Webmaster Security

Dorkbot - Command-line tool to scan Google search

Submitted by B─░GSTAR-TR, , Thread ID: 46578

Thread Closed
B─░GSTAR-TR
Closed Account
Level:
0
Reputation:
0
Posts:
8
Likes:
0
Credits:
12
11-09-2017, 12:58 AM
#1
[Image: Kp0q7FnwQNyiAFeWKJu7hQ.png]


Scan Google search results for vulnerabilities.

dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules:
  • Indexers- modules that issue a search query and return the results as targets

  • Scanners- modules that perform a vulnerability scan against each target
Targets are stored in a local database upon being indexed. Once scanned, any vulnerabilities found by the chosen scanner are written to a standard JSON report file. Indexing and scanning processes can be run separately or combined in a single command.
Quickstart
  1. DownloadPhantomJSand eitherArachniorWapitifor your platform, and make sure you have installed any required dependencies for each.

  2. Extract each tool into the tools directory and rename the directory after the tool (dorkbot/tools/phantomjs/, dorkbot/tools/arachni/, etc).

  3. Create a GoogleCustom Search Engineand note the search engine ID, e.g. 012345678901234567891:abc12defg3h.

  4. Install python-dateutil (e.g.: pip install python-dateutil)
Example: use arachni to scan php pages that contain the string "id" in the url:

Quote:$ ./dorkbot.py -i google -o engine=012345678901234567891:abc12defg3h,query="filetype:php inurl:id" -s arachni




Users browsing this thread: 1 Guest(s)