{"id": "KITPLOIT:1679847446309154895", "bulletinFamily": "tools", "title": "uDork - Google Hacking Tool", "description": "[  ](<https://1.bp.blogspot.com/-cgvzVwJKlg8/XnWCA4PsWoI/AAAAAAAAR-M/qj6zpXP9E6QUGvviEIi9ohIaQX5BDpZAgCNcBGAsYHQ/s1600/uDork.png>)\n\n \nuDork is a script written in Python that uses advanced Google search techniques to obtain [ sensitive information ](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) in files or directories, find IoT devices, detect versions of web applications, and so on. \nuDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: [ https://www.exploit-db.com/google-hacking-database ](<https://www.exploit-db.com/google-hacking-database> \"https://www.exploit-db.com/google-hacking-database\" ) ). \n \n** Author: M3n0sD0n4ld ** \n** Twitter: [ @David_Uton ](<https://twitter.com/David_Uton> \"@David_Uton\" ) ** \n \n** You need to have goop installed ** \n\n \n \n pip3 install goop\n\n \n** Download and install: ** \n\n \n \n $ git clone https://github.com/m3n0sd0n4ld/uDork\n $ cd uDork\n - Open the file and write inside this line:\n\ncookie = 'YOUR FACEBOOK COOKIES HERE' \n\n \n \n $ python3 uDork.py -h\n\n \n** Important!!! ** \n\n\n * For the tool to work, you must configure uDork with your [ Facebook ](<https://www.kitploit.com/search/label/Facebook> \"Facebook\" ) cookie in the file ` cookie.py ` . \n * You must also be logged in to Facebook on the computer you are using uDork WITHOUT logging out. \n \n** Steps to obtain the cookie and configure the cookie ** \n\n\n * Login to facebook.com \n * Press in your browser control + shift + K (Firefox) o control + shift + J (Google Chrome) to go to console. \n * Write document.cookie in the console and copy the cookies \"c_user = content\" and \"xs = content\" to the variable \"cookie\" inside the file \"cookie.py\"\" \n \n \n cookie = 'c_user=XXXXXX; xs=XXXXXX'\n\nNote: If the \"xs\" cookie does not appear, [ follow these steps ](<https://gist.github.com/sqren/0e4563f258c9e85e4ae1> \"follow these steps\" ) . \n\n\n * Save and remember, you must NOT log out of Facebook or you will have to do these steps again. \n \n** Use: ** \n \n** Menu ** \n\n \n \n $ python3 uDork.py -h\n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n usage: uDork.py [-h] [-d DOMAIN] [-e EXTENSION] [-t TEXT] [-s STRING]\n [-m MASSIVE] [-l LIST] [-f FILE] [-k DORK] [-p PAGES]\n [-o OUTPUT]\n \n optional arguments:\n -h, --help show this help message and exit\n -d DOMAIN, --domain DOMAIN\n Domain or IP address.\n -e EXTENSION, --extension EXTENSION\n Search files by extension. Use 'all' to find the list\n extension.\n -t TEXT, --text TEXT Find text in website content.\n -s STRING, -- string STRING\n Locate text strings within the URL.\n -m MASSIVE, --massive MASSIVE\n Attack a site with a predefined list of dorks. Review\n list <-l / - list>\n -l LIST, --list LIST Shows the list of predefined dorks (Exploit-DB).\n -f FILE, --file FILE Use your own personalized list of dorks.\n -k DORK, --dork DORK Specifies the type of dork <filetype | intext | inurl>\n (Required for '<-f / - file'>).\n -p PAGES, --pages PAGES\n Number of pages to search in Google. (By default 5\n pages).\n -o OUTPUT, --output OUTPUT\n Export results to a file.\n\n \n** Example of searching pdf files ** \n\n \n \n $ python3 uDork.py -d nasa.gov -e pdf\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: pdf\n ----------------------------------------------------------------------------------------------------\n https://www.sti.nasa.gov/thesvol2.pdf\n https://www.sti.nasa.gov/thesvol1.pdf\n https://www.nasa.gov/pdf/220260main_Workforce_Transition_Strategy_briefing .pdf\n https://oig.nasa.gov/docs/SAR0318.pdf\n https://oig.nasa.gov/docs/FinalWrittenStatement_03_13_2013.pdf\n https://oig.nasa.gov/docs/MC-2018.pdf\n https://www.nasa.gov/centers/dryden/pdf/88798main_srfcs.