SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata

Related tags

Third-party APIs Wrappersosintgoogledork
Overview

SickNerd

CLI tool for making Google Dorking a passive recon experience. SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata. By default it sleeps between queries, randomizes user-agent, retries 429 and failed requests recursively, and prints output after each query. Validation requests can be done after to grab metadata.

SickNerd comes with a default list of dorks aimed at finding sensitive files but accepts input files and can fetch dorks from GHDB. Dorks taken from GHDB can be filtered down by tags and year of creation. Multiple domains can be dorked at once and dorks are run at random.

Getting Started

Usage

sicknerd.py -h

usage: sicknerd.py [-h] [-i INPUT] [-o OUTPUT] [-f FETCH | -d DORKS] [-p] [-q]
                   [-y YEARS] [-m MAX]

CLI tool for making Google Dorking a passive recon experience

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Input list of domains (no subdomains).
  -o OUTPUT, --output OUTPUT
                        Prints CSV files to directory. The default is cwd.
  -f FETCH, --fetch FETCH
                        Fetches lists of dorks from GHDB. Accepts one of the
                        following: all, footholds, dir, web, files, servers,
                        errors, juicy, passwords, shopping, login, devices,
                        vulns (optional)
  -d DORKS, --dorks DORKS
                        List of Dorks to test (optional)
  -p, --passive         Skip the validation requests and only do passive
                        checks.
  -q, --quiet           Hides banner
  -y YEARS, --years YEARS
                        Number of years to fetch dorks from. Default is 2.
  -m MAX, --max MAX     Max number of results per query. Default is 30.

Process finished with exit code 0

Take a list of domains and google dork them.

sicknerd.py -i domains.txt

cat domains.txt | sicknerd.py

Skip requesting each URL and only do passive checks.

cat domains.txt | sicknerd.py -p

Use another list of dorks instead of the defaults

cat domains.txt | sicknerd.py -d dorks.txt

Only do passive checks, use another list of dorks, and change output directory

sicknerd.py -i domains.txt -d dorks.txt -p -o ./dork-out/
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Loaded 3 dorks...
[*] Starting searches...
Max 30 results per query
Found 3 results from site:apple.com filetype:txt
Found 1 results from site:cia.gov filetype:txt
Found 1 results from site:fbi.gov filetype:txt
Found 30 results from site:apple.com inurl:admin
Found 0 results from site:cia.gov inurl:admin
Found 0 results from site:fbi.gov inurl:admin
Found 30 results from site:apple.com filetype:pdf
Found 30 results from site:cia.gov filetype:pdf
Found 30 results from site:fbi.gov filetype:pdf
Found 0 results from site:apple.com db_password filetype:env
Found 0 results from site:cia.gov db_password filetype:env
Found 0 results from site:fbi.gov db_password filetype:env
[*] Validating results...
Writing 125 results to file

Fetch dorks from Google Hacking Database and run vuln dorks from the past two years with max 20 results per query.

sicknerd.py -i urls.txt -f vulns -y 2 -m 20
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Requesting data from https://www.exploit-db.com/google-hacking-database...
Searching for vulns dorks from the past 2 years...
Loaded 214 dorks...
[*] Starting searches...
Max 20 results per query
Found 0 results from site:apple.com inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:cia.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:fbi.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
[*] CTRL + C pressed! Starting validation then writing output...
[*] Validating results...
Writing 0 results to file
Writing 0 results to file

Install

SickNerd works on Windows and *Nix systems and requires Python.

git clone 

pip install -r requirements.txt

Output

The -o flag is used to direct the CSV output file to a directory. Output file is comma seperated.

cat sicknerd-output.csv | csvtomd

sicknerd-output.csv

QUERY URL HTTP CODE TITLE CONTENT LENGTH
Dork searched URL result from Dork HTTP Code of request HTTP Title Content length of HTTP request

*HTTP CODE, TITLE, and CONTENT LENGTH are only available if passive is disabled (default)

You might also like...
Token-gate Notion pages

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

John 8 Oct 13, 2022
Easily report Instagram pages and close the page
Easily report Instagram pages and close the page

Program Features - 📌 Delete target post on Instagram. - 📌 Delete Media Target post on Instagram - 📌 Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
A bot framework for Reddit to manage threads, wiki pages, widgets, menus and more.

Sub Manager Sub Manager is a bot framework for Reddit to automate a variety of tasks on one or more subreddits, and can be configured and run without

r/SpaceX 3 Aug 26, 2022
A small Python app to create Notion pages from Jira issues
A small Python app to create Notion pages from Jira issues

Jira to Notion This little program will capture a Jira issue and create a corresponding Notion subpage. Mac users can fetch the current issue from the

Dr. Kerem Koseoglu 12 Oct 27, 2022
The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

Dafydd 1 Jan 31, 2022
google-resumable-media Apache-2google-resumable-media (🥉28 · ⭐ 27) - Utilities for Google Media Downloads and Resumable.. Apache-2

google-resumable-media Utilities for Google Media Downloads and Resumable Uploads See the docs for examples and usage. Experimental asyncio Support Wh

Google APIs 36 Nov 22, 2022
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.

