Pagodo - Automate Google Hacking Database Scraping And Searching

The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py.

What are Google Dorks?
The awesome folks at Offensive Security maintain the Google Hacking Database (GHDB) found here: https://www.exploit-db.com/google-hacking-database. It is a collection of Google searches, called dorks, that can be used to find potentially vulnerable boxes or other juicy info that is picked up by Google's search bots.

Installation
Scripts are written for Python 3.6+. Clone the git repository and install the requirements.

git clone https://github.com/opsdisk/pagodo.git
cd pagodo
virtualenv -p python3 .venv  # If using a virtual environment.
source .venv/bin/activate  # If using a virtual environment.
pip install -r requirements.txt

Google is blocking me!
If you start getting HTTP 503 errors, Google has rightfully detected you as a bot and will block your IP for a set period of time. The solution is to use proxychains and a bank of proxies to round robin the lookups.
Install proxychains4

apt install proxychains4 -y

Edit the /etc/proxychains4.conf configuration file to round robin the look ups through different proxy servers. In the example below, 2 different dynamic socks proxies have been set up with different local listening ports (9050 and 9051). Don't know how to utilize SSH and dynamic socks proxies? Do yourself a favor and pick up a copy of The Cyber Plumber's Handbook to learn all about Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss.

vim /etc/proxychains4.conf

round_robin
chain_len = 1
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
socks4 127.0.0.1 9051

Throw proxychains4 in front of the Python script and each lookup will go through a different proxy (and thus source from a different IP). You could even tune down the -e delay time because you will be leveraging different proxy boxes.

proxychains4 python3 pagodo.py -g ALL_dorks.txt -s -e 17.0 -l 700 -j 1.1

ghdb_scraper.py
To start off, pagodo.py needs a list of all the current Google dorks. A datetimestamped file with the Google dorks and the indididual dork category dorks are also provided in the repo. Fortunately, the entire database can be pulled back with 1 GET request using ghdb_scraper.py. You can dump all dorks to a file, the individual dork categories to separate dork files, or the entire json blob if you want more contextual data about the dork.
To retrieve all dorks

python3 ghdb_scraper.py -j -s

To retrieve all dorks and write them to individual categories:

python3 ghdb_scraper.py -i

Dork categories:

categories = {      1: "Footholds",      2: "File Containing Usernames",      3: "Sensitives Directories",      4: "Web Server Detection",      5: "Vulnerable Files",      6: "Vulnerable Servers",      7: "Error Messages",      8: "File Containing Juicy Info",      9: "File Containing Passwords",      10: "Sensitive Online Shopping Info",      11: "Network or Vulnerability Data",      12: "Pages Containing Login Portals",      13: "Various Online devices",      14: "Advisories and Vulnerabilities",  }  

pagodo.py
Now that a file with the most recent Google dorks exists, it can be fed into pagodo.py using the -g switch to start collecting potentially vulnerable public applications. pagodo.py leverages the google python library to search Google for sites with the Google dork, such as:

intitle:"ListMail Login" admin -demo  

The -d switch can be used to specify a domain and functions as the Google search operator:

site:example.com  

Performing ~4600 search requests to Google as fast as possible will simply not work. Google will rightfully detect it as a bot and block your IP for a set period of time. In order to make the search queries appear more human, a couple of enhancements have been made. A pull request was made and accepted by the maintainer of the Python google module to allow for User-Agent randomization in the Google search queries. This feature is available in 1.9.3 and allows you to randomize the different user agents used for each search. This emulates the different browsers used in a large corporate environment.
The second enhancement focuses on randomizing the time between search queries. A minimum delay is specified using the -e option and a jitter factor is used to add time on to the minimum delay number. A list of 50 jitter times is created and one is randomly appended to the minimum delay time for each Google dork search.

categories = {
    1: "Footholds",
    2: "File Containing Usernames",
    3: "Sensitives Directories",
    4: "Web Server Detection",
    5: "Vulnerable Files",
    6: "Vulnerable Servers",
    7: "Error Messages",
    8: "File Containing Juicy Info",
    9: "File Containing Passwords",
    10: "Sensitive Online Shopping Info",
    11: "Network or Vulnerability Data",
    12: "Pages Containing Login Portals",
    13: "Various Online devices",
    14: "Advisories and Vulnerabilities",
}

Latter in the script, a random time is selected from the jitter array and added to the delay.

intitle:"ListMail Login" admin -demo

Experiment with the values, but the defaults successfully worked without Google blocking my IP. Note that it could take a few days (3 on average) to run so be sure you have the time.
To run it:

site:example.com

Conclusion
Comments, suggestions, and improvements are always welcome. Be sure to follow @opsdisk on Twitter for the latest updates.

Download Pagodo

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related articles

1. Pentest Tools Review
2. Nsa Hack Tools Download
3. Hacking Tools For Windows 7
4. Hacker Tools For Ios
5. Nsa Hack Tools
6. Pentest Tools Android
7. Pentest Tools Framework
8. Hacking Tools 2020
9. Hacker Tools Apk
10. Pentest Tools Find Subdomains
11. Hacker Tools For Mac
12. Hacking Tools Software
13. Hacker Tool Kit
14. Pentest Tools Website
15. Hacking Tools For Mac
16. Hak5 Tools
17. Computer Hacker
18. Nsa Hack Tools Download
19. Termux Hacking Tools 2019
20. Hacking Tools For Beginners
21. Hacking Tools For Windows
22. Underground Hacker Sites
23. Hacking Tools Github
24. New Hack Tools
25. Hack Tools For Games
26. Hackrf Tools
27. Pentest Tools Open Source
28. Nsa Hack Tools
29. Hacker Tools Software
30. Pentest Tools Linux
31. How To Hack
32. Hacker Tools Apk Download
33. Hack Tools For Ubuntu
34. Hacking App
35. Hacker Security Tools
36. Hacker Tool Kit
37. Tools For Hacker
38. Pentest Tools Website
39. Pentest Automation Tools
40. Hacking Tools Pc
41. Hack Tools For Mac
42. Termux Hacking Tools 2019
43. Termux Hacking Tools 2019
44. Hacking Tools Download
45. Best Hacking Tools 2019
46. Hacker Tools For Windows
47. Hacker Tools Online
48. Hacking Tools For Windows 7
49. Hackers Toolbox
50. How To Make Hacking Tools
51. Hacker Tools Apk
52. Wifi Hacker Tools For Windows
53. Hacker Tools
54. Hack Tools Mac
55. Hacking Tools Github
56. Github Hacking Tools
57. Pentest Tools Bluekeep
58. Hack Website Online Tool
59. Pentest Tools For Ubuntu
60. Pentest Reporting Tools
61. Pentest Tools Kali Linux
62. Hack And Tools
63. Pentest Tools Bluekeep
64. Pentest Tools Website
65. Hack Tools Online
66. Hack Tools
67. Hacking Tools For Windows 7
68. Hackers Toolbox
69. Underground Hacker Sites
70. Hack Tool Apk No Root
71. Pentest Tools Android
72. Hacking Tools For Windows Free Download
73. Hacker Tool Kit