dwisiswant0/go-dork dwisiswant0/go-dork

  • Stars
    star
    998
  • Rank 44,337 (Top 0.9 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 4 years ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dwisiswant0/go-dork
github

dwisiswant0

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The fastest dork scanner written in Go.

go-dork

License contributions welcome

The fastest dork scanner written in Go.

There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask.

Install

  • Download a prebuilt binary from releases page, unpack and run! or
  • If you have Go 1.15+ compiler installed and configured:
> GO111MODULE=on go install dw1.io/go-dork@latest

Usage

Basic Usage

It's fairly simple, go-dork can be run with:

> go-dork -q "inurl:'...'"

Flags

> go-dork -h

This will display help for the tool. Here are all the switches it supports.

Flag Description
-q/--query Search query (required)
-e/--engine Provide search engine (default: Google)
(options: Google, Shodan, Bing, Duck, Yahoo, Ask)
-p/--page Specify number of pages (default: 1)
-H/--header Pass custom header to search engine
-x/--proxy Use proxy to surfing
-s/--silent Silent mode, prints only results in output

Querying

> go-dork -q "inurl:..."

Queries can also be input with stdin

> cat dorks.txt | go-dork -p 5

Defining engine

Search engine can be changed from the available engines: Google, Shodan, Bing, Duck, Yahoo, Ask. However, if the -e flag is not defined, it will use the Google search engine by default.

> go-dork -e bing -q ".php?id="

This will do a search by the Bing engine.

Pagination

By default, go-dork scrapes the first page, you can customize using the -p flag.

> go-dork -q "intext:'jira'" -p 5

It will search sequentially from pages 1 to 5.

Adding custom headers

Maybe you want to use a search filter on the Shodan engine, you can use custom headers to add cookies or other header parts.

> go-dork -q "org:'Target' http.favicon.hash:116323821" \
  --engine shodan -H "Cookie: ..." -H "User-Agent: ..."

Using proxy

Using a proxy, this can also be useful if Google or other engines meet Captcha.

> go-dork -q "intitle:'BigIP'" -p 2 -x http://127.0.0.1:8989

Chained with other tools

If you want to chain the go-dork results with another tool, use the -s flag.

> cat dorks.txt | go-dork | pwntools
> go-dork -q "inurl:'/secure' intext:'jira' site:org" -s | nuclei -t workflows/jira-exploitaiton-workflow.yaml

Supporting Materials

Help & Bugs

If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.

TODOs

  • Fixes Yahoo regexes
  • Fixes Google regexes if using custom User-Agent
  • Stopping if there's no results & page flag was set
  • DuckDuckGo next page

License

MIT. See LICENSE for more details.

More Repositories

1

apkleaks

Scanning APK file for URIs, endpoints & secrets.
Python
4,624
star
2

awesome-oneliner-bugbounty

A collection of awesome one-liner scripts especially for bug bounty tips.
2,438
star
3

crlfuzz

A fast tool to scan CRLF vulnerability written in Go
Go
1,224
star
4

findom-xss

A fast DOM based XSS vulnerability scanner with simplicity.
Shell
717
star
5

ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Rust
546
star
6

gf-secrets

Secret and/or credential patterns used for gf.
Shell
229
star
7

cf-check

CloudFlare Checker written in Go
Go
217
star
8

galer

A fast tool to fetch URLs from HTML attributes by crawl-in.
Go
206
star
9

go-stare

A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
Go
163
star
10

proxylogscan

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
Go
156
star
11

unew

A tool for append URLs, skipping duplicates/paths & combine parameters.
Go
117
star
12

slackcat

A simple way of sending messages from the CLI output to your Slack with webhook.
Go
110
star
13

ngocok

ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.
Go
103
star
14

tlder

TLDs finder — check domain name availability across all valid top-level domains.
Go
90
star
15

wadl-dumper

Dump all available paths and/or endpoints on WADL file.
Go
85
star
16

noizy

A drop-in replacement to Apple Hearing - Background Sounds with over 30+ available sounds.
Go
83
star
17

ipfuscator

A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.
Go
82
star
18

chatgptui

ChatGPT 🤖 with Textual User Interface (TUI) mode written in Go.
Go
78
star
19

hinject

Host Header Injection Checker
Go
76
star
20

stargather

A fast GitHub stargazers information gathering tool
Go
68
star
21

bounty-targets-alert

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
Shell
55
star
22

continuous-nuclei

Running nuclei Continuously
Shell
55
star
23

cve-2023-50164-poc

Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
Go
55
star
24

nuclei-templates-dir

Nuclei Templates Directory
CSS
48
star
25

look4jar

Looking for JAR files that are vulnerable to Log4j RCE (CVE‐2021‐44228)?
Go
44
star
26

