• Stars
    star
    221
  • Rank 179,773 (Top 4 %)
  • Language
    Shell
  • Created over 12 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

BinGoo! A Linux bash based Bing and Google Dorking Tool
                                         __   _,--="=--,_   __
                                        /  \."    .-.    "./  \
				       /  ,/  _   : :   _  \/` \
                                       \  `| /o\  :_:  /o\ |\__/
                                        `-'| :="~` _ `~"=: |
                                           \`     (_)     `/
                                    .-"-.   \      |      /   .-"-.
                               .---{     }--|  /,.-'-.,\  |--{     }---.
                                )  (_)_)_)  \_/`~-===-~`\_/  (_(_(_)  (
                               (   ____  _        ____             _   )
                                ) | __ )(_)_ __  / ___| ___   ___ | | (
                               (  |  _ \| | '_ \| |  _ / _ \ / _ \| |  )
                                ) | |_) | | | | | |_| | (_) | (_) |_| (
                               (  |____/|_|_| |_|\____|\___/ \___/(_)  )
                                )                                     (
                               '-----v1--------------By-Hood3dRob1n----'

                                  Welcome to the BinGoo README file!    

This should give you a general overview of what the tool is all about and how to go about using it. This is a the result of a project of mine to come up with better solution for gathering mass links for research and I tweaked it to align with my hacking needs. I also decided I was going to do everything in bash to make things difficult on myself, well cause thats how I am :p

BinGoo is my version of an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities. The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations I made in bash or you can use the SQLMAP and FIMAP wrapper tools I wrote which work much better and with greater accuracy and results. I have also included a few neat features to make life easy, such as Geo dorking based on domain type or domain country codes or shared hosting checker which uses preconfigured Bing search and a dork list to find possible vulns on other sites on same server. I also included a simple admin page finder which simply works based on a provided list and server response codes for confirmation of existance. Together I think it all works as a nice little package!

----------
BinGoo 101:
--------------
Pre-requisites:
--------------
	- LYNX & CURL required for core functionality
		- LYNX/CURL Install: apt-get install lynx; apt-get install curl
	- NMAP, FIMAP & SQLMAP required for plugins and testing functionality (digger, fimap & sqlmap wrappers). Install with SVN from where you want to store them:
		- FIMAP install: svn checkout http://fimap.googlecode.com/svn/trunk/ fimap
			- cd fimap/; chmod +x fimap.py; ./fimap.py --help
		- SQLMAP install: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap
			- cd sqlmap/; chmod +x sqlmap.py; ./sqlmap.py --help
		- NMAP install: svn co https://svn.nmap.org/nmap nmap
			- cd nmap/; ./configure; make; sudo make install; nmap --help

NOTE: The FIMAP instance needs to be the SVN version as it contains features used which are not included in the standard version (or that which is included with BackTrack by default, --bmin, --bmax, -D + options....) so delete your old copy or just install it side by side, whatever floats your boat...

You can enter all path info in the BinGoo file on lines 14-21 in the config section to adjust as needed. 

------------------
FUNCTIONS OVERVIEW:
------------------------
1) Google & Bing Dorkers:
------------------------
Simply choose the search engine you want to use at the main menu and then follow the prompts. You can run a single dork based on your user input and get as custom as you like OR you can point it to a dork file. I have included a few with the default package which can be found in the dorks/ directory within BinGoo/ folder. You can point it anywhere you want, just ensure there is one dork per line so it doesnt mess things up. Once all info provided the tool will work its magic and generate links files for output containing all results. You will get a file called b-links.txt for Bing searches and g-links.txt for Google searches.

NOTE: The Google dorker doesnt bypass the Google restrictions anymore but if you scan and then analyze or scan with Google, then scan with Bing, then Analyze you will keep the blocks down to a minimum and shouldnt notice any issues. If you dont get results from Google it is likely due to temporary IP block, just use Bing until it refreshes and goes away (take note of first advice to avoid this situation).

