Scan Google search results for vulnerabilities.
dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules:
- Indexers- modules that issue a search query and return the results as targets
- Scanners- modules that perform a vulnerability scan against each target
Quickstart
- DownloadPhantomJSand eitherArachniorWapitifor your platform, and make sure you have installed any required dependencies for each.
- Extract each tool into the tools directory and rename the directory after the tool (dorkbot/tools/phantomjs/, dorkbot/tools/arachni/, etc).
- Create a GoogleCustom Search Engineand note the search engine ID, e.g. 012345678901234567891:abc12defg3h.
- Install python-dateutil (e.g.: pip install python-dateutil)
Quote:$ ./dorkbot.py -i google -o engine=012345678901234567891:abc12defg3h,query="filetype:php inurl:id" -s arachni