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A10_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A14_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A07_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A15_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A09_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A08_PressKit.pdf\n https://www.nasa.gov/centers/dryden/pdf/88790main_Dryden.pdf\n https://oig.nasa.gov/docs/MC-2017.pdf\n ....\n\n \n** Example of searching routes with the word \"password\" ** \n\n \n \n $ python3 uDork.py -d nasa.gov -s password\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: password\n ----------------------------------------------------------------------------------------------------\n https://www.grc.nasa.gov/its-training/best-practices/password-tips/\n https://www.grc.nasa.gov/its-training/best-practices/password-rules/\n htt ps://www.nas.nasa.gov/hecc/support/kb/password-creation-rules_270.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D270%26EntryTitle%3Dpassword-creation-rules%26mobile%3D0\n https://open.nasa.gov/datanaut-accounts/password/reset/%3Fnext%3D/explore/datanauts/app/profile\n https://www.nas.nasa.gov/hecc/support/kb/i-cant-log-inmy-password-is-not-workingmy-account-is-locked_5.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D53%26EntryTitle%3Dtwo-step-connection-using-rsa-securid-passcode-and-nas-password%26mobile%3D0\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D8%26EntryTitle%3Dwhat-are-the-requirements-for-creating-a-password%26mobile%3D0\n https://oltaris.nasa.gov/password/new\n https://ghrc.nsstc.nasa.gov/data-publication/user/password\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6173/~/change-launchpad-%2528idmax%2529-password\n https://answers.nssc. nasa.gov/app/answers/list/search/1/kw/Password/search/1\n https://answers.nssc.nasa.gov/app/answers/list/search/1/kw/CHANGE%2520NDC%2520PASSWORD/suggested/1\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6174/~/reset-ndc-password\n .....\n\n \n** Dorks listing ** \n\n \n \n $ python3 uDork.py -l list\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n \n ======================== DORKS LISTING ========================\n admin : Access panels of all kinds (administration, login, CMS, ...)\n directories : Sensitive directories (drupal, wordpress, phpmyadmin ...)\n [usernames](<https://www.kitploit.com/search/label/Usernames> \"usernames\" ) : Find files containing user names.\n [passwords](<https://www.kitploit.com/search/label/Passwords> \"passwords\" ) : Find files that contain passwords .\n webservers: Find web servers.\n vulnerable_files : Find [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) files. \n vulnerable_servers : Find vulnerable servers.\n error_messages : Show error messages.\n vulnerable_networks : Find software data on vulnerable networks.\n portal_logins : List portal logins.\n devices : Find connected devices (printers, webcams, thermostats, ...)\n \n\n \n** Example of use Dorks Massive ** \n\n \n \n $ python3 uDork.py -d nasa.gov -m admin -p 3 -o report.txt\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: ADMIN/\n \n https://asd.gsfc.nasa.gov/blueshift/index.php/author/admin/\n https://lists.hq.nasa.gov/mailman/admin\n https://lists.hq.nasa.gov/mailman/admin/LISTNAME\n https://rosetta.jpl.nasa.gov/blogs/admin\n https://dartslab.jpl.nasa.go v/qa/user/admin\n https://landsat.gsfc.nasa.gov/author/admin/page/8/\n https://rosetta.jpl.nasa.gov/blogs/admin%3Fpage%3D1\n https://www.nasa.gov/news/speeches/admin/mg_speech_collection_archive_4.html\n https://dartslab.jpl.nasa.gov/qa/user/admin/answers\n https://dartslab.jpl.nasa.gov/qa/user/admin/wall\n https://landsat.gsfc.nasa.gov/author/admin/page/14/\n ....