------------------
2) Bing Geo Dorker:
------------------
This is my way of allowing users to define the domain type for their searches. I have set a pre-built list of dorks which i use for this option (dorks/site.lst) which you can modify if you like. It runs a list scan against the user provided SITE TYPE or COUNTRY CODE and generates the link results into a file which will include the Geo code or Site Type provided to make it easier to keep track of. 

Options for Bing Geo Dorker include:
AC AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BM BN BO BR BS BT BW BY BZ
CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CX CY CZ DE DJ DK DM DO DZ EC EE EG ER ES ET EU FI FJ FK FM FO FR
GA GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HM HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP  
KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ  
NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW
SA SB SC SD SE SG SH SI SK SL SM SN SO SR SS ST SV SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ
UA UG UK US UY UZ VA VC VE VG VI VN VU WF WS YE ZA ZM ZW 

BIZ COM INFO NET ORG AERO ASIA CAT COOP EDU GOV INT JOBS MIL MOBI MUSEUM TEL TRAVEL XXX

----------------------------
3) Bing Shared Hosting Check:
----------------------------
This module will run a list scan using dorks/sharedhosting.lst against user provided IP or Site name to see if there are any other sites on the same server which might have possible vulnerabilities. You can shrink or expand the dork file used as you like.

--------------------
4) Digger Recon Tool:
--------------------
This is another script I wrote separately and decided to incorporate into the mix as I find it useful all the time so figured others would too. It is in the plugins folder and is called by the main script via the menu options. It uses a few built in tools and a few online sites to gather information on a target site. It will run a check on Alexa Ranking, SameIP Shared hosting check, Bing shared hosting check, Sub-domain check, whois info, and a quick nmap scan. Together this can provide a wealth of information with barely taking direct aim (you can comment out the nmap scan if you like to tone it down a bit)

-----------------------
Analyze & Tools Section:
-----------------------
This option actually takes you to a new menu section where you can perform post dorking activities. Here is quick overview of the available options from this menu:

Analyze Bing Links File: 
this option will analyze ONLY the b-links.txt file which is generated by a Bing search from the main menu

Analyze Google Links File: 
this option will analyze ONLY the g-links.txt file which is generated by a Google search from the main menu

Analyze BOTH Google & Bing links files: 
this option actually combines the two files into a single file and then runs the analysis check on the new file. 

Analyze My Links File: 
This is an option which allows you to point the tool to your own links file. This can be any file you want as long as it has a single link per line

NOTE: above analyze options all run a injection and regex check against the pages to check for common signs of injection vulnerabilities and classifies accordingly. You can check source for regex if you want to add or remove anything from the lists used. The positive results are filted into the results/ folder and classified based on how or what was found. The positive regex is clearly labeled as LFI or SQL and in terminal even includes the line where it was found which is helpful in determine what is garbage and what is real. Possibles.results file is full of pages where the injected page returned a 85% loss of text AND had a reduction in table rows (a decent indication that the injection has caused changed also indicating a potential vuln), not very accurate but better to mark and review manually than to omit altogether. If you have a better method please share with me so I can improve this function :) Small issue when back to back vulns identified causing the next third site to be marked as vuln when it isn't, further validation tests will get rid of these but this is your heads up its not 100% perfect. 

------------
Admin Finder:
------------ 
This is my homebrewed admin finder. It uses a small word list (plugins/admin.lst) and judges server response and reports back accordingly. You can add to the list as much as you like. The source has been coded to optimize and emulate multi-threading to handle larger lists if/when needed. The default list works pretty good though. 

---------
LFI Tools:
---------
This takes you to another sub-menu where you can choose to run my homebrewed validator script or you can run my FIMAP wrapper to confirm LFI vulnerabilities. My tester doesnt work 100% and is a work in progress but included in case someone wants to help me get it going a little better just to show it can be done in bash :) 
	FIMAP wrapper works great! It allows you to choose if you want to run scan against a single site, 		the default found results/LFI.results file which is generated after a successful analysis run, or 		you can point it at your own link file to test. This means you can process one at a time or in 		bulk!

