dork-cli – Command-line Google Dork Tool

Use Netsparker


dork-cli is a Python-based command-line Google Dork Tool to perform searches against Google’s custom search engine. A command-line option is always good as it allows you to script it in as part of your automated pen-testing suite.

dork-cli - Command-line Google Dork Tool


It will return a list of all the unique page results it finds, optionally filtered by a set of dynamic page extensions.

Any number of additional query terms/dorks can be specified. dork-cli was designed to be piped into an external tool such as a vulnerability scanner for automated testing purposes.

Setup dork-cli Google Dork Tool

In order to use this program you need to configure at a minimum two settings: a Google API key and a custom search engine id.

Custom Search Engine:

  • Create a custom search engine via https://www.google.com/cse/
  • Add your desired domain(s) under “Sites to search”
  • Click “Search engine ID” button to reveal the id, or grab it from the “cx” url paramter

API key:

  • Open the Google API console at https://code.google.com/apis/console
  • Enable the Custom Search API via APIs & auth > APIs
  • Create a new API key via APIs & auth > Credentials > Create new Key
  • Select “Browser key”, leave HTTP Referer blank and click Create

Usage of dork-cli Google Dorking Tool


API Limitations For Google Dorks

The free Google API limits you to 100 searches per day, with a maximum of 10 results per search. This means if you configure dork-cli.py to return 100 results, it will issue 10 queries (1/10th of your daily limit) each time it is run. You have the option to pay for additional searches via the Google API console. At the time of writing, signing up for billing on the Google API site gets you $300 free to spend on API calls for 60 days.

You can also check out:

snitch – Information Gathering Tool Via Dorks
Goolag – GUI Tool for Google Hacking

You can download dork-cli Google Dorks Tool here:

dork-cli.py

Or read more here.

Posted in: Hacking Tools


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


Comments are closed.