\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: AdminTools/\n \n https://kscddms.ksc.nasa.gov/adminTools.html\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: Server.html\n \n https://image.msfc.nasa.gov/ChrisDocs/udfLib/Server.html\n https://www.nasa.gov/privacy/PIA-ODIN-server.html\n \n MORE RESULTS...\n\n \n** Thanks: ** \nThank s0md3v for goop, very good job! [ https://github.com/s0md3v/goop ](<https://github.com/s0md3v/goop> \"https://github.com/s0md3v/goop\" ) \n \n \n\n\n** [ Download uDork ](<https://github.com/m3n0sd0n4ld/uDork> \"Download uDork\" ) **\n", "published": "2020-03-21T12:00:02", "modified": "2020-03-21T12:00:02", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.kitploit.com/2020/03/udork-google-hacking-tool.html", "reporter": "KitPloit", "references": ["https://gist.github.com/sqren/0e4563f258c9e85e4ae1", "https://github.com/m3n0sd0n4ld/uDork", "https://github.com/s0md3v/goop"], "cvelist": [], "type": "kitploit", "lastseen": "2020-04-07T04:41:57", "history": [{"bulletin": {"bulletinFamily": "tools", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "[  ](<https://1.bp.blogspot.com/-cgvzVwJKlg8/XnWCA4PsWoI/AAAAAAAAR-M/qj6zpXP9E6QUGvviEIi9ohIaQX5BDpZAgCNcBGAsYHQ/s1600/uDork.png>)\n\n \nuDork is a script written in Python that uses advanced Google search techniques to obtain [ sensitive information ](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) in files or directories, find IoT devices, detect versions of web applications, and so on. \nuDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: [ https://www.exploit-db.com/google-hacking-database ](<https://www.exploit-db.com/google-hacking-database> \"https://www.exploit-db.com/google-hacking-database\" ) ). \n \n** Author: M3n0sD0n4ld ** \n** Twitter: [ @David_Uton ](<https://twitter.com/David_Uton> \"@David_Uton\" ) ** \n \n** You need to have goop installed ** \n\n \n \n pip3 install goop\n\n \n** Download and install: ** \n\n \n \n $ git clone https://github.com/m3n0sd0n4ld/uDork\n $ cd uDork\n - Open the file and write inside this line:\n\ncookie = 'YOUR FACEBOOK COOKIES HERE' \n\n \n \n $ python3 uDork.py -h\n\n \n** Important!!! ** \n\n\n * For the tool to work, you must configure uDork with your [ Facebook ](<https://www.kitploit.com/search/label/Facebook> \"Facebook\" ) cookie in the file ` cookie.py ` . \n * You must also be logged in to Facebook on the computer you are using uDork WITHOUT logging out. \n \n** Steps to obtain the cookie and configure the cookie ** \n\n\n * Login to facebook.com \n * Press in your browser control + shift + K (Firefox) o control + shift + J (Google Chrome) to go to console. \n * Write document.cookie in the console and copy the cookies \"c_user = content\" and \"xs = content\" to the variable \"cookie\" inside the file \"cookie.py\"\" \n \n \n cookie = 'c_user=XXXXXX; xs=XXXXXX'\n\nNote: If the \"xs\" cookie does not appear, [ follow these steps ](<https://gist.github.com/sqren/0e4563f258c9e85e4ae1> \"follow these steps\" ) . \n\n\n * Save and remember, you must NOT log out of Facebook or you will have to do these steps again. \n \n** Use: ** \n \n** Menu ** \n\n \n \n $ python3 uDork.py -h\n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n usage: uDork.py [-h] [-d DOMAIN] [-e EXTENSION] [-t TEXT] [-s STRING]\n [-m MASSIVE] [-l LIST] [-f FILE] [-k DORK] [-p PAGES]\n [-o OUTPUT]\n \n optional arguments:\n -h, --help show this help message and exit\n -d DOMAIN, --domain DOMAIN\n Domain or IP address.\n -e EXTENSION, --extension EXTENSION\n Search files by extension. Use 'all' to find the list\n extension.\n -t TEXT, --text TEXT Find text in website content.\n -s STRING, -- string STRING\n Locate text strings within the URL.\n -m MASSIVE, --massive MASSIVE\n Attack a site with a predefined list of dorks. Review\n list <-l / - list>\n -l LIST, --list LIST Shows the list of predefined dorks (Exploit-DB).