GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → NullArray → Dorknet

NullArray / Dorknet

Licence: gpl-3.0
Selenium powered Python script to automate searching for vulnerable web apps.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

proxypentestingseleniumosintpentestinfosecweb-app

Projects that are alternatives of or similar to Dorknet

Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+2588.28%)
Mutual labels:  osint, infosec, pentesting, pentest
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+3200.39%)
Mutual labels:  osint, pentesting, pentest
Goohak
Automatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (+68.75%)
Mutual labels:  osint, pentesting, pentest
QuickScan
Port scanning and domain utility.
Stars: ✭ 26 (-89.84%)
Mutual labels:  osint, infosec, pentesting
Gosint
OSINT Swiss Army Knife
Stars: ✭ 401 (+56.64%)
Mutual labels:  osint, pentest, infosec
Sifter
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+57.42%)
Mutual labels:  osint, pentesting, pentest
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+246.09%)
Mutual labels:  osint, pentest, infosec
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-83.2%)
Mutual labels:  osint, infosec, pentest
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-30.86%)
Mutual labels:  osint, pentesting, pentest
Offensive Dockerfiles
Offensive tools as Dockerfiles. Lightweight & Ready to go
Stars: ✭ 150 (-41.41%)
Mutual labels:  osint, pentest, infosec
Hetty
Hetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+1304.69%)
Mutual labels:  proxy, pentesting, infosec
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-90.23%)
Mutual labels:  osint, infosec, pentest
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-32.81%)
Mutual labels:  pentesting, pentest, infosec
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (+65.63%)
Mutual labels:  osint, pentesting, infosec
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+661.33%)
Mutual labels:  pentesting, pentest, infosec
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-58.98%)
Mutual labels:  pentesting, pentest, infosec
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+202.73%)
Mutual labels:  pentesting, pentest, infosec
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+343.75%)
Mutual labels:  pentesting, pentest, infosec
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-52.34%)
Mutual labels:  osint, pentesting, infosec
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1243.36%)
Mutual labels:  osint, infosec, pentesting
View All Similar Projects ➔

DorkNet

Selenium powered Python script to automate searching the web for vulnerable applications.

DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save them to a textfile for further processing with SQLmap or similar utilities.

Usage

git clone https://github.com/NullArray/DorkNet.git
cd DorkNet
python dorknet.py

The options for the program are as follows.

-h, --help              show this help message and exit
-d DORK, --dork DORK    specify the dork you wish to use
-l LIST, --list LIST    specify path to list with dorks
-v, --verbose           toggle verbosity

Some examples for clarity.

DorkNet.py -h
DorkNet.py -d inurl:show.php?id= -v
DorkNet.py -l /path/to/list.txt --verbose

Proxifying

I have included the ability to proxy the connection of the web driver if desired. Simply provide the proxy IP and PORT when the dialog comes up and the search engine will be accessed via the proxy settings you have provided.

Dependencies

You will need the Mozilla Geckodriver for this to work. You can install it manually. However i've added a shell script to automate the process if you'd prefer.

To use it, navigate to the DorkNet directory and make the shell script executable like so.

cd DorkNet
chmod +x gecko-setup.sh

# Execute the shell script with the below command.
sudo ./gecko-setup.sh

The shell script has an option to automatically install the rest of the dependencies as well, via the requirements file, by invoking the following commands.

sudo -H pip install -r requirements.txt

Beta Update

I've added some logic that lets the user run Geckodriver in Headless Mode, that is to say, without the traditional UI. This is useful if you have a particularly long list of dorks you'd like to work with. In it's current implementation, the function that is responsible for proxyfying our connection to Google interferes with the operations required to set the Geckodriver options to enable headless mode. Therefore, running DorkNet with the --nogui flag and a proxy enabled will not work as it is supposed to.

However, users that would like to run the program in headless mode anyway, can. I've committed all the relevant code to the repo. For the tme being it's just been commented out. Remove the comments and it should work without issue. Check out the commit historry here to see the affected lines.

Now if you really want to proxy your connection while --nogui is set, you can start DorkNet with ProxyChains like so;

proxychains python dorknet.py -l /path/to/dorks.list --nogui --verbose

If you don't have ProxyChains simply follow the link above or use your package manager to install it. Thank you.

Note

DorkNet is featured in the BlackArch Linux PenTesting Distro under WebApp Tools & Automation. As such it comes pre-installed with the distro. Refer to the relevant PKGBUILD file in it's respective repo for details.

Known Issue

By using Selenium and Geckodriver, DorkNet is effective at emulating a regular browser. In this manner the program is able to avoid captchas most of the time. However on limited occasions, Google throws one regardless. The same sometimes happens when manually searching for strings that look like a dork. Should you encounter one, you can just fill out the captcha in the Geckodriver and DorkNet will continue it's normal operation.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].