secpat2gf

convert secret patterns to gf compatible.
Python
37
star
27

unch

Hides message with invisible Unicode characters
Go
36
star
28

discat

A simple way of sending messages from the CLI output to your Discord channel with webhook.
Go
35
star
29

nodep

A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.
Go
28
star
30

cekBin

Free source to check, verify & validate BIN (Bank Identification Number), credit, debit, charge or a prepaid card.
PHP
24
star
31

gD0rk

Google Hack Database dork automatic tool.
PHP
23
star
32

osscope

A curated GitHub repository that's in-scope and eligible for bounty.
19
star
33

BitslerBOT

Automatically Betting for Bitsler.com
PHP
19
star
34

WiFiID

@wifi.id Account Extractor & Checker
PHP
18
star
35

gollina

Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go
Go
18
star
36

huntr-hacktivity

huntr.dev public disclosures/hacktivity watcher
Shell
16
star
37

Faucet-DOGE-Bot

Get faucet DOGE coin every minutes
16
star
38

croter

A faster way to bruteforce IEEE 802.11 WEP & WPA-PSK key with simplicity written in Go
14
star
39

siml

siml is a CLI tool for discovering similar, related to, competitive, or alternative options to a given site.
Go
12
star
40

cox

Cox is bluemonday-wrapper to perform a deep-clean and/or sanitization of (nested-)interfaces from HTML to prevent XSS payloads.
Go
12
star
41

shloop

Want to execute command repeatedly without workache? Here is shloop born for it!
Go
11
star
42

CVE-2020-5902

CVE-2020-5902
10
star
43

slacksh

Interactivity with *nix shell system flexibly via Slack slash commands.
Go
9
star
44

S3-Downloader

AWS S3 Downloader
Shell
8
star
45

indodax-notify

Get newest cryptocurrency coin price notifications from Indodax market on your desktop!
Shell
8
star
46

leakz-passive-workflow

Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.
JavaScript
8
star
47

yt-dl

YouTube Download
Python
7
star
48

cwa-filter-rules

Updated common web attack threat dataset
Python
6
star
49

CVE-2020-24148

CVE-2020-24148 Proof-of-Concept
6
star
50

increment-commit-hash

Auto replaces commit hash prefix incrementally with lucky-commit by hooking post-commit.
Shell
6
star
51

ghostify-crack

A crack 💥 version of Ghostify, that helps you view Instagram stories without a trace (the story owner won't know you saw their story!)
CSS
5
star
52

advisory

My advisories (backlog)
5
star
53

CVE-2020-9496

4
star
54

rotatemyass

An HideMyAss wrapper as IP proxy rotating
4
star
55

xiaomi-backup

Xiaomi Backup Applications
Shell
4
star
56

Teleslack

Posting Public Telegram Channel Messages to Slack Channel
Python
3
star
57

unmountpoint

Go library to wait for the detached/unmounted state of a path.
Go
3
star
58

cpenum

A fast tool for cPanel user enumeration
3
star
59

CVE-2018-7600

PoC for CVE-2018-7600 Drupal SA-CORE-2018-002 (Drupalgeddon 2).
PHP
3
star
60

prepare-commit-msg-ai

Prepare Git Commit Message with AI: Write commit message based on code changes with AI.
Go
3
star
61

foaas-discord

FOaaS Discord BOT integration to telling people to fuck off!
JavaScript
2
star
62

SpoonBOT

Spoon Cast BOT Tools
PHP
2
star
63

never-gonna-give-u-up

2
star
64

gologger-backtracer

An gologger (by ProjectDiscovery) wrapper to display backtrace
1
star
65

cloe

CL.0 ee! Client-side desync fuzzing [WIP]
JavaScript
1
star
66

bash_recon

1
star
67

slack-boti

PHP Webhook for Slack BOT Interactivity with Slash Commands
PHP
1
star
68

codeql-javascript-unsafe-jquery-plugin

CodeQL
1
star
69

ibin

[WIP] Ignore binaries
1
star
70

Omnibus

1
star
71

shitclone

Recursively repository cloning & do something inside that shit
Shell
1
star
72

docker-slim-action

TypeScript
1
star
73

dwisiswant0

1
star