Jump to content
dancezar

Bing dork extractor

By dancezar, in Programe hacking

Recommended Posts

  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted (edited)

Acesta este un mic dork scanner scris in Js/php care se foloseste de serviciul de cautare bing.Am incercat pe cateva dorkuri si scote destul de bine.In cazul in care bing va blocheaza ,decomentati linia 6 si eventual schimbati proxy-ul.

index.html


<html>
<head>
<title>Bing dorks extractor</title>
</head>
<body>
<label>Dork:       </label><input type="text" id="dk" /><br>
<label>Dump file:</label><input type="text" id="df" /><br>
<label>Service:   </select><select id="sel"><option>Google</option><option>Bing</option></select>
<br>
<input type="button" id="btn" value="Scan" onclick="if(this.value=='Scan'){scaneaza();this.value='Stop';}else if(this.value=='Stop'){this.value='Scan';work=0;}else if(this.value='Continue'){work=1;go(contor);this.value='Stop';}" />
<div id="r"></div>
<div id="ar"></div>
<script>
var drk=document.getElementById('dk');
var opt=document.getElementById('sel');
var contor;
var pagina;
var dork;
var total;
var work;
var file=document.getElementById('df');
var area=document.getElementById('ar');
var c1=document.getElementById('r');
xmlhttp = new XMLHttpRequest();
function go(c){
if(opt.value=='Google'){
if(file.value!="")
xmlhttp.open("GET", "get.php?t=google&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+file.value, true);
else
xmlhttp.open("GET", "get.php?t=google&dk="+encodeURIComponent(dork)+"&cont="+c+"&file=", true);
}else{
if(file.value!="")
xmlhttp.open("GET", "get.php?t=bing&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+file.value+"&pag="+pagina, true);
else
xmlhttp.open("GET", "get.php?t=bing&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+"&pag="+pagina, true);
}
xmlhttp.overrideMimeType('text/html; charset=UTF-8');
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
parse();
}
}
xmlhttp.send(null)
}
function scaneaza(){
if(opt.value=="Google"){
dork=drk.value;
pagina=-1;
contor=1;
work=1;
go(contor);
}else{
dork=drk.value;
pagina=1;
contor=1;
total=111111111111111;
work=1;
go(contor);
}
}
function parse(){
sursa=xmlhttp.responseText;
if(opt.value=="Google"){
      if(sursa.search("- did not match any documents.")>-1){
	  alert('Gata!');
	  }else if(sursa.search("blockedblockedblockedblockedblockedblockedblocked")>-1){
	  alert('Blocat!');
	  }else{
      if(pagina==-1){
	  total=parseInt(sursa);
	  go(contor);
	  contor=1;
	  pagina=1;
	  }else{
	      if(pagina<total){
		      if(pagina==1)
			  contor=10;
			  else
			  contor=contor+10;
			  pagina++;
			  c1.innerHTML="Pagina "+pagina+" din "+total;
			  s=sursa.split(",");
              for(i=0;i<s.length;i++)
                     area.innerHTML=area.innerHTML+s[i]+"<br>";
			  go(contor);
		  }
	  }
	  }
}else{
if(work==1){
if(pagina<total){
if(sursa.search("blockedblockedblockedblockedblockedblockedblocked")>-1){
alert('Blocat!');
work=0;
document.getElementById('btn').value='Continue';
}else{
if(pagina==1){
total=sursa.split("<!--AllContent");
total=total[1].split("--");
total=(parseInt(total)/10)+1;
s=sursa.replace("<!--AllContent"+total+"--"+">");
}
s=sursa.split(",");
for(i=0;i<s.length;i++)
   area.innerHTML=area.innerHTML+s[i]+"<br>";
contor=contor+10;
pagina++;
c1.innerHTML="Pagina "+pagina+" din "+total;
go(contor);
}
}else{
alert('Gata');
document.getElementById('btn').value='Start';
work=0;
}
}
}
}
</script>
</body>
</html>

get.php


<?php
session_start();
if($_REQUEST['t']=='google'){
if(!isset($_SESSION['prox']))
$_SESSION['prox']=0;
$proxy=array("nimic","217.12.113.67:443","222.124.198.136:3129","91.214.200.45:8080");
$useragent = "Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.14912/870; U; id) Presto/2.4.15";
if($_REQUEST['cont']==1){
$data=file_get_contents("http://www.google.com/search?hl=en&tbo=d&site=&source=hp&q=".urlencode($_REQUEST['dk']));
$split=explode('<div class="sd" id="resultStats">About ',$data);
$split=explode(' results',$split[1]);
echo ((int)str_replace(",","",$split[0])/10);
}else{
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL, "http://www.google.com/search?hl=en&tbo=d&site=&source=hp&q=".urlencode($_REQUEST['dk'])."&start=".$_REQUEST['cont']);
//curl_setopt($ch, CURLOPT_PROXY,"217.12.113.67:443");
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$output = curl_exec ($ch);
curl_close($ch);
if(strpos($output,"To continue, please type the characters below:")!=false){
$_SESSION['prox']=(int)$_SESSION['prox']+1;
echo $_SESSION['prox'];
echo 'blockedblockedblockedblockedblockedblockedblocked';
exit;
}
$split=explode('<div style="clear:both"><a href="/url?q=',$output);
for($i=1;$i<count($split);$i++)
{
      $aux=explode("&sa=U",$split[$i]);
	  echo urldecode($aux[0])."<br>";
}
}
}else{
if(!isset($_SESSION['pro']))
$_SESSION['pro']=0;
function start(){
$useragent=array("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11","Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7","Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))","Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25");
$proxy=array("217.12.113.67:443","222.124.198.136:3129","91.214.200.45:8080");
if($_REQUEST['pag']=="1")
$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&form=QBLH&pq=".urlencode($_REQUEST['dk'])."&sc=0-5&sp=-1&sk=";
else{
if($_REQUEST['pag']=="2")
$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&pq=".urlencode($_REQUEST['dk'])."&sc=0-5&sp=-1&sk=&first=11&FORM=PERE";
else
$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&pq=".urlencode($_REQUEST['dk'])."&sc=0-0&sp=-1&sk=&first=".$_REQUEST['cont']."&FORM=PERE".$_REQUEST['pag'];
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_PROXY,$proxy[(int)$_SESSION['pro']]);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 200);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 2); 
curl_setopt($ch, CURLOPT_USERAGENT,$useragent[rand(0,count($useragent)-1)]);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data1 = curl_exec($ch);
curl_close($ch);
$data1=str_replace(",","",$data1);
return $data1;
}
//".urlencode($_REQUEST['dk'])." cont=

