dorkbot – Command-Line Tool For Google Dorking

Use Netsparker


dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.

dorkbot - Command-Line Tool For Google Dorking


How dorkbot works

It is broken up into two sets of modules:

  • Indexers – modules that issue a search query and return the results as targets
  • Scanners – modules that perform a vulnerability scan against each target

Targets are stored in a local database file upon being indexed. Once scanned, any vulnerabilities found by the chosen scanner are written to a standard JSON report file. Indexing and scanning processes can be run separately or combined in a single command.

dorkbot Google Vulnerability Scanner Usage

Example:


The scanner module also needs:

Arachni – Web Application Security Scanner Framework
Wapiti – Web Application Scanner / Black-box testing

You can download dorkbot here:

dorkbot-master.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


Comments are closed.