\n -f FILE, --file FILE Use your own personalized list of dorks.\n -k DORK, --dork DORK Specifies the type of dork <filetype | intext | inurl>\n (Required for '<-f / - file'>).\n -p PAGES, --pages PAGES\n Number of pages to search in Google. (By default 5\n pages).\n -o OUTPUT, --output OUTPUT\n Export results to a file.\n\n \n** Example of searching pdf files ** \n\n \n \n $ python3 uDork.py -d nasa.gov -e pdf\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: pdf\n ----------------------------------------------------------------------------------------------------\n https://www.sti.nasa.gov/thesvol2.pdf\n https://www.sti.nasa.gov/thesvol1.pdf\n https://www.nasa.gov/pdf/220260main_Workforce_Transition_Strategy_briefing .pdf\n https://oig.nasa.gov/docs/SAR0318.pdf\n https://oig.nasa.gov/docs/FinalWrittenStatement_03_13_2013.pdf\n https://oig.nasa.gov/docs/MC-2018.pdf\n https://www.nasa.gov/centers/dryden/pdf/88798main_srfcs.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A10_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A14_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A07_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A15_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A09_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A08_PressKit.pdf\n https://www.nasa.gov/centers/dryden/pdf/88790main_Dryden.pdf\n https://oig.nasa.gov/docs/MC-2017.pdf\n ....\n\n \n** Example of searching routes with the word \"password\" ** \n\n \n \n $ python3 uDork.py -d nasa.gov -s password\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: password\n ----------------------------------------------------------------------------------------------------\n https://www.grc.nasa.gov/its-training/best-practices/password-tips/\n https://www.grc.nasa.gov/its-training/best-practices/password-rules/\n htt ps://www.nas.nasa.gov/hecc/support/kb/password-creation-rules_270.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D270%26EntryTitle%3Dpassword-creation-rules%26mobile%3D0\n https://open.nasa.gov/datanaut-accounts/password/reset/%3Fnext%3D/explore/datanauts/app/profile\n https://www.nas.nasa.gov/hecc/support/kb/i-cant-log-inmy-password-is-not-workingmy-account-is-locked_5.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D53%26EntryTitle%3Dtwo-step-connection-using-rsa-securid-passcode-and-nas-password%26mobile%3D0\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D8%26EntryTitle%3Dwhat-are-the-requirements-for-creating-a-password%26mobile%3D0\n https://oltaris.nasa.gov/password/new\n https://ghrc.nsstc.nasa.gov/data-publication/user/password\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6173/~/change-launchpad-%2528idmax%2529-password\n https://answers.nssc. nasa.gov/app/answers/list/search/1/kw/Password/search/1\n https://answers.nssc.nasa.gov/app/answers/list/search/1/kw/CHANGE%2520NDC%2520PASSWORD/suggested/1\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6174/~/reset-ndc-password\n .....\n\n \n** Dorks listing ** \n\n \n \n $ python3 uDork.py -l list\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n \n ======================== DORKS LISTING ========================\n admin : Access panels of all kinds (administration, login, CMS, ...)\n directories : Sensitive directories (drupal, wordpress, phpmyadmin ...)\n [usernames](<https://www.kitploit.com/search/label/Usernames> \"usernames\" ) : Find files containing user names.\n [passwords](<https://www.kitploit.com/search/label/Passwords> \"passwords\" ) : Find files that contain passwords .\n webservers: Find web servers.\n vulnerable_files : Find [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) files. \n vulnerable_servers : Find vulnerable servers.\n error_messages : Show error messages.\n vulnerable_networks : Find software data on vulnerable networks.