----------
SQLi Tools:
----------
Very similar to the LFI tools section. I have created a homebrew column counter for verbose vulnerabilities. It works ok, but still in the works. As a backup I have built a SQLMAP wrapper script to allow you to pass them off to be validated by SQLMAP for certainty. As with the LFI wrapper you can choose to run against a single site, the default results/SQLi.results file from analysis stage, or a custom file of your chosing with one link per line to test in bulk. 


------------
KNOWN ISSUES:
------------
curl --ssl option not recognized on default BackTrack curl installation. Simply remove this from the curl_magic() function within the main bingoo script (line 474 & 475) and you should be fine. 

If your not using the SVN version of FIMAP you need to remove the "--bmin=4 --bmax=9 -D --dot-trunc-also-unix" from all three (3) occurances within the LFI script located in the plugins/ directory (line 77, line 96, and line 109). Eventually this will be included in updated versions of FIMAP and therefore default installs but until then we need to work out of SVN for best results. Deal with it :p

Occassionally SQLMAP formatting gets junked in terminal. Results and process flow should flow as normal so dont worry about it. If you need to see the results clearer just open the sqlmap/output/<site> folder and view the log file to see the full details from SQLMAP scan. Let it run as if you dont get a clean exit it can leave some processes running in background. You can try to kill them all with some command along the lines of this: 
	ps aux | grep bingoo | cut -d' ' -f6 | while read line; do kill -9 $line; done;
If it doesnt work you will know as shit still flows to the terminal screen, but this should kill off all instances of bingoo if left running in background. You might also repeat for "curl" if some threads sneak by even after the first kill shot using "bingoo" :)


You can press CTRL+C at anypoint to abort an active session and most active processes will be killed and all in progress work dumped to crash.results file so you dont completely loose things. This project is a constant work in progress so changes and updates may occur as time goes on. Again if you have questions, suggestions, or improvements and contributions you can email me at [email protected]

Let it also be known that I in no way take any responsibility for anything you do with this tool. Use at your own risk. Be safe and until next time, enjoy!

Greetz,
H.R.

#EOF

More Repositories

1

SQLMAP-Web-GUI

PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
PHP
324
star
2

JSRat-Py

This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.
Python
301
star
3

creep3r

This is a big smash up of a lot of various tools I have made in the past along with some new ones. It includes a array of tools for helping with pentesting and messing around on the net. Currently only have installer files made for Ubuntu & Debian systems, but if you know what you're doing you can easily read them and get what you need to get all the dependencies installed on your own. I made a quick basic demonstration video you to give a general overview of what it has included, you can watch it here: http://youtu.be/z9rq1SBIYI0 Here is another short video to show how the Dorker piece works: http://youtu.be/43aphr0QRng It's a bit of a constant work in progress but will be posting updates from time to time as I add more stuff and get them stabilized and working properly without much issue. If you have any questions, comments, or suggestions just let me know. Thanks, H.R.
Ruby
84
star
4

CVE-2016-3714

ImaegMagick Code Execution (CVE-2016-3714)
Python
68
star
5

Linux-RDP

Linux RDP Scanner and Bruteforcer Scripts
Shell
61
star
6

addicted2hash

Hashcat Bash Scripts for bulk hash file processing
Python
52
star
7

SQLi

General Scripts to help with various types of SQL Injection
Ruby
30
star
8

Kalista

A Kali Linux Tool to assist with security audits and pentesting. Lots of wrappers for commonly used tools to help extend their usefulness while making a lot of the experience easy on the user.
29
star
9

Y.A.S.P.

