Os traigo esta herramienta sencilla para buscar información en google.
Google puede detectar vuestra actividad como robots y no responder. En redes de casa suele funcionar.
Instalar:
Necesitais tener quickjs y lynx instalados. Ocupan muy poco.
Guardais el código como dorks.js y lo ejecutais con qjs dorks.js -t https://example.com -s
Está testeado que funciona en Linux y Termux.
No lo probé en windows pero es probable que también funcione.
Cita de: usousage: qjs dorks [options]
-b --backup-files .bkf, .bkp, .bak, .old, .backup
-c --config-files .xml, .conf, .cnf, .reg, .inf, .rdp, .cfg, .txt, .ora, .ini, .env
-d --directory-listing index of dir list
-e --exposed-databases .sql, .dbf, .mdb
-g --git github.com, gitlab.com
-h --help this message
-l --log .log
-L --login-urls login in url
-n --number phone numbers
-p --public-documents .doc, .docx, .odt, .rtf, .sxw, .psw, .ppt, .pptx, .pps, .csv
-P --php-errors .php errors in document
--pastes pastebin.com, paste2.org, pastehtml.com, slexy.org, snipplr.com, snipt.net, textsnip.com, bitpaste.app, justpaste.it, heypasteit.com, hastebin.com, dpaste.org, dpaste.com, codepad.org, jsitor.com, codepen.io, jsfiddle.net, dotnetfiddle.net, phpfiddle.org, ide.geeksforgeeks.org, repl.it, ideone.com, paste.debian.net, paste.org, paste.org.ru, codebeautify.org, codeshare.io, trello.com
--php-info .php info files
-s --source source code of target
-S --sql-errors sql syntax errors in document
--stackoverflow stackoverflow.com
-t --target Your target. Can be a domain, a full url, etc. Based on the arguments of your chose.
-v --view text representation of the target.
import * as std from "std";
import * as os from "os";
let run = command => {
let p = std.popen(command, "r"),
msg = "",
r = "";
while(( r = p.getline() ) != null) {
msg += r + "\n";
}
return msg;
}
let cli = {};
cli.COLORS = {
RED: "\x1b[31m",
RESET: "\x1b[0m",
YELLOW:"\x1b[33m",
BLUE: "\x1b[34m",
GREEN: "\x1b[32m"
};
for (let i in scriptArgs) {
switch(scriptArgs[i]) {
case "-b":
case "--backup-files":
cli.backupFiles = true;
break;
case "-c":
case "--config-files":
cli.configFiles = true;
break;
case "-d":
case "--directory-listing":
cli.directoryListing = true;
break;
case "-e":
case "--exposed-databases":
cli.exposedDatabases = true;
break;
case "-g":
case "--git":
cli.git = true;
break;
case "-l":
case "--log":
cli.logFiles = true;
break;
case "-L":
case "--login-urls":
cli.loginUrls = true;
break;
case "-p":
case "--public-documents":
cli.publicDocuments = true;
break;
case "-P":
case "--php-errors":
cli.phpErrors = true;
break;
case "--php-info":
cli.phpInfo = true;
break;
case "--pastes":
cli.pastes = true;
break;
case "-s":
case "--source":
cli.source = true;
break;
case "-S":
case "--sql-errors":
cli.sqlErrors = true;
break;
case "--stackoverflow":
cli.stackoverflow = true;
break;
case "-t":
case "--target":
cli.target = encodeURIComponent(scriptArgs[+i + +1]);
break;
case "-v":
case "--view":
cli.view = true;
break;
case "-h":
case "--help":
console.log(`
usage: qjs dorks [options]
-b --backup-files .bkf, .bkp, .bak, .old, .backup
-c --config-files .xml, .conf, .cnf, .reg, .inf, .rdp, .cfg, .txt, .ora, .ini, .env
-d --directory-listing index of dir list
-e --exposed-databases .sql, .dbf, .mdb
-g --git github.com, gitlab.com
-h --help this message
-l --log .log
-L --login-urls login in url
-p --public-documents .doc, .docx, .odt, .rtf, .sxw, .psw, .ppt, .pptx, .pps, .csv
-P --php-errors .php errors in document
--pastes pastebin.com, paste2.org, pastehtml.com, slexy.org, snipplr.com, snipt.net, textsnip.com, bitpaste.app, justpaste.it, heypasteit.com, hastebin.com, dpaste.org, dpaste.com, codepad.org, jsitor.com, codepen.io, jsfiddle.net, dotnetfiddle.net, phpfiddle.org, ide.geeksforgeeks.org, repl.it, ideone.com, paste.debian.net, paste.org, paste.org.ru, codebeautify.org, codeshare.io, trello.com
--php-info .php info files
-s --source source code of target
-S --sql-errors sql syntax errors in document
--stackoverflow stackoverflow.com
-t --target Your target. Can be a domain, a full url, etc. Based on the arguments of your chose.
