SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/python | |
| 2 | from BeautifulSoup import BeautifulSoup as soup | |
| 3 | import httplib | |
| 4 | import sys | |
| 5 | """ | |
| 6 | **I've fixed some issues and upgraded the output a bit | |
| 7 | ||
| 8 | A simple extension to goofile.py | |
| 9 | features in this version: | |
| 10 | *allows you to dork from the command line, and returns critical information | |
| 11 | about the targets like | |
| 12 | >title text of the page | |
| 13 | >a short description | |
| 14 | >the URL to the target | |
| 15 | TODO: | |
| 16 | >Duckduckgo search script on the way, im gonna include results from both search engines ;) | |
| 17 | >server type detection | |
| 18 | >dork presets for specifying targets with | |
| 19 | *SQLi vulnerabilities in pages | |
| 20 | *LFI/RFI vulnerabilities | |
| 21 | *XSS vulnerabilities | |
| 22 | *vulnerable files | |
| 23 | I will implement this in such a way that you can localize a search to a given target | |
| 24 | >CMS type detection | |
| 25 | >I would like in the future to have googledorker learn from the searches you have performed and cache them | |
| 26 | for faster results, and also use a lil machine learning to enhance the responsiveness to certain targets | |
| 27 | ||
| 28 | Depedencies: | |
| 29 | are availble in the second line of the script! | |
| 30 | ||
| 31 | >>>If you wanna get something really awesome going, you could plug these results into an nmap scan, and automate | |
| 32 | penetration testing XD | |
| 33 | ||
| 34 | This was inspired by googile.py | |
| 35 | ||
| 36 | Author: Keith Makan | |
| 37 | Twitter: k3170makan | |
| 38 | site:k3170makan.blogspot.com | |
| 39 | """ | |
| 40 | class resultManager: | |
| 41 | """ | |
| 42 | An object to manage results | |
| 43 | *title | |
| 44 | *URL | |
| 45 | *server type | |
| 46 | *script_type | |
| 47 | Ill just send a request to each server and swipe the details from the response headers ;) | |
| 48 | """ | |
| 49 | def __init__(self): | |
| 50 | - | h.putrequest('GET',"/search?num=100&q="+dork)
|
| 50 | + | |
| 51 | ||
| 52 | - | h.putheader('User-agent','Internet Explorer 6.0')
|
| 52 | + | |
| 53 | - | h.putheader('Referrer','www.g13net.com')
|
| 53 | + | |
| 54 | return | |
| 55 | def get_page(self,dork): | |
| 56 | h = httplib.HTTP('www.google.com')
| |
| 57 | h.putrequest('GET',"/search?num=500&q="+dork)
| |
| 58 | h.putheader('Host','www.google.com')
| |
| 59 | h.putheader('User-agent','Internet Explorer 6.0 ')
| |
| 60 | h.putheader('Referrer','k3170makan.blogspot.com')
| |
| 61 | h.endheaders() | |
| 62 | returncode,returnmsg,headers = h.getreply() | |
| 63 | html=h.getfile().read() | |
| 64 | #print html | |
| 65 | return html | |
| 66 | - | print "Google is refusing you search query, please wait about 10mins before trying again" |
| 66 | + | |
| 67 | soop = soup(page) | |
| 68 | resTag = soop.findAll("div",{"id":"res"}) #get the divider that wraps the results
| |
| 69 | if len(resTag) == 0: | |
| 70 | print page | |
| 71 | ||
| 72 | print "Google is being naabs by refusing your queries, please wait about 10mins before trying again" | |
| 73 | return [] | |
| 74 | results_wrapperTag = soup(str(resTag)).findAll("ol")
| |
| 75 | results_list = soup(str(results_wrapperTag)).findAll("li",{"class":"g"})
| |
| 76 | - | URL = str(results_anchorTAG).split("/url?q=")[1].split(";")[0]
|
| 76 | + | |
| 77 | - | URL = URL[:len(URL)-4] #okay so we have the url |
| 77 | + | |
| 78 | - | print "> %s " % (etc), |
| 78 | + | |
| 79 | - | results_summaryTAG = soup(string_res).findAll("div",{"class":"s"})
|
| 79 | + | |
| 80 | - | for etc in results_summaryTAG: |
| 80 | + | |
| 81 | - | print "\t>>%s" % (etc) |
| 81 | + | |
| 82 | if len(results_anchorTAG) == 1: | |
| 83 | URL = str(results_anchorTAG).split("/url?q=")
| |
| 84 | if len(URL) >= 1: | |
| 85 | try: #sometimes the search will return links to google images or other crap, if so i stop processing because the anchors have a slightly different form to the results, in which case the follow code will raise an exception. | |
| 86 | URL = URL[1].split(";")[0]
| |
| 87 | URL = URL[:len(URL)-4] #okay so we have the url | |
| 88 | result_URLs.append(URL) | |
| 89 | - | self.stripURLs(html) |
| 89 | + | except: |
| 90 | return result_URLs | |
| 91 | ||
| 92 | print "target:> %s " % (URL), | |
| 93 | results_summaryTAG = soup(string_res).findAll("div",{"class":"s"})
| |
| 94 | if len(results_summaryTAG) == 1: | |
| 95 | for etc in results_summaryTAG: | |
| 96 | print "summary:\n\t>>%s" % (str(etc)) | |
| 97 | ||
| 98 | return result_URLs | |
| 99 | def dork(self,dork_term): | |
| 100 | - | print 'example: ./googledorker.py inurl:".php?*=*"' |
| 100 | + | |
| 101 | print the results for the dork_term supplied | |
| 102 | """ | |
| 103 | html = self.get_page(dork_term) | |
| 104 | results = self.stripURLs(html) | |
| 105 | print "listing URLS" | |
| 106 | for index,result in enumerate(results): #enumerate is awesome btw! | |
| 107 | print index+1,"]",result | |
| 108 | return | |
| 109 | if __name__ == "__main__": | |
| 110 | dorky = Dorker() | |
| 111 | if len(sys.argv) > 1: | |
| 112 | print "Running dork <%s>" % (sys.argv[1]) | |
| 113 | dorky.dork(sys.argv[1]) | |
| 114 | else: | |
| 115 | print ".::Google Dorker::." | |
| 116 | ||
| 117 | print "Usage: ./googledorker.py [dork_term]" | |
| 118 | ||
| 119 | print 'example: ./googledorker.py filetype:sql' | |
| 120 | print "*Please ensure that you're dork in all in a single line, use %20 for spaces and + to combine search operators" | |
| 121 | print "See: http://k3170makan.blogspot.com/2012/01/science-of-google-dorking.html" |
