Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!usr/bin/python
- # -*- coding: utf-8 -*-
- #LazyDorks Tool v0.2 Written by Itzik Moshe, Jan 2013
- #See-Security Hacking Defined Experts 39
- try:
- import mechanize
- except ImportError:
- print "LazyDorks require Mechanize library.\nPlease Install: 'sudo pip install mechanize'"
- exit()
- try:
- from bs4 import BeautifulSoup
- except ImportError:
- print "LazyDorks require BeautifulSoup4 library.\nPlease Install: 'sudo pip install beautifulsoup4'\nor 'easy_install beautifulsoup4'"
- exit()
- import httplib
- import urlparse
- import re
- import random
- import socket
- import time
- from time import sleep
- import csv
- #### Browser Object Setting ####
- socket.setdefaulttimeout(15)
- br = mechanize.Browser()
- br.set_handle_robots(False)
- #### END ####
- intro = '\033[93m'+'''
- _
- ,//)
- ) /
- / /
- ╭╮╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━━━╮╱╱╱╱╭╮ _,^^,/ /
- ┃┃╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰╮╭╮┃╱╱╱╱┃┃ (C,00<_/
- ┃┃╱╱╭━━┳━━━┳╮╱╭╮╱┃┃┃┣━━┳━┫┃╭┳━━╮ _/\_,_)
- ┃┃╱╭┫╭╮┣━━┃┃┃╱┃┃╱┃┃┃┃╭╮┃╭┫╰╯┫━━┫ / _ \ ,' )
- ┃╰━╯┃╭╮┃┃━━┫╰━╯┃╭╯╰╯┃╰╯┃┃┃╭╮╋━━┃ / /"\ \/ ,_\
- ╰━━━┻╯╰┻━━━┻━╮╭╯╰━━━┻━━┻╯╰╯╰┻━━╯ __(,/ > e ) / (_\.oO
- ╱╱╱╱╱╱╱╱╱╱╱╭━╯┃ \_ / ( -,_/ \_/
- ╱╱╱╱╱╱╱╱╱╱╱╰━━╯ U \_, _)
- ( /
- >/
- (.oO
- #LazyDorks Tool v0.2 Written by Itzik Moshe
- #See-Security Hacking Defined Experts 39
- #Choose your option and insert the domain you would like to scan.
- '''+ '\033[0m'
- admins_list = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
- 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
- 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
- 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
- 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
- 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
- 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
- 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
- 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
- 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
- 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
- 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
- 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
- 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
- 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
- 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
- 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
- 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
- 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','wp-admin','moodle/login','?q=admin','?q=user/login','user']
- agents = ['Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11',
- 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
- 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17',
- 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15',
- 'Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
- 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1',
- 'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1']
- login_dorks = ['inurl:admin|login|myphp|phpliteadmin|phpadmin|phpmyadmin|administrator|webadmin|adm_auth|sysadmin|user',
- 'intitle:"admin | login | log-in | administrator | phpadmin | phpmyadmin | adminphp"',
- 'intext:"admin | username | password | login | log-in | phpadmin | phpmyadmin | adminphp"']
- pw_dork = 'pwd|pass|password|passwords|passwd|user|users|usr|admin|username|usernames'
- files_type = ['txt','xls','sql','inc','con','cnf']
- dork_type = ['inurl:','intext:']
- results = []
- adminbf_porxy = []
- ###Domain Name Checker####
- def domain_check(domain,dorkt):
- if (dorkt is "login") or (dorkt is "pw"):
- url = urlparse.urlsplit(domain)
- if url.netloc == '':
- if 'www.' in url.path:
- domain = url.path.split('www.')[1]
- else:
- domain = url.path
- else:
- if 'www.' in url.netloc:
- domain = url.netloc.split('www.')[1]
- else:
- domain = url.netloc
- if (dorkt is "robots") or (dorkt is "adminbf"):
- y = urlparse.urlsplit(domain)
- if y.netloc == '':
- domain = "http://"+domain
- url = urlparse.urlsplit(domain)
- domain = url.netloc
- return domain
- #### End ####
- ####Log Colors Functions####
- def logm(msg):
- print '\033[96m' + msg + '\033[0m'
- def erm(msg):
- print '\033[91m' + msg + '\033[0m'
- def sysm(msg):
- print '\033[94m' + msg + '\033[0m'
- #### End ####
- ###Print Results Function####
- def print_results(dorkt):
- if dorkt is "login":
- erm("Results for pages might be a login page:")
- if dorkt is "pw":
- erm("Results for files might contain usernames and passwords")
- if dorkt is "robots":
- erm("Disallowed pages by robots.txt:")
- if dorkt is "adminbf":
- erm("Possible Admin Page:")
- if dorkt is "owndork":
- erm("Your Google Dorking Results:")
- for p in results:
- erm(p)
- #### End ####
- ####Proxy Handle####
- def proxy_setter():
- proxy = raw_input('\033[94m'+'Please Insert Proxy (IP:Port):'+'\033[0m')
- check = proxy_checker(proxy)
- if check == "Working":
- logm("Setting Proxy...")