-v --view text representation of the target.
`);
std.exit(0);
}
}
let checkResults = res => {
/* Check if connection error */
/* Check if captcha */
/* Use good proxy chain list to evade captcha */
/* Instruct user to evade if dynamic ip */
/* Check if not found */
if (new RegExp("ningún resultado. Sugerencias: ", "gim").test(res.replace(/\n/gm, " "))) {
throw `${cli.COLORS.GREEN}Everything fine but nothing found.${cli.COLORS.RESET}`
} else {
console.log(res);
}
/* check if more than one page of results */
}
if (!cli.target) {
throw `Missing target.
write ${cli.COLORS.RED}qjs dorks --help${cli.COLORS.RESET} to show usage.
`;
}
if (cli.backupFiles) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:bkf+|+ext:bkp+|+ext:bak+|+ext:old+|+ext:backup'`));
}
else if (cli.configFiles) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:xml+|+ext:conf+|+ext:cnf+|+ext:reg+|+ext:inf+|+ext:rdp+|+ext:cfg+|+ext:txt+|+ext:ora+|+ext:ini+|+ext:env'`));
}
else if (cli.directoryListing) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+intitle:index.of'`));
} else if (cli.exposedDatabases) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:sql+|+ext:dbf+|+ext:mdb'`));
}
else if (cli.exposedDatabases) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+intext:'"'"'sql syntax near'"'"'+|+intext:'"'"'syntax error has occurred'"'"'+|+intext:'"'"'incorrect syntax near'"'"'+|+intext:'"'"'unexpected end of SQL command'"'"'+|+intext:'"'"'Warning: mysql_connect()'"'"'+|+intext:'"'"'Warning: mysql_query()'"'"'+|+intext:'"'"'Warning: pg_connect()'"'"''`));
}
else if (cli.git) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q="${cli.target}"+site:github.com+|+site:gitlab.com'`));
}
else if (cli.logFiles) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:log'`));
}
else if (cli.loginUrls) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+inurl:login+|+inurl:ingresar'`));
}
else if (cli.publicDocuments) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:doc+|+ext:docx+|+ext:odt+|+ext:rtf+|+ext:sxw+|+ext:psw+|+ext:ppt+|+ext:pptx+|+ext:pps+|+ext:csv'`));
}
else if (cli.pastes) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=${cli.target}+site:pastebin.com+|+site:paste2.org+|+site:pastehtml.com+|+site:slexy.org+|+site:snipplr.com+|+site:snipt.net+|+site:textsnip.com+|+site:bitpaste.app+|+site:justpaste.it+|+site:heypasteit.com+|+site:hastebin.com+|+site:dpaste.org+|+site:dpaste.com+|+site:codepad.org+|+site:jsitor.com+|+site:codepen.io+|+site:jsfiddle.net+|+site:dotnetfiddle.net+|+site:phpfiddle.org+|+site:ide.geeksforgeeks.org+|+site:repl.it+|+site:ideone.com+|+site:paste.debian.net+|+site:paste.org+|+site:paste.org.ru+|+site:codebeautify.org +|+site:codeshare.io+|+site:trello.com'`));
}
else if (cli.phpErrors) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+'"'"'PHP Parse error'"'"'+|+'"'"'PHP Warning'"'"'+|+'"'"'PHP Error'"'"''`));
}
else if (cli.phpInfo) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+ext:php+intitle:phpinfo+'"'"'published by the PHP Group'"'"''`));
}
else if (cli.source) {
console.log(run(`lynx --source ${decodeURIComponent(cli.target)}`));
}
else if (cli.sqlErrors) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=site:${cli.target}+intext:'"'"'sql syntax near'"'"'+|+intext:'"'"'syntax error has occurred'"'"'+|+intext:'"'"'incorrect syntax near'"'"'+|+intext:'"'"'unexpected end of SQL command'"'"'+|+intext:'"'"'Warning: mysql_connect()'"'"'+|+intext:'"'"'Warning: mysql_query()'"'"'+|+intext:'"'"'Warning: pg_connect()'"'"''`));
}
else if (cli.stackoverflow) {
checkResults(run(`lynx --dump 'https://www.google.com/search?q=${cli.target}+site:stackoverflow.com'`));
}
else if (cli.view) {
console.log(run(`lynx --dump '${decodeURIComponent(cli.target)}'`));
}
else {
throw `Missing argument. You need at least 1 argument more.
write ${cli.COLORS.RED}qjs dorks --help${cli.COLORS.RESET} to show usage.
`;
}Podeis añadirle vuestros dorks al código siguiente el patrón.