SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata

Related tags

Third-party APIs Wrappersosintgoogledork
Overview

SickNerd

CLI tool for making Google Dorking a passive recon experience. SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata. By default it sleeps between queries, randomizes user-agent, retries 429 and failed requests recursively, and prints output after each query. Validation requests can be done after to grab metadata.

SickNerd comes with a default list of dorks aimed at finding sensitive files but accepts input files and can fetch dorks from GHDB. Dorks taken from GHDB can be filtered down by tags and year of creation. Multiple domains can be dorked at once and dorks are run at random.

Getting Started

Usage

sicknerd.py -h

usage: sicknerd.py [-h] [-i INPUT] [-o OUTPUT] [-f FETCH | -d DORKS] [-p] [-q]
                   [-y YEARS] [-m MAX]

CLI tool for making Google Dorking a passive recon experience

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Input list of domains (no subdomains).
  -o OUTPUT, --output OUTPUT
                        Prints CSV files to directory. The default is cwd.
  -f FETCH, --fetch FETCH
                        Fetches lists of dorks from GHDB. Accepts one of the
                        following: all, footholds, dir, web, files, servers,
                        errors, juicy, passwords, shopping, login, devices,
                        vulns (optional)
  -d DORKS, --dorks DORKS
                        List of Dorks to test (optional)
  -p, --passive         Skip the validation requests and only do passive
                        checks.
  -q, --quiet           Hides banner
  -y YEARS, --years YEARS
                        Number of years to fetch dorks from. Default is 2.
  -m MAX, --max MAX     Max number of results per query. Default is 30.

Process finished with exit code 0

Take a list of domains and google dork them.

sicknerd.py -i domains.txt

cat domains.txt | sicknerd.py

Skip requesting each URL and only do passive checks.

cat domains.txt | sicknerd.py -p

Use another list of dorks instead of the defaults

cat domains.txt | sicknerd.py -d dorks.txt

Only do passive checks, use another list of dorks, and change output directory

sicknerd.py -i domains.txt -d dorks.txt -p -o ./dork-out/
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Loaded 3 dorks...
[*] Starting searches...
Max 30 results per query
Found 3 results from site:apple.com filetype:txt
Found 1 results from site:cia.gov filetype:txt
Found 1 results from site:fbi.gov filetype:txt
Found 30 results from site:apple.com inurl:admin
Found 0 results from site:cia.gov inurl:admin
Found 0 results from site:fbi.gov inurl:admin
Found 30 results from site:apple.com filetype:pdf
Found 30 results from site:cia.gov filetype:pdf
Found 30 results from site:fbi.gov filetype:pdf
Found 0 results from site:apple.com db_password filetype:env
Found 0 results from site:cia.gov db_password filetype:env
Found 0 results from site:fbi.gov db_password filetype:env
[*] Validating results...
Writing 125 results to file

Fetch dorks from Google Hacking Database and run vuln dorks from the past two years with max 20 results per query.

sicknerd.py -i urls.txt -f vulns -y 2 -m 20
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Requesting data from https://www.exploit-db.com/google-hacking-database...
Searching for vulns dorks from the past 2 years...
Loaded 214 dorks...
[*] Starting searches...
Max 20 results per query
Found 0 results from site:apple.com inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:cia.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:fbi.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
[*] CTRL + C pressed! Starting validation then writing output...
[*] Validating results...
Writing 0 results to file
Writing 0 results to file

Install

SickNerd works on Windows and *Nix systems and requires Python.

git clone 

pip install -r requirements.txt

Output

The -o flag is used to direct the CSV output file to a directory. Output file is comma seperated.

cat sicknerd-output.csv | csvtomd

sicknerd-output.csv

QUERY URL HTTP CODE TITLE CONTENT LENGTH
Dork searched URL result from Dork HTTP Code of request HTTP Title Content length of HTTP request

*HTTP CODE, TITLE, and CONTENT LENGTH are only available if passive is disabled (default)

You might also like...
Token-gate Notion pages

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

John 8 Oct 13, 2022
Easily report Instagram pages and close the page
Easily report Instagram pages and close the page

Program Features - 📌 Delete target post on Instagram. - 📌 Delete Media Target post on Instagram - 📌 Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
A bot framework for Reddit to manage threads, wiki pages, widgets, menus and more.

Sub Manager Sub Manager is a bot framework for Reddit to automate a variety of tasks on one or more subreddits, and can be configured and run without

r/SpaceX 3 Aug 26, 2022
A small Python app to create Notion pages from Jira issues
A small Python app to create Notion pages from Jira issues

Jira to Notion This little program will capture a Jira issue and create a corresponding Notion subpage. Mac users can fetch the current issue from the

Dr. Kerem Koseoglu 12 Oct 27, 2022
The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

Dafydd 1 Jan 31, 2022
google-resumable-media Apache-2google-resumable-media (🥉28 · ⭐ 27) - Utilities for Google Media Downloads and Resumable.. Apache-2

google-resumable-media Utilities for Google Media Downloads and Resumable Uploads See the docs for examples and usage. Experimental asyncio Support Wh

Google APIs 36 Nov 22, 2022
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.

