     import mechanize
7. except ImportError:
8.     print "LazyDorks require Mechanize library.\nPlease Install: 'sudo pip install mechanize'"
9.     exit()
10. try:
11.     from bs4 import BeautifulSoup
12. except ImportError:
13.     print "LazyDorks require BeautifulSoup4 library.\nPlease Install: 'sudo pip install beautifulsoup4'\nor 'easy_install beautifulsoup4'"
14.     exit()
15. import httplib
16. import urlparse
17. import re
18. import random
19. import socket
20. import time
21. from time import sleep
22. import csv
23.  
24. #### Browser Object Setting ####
25. socket.setdefaulttimeout(15)
26. br = mechanize.Browser()
27. br.set_handle_robots(False)
28. ####        END             ####
29. intro       =   '\033[93m'+'''
30.                                                         _
31.                                                       ,//)
32.                                                       ) /
33.                                                      / /
34.        ╭╮╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━━━╮╱╱╱╱╭╮             _,^^,/ /              
35.        ┃┃╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰╮╭╮┃╱╱╱╱┃┃            (C,00<_/
36.        ┃┃╱╱╭━━┳━━━┳╮╱╭╮╱┃┃┃┣━━┳━┫┃╭┳━━╮       _/\_,_)
37.        ┃┃╱╭┫╭╮┣━━┃┃┃╱┃┃╱┃┃┃┃╭╮┃╭┫╰╯┫━━┫      / _    \ ,' )        
38.        ┃╰━╯┃╭╮┃┃━━┫╰━╯┃╭╯╰╯┃╰╯┃┃┃╭╮╋━━┃     / /"\   \/  ,_\
39.        ╰━━━┻╯╰┻━━━┻━╮╭╯╰━━━┻━━┻╯╰╯╰┻━━╯  __(,/   >  e ) / (_\.oO
40.        ╱╱╱╱╱╱╱╱╱╱╱╭━╯┃                   \_ /   (   -,_/    \_/
41.        ╱╱╱╱╱╱╱╱╱╱╱╰━━╯                     U     \_, _)    
42.                                                   (  /
43.                                                    >/
44.                                                    (.oO
45.        #LazyDorks Tool v0.2 Written by Itzik Moshe
46.        #See-Security Hacking Defined Experts 39
47.        #Choose your option and insert the domain you would like to scan.
48.                 '''+ '\033[0m'
49.  
50. admins_list =   ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
51.                  'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
52.                  'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
53.                  'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
54.                  'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
55.                  'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
56.                  'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
57.                  'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
58.                  'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
59.                  'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
60.                  'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
61.                  'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
62.                  'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
63.                  'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
64.                  'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
65.                  'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
66.                  'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
67.                  'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
68.                  'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','wp-admin','moodle/login','?q=admin','?q=user/login','user']
69.  
70. agents      =   ['Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11',
71.                  'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
72.                  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17',
73.                  'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15',
74.                  'Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
75.                  'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1',
76.                  'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1']
77.  
78. login_dorks =   ['inurl:admin|login|myphp|phpliteadmin|phpadmin|phpmyadmin|administrator|webadmin|adm_auth|sysadmin|user',
79.                  'intitle:"admin | login | log-in | administrator | phpadmin | phpmyadmin | adminphp"',
80.                  'intext:"admin | username | password | login | log-in | phpadmin | phpmyadmin | adminphp"']
81.  
82. pw_dork     =    'pwd|pass|password|passwords|passwd|user|users|usr|admin|username|usernames'
83.  
84. files_type  =   ['txt','xls','sql','inc','con','cnf']
85. dork_type   =   ['inurl:','intext:']
86. results     =   []
87. adminbf_porxy = []
88. ###Domain Name Checker####
89. def domain_check(domain,dorkt):
90.     if (dorkt is "login") or (dorkt is "pw"):
91.         url = urlparse.urlsplit(domain)
92.         if url.netloc == '':
93.             if 'www.' in url.path:
94.                 domain  =   url.path.split('www.')[1]
95.             else:
96.                 domain  =   url.path
97.         else:
98.             if 'www.' in url.netloc:
99.                 domain  =   url.netloc.split('www.')[1]
100.             else:
101.                 domain  =   url.netloc
102.  
103.     if (dorkt is "robots") or (dorkt is "adminbf"):
104.         y = urlparse.urlsplit(domain)
105.         if y.netloc == '':
106.             domain = "http://"+domain
107.             url = urlparse.urlsplit(domain)
108.             domain = url.netloc
109.  
110.     return domain
111. ####        End         ####
112.  
113. ####Log Colors Functions####
114. def logm(msg):
115.     print '\033[96m' + msg + '\033[0m'
116. def erm(msg):
117.     print '\033[91m' + msg + '\033[0m'
118. def sysm(msg):
119.     print '\033[94m' + msg + '\033[0m'
120. ####        End         ####
121.  