\n portal_logins : List portal logins.\n devices : Find connected devices (printers, webcams, thermostats, ...)\n \n\n \n** Example of use Dorks Massive ** \n\n \n \n $ python3 uDork.py -d nasa.gov -m admin -p 3 -o report.txt\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: ADMIN/\n \n https://asd.gsfc.nasa.gov/blueshift/index.php/author/admin/\n https://lists.hq.nasa.gov/mailman/admin\n https://lists.hq.nasa.gov/mailman/admin/LISTNAME\n https://rosetta.jpl.nasa.gov/blogs/admin\n https://dartslab.jpl.nasa.go v/qa/user/admin\n https://landsat.gsfc.nasa.gov/author/admin/page/8/\n https://rosetta.jpl.nasa.gov/blogs/admin%3Fpage%3D1\n https://www.nasa.gov/news/speeches/admin/mg_speech_collection_archive_4.html\n https://dartslab.jpl.nasa.gov/qa/user/admin/answers\n https://dartslab.jpl.nasa.gov/qa/user/admin/wall\n https://landsat.gsfc.nasa.gov/author/admin/page/14/\n ....\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: AdminTools/\n \n https://kscddms.ksc.nasa.gov/adminTools.html\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: Server.html\n \n https://image.msfc.nasa.gov/ChrisDocs/udfLib/Server.html\n https://www.nasa.gov/privacy/PIA-ODIN-server.html\n \n MORE RESULTS...\n\n \n** Thanks: ** \nThank s0md3v for goop, very good job! [ https://github.com/s0md3v/goop ](<https://github.com/s0md3v/goop> \"https://github.com/s0md3v/goop\" ) \n \n \n\n\n** [ Download uDork ](<https://github.com/m3n0sd0n4ld/uDork> \"Download uDork\" ) **\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-03-21T16:50:38", "references": []}, "score": {"modified": "2020-03-21T16:50:38", "value": -0.5, "vector": "NONE"}}, "hash": "2d8839d9a32241ba1ce52ce445f519f6496c789ad1a0087e499bd4483fb72fc5", "hashmap": [{"hash": "f657413771f13b176ec874e88df746de", "key": "published"}, {"hash": "f657413771f13b176ec874e88df746de", "key": "modified"}, {"hash": "cdb6903c4db7a17c7ddcaf319cc8fc63", "key": "toolHref"}, {"hash": "e7d40bcbd5a3fa7730ff9458d54a9a00", "key": "href"}, {"hash": "aba454e3574969396c0dddcb45011dcc", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "6d78aae31473a0de4eb2e9aeeb956405", "key": "description"}, {"hash": "4a931512ce65bdc9ca6808adf92d8783", "key": "bulletinFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4553be2119d862322dd6fec6bb385401", "key": "type"}, {"hash": "d5b068202d8a417d2a138f64985c27ac", "key": "title"}, {"hash": "d70727d1658413067b9d4987cc7504e6", "key": "references"}], "history": [], "href": "http://www.kitploit.com/2020/03/udork-google-hacking-tool.html", "id": "KITPLOIT:1679847446309154895", "lastseen": "2020-03-21T16:50:38", "modified": "2020-03-21T12:00:02", "objectVersion": "1.3", "published": "2020-03-21T12:00:02", "references": ["https://gist.github.com/sqren/0e4563f258c9e85e4ae1", "https://github.com/m3n0sd0n4ld/uDork", "https://github.com/s0md3v/goop"], "reporter": "KitPloit", "title": "uDork - Google Hacking Tool", "toolHref": "https://github.com/m3n0sd0n4ld/uDork", "type": "kitploit", "viewCount": 111}, "differentElements": ["cvss", "cvelist"], "edition": 1, "lastseen": "2020-03-21T16:50:38"}, {"bulletin": {"bulletinFamily": "tools", "cvelist": ["CVE-2019-15126", "CVE-2020-0796"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "[  ](<https://1.bp.blogspot.com/-cgvzVwJKlg8/XnWCA4PsWoI/AAAAAAAAR-M/qj6zpXP9E6QUGvviEIi9ohIaQX5BDpZAgCNcBGAsYHQ/s1600/uDork.png>)\n\n \nuDork is a script written in Python that uses advanced Google search techniques to obtain [ sensitive information ](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) in files or directories, find IoT devices, detect versions of web applications, and so on. \nuDork does NOT make attacks against any server, it only uses predefined dorks and/or official lists from exploit-db.com (Google Hacking Database: [ https://www.exploit-db.com/google-hacking-database ](<https://www.exploit-db.com/google-hacking-database> \"https://www.exploit-db.com/google-hacking-database\" ) ). \n \n** Author: M3n0sD0n4ld ** \n** Twitter: [ @David_Uton ](<https://twitter.com/David_Uton> \"@David_Uton\" ) ** \n \n** You need to have goop installed ** \n\n \n \n pip3 install goop\n\n \n** Download and install: ** \n\n \n \n $ git clone https://github.com/m3n0sd0n4ld/uDork\n $ cd uDork\n - Open the file and write inside this line:\n\ncookie = 'YOUR FACEBOOK COOKIES HERE' \n\n \n \n $ python3 uDork.py -h\n\n \n** Important!!! ** \n\n\n * For the tool to work, you must configure uDork with your [ Facebook ](<https://www.kitploit.com/search/label/Facebook> \"Facebook\" ) cookie in the file ` cookie.py ` . \n * You must also be logged in to Facebook on the computer you are using uDork WITHOUT logging out. \n \n** Steps to obtain the cookie and configure the cookie ** \n\n\n * Login to facebook.com \n * Press in your browser control + shift + K (Firefox) o control + shift + J (Google Chrome) to go to console. \n * Write document.cookie in the console and copy the cookies \"c_user = content\" and \"xs = content\" to the variable \"cookie\" inside the file \"cookie.py\"\" \n \n \n cookie = 'c_user=XXXXXX; xs=XXXXXX'\n\nNote: If the \"xs\" cookie does not appear, [ follow these steps ](<https://gist.github.com/sqren/0e4563f258c9e85e4ae1> \"follow these steps\" ) . \n\n\n * Save and remember, you must NOT log out of Facebook or you will have to do these steps again. \n \n** Use: ** \n \n** Menu ** \n\n \n \n $ python3 uDork.py -h\n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n usage: uDork.py [-h] [-d DOMAIN] [-e EXTENSION] [-t TEXT] [-s STRING]\n [-m MASSIVE] [-l LIST] [-f FILE] [-k DORK] [-p PAGES]\n [-o OUTPUT]\n \n optional arguments:\n -h, --help show this help message and exit\n -d DOMAIN, --domain DOMAIN\n Domain or IP address.\n -e EXTENSION, --extension EXTENSION\n Search files by extension. Use 'all' to find the list\n extension.\n -t TEXT, --text TEXT Find text in website content.\n -s STRING, -- string STRING\n Locate text strings within the URL.\n -m MASSIVE, --massive MASSIVE\n Attack a site with a predefined list of dorks. Review\n list <-l / - list>\n -l LIST, --list LIST Shows the list of predefined dorks (Exploit-DB).\n -f FILE, --file FILE Use your own personalized list of dorks.\n -k DORK, --dork DORK Specifies the type of dork <filetype | intext | inurl>\n (Required for '<-f / - file'>).\n -p PAGES, --pages PAGES\n Number of pages to search in Google. (By default 5\n pages).\n -o OUTPUT, --output OUTPUT\n Export results to a file.\n\n \n** Example of searching pdf files ** \n\n \n \n $ python3 uDork.py -d nasa.gov -e pdf\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: pdf\n ----------------------------------------------------------------------------------------------------\n https://www.sti.nasa.gov/thesvol2.pdf\n https://www.sti.nasa.gov/thesvol1.pdf\n https://www.nasa.gov/pdf/220260main_Workforce_Transition_Strategy_briefing .pdf\n https://oig.nasa.gov/docs/SAR0318.pdf\n https://oig.nasa.gov/docs/FinalWrittenStatement_03_13_2013.pdf\n https://oig.nasa.gov/docs/MC-2018.pdf\n https://www.nasa.gov/centers/dryden/pdf/88798main_srfcs.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A10_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A14_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A07_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A15_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A09_PressKit.pdf\n https://www.nasa.gov/specials/apollo50th/pdf/A08_PressKit.pdf\n https://www.nasa.gov/centers/dryden/pdf/88790main_Dryden.pdf\n https://oig.nasa.gov/docs/MC-2017.pdf\n ....