$data=start();
if(strpos($data,"Bad Request")!=false||strpos($data,"Pardon the interruption")!=false){
echo 'blockedblockedblockedblockedblockedblockedblocked';
$s=(int)$_SESSION['pro'];
if($s<(count($proxy)-1))
$_SESSION['pro']=(int)$_SESSION['pro']+1;
exit;
}
//$split=explode('',$data);
if($_REQUEST['cont']=="1"){
$split=explode('<span class="sb_count" id="count">',$data);
$split=explode(' results',$split[1]);
echo '<!--AllContent'.$split[0].'-->';
}
$split=explode('<div class="sb_tlst"><h3><a href="',$data);
if($_REQUEST['file']!="")
$f=fopen($_REQUEST['file'],'a');
for($i=1;$i<count($split);$i++)
{
    $aux=explode('"',$split[$i]);
    if($_REQUEST['file']!="")
    fwrite($f,strip_tags(urldecode($aux[0]))."\r\n");
    echo strip_tags(urldecode($aux[0])).",";
}
if($_REQUEST['file']!="")
fclose($f);
}
?>

In a doua casuta puteti scrie numele unui fisier unde se vor adauga datele dupa ce au fost extrase.

Daca aveti buguri/sugestii nu ezitati sa dati un pm.

Seara buna

//Am facut modificari puteti sa va adaugati lista cu proxy-uri in array-u $proxy

Edited by danyweb09
Bolovanus Newbie

Bolovanus

Posted
Posted
Da o eroare zice "Blocat!" .

why not python with multithread? => fct. de fallen

//cum: python bing.py dork nr pagini

//exemplu: python bing.py pages.php?id=1 3


#!/usr/bin/python2.7
import urllib2
import re
import sys
import threading

#------------------------------------------------------------------------------
#Usage: python bing.py dork number_of_pages
#Example: python bing.py pages.php?id= 3
#------------------------------------------------------------------------------


def searchBing(dork, nr):
    '''
   Search on Bing after a dork and get a nr of pages with results.
       dork - the keyword
       nr - number of pages
   Return a list with all URLs
   '''
    url = ''.join(("http://www.bing.com/search?q=",
                   re.sub(r'\s+', '%20', str(dork)), "&first=", str(nr)))
    request = urllib2.Request(url)
    request.add_header('User-agent',
            'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0')
    response = urllib2.urlopen(request).read()
    return set(re.findall(r'<h3><a href="(.+?)"', response))


def checkLink(url):
    try:
        req = urllib2.Request(url + "'")
        req.add_header('User-agent',
            'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0')
        res = urllib2.urlopen(req).read()
        errors = ['You have an error in your SQL syntax',
                    'ODBC Microsoft Access Driver',
                    'Microsoft OLE DB Provider for SQL Server',
                    'Unclosed quotation mark',
                    'Microsoft OLE DB Provider for Oracle'
                    'Microsoft JET Database Engine error',
                    'SQL query failed',
                    'Warning: mysql_query',
                    'Warning: mysql_fetch_row',
                    'Warning: mysql_fetch_assoc',
                    'Warning: mysql_fetch_object',
                    'Warning: mysql_numrows',
                    'Warning: mysql_num_rows',
                    'Warning: mysql_fetch_array',
                    'Warning: pg_connect',
                    'Oracle ODBC',
                    'Oracle Error',
                    'Oracle Driver',
                    'Microsoft JET Database Engine error',
                    'Microsoft OLE DB Provider for SQL Server error',
                    'error in your SQL syntax',
                    'Error converting data type varchar to numeric',
                    'Input string was not in a correct format',
                    'Warning: mysql_result',
                    'Warning: pg_exec',
                    'Warning: array_merge',
                    'Warning: preg_match',
                    'Incorrect syntax near']

        for error in errors:
            if error in res:
                print 'Found!!! %s' % url
                with open('vuln.txt', 'a') as myfile:
                    myfile.write(url + '\n')
                break
    except:
        pass

for number in range(1, (int(sys.argv[2]) * 10) + 1, 10):
    for link in searchBing(sys.argv[1], number):
        t = threading.Thread(target=checkLink, args=(link,))
        t.start()

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...