SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata

Related tags

Third-party APIs Wrappersosintgoogledork
Overview

SickNerd

CLI tool for making Google Dorking a passive recon experience. SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata. By default it sleeps between queries, randomizes user-agent, retries 429 and failed requests recursively, and prints output after each query. Validation requests can be done after to grab metadata.

SickNerd comes with a default list of dorks aimed at finding sensitive files but accepts input files and can fetch dorks from GHDB. Dorks taken from GHDB can be filtered down by tags and year of creation. Multiple domains can be dorked at once and dorks are run at random.

Getting Started

Usage

sicknerd.py -h

usage: sicknerd.py [-h] [-i INPUT] [-o OUTPUT] [-f FETCH | -d DORKS] [-p] [-q]
                   [-y YEARS] [-m MAX]

CLI tool for making Google Dorking a passive recon experience

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Input list of domains (no subdomains).
  -o OUTPUT, --output OUTPUT
                        Prints CSV files to directory. The default is cwd.
  -f FETCH, --fetch FETCH
                        Fetches lists of dorks from GHDB. Accepts one of the
                        following: all, footholds, dir, web, files, servers,
                        errors, juicy, passwords, shopping, login, devices,
                        vulns (optional)
  -d DORKS, --dorks DORKS
                        List of Dorks to test (optional)
  -p, --passive         Skip the validation requests and only do passive
                        checks.
  -q, --quiet           Hides banner
  -y YEARS, --years YEARS
                        Number of years to fetch dorks from. Default is 2.
  -m MAX, --max MAX     Max number of results per query. Default is 30.

Process finished with exit code 0

Take a list of domains and google dork them.

sicknerd.py -i domains.txt

cat domains.txt | sicknerd.py

Skip requesting each URL and only do passive checks.

cat domains.txt | sicknerd.py -p

Use another list of dorks instead of the defaults

cat domains.txt | sicknerd.py -d dorks.txt

Only do passive checks, use another list of dorks, and change output directory

sicknerd.py -i domains.txt -d dorks.txt -p -o ./dork-out/
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Loaded 3 dorks...
[*] Starting searches...
Max 30 results per query
Found 3 results from site:apple.com filetype:txt
Found 1 results from site:cia.gov filetype:txt
Found 1 results from site:fbi.gov filetype:txt
Found 30 results from site:apple.com inurl:admin
Found 0 results from site:cia.gov inurl:admin
Found 0 results from site:fbi.gov inurl:admin
Found 30 results from site:apple.com filetype:pdf
Found 30 results from site:cia.gov filetype:pdf
Found 30 results from site:fbi.gov filetype:pdf
Found 0 results from site:apple.com db_password filetype:env
Found 0 results from site:cia.gov db_password filetype:env
Found 0 results from site:fbi.gov db_password filetype:env
[*] Validating results...
Writing 125 results to file

Fetch dorks from Google Hacking Database and run vuln dorks from the past two years with max 20 results per query.

sicknerd.py -i urls.txt -f vulns -y 2 -m 20
.▄▄ · ▪   ▄▄· ▄ •▄  ▐ ▄ ▄▄▄ .▄▄▄  ·▄▄▄▄  
▐█ ▀. ██ ▐█ ▌▪█▌▄▌▪•█▌▐█▀▄.▀·▀▄ █·██▪ ██ 
▄▀▀▀█▄▐█·██ ▄▄▐▀▀▄·▐█▐▐▌▐▀▀▪▄▐▀▀▄ ▐█· ▐█▌
▐█▄▪▐█▐█▌▐███▌▐█.█▌██▐█▌▐█▄▄▌▐█•█▌██. ██ 
 ▀▀▀▀ ▀▀▀·▀▀▀ ·▀  ▀▀▀ █▪ ▀▀▀ .▀  ▀▀▀▀▀▀• 
Requesting data from https://www.exploit-db.com/google-hacking-database...
Searching for vulns dorks from the past 2 years...
Loaded 214 dorks...
[*] Starting searches...
Max 20 results per query
Found 0 results from site:apple.com inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:cia.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
Found 0 results from site:fbi.gov inurl:wp-content/plugins/final-tiles-grid-gallery-lite
[*] CTRL + C pressed! Starting validation then writing output...
[*] Validating results...
Writing 0 results to file
Writing 0 results to file