\n\n \n** Example of searching routes with the word \"password\" ** \n\n \n \n $ python3 uDork.py -d nasa.gov -s password\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: password\n ----------------------------------------------------------------------------------------------------\n https://www.grc.nasa.gov/its-training/best-practices/password-tips/\n https://www.grc.nasa.gov/its-training/best-practices/password-rules/\n htt ps://www.nas.nasa.gov/hecc/support/kb/password-creation-rules_270.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D270%26EntryTitle%3Dpassword-creation-rules%26mobile%3D0\n https://open.nasa.gov/datanaut-accounts/password/reset/%3Fnext%3D/explore/datanauts/app/profile\n https://www.nas.nasa.gov/hecc/support/kb/i-cant-log-inmy-password-is-not-workingmy-account-is-locked_5.html\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D53%26EntryTitle%3Dtwo-step-connection-using-rsa-securid-passcode-and-nas-password%26mobile%3D0\n https://www.nas.nasa.gov/hecc/support/kb/index.php%3FView%3Dentry%26EntryID%3D8%26EntryTitle%3Dwhat-are-the-requirements-for-creating-a-password%26mobile%3D0\n https://oltaris.nasa.gov/password/new\n https://ghrc.nsstc.nasa.gov/data-publication/user/password\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6173/~/change-launchpad-%2528idmax%2529-password\n https://answers.nssc. nasa.gov/app/answers/list/search/1/kw/Password/search/1\n https://answers.nssc.nasa.gov/app/answers/list/search/1/kw/CHANGE%2520NDC%2520PASSWORD/suggested/1\n https://answers.nssc.nasa.gov/app/answers/detail/a_id/6174/~/reset-ndc-password\n .....\n\n \n** Dorks listing ** \n\n \n \n $ python3 uDork.py -l list\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n \n ======================== DORKS LISTING ========================\n admin : Access panels of all kinds (administration, login, CMS, ...)\n directories : Sensitive directories (drupal, wordpress, phpmyadmin ...)\n [usernames](<https://www.kitploit.com/search/label/Usernames> \"usernames\" ) : Find files containing user names.\n [passwords](<https://www.kitploit.com/search/label/Passwords> \"passwords\" ) : Find files that contain passwords .\n webservers: Find web servers.\n vulnerable_files : Find [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) files. \n vulnerable_servers : Find vulnerable servers.\n error_messages : Show error messages.\n vulnerable_networks : Find software data on vulnerable networks.\n portal_logins : List portal logins.\n devices : Find connected devices (printers, webcams, thermostats, ...)\n \n\n \n** Example of use Dorks Massive ** \n\n \n \n $ python3 uDork.py -d nasa.gov -m admin -p 3 -o report.txt\n \n _____ _ \n | __ \\ | | \n _ _| | | | ___ _ __| | __\n | | | | | | |/ _ \\| '__| |/ /\n | |_| | |__| | (_) | | | < \n \\__,_|_____/ \\___/|_| |_|\\_\\ v.2020.03.13\n by M3n0sD0n4ld - (@David_Uton)\n \n ----------------------------------------------------------------------------------------------------\n [!] The results will appear below. This may take several minutes, please wait ...\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: ADMIN/\n \n https://asd.gsfc.nasa.gov/blueshift/index.php/author/admin/\n https://lists.hq.nasa.gov/mailman/admin\n https://lists.hq.nasa.gov/mailman/admin/LISTNAME\n https://rosetta.jpl.nasa.gov/blogs/admin\n https://dartslab.jpl.nasa.go v/qa/user/admin\n https://landsat.gsfc.nasa.gov/author/admin/page/8/\n https://rosetta.jpl.nasa.gov/blogs/admin%3Fpage%3D1\n https://www.nasa.gov/news/speeches/admin/mg_speech_collection_archive_4.html\n https://dartslab.jpl.nasa.gov/qa/user/admin/answers\n https://dartslab.jpl.nasa.gov/qa/user/admin/wall\n https://landsat.gsfc.nasa.gov/author/admin/page/14/\n ....\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: AdminTools/\n \n https://kscddms.ksc.nasa.gov/adminTools.html\n ----------------------------------------------------------------------------------------------------\n Domain/IP: nasa.gov\n Find links with: Server.html\n \n https://image.msfc.nasa.gov/ChrisDocs/udfLib/Server.html\n https://www.nasa.gov/privacy/PIA-ODIN-server.html\n \n MORE RESULTS...