• Stars
    star
    337
  • Rank 125,272 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Selenium powered Python script to automate searching for vulnerable web apps.

DorkNet

Selenium powered Python script to automate searching the web for vulnerable applications.

DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save them to a textfile for further processing with SQLmap or similar utilities.

Usage

git clone https://github.com/NullArray/DorkNet.git
cd DorkNet
python dorknet.py

The options for the program are as follows.

-h, --help              show this help message and exit
-d DORK, --dork DORK    specify the dork you wish to use
-l LIST, --list LIST    specify path to list with dorks
-v, --verbose           toggle verbosity

Some examples for clarity.

DorkNet.py -h
DorkNet.py -d inurl:show.php?id= -v
DorkNet.py -l /path/to/list.txt --verbose

Proxifying

I have included the ability to proxy the connection of the web driver if desired. Simply provide the proxy IP and PORT when the dialog comes up and the search engine will be accessed via the proxy settings you have provided.

Dependencies

You will need the Mozilla Geckodriver for this to work. You can install it manually. However i've added a shell script to automate the process if you'd prefer.

To use it, navigate to the DorkNet directory and make the shell script executable like so.

cd DorkNet
chmod +x gecko-setup.sh

# Execute the shell script with the below command.
sudo ./gecko-setup.sh

The shell script has an option to automatically install the rest of the dependencies as well, via the requirements file, by invoking the following commands.

sudo -H pip install -r requirements.txt

Beta Update

I've added some logic that lets the user run Geckodriver in Headless Mode, that is to say, without the traditional UI. This is useful if you have a particularly long list of dorks you'd like to work with. In it's current implementation, the function that is responsible for proxyfying our connection to Google interferes with the operations required to set the Geckodriver options to enable headless mode. Therefore, running DorkNet with the --nogui flag and a proxy enabled will not work as it is supposed to.

However, users that would like to run the program in headless mode anyway, can. I've committed all the relevant code to the repo. For the tme being it's just been commented out. Remove the comments and it should work without issue. Check out the commit historry here to see the affected lines.

Now if you really want to proxy your connection while --nogui is set, you can start DorkNet with ProxyChains like so;

proxychains python dorknet.py -l /path/to/dorks.list --nogui --verbose

If you don't have ProxyChains simply follow the link above or use your package manager to install it. Thank you.

Note

DorkNet is featured in the BlackArch Linux PenTesting Distro under WebApp Tools & Automation. As such it comes pre-installed with the distro. Refer to the relevant PKGBUILD file in it's respective repo for details.

Known Issue

By using Selenium and Geckodriver, DorkNet is effective at emulating a regular browser. In this manner the program is able to avoid captchas most of the time. However on limited occasions, Google throws one regardless. The same sometimes happens when manually searching for strings that look like a dork. Should you encounter one, you can just fill out the captcha in the Geckodriver and DorkNet will continue it's normal operation.

More Repositories

1

AutoSploit

Automated Mass Exploiter
Python
4,996
star
2

RootHelper

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.
Shell
479
star
3

IntRec-Pack

Intelligence and Reconnaissance Package/Bundle installer.
Shell
229
star
4

Cypher

Pythonic ransomware proof of concept.
Python
214
star
5

PyCat

Python network tool, similar to Netcat with custom features.
Python
190
star
6

MIDA-Multitool

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Shell
159
star
7

NetSet

Operational Security utility and automator.
Shell
129
star
8

Mimir

OSINT Threat Intel Interface - CLI for HoneyDB
Python
111
star
9

WinKernel-Resources

A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.
C++
107
star
10

Archivist

A ctypes powered python keylogger.
Python
102
star
11

AmpliSpy

Check local or remote list of DNS servers for suitability in DNS Amplification DoS.
Python
46
star
12

Shogun

Shodan.io Command Line Interface
Python
44
star
13

SysEnum

Simple Bash script to retrieve basic system information.
Shell
30
star
14

QuickScan

Port scanning and domain utility.
Python
29
star
15

SBD

Static Binary Deployer. Download and deploy *Nix utilities on a compromised system.
Shell
28
star
16

PyParser-CVE

Multi source CVE/exploit parser.
Python
27
star
17

MaliciousDLLGen

Malicious DLL Generator in Py3
C
26
star
18

Shellshocker

A Bash script to test a list of URLs for the shellshock vulnerability.
Shell
25
star
19

Shellware

Persistent bind shell via pythonic shellcode execution, and registry tampering.
Python
22
star
20

MS-PS-Installer

Automated PowerShell installer for *Nix with multi Distro support.
Shell
18
star
21

WinBins-Plus

Repo to store Windows PE's and Utilities for easy access.
Assembly
16
star
22

GistList

Repo to host a comprehensive list of all my Public Gists with a short description for each item and a link to the Gist pages in question..
14
star
23

l0ck3r

Automated encryption utilities and installation
Shell
12
star
24

HTTP-Server

Basic HTTP Server with a feature to invoke a shell in the dir the files are being served from.
Python
11
star
25

Ransom

first commit
CSS
10
star
26

vBulBot

A vBulletin bot in python.
Python
8
star
27

VM-Nexus

Multi-platform installer and wrapper for QEMU.
Python
8
star
28

ChromaScope

Pseudo library for python, provides custom colored text formatting in a convenient way.
Python
6
star
29

FormEnum

Simple script to enumerate forms with mechanize lib.
Python
4
star
30

KernMan

Bash script to help with kernel management.
Shell
4
star
31

QuickEnc

OpenSSL Based Quick Crypt
Shell
1
star