Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
epsylon
/
xsser
Pridať medzi pozorované 1
Hviezda 0
Fork 0
Súbory Issues 0 Pull requesty 0
Strom: 96caedcaf1
Branche Tagy
xsser
/
xsser
/
core
/
dork.py

dork.py 4.1 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 
  1. #!/usr/bin/env python
    2. 

  2. # -*- coding: utf-8 -*-"
    3. 

  3. # vim: set expandtab tabstop=4 shiftwidth=4:
    4. 

  4. """
    5. 

  5. This file is part of the xsser project, https://xsser.03c8.net
    6. 

  6. 

  7. Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
    8. 

  8. 

  9. xsser is free software; you can redistribute it and/or modify it under
    10. 

  10. the terms of the GNU General Public License as published by the Free
    11. 

  11. Software Foundation version 3 of the License.
    12. 

  12. 

  13. xsser is distributed in the hope that it will be useful, but WITHOUT ANY
    14. 

  14. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    15. 

  15. FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
    16. 

  16. details.
    17. 

  17. 

  18. You should have received a copy of the GNU General Public License along
    19. 

  19. with xsser; if not, write to the Free Software Foundation, Inc., 51
    20. 

  20. Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    21. 

  21. ........
    22. 

  22. 

  23. List of search engines: http://en.wikipedia.org/wiki/List_of_search_engines
    24. 

  24. 

  25. """
    26. 

  26. import urllib2, traceback, re, random
    27. 

  27. urllib2.socket.setdefaulttimeout(5.0)
    28. 

  28. 

  29. DEBUG = 0
    30. 

  30. 

  31. class Dorker(object):
    32. 

  32.     def __init__(self, engine='yahoo'):
    33. 

  33.         self._engine = engine
    34. 

  34.         self.search_engines = [] # available dorking search engines
    35. 

  35.         self.search_engines.append('bing')
    36. 

  36.         self.search_engines.append('yahoo')
    37. 

  37.         self.agents = [] # user-agents
    38. 

  38.         try:
    39. 

  39.             f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
    40. 

  40.         except:
    41. 

  41.             f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
    42. 

  42.         for line in f:
    43. 

  43.             self.agents.append(line)
    44. 

  44. 

  45.     def dork(self, search):
    46. 

  46.         """
    47. 

  47.         Perform a search and return links.
    48. 

  48.         """
    49. 

  49.         if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018
    50. 

  50.             search_url = 'https://www.bing.com/search?q="' + search + '"'
    51. 

  51.         elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018
    52. 

  52.             search_url = 'https://search.yahoo.com/search?q="' + search + '"'
    53. 

  53.         else:
    54. 

  54.             print "\n[Error] This search engine is not supported!\n" 
    55. 

  55.             print "[Info] List of available:"
    56. 

  56.             print '-'*25
    57. 

  57.             for e in self.search_engines:
    58. 

  58.                 print "+ "+e
    59. 

  59.             print ""
    60. 

  60.         try:
    61. 

  61.             self.search_url = search_url
    62. 

  62.             print "\n[Info] Search query:", urllib2.unquote(search_url)
    63. 

  63.             user_agent = random.choice(self.agents).strip() # set random user-agent
    64. 

  64.             referer = '127.0.0.1' # set referer to localhost / WAF black magic!
    65. 

  65.             headers = {'User-Agent' : user_agent, 'Referer' : referer}
    66. 

  66.             req = urllib2.Request(search_url, None, headers)
    67. 

  67.             html_data = urllib2.urlopen(req).read()
    68. 

  68.             print "\n[Info] Retrieving requested info..."
    69. 

  69.         except urllib2.URLError, e:
    70. 

  70.             if DEBUG:
    71. 

  71.                 traceback.print_exc()
    72. 

  72.             print "\n[Error] Cannot connect!"
    73. 

  73.             return
    74. 

  74.         if self._engine == 'bing':
    75. 

  75.             regex = '<h2><a href="(.+?)" h=' # regex magics 09-04/2018
    76. 

  76.         if self._engine == 'yahoo':
    77. 

  77.             regex = 'RU=(.+?)/RK=' # regex magics [09/04/2018]
    78. 

  78.         pattern = re.compile(regex)
    79. 

  79.         links = re.findall(pattern, html_data)
    80. 

  80.         found_links = []
    81. 

  81.         if links:
    82. 

  82.             for link in links:
    83. 

  83.                 link = urllib2.unquote(link)
    84. 

  84.                 if self._engine == "yahoo":
    85. 

  85.                     if "RU=https://www.yahoo.com/" in link:
    86. 

  86.                         link = "" # invalid url
    87. 

  87.                 if search.upper() in link.upper(): # parse that search query is on url
    88. 

  88.                     sep = search
    89. 

  89.                     link2 = link.split(sep,1)[0]
    90. 

  90.                     if link2 not in found_links: # parse that target is not duplicated
    91. 

  91.                         found_links.append(link)
    92. 

  92.         else:
    93. 

  93.             print "\n[Info] Not any link found for that query!"
    94. 

  94.         return found_links
    95. 

  95. 

  96. if __name__ == '__main__':
    97. 

  97.     for a in ['yahoo', 'bing']:
    98. 

  98.         dork = Dorker(a)
    99. 

  99.         res = dork.dork("news.php?id=")
    100. 

  100.         if res:
    101. 

  101.             print "[+]", a, ":", len(res), "\n"
    102. 

  102.             for b in res:
    103. 

  103.                 print " *", b
    104. 

  104.