\n\n \n** Thanks: ** \nThank s0md3v for goop, very good job! [ https://github.com/s0md3v/goop ](<https://github.com/s0md3v/goop> \"https://github.com/s0md3v/goop\" ) \n \n \n\n\n** [ Download uDork ](<https://github.com/m3n0sd0n4ld/uDork> \"Download uDork\" ) **\n", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-04-02T04:41:23", "references": [{"idList": ["CVE-2019-15126", "CVE-2020-0796"], "type": "cve"}, {"idList": ["QUALYSBLOG:016288CBC518BC4CE318130A921071C2", "QUALYSBLOG:22A5C3C4F56D3B499B24DF2E1626F4C1"], "type": "qualysblog"}, {"idList": ["CARBONBLACK:6D8B0D86C2C5A86632676E10E471547F"], "type": "carbonblack"}, {"idList": ["SMB_NT_MS20_MAR_4551762.NASL", "SMB_MICROSOFT_WINDOWS_ADV200005_REMOTE.NASL"], "type": "nessus"}, {"idList": ["KITPLOIT:371508490786183282", "KITPLOIT:5842695353952309893", "KITPLOIT:395217029864187486", "KITPLOIT:7810347991718622398", "KITPLOIT:5857572574369273543", "KITPLOIT:371821217594852238", "KITPLOIT:7720212798779518234", "KITPLOIT:5428890607910642045", "KITPLOIT:6841178645237353736", "KITPLOIT:4654779182065061303"], "type": "kitploit"}]}, "score": {"modified": "2020-04-02T04:41:23", "value": 4.4, "vector": "NONE"}}, "hash": "21dc04d72bcc419e8abee6f783e8dba0fcdf351b4f09cd789610312e79460e02", "hashmap": [{"hash": "f657413771f13b176ec874e88df746de", "key": "published"}, {"hash": "f657413771f13b176ec874e88df746de", "key": "modified"}, {"hash": "cdb6903c4db7a17c7ddcaf319cc8fc63", "key": "toolHref"}, {"hash": "e7d40bcbd5a3fa7730ff9458d54a9a00", "key": "href"}, {"hash": "aba454e3574969396c0dddcb45011dcc", "key": "reporter"}, {"hash": "6d78aae31473a0de4eb2e9aeeb956405", "key": "description"}, {"hash": "4a931512ce65bdc9ca6808adf92d8783", "key": "bulletinFamily"}, {"hash": "4553be2119d862322dd6fec6bb385401", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "d5b068202d8a417d2a138f64985c27ac", "key": "title"}, {"hash": "6ab6631c61d9b28fb19c606d70abccfb", "key": "cvelist"}, {"hash": "d70727d1658413067b9d4987cc7504e6", "key": "references"}], "history": [], "href": "http://www.kitploit.com/2020/03/udork-google-hacking-tool.html", "id": "KITPLOIT:1679847446309154895", "lastseen": "2020-04-02T04:41:23", "modified": "2020-03-21T12:00:02", "objectVersion": "1.3", "published": "2020-03-21T12:00:02", "references": ["https://gist.github.com/sqren/0e4563f258c9e85e4ae1", "https://github.com/m3n0sd0n4ld/uDork", "https://github.com/s0md3v/goop"], "reporter": "KitPloit", "title": "uDork - Google Hacking Tool", "toolHref": "https://github.com/m3n0sd0n4ld/uDork", "type": "kitploit", "viewCount": 122}, "differentElements": ["cvss", "cvelist"], "edition": 2, "lastseen": "2020-04-02T04:41:23"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "4a931512ce65bdc9ca6808adf92d8783"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "6d78aae31473a0de4eb2e9aeeb956405"}, {"key": "href", "hash": "e7d40bcbd5a3fa7730ff9458d54a9a00"}, {"key": "modified", "hash": "f657413771f13b176ec874e88df746de"}, {"key": "published", "hash": "f657413771f13b176ec874e88df746de"}, {"key": "references", "hash": "d70727d1658413067b9d4987cc7504e6"}, {"key": "reporter", "hash": "aba454e3574969396c0dddcb45011dcc"}, {"key": "title", "hash": "d5b068202d8a417d2a138f64985c27ac"}, {"key": "toolHref", "hash": "cdb6903c4db7a17c7ddcaf319cc8fc63"}, {"key": "type", "hash": "4553be2119d862322dd6fec6bb385401"}], "hash": "2d8839d9a32241ba1ce52ce445f519f6496c789ad1a0087e499bd4483fb72fc5", "viewCount": 168, "enchantments": {"dependencies": {"references": [], "modified": "2020-04-07T04:41:57", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2020-04-07T04:41:57", "rev": 2}, "vulnersScore": -0.5}, "objectVersion": "1.3", "toolHref": "https://github.com/m3n0sd0n4ld/uDork", "scheme": null}

{}