DorkMe: the search of vulnerabilities with google
DorkMe
DorkMe is a tool designed with the purpose of making easier the searching for vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.
Google hacking, also named Google dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.
For example, SQL injection usually has this structure in the url “file.php? Id = [vuln]”, to look for pages vulnerable to SQLi we can use the operator “inurl:”, which only shows results with X string in the url , we can also use the “filetype: [extension]” operator to search for sensitive files, a hyphen in front of a word so that the word does not appear in the search, quote a phrase or word to ALWAYS appear in the search results, etc.
dork folder contains -> dorks to search, result folder contains -> results of DorkMe execution.
Remember DorkMe is beta, to avoid bans DorkMe wait about 1 minute on each request and 3 minutes every 100 requests.
add dorks
If you want to add new dorks put it in one of the files in the dorks folder (preferable in its category), if it is not, you can add it to mydorks.txt. to add it: in the first line add the dork, in the second the severity: high , medium or low, and finally its description, look at the other files to do it correctly Dork List:
- http://www.conzu.de/en/google-dork-liste-2018-conzu/
- https://www.exploit-db.com/google-hacking-database/
- Find admin Panels: https://starhackx.blogspot.com/2014/02/list-of-dorks-to-find-admin-panels_23.html
Download
git clone https://github.com/blueudp/DorkMe.git
pip install google
pip install argparse
pip install -r requirements.txt
Use
Copyright (C) 2018 blueudp
Source: https://github.com/blueudp/