Install

SickNerd works on Windows and *Nix systems and requires Python.

git clone 

pip install -r requirements.txt

Output

The -o flag is used to direct the CSV output file to a directory. Output file is comma seperated.

cat sicknerd-output.csv | csvtomd

sicknerd-output.csv

QUERY URL HTTP CODE TITLE CONTENT LENGTH
Dork searched URL result from Dork HTTP Code of request HTTP Title Content length of HTTP request

*HTTP CODE, TITLE, and CONTENT LENGTH are only available if passive is disabled (default)

You might also like...
Token-gate Notion pages

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

John 8 Oct 13, 2022
Easily report Instagram pages and close the page
Easily report Instagram pages and close the page

Program Features - 📌 Delete target post on Instagram. - 📌 Delete Media Target post on Instagram - 📌 Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
A bot framework for Reddit to manage threads, wiki pages, widgets, menus and more.

Sub Manager Sub Manager is a bot framework for Reddit to automate a variety of tasks on one or more subreddits, and can be configured and run without

r/SpaceX 3 Aug 26, 2022
A small Python app to create Notion pages from Jira issues
A small Python app to create Notion pages from Jira issues

Jira to Notion This little program will capture a Jira issue and create a corresponding Notion subpage. Mac users can fetch the current issue from the

Dr. Kerem Koseoglu 12 Oct 27, 2022
The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

Dafydd 1 Jan 31, 2022
google-resumable-media Apache-2google-resumable-media (🥉28 · ⭐ 27) - Utilities for Google Media Downloads and Resumable.. Apache-2

google-resumable-media Utilities for Google Media Downloads and Resumable Uploads See the docs for examples and usage. Experimental asyncio Support Wh

Google APIs 36 Nov 22, 2022
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.
An attendance bot that joins google meet automatically according to schedule and marks present in the google meet.

Google-meet-self-attendance-bot An attendance bot which joins google meet automatically according to schedule and marks present in the google meet. I

Sarvesh Wadi 12 Sep 20, 2022
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram

covert-control Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the lis

Ricardo Ruiz 52 Dec 6, 2022
Google scholar share - Simple python script to pull Google Scholar data from an author's profile

google_scholar_share Simple python script to pull Google Scholar data from an au

Paul Goldsmith-Pinkham 9 Sep 15, 2022
Releases(v1.0)
Owner
Jake Wnuk
Penetration Tester
Jake Wnuk
GitHub Repository
Wechat-file-cleaner - Clean files in PC WeChat FileStorage directory

Wechat-file-cleaner - Clean files in PC WeChat FileStorage directory

Xingjian Zhang 1 Feb 06, 2022
The wrapper you need for the osu!api v2

oppy (op.py) oppy is the wrapper for use on the osu! v2 API. Version 1.0.0 Installation To install please use pip to install oppy pip install op.py To

Wayde 2 May 01, 2022
You have 3 files: create mass groups, add mass members, rename all groups (only educational use!)

EDUCATIONAL ONLY! HOW TO INSTALL Edit config.json with your discord account token and the imagepath (if its in the same location as the all_together.p

46 Dec 27, 2022
The programm for collecting data from Tinkoff API and building Excel table.

tinkproject The program for portfolio analysis via Tinkoff API Hello! This is my first project, please, don't judge me. This project was developed for

214 Dec 02, 2022
Pythonic and easy iCalendar library (rfc5545)

ics.py 0.8.0-dev : iCalendar for Humans Original repository (GitHub) - Bugtracker and issues (GitHub) - PyPi package (ics) - Documentation (Read The D

ics.py 513 Jan 02, 2023
We propose the adversarial blur attack (ABA) against visual object tracking.