- br.set_proxies({"http":proxy})
- elif check == "Bad":
- erm("Your Proxy is not working well,Please try different one.")
- proxy_setter()
- def proxy_checker(proxy):
- try:
- logm("Testing Proxy, Please Wait...")
- test_br = mechanize.Browser()
- test_br.addheaders = [('User-agent','Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11')]
- test_br.set_proxies({"http": proxy})
- start = time.gmtime()
- test_br.open('http://google.com')
- finish = time.gmtime()
- logm("Proxy is Online")
- if (finish.tm_min*60+finish.tm_sec) - (start.tm_min*60+start.tm_sec) > 45:
- erm("Proxy is Pretty slow!\nSlow Proxy Might Cause Timeout!!\nContinue?(Yes/No):")
- inp = raw_input('')
- if (inp == "no") or (inp == "No"):
- erm("\nThank you for using LazyDorks :)")
- exit()
- return "Working"
- except:
- return "Bad"
- #### End of Proxy Handle ####
- ####Export results Functions####
- def txt_export(dorkt):
- t = time.gmtime()
- filename = "lazydork_result{}{}{}{}.txt".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
- f = open(filename,'w')
- if dorkt is "login":
- f.write("Results for pages might be a login page:\n")
- if dorkt is "pw":
- f.write("Results for files might contain usernames and passwords:\n")
- if dorkt is "robots":
- f.write("Disallowed pages by robots.txt:\n")
- if dorkt is "adminbf":
- f.write("Possible Admin Page:\n")
- if dorkt is "owndork":
- f.write("Your Google Dork Results:\n")
- for w in results:
- f.write(w+'\n')
- f.close()
- logm('Export Results to {}'.format(filename))
- def csv_export(dorkt):
- t = time.gmtime()
- filename = "lazydork_result{}{}{}{}.csv".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
- f = open(filename,'wb')
- w = csv.writer(f, dialect='excel')
- if dorkt is "login":
- w.writerow(['Results for pages might be a login page:',])
- if dorkt is "pw":
- w.writerow(['Results for files might contain usernames and passwords:',])
- if dorkt is "robots":
- w.writerow(['Disallowed pages by robots.txt:',])
- if dorkt is "adminbf":
- w.writerow(['Possible Admin Page:',])
- if dorkt is "owndork":
- w.writerow(['Your Google Dork Results:',])
- for item in results:
- w.writerow([item,])
- f.close()
- logm('Export Results to {}'.format(filename))
- #### End ####
- ####Admin Brute Force Function####
- def adminbf(domain):
- logm("Brute Forcing {} for Admin page(in case no results try with 'www.')\nIt might take a few minutes, Please Wait...".format(domain))
- for a in admins_list:
- con = httplib.HTTPConnection(domain)
- con.request("GET",'/'+a)
- logm("{}/{}".format(domain,a))
- res = con.getresponse()
- if res.status == 200:
- results.append("{}/{}".format(domain,a))
- #### End ####
- ###Google Scraping Functions###
- def dorker(query,dorkt):
- if dorkt is "owndork":logm("Google Dorking your query: {}\nPlease Wait...".format(query))
- br.addheaders = [('User-agent', agents[random.randrange(0,len(agents))])]
- br.open('http://www.google.com')
- br.select_form(nr=0)
- br.form['q'] = query
- try:
- br.submit()
- except:
- erm("Something Went Wrong,Check Your internet connection or Proxy")
- exit()
- scrapper(br,dorkt)
- n_t = random.randrange(5,9)
- sleep(int(n_t))
- def scrapper(br,dorkt):
- while(True):
- Get_Links(br,dorkt)
- next = get_Npage(br)
- if next is 'Done' : break
- n_t = random.randrange(1,4)
- sleep(int(n_t))
- try:
- br.open(next)
- except:
- erm("Something Went Wrong, Please Check your internet connection or replace Proxy")
- exit()
- def Get_Links(br,dorkt):
- html = br.response().read()
- soup = BeautifulSoup(html)