122. ###Print Results Function####
123. def print_results(dorkt):
124.     if dorkt is "login":
125.         erm("Results for pages might be a login page:")
126.     if dorkt is "pw":
127.         erm("Results for files might contain usernames and passwords")
128.     if dorkt is "robots":
129.         erm("Disallowed pages by robots.txt:")
130.     if dorkt is "adminbf":
131.         erm("Possible Admin Page:")
132.     if dorkt is "owndork":
133.         erm("Your Google Dorking Results:")
134.     for p in results:
135.         erm(p)
136. ####        End         ####
137.  
138. ####Proxy Handle####
139. def proxy_setter():
140.     proxy = raw_input('\033[94m'+'Please Insert Proxy (IP:Port):'+'\033[0m')
141.     check = proxy_checker(proxy)
142.     if check == "Working":
143.         logm("Setting Proxy...")
144.         br.set_proxies({"http":proxy})
145.     elif check == "Bad":
146.         erm("Your Proxy is not working well,Please try different one.")
147.         proxy_setter()
148.  
149. def proxy_checker(proxy):
150.     try:
151.         logm("Testing Proxy, Please Wait...")
152.         test_br = mechanize.Browser()
153.         test_br.addheaders = [('User-agent','Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11')]
154.         test_br.set_proxies({"http": proxy})
155.         start  = time.gmtime()
156.         test_br.open('http://google.com')
157.         finish = time.gmtime()
158.         logm("Proxy is Online")
159.         if (finish.tm_min*60+finish.tm_sec) - (start.tm_min*60+start.tm_sec) > 45:
160.             erm("Proxy is Pretty slow!\nSlow Proxy Might Cause Timeout!!\nContinue?(Yes/No):")
161.             inp = raw_input('')
162.             if (inp == "no") or (inp == "No"):
163.                 erm("\nThank you for using LazyDorks :)")
164.                 exit()
165.         return "Working"
166.     except:
167.         return "Bad"
168. ####        End of Proxy Handle     ####
169.  
170. ####Export results Functions####
171. def txt_export(dorkt):
172.     t = time.gmtime()
173.     filename = "lazydork_result{}{}{}{}.txt".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
174.     f = open(filename,'w')
175.     if dorkt is "login":
176.         f.write("Results for pages might be a login page:\n")
177.     if dorkt is "pw":
178.         f.write("Results for files might contain usernames and passwords:\n")
179.     if dorkt is "robots":
180.         f.write("Disallowed pages by robots.txt:\n")
181.     if dorkt is "adminbf":
182.         f.write("Possible Admin Page:\n")
183.     if dorkt is "owndork":
184.         f.write("Your Google Dork Results:\n")
185.     for w in results:
186.         f.write(w+'\n')
187.     f.close()
188.     logm('Export Results to {}'.format(filename))
189.  
190. def csv_export(dorkt):
191.     t = time.gmtime()
192.     filename = "lazydork_result{}{}{}{}.csv".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
193.     f = open(filename,'wb')
194.     w = csv.writer(f, dialect='excel')
195.     if dorkt is "login":
196.         w.writerow(['Results for pages might be a login page:',])
197.     if dorkt is "pw":
198.         w.writerow(['Results for files might contain usernames and passwords:',])
199.     if dorkt is "robots":
200.         w.writerow(['Disallowed pages by robots.txt:',])
201.     if dorkt is "adminbf":
202.         w.writerow(['Possible Admin Page:',])
203.     if dorkt is "owndork":
204.         w.writerow(['Your Google Dork Results:',])
205.     for item in results:
206.         w.writerow([item,])
207.     f.close()
208.     logm('Export Results to {}'.format(filename))
209.  
210. ####        End         ####
211.  
212. ####Admin Brute Force Function####
213. def adminbf(domain):
214.     logm("Brute Forcing {} for Admin page(in case no results try with 'www.')\nIt might take a few minutes, Please Wait...".format(domain))
215.     for a in admins_list:
216.         con = httplib.HTTPConnection(domain)
217.         con.request("GET",'/'+a)
218.         logm("{}/{}".format(domain,a))
219.         res = con.getresponse()
220.         if res.status == 200:
221.             results.append("{}/{}".format(domain,a))
222. ####        End         ####
223.  
224. ###Google Scraping Functions###
225. def dorker(query,dorkt):
226.     if dorkt is "owndork":logm("Google Dorking your query: {}\nPlease Wait...".format(query))
227.     br.addheaders = [('User-agent', agents[random.randrange(0,len(agents))])]
228.     br.open('http://www.google.com')
229.     br.select_form(nr=0)
230.     br.form['q'] = query
231.     try:
232.         br.submit()
233.     except:
234.         erm("Something Went Wrong,Check Your internet connection or Proxy")
235.         exit()
236.     scrapper(br,dorkt)
237.     n_t = random.randrange(5,9)
238.     sleep(int(n_t))    
239.  
240. def scrapper(br,dorkt):
241.     while(True):
242.         Get_Links(br,dorkt)
243.         next = get_Npage(br)
244.         if next is 'Done' : break
245.         n_t  = random.randrange(1,4)
246.         sleep(int(n_t))
247.         try:
248.             br.open(next)
249.         except:
250.             erm("Something Went Wrong, Please Check your internet connection or replace Proxy")
251.             exit()
252.  