Google-meet-self-attendance-bot An attendance bot which joins google meet automatically according to schedule and marks present in the google meet. I

Sarvesh Wadi 12 Sep 20, 2022
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram

covert-control Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the lis

Ricardo Ruiz 52 Dec 6, 2022
Google scholar share - Simple python script to pull Google Scholar data from an author's profile

google_scholar_share Simple python script to pull Google Scholar data from an au

Paul Goldsmith-Pinkham 9 Sep 15, 2022
Releases(v1.0)
Owner
Jake Wnuk
Penetration Tester
Jake Wnuk
GitHub Repository
Aria & Qbittorent Mirror Bot

Eunha Mirror Eunha Mirror is a multipurpose Telegram Bot writen in Python for mirroring files on the Internet to our beloved Google Drive. Features su

ovin 158 Dec 19, 2022
A program to convert YouTube channel registration information into Json files for ThirdTube.

ThirdTubeImporter A program to convert YouTube channel registration information into Json files for ThirdTube. Usage Japanese https://takeout.google.c

Hidegon 2 Dec 18, 2021
An Telegram Bot By @AsmSafone To Stream Videos in Telegram Voice Chat. This is Also The Source Code of The Bot Which is Being Used In @SafoTheBot Group! ❤️

Telegram Video Player Bot (Beta) An Telegram Bot By @AsmSafone To Stream Videos in Telegram Voice Chat. Special Features Supports Live Streaming From

SAF ONE 206 Jan 03, 2023
⚡ ʑɠ ცơɬ Is One Of The Fastest & Smoothest Bot On Telegram Based on Telethon ⚡

『ʑɠ ცơɬ』 ⚡ ʑɠ ცơɬ Is One Of The Fastest & Smoothest Bot On Telegram Based on Telethon ⚡ Status Of Bot Telegram 🏪 Dєρℓογ το нєяοκυ Variables APP_ID =

ʑɑʑɓɦɑɪ 0 Feb 12, 2022
Irenedao-nft-generator - Original scripts used to generate IreneDAO NFTs

IreneDAO NFT Generator Scripts to generate IreneDAO NFT. Make sure you have Pill

libevm 60 Oct 27, 2022
Design and build a wrapper for the Open Weather API current weather data service

Design and build a wrapper for the Open Weather API current weather data service that returns a city's temperature, with caching, also allowing for the temperature of the latest queried cities that a

Duan Rafael Ribeiro 1 Jun 27, 2022
Automatically deploy freqtrade to a remote Docker host and auto update strategies.

Freqtrade Automatically deploy freqtrade to a remote Docker host and auto update strategies. I've been using it to automatically deploy to vultr, but

p-zombie 109 Jan 07, 2023
A webhook API for Discord.

Webhook API A webhook API for Discord. Requirements requests Usage

1 Feb 08, 2022
A library for demo trading | backtest and forward test simulation

Trade Engine a library for demo trading | backtest and forward test simulation Features Limit/Market orders: you can place a Limit or Market order in

Ali Moradi 7 Jul 02, 2022
Smilecreator4 - This site is for people who want to hack or want to learn it!

smilecreator4 This site is for people who want to hack or want to learn it! Furthermore, this program does not work without turning off Antivirus or W

1 Jan 04, 2022
pyhakuna is a client to access the API of the time keeping service hakuna.ch.

pyhakuna pyhakuna is a client to access the API of the time keeping service hakuna.ch. The Hakuna API is – unfortunately – personal and currently does

Christian Mäder 1 Feb 15, 2022
Unofficial Discord Rich Presence for HackTheBox platform

HTBRichPresence Unofficial Discord Rich Presence for HackTheBox platform The project is under lazy development. How to run Install requirements: // I'

Antonio 4 Apr 19, 2022
A collective list of free APIs for use in software and web development.

Public APIs A collective list of free APIs for use in software and web development. A public API for this project can be found here! For information o

222.5k Jan 02, 2023
A Python app which retrieves the rank and players' equipped skins during a match

VALORANT rank yoinker About The Project Usage Contributing Contact Acknowledgements Disclaimer About The Project Their Queue Current Skin Current Rank

Isaac Kenyon 270 Jan 04, 2023
Telegram bot for stream music or video on telegram

Anonymous VC Bot + Stream Bot Telegram bot for stream music or video on telegram, powered by PyTgCalls and Pyrogram Features Playlist features Multi L

Anonymous Boy 111 Oct 04, 2022
A tool for transferring server variable values from one intersect gamedata.db to another

Server Variable Transfer Tool Purpose This tool exists for use with the Intersect Engine (Ascension Game Dev GitHub). Its purpose is to UPDATE one sql

AVild 2 Oct 27, 2021
Remedy when Amazon ECR is not running basic scans for container CVEs.

Welcome to your CDK Python project! This is a blank project for Python development with CDK. The cdk.json file tells the CDK Toolkit how to execute yo

4n6ir 4 Nov 05, 2022
Mini Tool to lovers of debe from eksisozluk (one of the most famous website -reffered as collaborative dictionary like reddit- in Turkey) for pushing debe (Most Liked Entries of Yesterday) to kindle every day via Github Actions.

debe to kindle Mini Tool to lovers of debe from eksisozluk (one of the most famous website -refered as collaborative dictionary like reddit- in Turkey

11 Oct 11, 2022
Deepl - DeepL Free API For Python

DeepL DeepL Free API Notice Since I don't want to make my AuthKey public, if you

Vincent Young 4 Apr 11, 2022
Rio Userbot Adalah Bot Untuk Membantu Mempermudahkan Sesuatu Di Telegram, Last Repository With Pytgcalls v0.8.3

RIO - USERBOT Disclaimer Saya tidak bertanggung jawab atas penyalahgunaan bot ini. Bot ini dimaksudkan untuk bersenang-senang sekaligus membantu Anda

RioProjectX 4 Oct 18, 2022