- for link in soup.find_all('h3',{"class":"r"}):
- for links in link.find_all('a'):
- if not "http://" in links.get('href') and not "https://" in links.get('href'):
- continue
- if 'google.com/' in links.get('href'):
- continue
- if not '/url?q=' in links.get('href'):
- results.append(links.get('href'))
- if '/url?q=' in links.get('href'):
- results.append(links.get('href').split('/url?q=')[1].split('&sa=U')[0])
- def get_Npage(br):
- html = br.response().read()
- soup = BeautifulSoup(html)
- Npage = 'Done'
- try:
- for link in soup.find_all('td',{"class":"b"}):
- for links in link.find_all('a'):
- if links.get('id') == 'pnnext':
- Npage = links.get('href')
- if not "http://www.google.com" in Npage:
- Npage = "http://www.google.com{}".format(Npage)
- return Npage
- except:
- return 'Done'
- #### End ####
- def dork(domain,dorkt):
- if dorkt is "login":
- logm("Google Dorking Login Pages\nIt might take a few minutes, Please Wait...")
- for login_dork in login_dorks:
- dorker("site:{} {}".format(domain,login_dork),dorkt)
- elif dorkt is "pw":
- logm("Google Dorking Pages that might contain Passwords or Usernames\nIt might take a few minutes, Please Wait...")
- for files in files_type:
- for dork_t in dork_type:
- dorker("site:{} filetype:{} {}{}".format(domain,files,dork_t,pw_dork),dorkt)
- elif dorkt is "robots":
- br.addheaders = [('User-agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')]
- try:
- logm("Searching For Robots.txt")
- br.open('http://{}/robots.txt'.format(domain))
- for x in br.response().readlines():
- if "Disallow:" in x:
- results.append(x.split('Disallow:')[1].split('\n')[0].strip())
- except:
- erm("Couldn't Find Robots.txt")
- elif dorkt is "adminbf":
- adminbf(domain)
- def choosedork():
- sysm(''' Please Choose Your Option:
- 1)Google Dork Login Pages
- 2)Google Dork Pages Might Contain Usernames/Passwords
- 3)Google Dork Your Own Query
- 4)Disallowed Pages in robots.txt
- 5)Admin Page Brute Force (does not support proxies)
- ''')
- o = raw_input('\033[94m' +'Your Option: '+ '\033[0m')
- if o is "1":
- return 'login'
- elif o is "2":
- return 'pw'
- elif o is "4":
- return 'robots'
- elif o is "5":
- return 'adminbf'
- elif o is "3":
- return 'owndork'
- else:
- erm('No Such Option, Please Choose Again.')
- choosedork()
- def result_handler(dorkt):
- sysm('''LazyDorks Found Results, What would you like to do:
- 1)Export Results to .txt File
- 2)Export Results to .csv File
- 3)Print Results Here
- ''')
- o = raw_input('\033[94m' +'Your Option:'+ '\033[0m')
- if o is "1":
- txt_export(dorkt)
- elif o is "2":
- csv_export(dorkt)
- elif o is "3":
- print_results(dorkt)
- else:
- erm("No such option, please choose again")
- result_handler(dorkt)
- def owndork(dorkt):
- query = raw_input('\033[94m' +"Insert Your Google Dorking Query: "+ '\033[0m')
- dorker(query,dorkt)
- def main():
- print intro
- dorkt = choosedork()
- if not dorkt is "adminbf":
- px = raw_input('\033[94m' +'Would you like to use a proxy?\nPlease type Yes/No: '+ '\033[0m')
- if (px == "yes") or (px == "Yes"):
- proxy_setter()
- if not dorkt is "owndork":
- domain = raw_input('\033[94m'+'Insert Domain (Example.com): '+ '\033[0m')
- domain = domain_check(domain,dorkt)
- dork(domain,dorkt)
- logm("Done Searching")
- elif dorkt is "owndork":
- owndork(dorkt)
- logm("Done Searching")
- if results:
- result_handler(dorkt)
- else:
- erm("LazyDorks Couldn't Find Any Results")
- erm("\nThank you for using LazyDorks :)")
- if "__main__" : main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement