Zeus Scanner v1.5 releases: Advanced dork searching utility
Zeus Scanner
What is Zeus?
Zeus is an advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search (default is Google). Zeus has a powerful built-in engine, automates a hidden web browser to pull the search URL, and can run sqlmap and nmap scans on the URL’s.
Requirements
There are a few requirements for this:
- Firefox web browser is required as of now, I will be adding the functionality of most web browsers.
- If you want to run sqlmap through the URL’s you will need sqlmap somewhere on your system.
- If you want to run a port scan using nmap on the URL’s IP addresses. You will need nmap on your system.
- Highly advised tip: Add sqlmap and nmap to your ENV PATH
- Gecko web driver is required and will be installed the first time you run. It will be added to your
/usr/bin
so that it can be run in your ENV PATH. - You must be
sudo
for the first time running this so that you can add the driver to your PATH selenium-webdriver
package is required to automate the web browser and bypass API calls.requests
package is required to connect to the URL, and the sqlmap APIpython-nmap
package is required to run nmap on the URL’s IP addresseswhichcraft
package is required to check if nmap and sqlmap are on your system if you want to use thempyvirtualdisplay
package is required to hide the browser display while finding the search URLxvfb
is required by pyvirtualdisplay, it will be installed if not installed on your first run
Installing
To install Zeus you simply need to do the following:
- (optional but highly advised) add sqlmap and nmap to your environment PATH by moving them to /usr/bin or by adding them to the PATH via terminal
git clone https://github.com/Ekultek/Zeus-Scanner.git
cd into zeus-scanner
pip install -r requirements.txt
sudo python zeus.py
This will install all the package requirements along with the gecko web driver.
Usage
Options:
-h, –help show this help message and exitMandatory Options:
These options have to be used in order for Zeus to run-d DORK, –dork = DORK
Specify a singular Google dork to use for queries
-l FILE -PATH, –dork-list = FILE-PATH
Specify a file -d
, -rand-dork, -d, -d, from, etc / dorks.txt file to
perform the scan
-b URL, – = the URL -blackwidow
Spider a single the webpage for all the URL’s availableAttack the arguments:
for These will of the arguments give you the choice on how you want to check the
the websites-s, –sqli sqlmap the Run a scan on the SQLI Discovered the URL’s
-p, –port-scan Run a Nmap port scan on the discovered URL’s
-i, –intel-check Check if a URL’s host is exploitable via Intel ME AMT
(CVE-2017-5689)
-a, –admin- panel Search for the websites admin panel
–sqlmap-args = SQLMAP-ARGS
Pass the arguments to send to the sqlmap API within
quotes & separated by a comma. IE ‘dbms mysql, verbose
3, level 5′
–nmap-args = NMAP-ARGS
Pass the arguments to send to the nmap API within
quotes & separated by a pipe. IE ‘-O | -p 445, 1080’
–auto-start Attempt to automatically find sqlmap on your system
–search-here = PATH-TO-START
Start searching for sqlmap in this given path
–show-sqlmap Show the arguments that the sqlmap API understands
–show-nmap Show the arguments that nmap understands
-P, –show-possibles
Show all connections made during the admin panel
searchAnonymity arguments:
Arguments that help with anonymity and hiding identity–proxy = PROXY-STRING
Use a proxy to do the scraping, will not auto
configure to the API’s
–proxy-file = FILE-PATH
Grab a random proxy from a given file of proxies
–random-agent Use a random user-agent from the etc / agents.txt file
–agent = USER-AGENT Use your own personal user-agentSearch engine arguments:
Arguments to change the search engine used (default is Google)-D, –search-engine-ddg
Use DuckDuckGo as the search engine
-B, –search-engine-bing
Use Bing as the search engine
-A, –search-engine-aol
Use AOL as the search engineMisc Options :
These options affect how the program will run–verbose Running application in verbose mode (more output)
–show-requests Show all HTTP requests made by the application
–batch batch mode
–update Update to the latest development version
–hide Hide the banner during running
–version Show the current version and exit
Running without a mandatory options, or running the --help
flag will output Zeus’s help menu: A basic dork scan with the -d
flag, from the given dork will launch an automated browser and pull the Google page results: Calling the -s
flag will prompt for you to start the sqlmap API server python sqlmapapi.py -s
from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL’s.