Yet Another SMB PSEXEC (Y.A.S.P) Tool
Ruby
21
star
10

LotusCMS-Exploit

LotusCMS 3.0 eval() Remote Command Execution
Ruby
13
star
11

Ruby-Bind-and-Reverse-Shells

Ruby Bind and Reverse Shells I wrote using standard libs. Bind Shell includes authentication while reverse does not. Standard libs only so should work in most places you find Ruby supported. Hope its helpsful to someone.....
Ruby
12
star
12

Reverser

Reverser - A Quick Reverse Connection Deployment Script
Shell
12
star
13

Inf0rm3r

Inf0rm3r - A Linux Info & Ssytem Enumeration Script
Ruby
11
star
14

OhNo

OhNo - The Evil Image Builder & Meta Manipulator
Ruby
10
star
15

SearchSploits.rb

Search Tool for easy handling of the Exploit-DB Archive & associated CSV file
Ruby
9
star
16

RubyCat

RubyCat - A Pure Ruby NetCat Alternative
Ruby
8
star
17

ShodanAPI

This is the Shodan API Class & Search tool that I wrote in Ruby since their default API wasn't working for me. You can either drop the API class in and use how you like or you can just use or tweak the tool I made iwth it. Open to questions, suggestions and general feedback...
Ruby
8
star
18

PMA

Simple PhpMyAdmin Finder and Bruteforcer Script
Shell
6
star
19

Ding.rb

Ding-2: A Faster Better Bing Dork Scanner
Ruby
4
star
20

D-Link-Dir-600---Dir-300-RCE-Exploit

D-Link Dir-600 & Dir-300 RCE Exploit By: Hood3dRob1n ============ Vulnerable Firmware Releases - DIR-300: ============ Firmware Version : 2.12 - 18.01.2012 Firmware Version : 2.13 - 07.11.2012 ============ Vulnerable Firmware Releases - DIR-600: ============ Firmware-Version : 2.12b02 - 17/01/2012 Firmware-Version : 2.13b01 - 07/11/2012 Firmware-Version : 2.14b01 - 22/01/2013 In response to vuln & PoC posted on PacketStorm, by Michael Messner: http://packetstormsecurity.com/files/120052/D-Link-DIR-600-DIR-300-Command-Execution-Bypass-Disclosure.html PIC: http://i.imgur.com/nrmRxLi.png PIC: http://i.imgur.com/jtMmCps.png
Ruby
4
star
21

smbclient-rb

A Ruby class which wraps the smbclient tool to make easily available from your Ruby scripts/apps
Ruby
3
star
22

HR-WebShell

A web shell I made while trying to pick up PHP.
PHP
3
star
23

phpThumb_rce.rb

phpThumb <= 1.7.9-2008 RCE Exploit
Ruby
3
star
24

PHPKIT

PHPKIT <= 1.6.1 SQLi Exploit Script
Shell
3
star
25

WhatsMyIP.rb

Simple Script to find both Internal and External IP Addresses
Ruby
3
star
26

Webmin-LFD

Webmin|Usermin <= 1.29x Remote File Disclosure Exploit
Shell
3
star
27

MySQL-Fu.rb

MySQL-Fu is a Ruby based MySQL Client Script I wrote. It does most of the stuff a normal MySQL client might do: SQL Shell, Update/Delete/Drop Database/Table, Add/Delete Users, Dump Database(s)/Table w/ option for gzip...... Plus a few extra options to make life a little easier for pentests. Includes Several builtin PHP Command Shell options as well as Pentestmonkey's PHP Reverse Shell, in addition to multiple options for file writing and reading (all files read logged locally for offline analysis later), also includes Ruby port of Kingcope's CVE-2012-5613 Linux MySQL Privilege Escalation Exploit.
Ruby
3
star
28

ipb_lt-3.3.4_rce.rb

IPB <= 3.3.4 Remote Code Execution Exploit
Ruby
2
star
29

rpcclient-rb

A Ruby class which wraps the rpcclient tool to make easily available from your Ruby scripts/apps
Ruby
2
star
30

SYM

Bash Symlinker Script (OS, Perl, or PHP based methods)
Shell
2
star
31

Exploit-DB-Local-Archive-Search-Tool

This is a Ruby script I wrote to perform searches against the Exploit-DB Local Archive. It adds some better logic to the searches over the bash version in my opinion, also adds some much needed color :)
Ruby
2
star
32

Shell-Storm-Ruby-API

# Search and display all shellcodes in shell-storm database # I just wanted to make my own version in Ruby for fun :p Many Thanks to Jonathan Salwan for his hard work and great site!
1
star