Google-meet-self-attendance-bot An attendance bot which joins google meet automatically according to schedule and marks present in the google meet. I

Sarvesh Wadi 12 Sep 20, 2022
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram

covert-control Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the lis

Ricardo Ruiz 52 Dec 6, 2022
Google scholar share - Simple python script to pull Google Scholar data from an author's profile

google_scholar_share Simple python script to pull Google Scholar data from an au

Paul Goldsmith-Pinkham 9 Sep 15, 2022
Releases(v1.0)
Owner
Jake Wnuk
Penetration Tester
Jake Wnuk
GitHub Repository
The public discord bot, created by: primitt, further developed by: duino-coin team.

Duino Stats Mini A public Duino-Stats Discord bot. Click this link to invite the bot to your server. License Duino Stats Mini distributed under the MI

primboi 8 Mar 14, 2022
A Discord bot made by QwertyIsCoding

QwertyBot QwertyBot A Discord bot made by QwertyIsCoding Explore the docs » View Demo . Report Bug . Request Feature About The Project This Discord bo

4 Oct 08, 2022
use python script to fix vmp dump api in ida

FixVmpDump use python script to fix vmp dump api in ida. support x86 and x64. details in my blog: https://blog.csdn.net/yan_star/article/details/11279

97 Nov 02, 2022
This bot will delete messages containing blacklisted words in your telegram groups.

Profanity Detector Bot This bot will delete messages containing blacklisted words in your telegram groups. Made using ProfanityDetector.

Aditya 17 Oct 08, 2022
Home Assistant Hilo Integration via HACS

BETA This is a beta release. There will be some bugs, issues, etc. Please bear with us and open issues in the repo. Hilo Hilo integration for Home Ass

66 Dec 23, 2022
ELiza music is a telegram music bot project, allow you to play music on voice chat group telegram.

❤️ 𝗘𝗹𝗶𝘇𝗮 𝗠𝘂𝘀𝗶𝗰 ❤️ Unmaintained. The new repo of @MrsElizaRobot is private. (It is no longer based on this source code. The completely rewrit

Team Eliza 2 Dec 08, 2022
A python package that allows you to place automated trades using the TD Ameritrade API.

Template Repo Table of Contents Overview Setup Usage Support These Projects Overview Setup Setup - Requirements Install:* For this particular project,

Alex Reed 4 Jan 25, 2022
Polar devices Python API and CLI.

loophole - Polar devices API About Python API for Polar devices. Command line interface included. Tested with: A360 Loop M400 Installation pip install

[roscoe] 145 Sep 14, 2022
One version package to rule them all, One version package to find them, One version package to bring them all, and in the darkness bind them.

AwesomeVersion One version package to rule them all, One version package to find them, One version package to bring them all, and in the darkness bind

Joakim Sørensen 39 Dec 31, 2022
Video-Player - Telegram Music/ Video Streaming Bot Using Pytgcalls

Video Player 🔥 ᴢᴀɪᴅ ᴠᴄ ᴘʟᴀyᴇʀ ɪꜱ ᴀ ᴛᴇʟᴇɢʀᴀᴍ ᴘʀᴏᴊᴇᴄᴛ ʙᴀꜱᴇᴅ ᴏɴ ᴘʏʀᴏɢʀᴀᴍ ꜰᴏʀ ᴘʟᴀʏ

Zaid 16 Nov 30, 2022
A collection of automation aids to connect various database systems into Lookout for Metrics

A collection of automation aids to connect various database systems into Lookout for Metrics

AWS Samples 3 Apr 28, 2022
A custom rom post bot for Telegram.

Rom Poster Bot A simple Post Bot written in Python using pyTelegramBotAPI to post rom updates to telegram whenever you need. Made by lazy peep for laz

Prajwal 6 Nov 03, 2022
A smart tool to backup members 📈 So you even after a raid/ ban you can easily restore them in seconds 🎲

🤑 Discord-backer 🤑 A open-source Discord member backup and restore tool for your server. This can help you get all your members in 5 Seconds back af

John 29 Dec 21, 2022
Declarative assertions for AWS

AWSsert AWSsert is a Python library providing declarative assertions about AWS resources to your tests. Installation Use the package manager pip to in

19 Jan 04, 2022
Powerful Ethereum Smart-Contract Toolkit

Heimdall Heimdall is an advanced and modular smart-contract toolkit which aims to make dealing with smart contracts on EVM based chains easier. Instal

Jonathan Becker 69 Dec 26, 2022
♻️ API to run evaluations of the FAIR principles (Findable, Accessible, Interoperable, Reusable) on online resources

♻️ FAIR enough 🎯 An OpenAPI where anyone can run evaluations to assess how compliant to the FAIR principles is a resource, given the resource identif

Maastricht University IDS 4 Oct 20, 2022
Discord bot developed by Delhi University Student Community!

DUSC-Bot Discord bot developed by Delhi University Student Community! Libraries Used Pycord - Documentation Features Can purge messages in bulk Drop-D

professor 1 Jan 29, 2022
List of twitch bots n bigots

This is a collection of bot account names NamelistMASTER contains all the names we reccomend you ban in your channel Sometimes people get on that list

62 Sep 05, 2021
Open Resource Calculator Module for Python

Calculator Module for Python By White Night Install #

White_Night_awa 4 Aug 22, 2022
Twitter bot that finds new friends in Twitter.

PythonTwitterBot Twitter Bot Thats Find New Friends pip install textblob pip install tweepy pip install googletrans check requirements.txt file Env

IbukiYoshida 4 Aug 11, 2021