ABA We propose the adversarial blur attack (ABA) against visual object tracking. The ICCV link: https://arxiv.org/abs/2107.12085 and, https://openacce

Qing Guo 13 Dec 01, 2022
GBSLocalLauncher - A script to compose ENV file for Local Compose

GBSLocalLauncher This is a script to compose ENV file for Local Compose. It crea

2 Jan 27, 2022
Discord bot that shows valorant your daily store by using the Ingame API

Valorant store checker - Discord Bot Discord bot that shows valorant your daily store by using the Ingame API. written using Python and the Pycord lib

STACIA 226 Jan 02, 2023
Paid Udemy Courses with Coupons

Freedemy Paid Udemy Courses with Coupons Steps to run pip3 install -r requirements.txt python3 free-courses.py Then you can click the Enroll Link and

GOKUL A.P 23 Dec 14, 2022
A Discord token grabber executing in a Microsoft Document.

🦊 Rage 🦊 Rage is a tool written in Python3 allowing you to inject a Python3 complete Discord token grabber (Riot) script in a Microsoft Document usi

Billy 73 Nov 03, 2022
Working TikTok Username Auto-Claimer/Sniper/Swapper which will autoclaim username if it´s available

TikTok-AutoClaimer Working TikTok Username Auto-Claimer/Sniper/Swapper which will autoclaim username if it´s available Usage Python 3.6 or above is re

Kevin 18 Dec 08, 2022
Discord bot for Ukrfans Discord server

Ukrfans Discord Bot Discord bot for Ukrfans Discord server. 💡 Prerequisites Python ⚙️ Build & Run Create an .env file in the root directory and add t

3 Jun 24, 2022
Bot developed in python, 100% open-source, compatible with Windows and Linux.

Bombcrypto Bot [Family JOW] Bot desenvolvido em python, 100% do código é aberto, para aqueles que tenham conhecimento validarem que não existe nenhum

Renato Maia 71 Dec 20, 2022
Python 3 SDK/Wrapper for Huobi Crypto Exchange Api

This packages intents to be an idiomatic PythonApi wrapper for https://www.huobi.com/ Huobi Api Doc: https://huobiapi.github.io/docs Showcase TODO Con

3 Jul 28, 2022
A Simple and User-Friendly Google Collab Notebook with UI to transfer your data from Mega to Google Drive.

Mega to Google Drive (UI Added! 😊 ) A Simple and User-Friendly Google Collab Notebook with UI to transfer your data from Mega to Google Drive. ⚙️ How

Dr.Caduceus 18 Aug 16, 2022
Autofill HZDR Zeitman entries

Zeitman_autofill Filling out Zeitman is boring. This script might make some of the pain go away. Requirements The selenium package and Chrome webdrive

Tim Callow 8 Mar 14, 2022
PESU Academy Discord Bot built for PESsants and PESts of PES University

PESU Academy Bot PESU Academy Discord Bot built for PESsants and PESts of PES University You can add the bot to your Discord Server using this link. O

Aditeya Baral 0 Nov 16, 2021
Cancel all your follow requests on Instagram.

Unrequester This python code unrequests all your follow requests on Instagram, using selenium. Everything's step-by-step and understanding it is like

ChamRun 3 Apr 09, 2022
iCloudPy is a simple iCloud webservices wrapper library written in Python

iCloudPy 🤟 Please star this repository if you end up using the library. It will help me continue supporting this product. 🙏 iCloudPy is a simple iCl

Mandar Patil 49 Dec 26, 2022
A bot for Large Fry Larrys

GroupMe Bot Driver This driver is written entirely in Python, and with easy configuration in mind. Using this driver, you'll be able to monitor multip

1 Oct 25, 2021