uDork-Google黑客工具 - 黑客门户-前言: uDork是用Python编写的脚本,使用高级Google搜索技术来获取文件或目录中的敏感信息,查找IoT设备,检测Web应用程序的版本等。 uDork不会对任何服务...

TZB互联网安全

黑客门户
关注于网络安全
首页>> 渗透测试工具 >>uDork-Google黑客工具 - 黑客门户
分类: 渗透测试工具

uDork-Google黑客工具

文章作者:T道
发布时间:2020-5-1
手机扫码查看

前言: uDork是用Python编写的脚本,使用高级Google搜索技术来获取文件或目录中的敏感信息,查找IoT设备,检测Web应用程序的版本等。 uDork不会对......




前言:

uDork是用Python编写的脚本,使用高级Google搜索技术来获取文件或目录中的敏感信息,查找IoT设备,检测Web应用程序的版本等。

uDork不会对任何服务器进行攻击,它仅使用exploit-db.com(Google Hacking数据库:https://www.exploit-db.com/google-hacking-database)中预定义的dork和/或官方列表

uDork-Google黑客工具

您需要安装goop

pip3 install goop 

下载并安装:

$ git clone https://github.com/m3n0sd0n4ld/uDork $ cd uDork - Open the file and write inside this line: 

cookie =“您的FACEBOOK Cookie”

$ python3 uDork.py -h 

重要!!!

  • 为了使该工具正常工作,您必须使用文件中的Facebook cookie配置uDork cookie.py
  • 您还必须在使用uDork的计算机上登录Facebook,而无需注销。

获取cookie和配置cookie的步骤

  • 登录facebook.com
  • 在浏览器中按Control + Shift + K(Firefox)o Ctrl + Shift + J(Google Chrome)进入控制台。
  • 在控制台中写入document.cookie,然后将cookie“ c_user = content”和“ xs = content”复制到文件“ cookie.py”中的变量“ cookie”。
cookie = 'c_user=XXXXXX; xs=XXXXXX' 

注意:如果未出现“ xs” cookie,请按照下列步骤操作

  • 保存并记住,您一定不能退出Facebook,否则您将不得不再次执行这些步骤。

采用:

菜单

$ python3 uDork.py -h
       _____             _    
      |  __ \           | |   
 _   _| |  | | ___  _ __| | __
| | | | |  | |/ _ \| '__| |/ /
| |_| | |__| | (_) | |  |   < 
 \__,_|_____/ \___/|_|  |_|\_\ v.2020.03.13  by M3n0sD0n4ld - (@David_Uton)

----------------------------------------------------------------------------------------------------
usage: uDork.py [-h] [-d DOMAIN] [-e EXTENSION] [-t TEXT] [-s STRING]
                [-m MASSIVE] [-l LIST] [-f FILE] [-k DORK] [-p PAGES]
                [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Domain or IP address.
  -e EXTENSION, --extension EXTENSION
                        Search files by extension. Use 'all' to find the list
                        extension.
  -t TEXT, --text TEXT  Find text in website content.
  -s STRING, --string STRING
                        Locate text strings within the URL.
  -m MASSIVE, --massive MASSIVE
                        Attack a site with a predefined list of dorks. Review
                        list <-l / - list>
  -l LIST, --list LIST  Shows the list of predefined dorks (Exploit-DB).
  -f FILE, --file FILE  Use your own personalized list of dorks.
  -k DORK, --dork DORK  Specifies the type of dork <filetype | intext | inurl>
                        (Required for '<-f / - file'>).
  -p PAGES, --pages PAGES
                        Number of pages to search in Google. (By default 5
                        pages).
  -o OUTPUT, --output OUTPUT
                        Export results to a file. 

搜索pdf文件的示例

$ python3 uDork.py -d nasa.gov -e pdf
                                                                
       _____             _    
      |  __ \           | |   
 _   _| |  | | ___  _ __| | __
| | | | |  | |/ _ \| '__| |/ /
| |_| | |__| | (_) | |  |   < 
 \__,_|_____/ \___/|_|  |_|\_\ v.2020.03.13  by M3n0sD0n4ld - (@David_Uton)

----------------------------------------------------------------------------------------------------
[!] The results will appear below. This may take several minutes, please wait ...
----------------------------------------------------------------------------------------------------
Domain/IP: nasa.gov
Find links with: pdf
----------------------------------------------------------------------------------------------------
https://www.sti.nasa.gov/thesvol2.pdf
https://www.sti.nasa.gov/thesvol1.pdf
https://www.nasa.gov/pdf/220260main_Workforce_Transition_Strategy_briefing.pdf
https://oig.nasa.gov/docs/SAR0318.pdf
https://oig.nasa.gov/docs/FinalWrittenStatement_03_13_2013.pdf
https://oig.nasa.gov/docs/MC-2018.pdf
https://www.nasa.gov/centers/dryden/pdf/88798main_srfcs.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A10_PressKit.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A14_PressKit.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A07_PressKit.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A15_PressKit.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A09_PressKit.pdf
https://www.nasa.gov/specials/apollo50th/pdf/A08_PressKit.pdf
https://www.nasa.gov/centers/dryden/pdf/88790main_Dryden.pdf
https://oig.nasa.gov/docs/MC-2017.pdf
.... 

