#!/usr/bin/env python # -*- coding: utf-8 -*-" # vim: set expandtab tabstop=4 shiftwidth=4: """ This file is part of the XSSer project, https://xsser.03c8.net Copyright (c) 2010/2019 | psy xsser is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 3 of the License. xsser is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with xsser; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ........ List of search engines: http://en.wikipedia.org/wiki/List_of_search_engines Currently supported: duck(default), startpage, yahoo, bing """ import urllib2, traceback, re, random, urllib urllib2.socket.setdefaulttimeout(5.0) DEBUG = 0 class Dorker(object): def __init__(self, engine='duck'): self._engine = engine self.search_engines = [] # available dorking search engines self.search_engines.append('duck') self.search_engines.append('startpage') self.search_engines.append('yahoo') self.search_engines.append('bing') self.agents = [] # user-agents try: f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents except: f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing for line in f: self.agents.append(line) def dork(self, search): """ Perform a search and return links. """ if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018 -> 26-08-2019 search_url = 'https://www.bing.com/search?q="' + str(search) + '"' print "\nSearching query:", urllib2.unquote(search_url) elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018 -> 26-08-2019 search_url = 'https://search.yahoo.com/search?q="' + str(search) + '"' print "\nSearching query:", urllib2.unquote(search_url) elif self._engine == 'duck': # works at 26-08-2019 search_url = 'https://duckduckgo.com/html/' q = 'instreamset:(url):"' + str(search) + '"' # set query to search literally on results query_string = { 'q':q } print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]" elif self._engine == 'startpage': # works at 26-08-2019 search_url = 'https://www.startpage.com/do/asearch' q = 'url:"' + str(search) + '"' # set query to search literally on results query_string = { 'cmd':'process_search', 'query':q } print "\nSearching query:", urllib2.unquote(search_url) + " [POST: (" + q + ")]" else: print "\n[Error] This search engine is not being supported!\n" print '-'*25 print "\n[Info] Use one from this list:\n" for e in self.search_engines: print "+ "+e print "\n ex: xsser -d 'profile.asp?num=' --De 'duck'" print " ex: xsser -l --De 'startpage'" print "\n[Info] Or try them all:\n\n ex: xsser -d 'news.php?id=' --Da\n" try: self.search_url = search_url user_agent = random.choice(self.agents).strip() # set random user-agent referer = '127.0.0.1' # set referer to localhost / WAF black magic! headers = {'User-Agent' : user_agent, 'Referer' : referer} if self._engine == 'bing' or self._engine == 'yahoo': # using GET req = urllib2.Request(search_url, None, headers) elif self._engine == 'duck' or self._engine == 'startpage': # using POST data = urllib.urlencode(query_string) req = urllib2.Request(search_url, data, headers) html_data = urllib2.urlopen(req).read() print "\n[Info] Retrieving requested info..." except urllib2.URLError, e: if DEBUG: traceback.print_exc() print "\n[Error] Cannot connect!" print "\n" + "-"*50 return if self._engine == 'bing': regex = '