253. def Get_Links(br,dorkt):
254.     html = br.response().read()
255.     soup = BeautifulSoup(html)
256.     for link in soup.find_all('h3',{"class":"r"}):
257.         for links in link.find_all('a'):
258.             if not "http://" in links.get('href') and not "https://" in links.get('href'):
259.                 continue
260.             if 'google.com/' in links.get('href'):
261.                 continue
262.             if not '/url?q=' in links.get('href'):
263.                 results.append(links.get('href'))
264.             if '/url?q=' in links.get('href'): 
265.                 results.append(links.get('href').split('/url?q=')[1].split('&sa=U')[0])
266.  
267. def get_Npage(br):
268.     html  = br.response().read()
269.     soup  = BeautifulSoup(html)
270.     Npage = 'Done'
271.     try:
272.         for link in soup.find_all('td',{"class":"b"}):
273.             for links in link.find_all('a'):
274.                 if links.get('id')   == 'pnnext':
275.                     Npage = links.get('href')
276.                     if not "http://www.google.com" in Npage:
277.                         Npage = "http://www.google.com{}".format(Npage)
278.         return Npage
279.     except:
280.         return 'Done'
281. ####            End             ####
282.    
283. def dork(domain,dorkt):
284.     if dorkt is "login":
285.         logm("Google Dorking Login Pages\nIt might take a few minutes, Please Wait...")
286.         for login_dork in login_dorks:
287.             dorker("site:{} {}".format(domain,login_dork),dorkt)
288.     elif dorkt is "pw":
289.         logm("Google Dorking Pages that might contain Passwords or Usernames\nIt might take a few minutes, Please Wait...")
290.         for files in files_type:
291.             for dork_t in dork_type:
292.                 dorker("site:{} filetype:{} {}{}".format(domain,files,dork_t,pw_dork),dorkt)
293.     elif dorkt is "robots":
294.         br.addheaders = [('User-agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')]
295.         try:
296.             logm("Searching For Robots.txt")
297.             br.open('http://{}/robots.txt'.format(domain))
298.             for x in br.response().readlines():
299.                 if "Disallow:" in x:
300.                     results.append(x.split('Disallow:')[1].split('\n')[0].strip())
301.         except:
302.             erm("Couldn't Find Robots.txt")
303.     elif dorkt is "adminbf":
304.         adminbf(domain)
305.  
306. def choosedork():
307.     sysm('''    Please Choose Your Option:
308.     1)Google Dork Login Pages
309.     2)Google Dork Pages Might Contain Usernames/Passwords
310.     3)Google Dork Your Own Query
311.     4)Disallowed Pages in robots.txt
312.     5)Admin Page Brute Force (does not support proxies)
313.     ''')
314.     o = raw_input('\033[94m' +'Your Option: '+ '\033[0m')
315.     if o is "1":
316.         return 'login'
317.     elif o is "2":
318.         return 'pw'
319.     elif o is "4":
320.         return 'robots'
321.     elif o is "5":
322.         return 'adminbf'
323.     elif o is "3":
324.         return 'owndork'
325.     else:
326.         erm('No Such Option, Please Choose Again.')
327.         choosedork()
328.  
329. def result_handler(dorkt):
330.     sysm('''LazyDorks Found Results, What would you like to do:
331. 1)Export Results to .txt File
332. 2)Export Results to .csv File
333. 3)Print Results Here
334.     ''')
335.     o = raw_input('\033[94m' +'Your Option:'+ '\033[0m')
336.     if o is "1":
337.         txt_export(dorkt)
338.     elif o is "2":
339.         csv_export(dorkt)
340.     elif o is "3":
341.         print_results(dorkt)
342.     else:
343.         erm("No such option, please choose again")
344.         result_handler(dorkt)
345.  
346. def owndork(dorkt):
347.     query = raw_input('\033[94m' +"Insert Your Google Dorking Query: "+ '\033[0m')
348.     dorker(query,dorkt)
349.  
350. def main():
351.     print intro
352.     dorkt  = choosedork()
353.     if not dorkt is "adminbf":
354.         px     = raw_input('\033[94m' +'Would you like to use a proxy?\nPlease type Yes/No: '+ '\033[0m')
355.         if (px == "yes") or (px == "Yes"):
356.             proxy_setter()
357.     if not dorkt is "owndork":
358.         domain = raw_input('\033[94m'+'Insert Domain (Example.com): '+ '\033[0m')
359.         domain = domain_check(domain,dorkt)
360.         dork(domain,dorkt)
361.         logm("Done Searching")
362.     elif dorkt is "owndork":
363.         owndork(dorkt)
364.         logm("Done Searching")
365.     if results:
366.         result_handler(dorkt)
367.     else:
368.         erm("LazyDorks Couldn't Find Any Results")
369.  
370.     erm("\nThank you for using LazyDorks :)")
371.  
372. if "__main__" : main()