用单词“ password”搜索路线的示例

$ python3 uDork.py -d nasa.gov -s password
                                                                
       _____             _    
      |  __ \           | |   
 _   _| |  | | ___  _ __| | __
| | | | |  | |/ _ \| '__| |/ /
| |_| | |__| | (_) | |  |   < 
 \__,_|_____/ \___/|_|  |_|\_\ v.2020.03.13  by M3n0sD0n4ld - (@David_Uton)

----------------------------------------------------------------------------------------------------
[!] The results will appear below. This may take several minutes, please wait ...
----------------------------------------------------------------------------------------------------
Domain/IP: nasa.gov
Find links with: password
----------------------------------------------------------------------------------------------------
https://www.grc.nasa.gov/its-training/best-practices/password-tips/
https://www.grc.nasa.gov/its-training/best-practices/password-rules/
https://www.nas.nasa.gov/hecc/support/kb/password-creation-rules_270.html
https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D270%26EntryTitle%3Dpassword-creation-rules%26mobile%3D0
https://open.nasa.gov/datanaut-accounts/password/reset/%3Fnext%3D/explore/datanauts/app/profile
https://www.nas.nasa.gov/hecc/support/kb/i-cant-log-inmy-password-is-not-workingmy-account-is-locked_5.html
https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D53%26EntryTitle%3Dtwo-step-connection-using-rsa-securid-passcode-and-nas-password%26mobile%3D0
https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D8%26EntryTitle%3Dwhat-are-the-requirements-for-creating-a-password%26mobile%3D0
https://oltaris.nasa.gov/password/new
https://ghrc.nsstc.nasa.gov/data-publication/user/password
https://answers.nssc.nasa.gov/app/answers/detail/a_id/6173/~/change-launchpad-%2528idmax%2529-password
https://answers.nssc.nasa.gov/app/answers/list/search/1/kw/Password/search/1
https://answers.nssc.nasa.gov/app/answers/list/search/1/kw/CHANGE%2520NDC%2520PASSWORD/suggested/1
https://answers.nssc.nasa.gov/app/answers/detail/a_id/6174/~/reset-ndc-password
..... 

$ python3 uDork.py -l list
                                                                
       _____             _    
      |  __ \           | |   
 _   _| |  | | ___  _ __| | __
| | | | |  | |/ _ \| '__| |/ /
| |_| | |__| | (_) | |  |   < 
 \__,_|_____/ \___/|_|  |_|\_\ v.2020.03.13  by M3n0sD0n4ld - (@David_Uton)

----------------------------------------------------------------------------------------------------

 ======================== DORKS LISTING ========================
 admin : Access panels of all kinds (administration, login, CMS, ...)
 directories : Sensitive directories (drupal, wordpress, phpmyadmin ...)
 usernames : Find files containing user names.
 passwords : Find files that contain passwords.
 webservers: Find web servers.
 vulnerable_files : Find vulnerable files. 
 vulnerable_servers : Find vulnerable servers.
 error_messages : Show error messages.
 vulnerable_networks : Find software data on vulnerable networks.
 portal_logins : List portal logins.
 devices :  Find connected devices (printers, webcams, thermostats, ...) 

Dorks Massive的使用示例

$ python3 uDork.py -d nasa.gov -m admin -p 3 -o report.txt
                                                                
       _____             _    
      |  __ \           | |   
 _   _| |  | | ___  _ __| | __
| | | | |  | |/ _ \| '__| |/ /
| |_| | |__| | (_) | |  |   < 
 \__,_|_____/ \___/|_|  |_|\_\ v.2020.03.13  by M3n0sD0n4ld - (@David_Uton)

----------------------------------------------------------------------------------------------------
[!] The results will appear below. This may take several minutes, please wait ...
----------------------------------------------------------------------------------------------------
Domain/IP: nasa.gov
Find links with: ADMIN/

https://asd.gsfc.nasa.gov/blueshift/index.php/author/admin/
https://lists.hq.nasa.gov/mailman/admin
https://lists.hq.nasa.gov/mailman/admin/LISTNAME
https://rosetta.jpl.nasa.gov/blogs/admin
https://dartslab.jpl.nasa.gov/qa/user/admin
https://landsat.gsfc.nasa.gov/author/admin/page/8/
https://rosetta.jpl.nasa.gov/blogs/admin%3Fpage%3D1
https://www.nasa.gov/news/speeches/admin/mg_speech_collection_archive_4.html
https://dartslab.jpl.nasa.gov/qa/user/admin/answers
https://dartslab.jpl.nasa.gov/qa/user/admin/wall
https://landsat.gsfc.nasa.gov/author/admin/page/14/
....
----------------------------------------------------------------------------------------------------
Domain/IP: nasa.gov
Find links with: AdminTools/

https://kscddms.ksc.nasa.gov/adminTools.html
----------------------------------------------------------------------------------------------------
Domain/IP: nasa.gov
Find links with: Server.html

https://image.msfc.nasa.gov/ChrisDocs/udfLib/Server.html
https://www.nasa.gov/privacy/PIA-ODIN-server.html

MORE RESULTS...

×

感谢您的支持,我们会一直保持!

扫码支持
请土豪扫码随意打赏

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在

打赏作者
版权所有,转载注意明处:黑客门户 » uDork-Google黑客工具

发表评论

路人甲

网友评论(0)