Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what is Google Dork", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn this article "what is Google Dork?"

Tool introduction

The main purpose of this project is to develop a passive Google Dork script to collect Web pages and applications with potential security vulnerabilities on the Internet. The project consists of two parts, the first is the ghdb_scraper.py script, which can retrieve Google Dork. The second is pagodo.py, which makes direct use of the information gathered by ghdb_scraper.py.

What is Google Dork?

Google Hacking Database (GHDB) is currently maintained by Offensive Securiy. It contains the Google search collection, called Dorks, which researchers can use to search for applications with security problems, and this information is collected by Google's search Bot.

Tool installation

All scripts of the tool are developed based on Python 3.6 +. Researchers can use the following commands to clone the project source code locally and complete the tool installation:

Git clone https://github.com/opsdisk/pagodo.gitcd pagodovirtualenv-p python3 .venv # If using a virtual environment.source .venv / bin/activate # If using a virtual environment.pip install-r requirements.txt what if it is blocked by Google?

If you receive a HTTP 503 error during the use of the tool, Google has detected you as Bot and will block your IP address for a while. The solution is to use the proxychains,proxychains4 installation command as follows:

Apt install proxychains4-y

By editing the / etc/proxychains4.conf configuration file, you can concatenate different proxy servers and do a circular lookup. In the following example, we will use different local listening ports (9050 and 9051) and set up two different dynamic socks proxies.

Vim / etc/proxychains4.confround_robinchain_len = 1proxy_dnsremote_dns_subnet 224tcp_read_time_out 15000tcp_connect_time_out 8000 [ProxyList] socks4 127.0.0.1 9050socks4 127.0.0.1 9051

After introducing proxychains4 into the Python script, the script will query the information through different IP addresses, where you can also use the-e parameter to set the query interval:

Proxychains4 python3 pagodo.py-g ALL_dorks.txt-s-e 17.0-l 700-j 1.1ghdb_scraper.py

First, ghdb_scraper.py needs a list of all the current Google Dorks, and the Google Dorks timestamp file and other categorized Dorks are already in the code base. Fortunately, the entire database can be pulled locally using GET requests in ghdb_scraper.py, and we can export all Dork to a file.

Get all the Dork:

Python3 ghdb_scraper.py-j-s

Get all the Dork and write them to a separate category:

Python3 ghdb_scraper.py-I

All the Dork categories are as follows:

Categories = {1: "Footholds", 2: "File Containing Usernames", 3: "Sensitives Directories", 4: "Web Server Detection", 5: "Vulnerable Files", 6: "Vulnerable Servers", 7: "Error Messages", 8: "File Containing Juicy Info", 9: "File Containing Passwords", 10: "Sensitive Online Shopping Info", 11: "Network or Vulnerability Data" 12: "Pages Containing Login Portals", 13: "Various Online devices", 14: "Advisories and Vulnerabilities",} pagodo.py

If a file containing Google Dork already exists, we can use the-g parameter to pass the file to pagodo.py and start collecting vulnerable applications. The pagodo.py script uses the google Python library to search for Google sites, such as:

Intitle: "ListMail Login" admin-demo

The-d parameter can be used to specify a target domain name:

Site:example.com

If too many requests are sent to Google in a short period of time, Google will judge us as robots and block our IP address for a period of time. To make the search query look more human, we have also made some improvements to allow the user agent to be randomized in the Google search query. This feature, available in the v1.9.3 version of the tool, allows us to randomly select different user agents for each search, which will simulate different browsers used in large enterprise environments.

The second improvement is the randomization interval for each search query. We can use the-e option to set the minimum interval and use a random factor as the increase in the interval:

# Create an array of jitter values to add to delay, favoring longer search times.self.jitter = numpy.random.uniform (low=self.delay, high=jitter * self.delay, size= (50,))

In a later script, the code selects a random time from the jitter array and adds it to the delay:

Pause_time = self.delay + random.choice (self.jitter)

In this way, Google will not block our IP address.

Using the sample python3 pagodo.py-d example.com-g dorks.txt-l 50-s-e 35.0-j 1.1 is all the content of this article "what is Google Dork?" thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.