lazydorks 0.2

lazydorks 0.2

So, while we have Hacking Defined Experts still in session, Itzik Moshe wrote this. We think it’s cool and it has a really nice interface with shiny colours so here you go.

wget http://hackingdefined.org/tools/lazydorks.txt

Or you can view the source here:

#!usr/bin/python
# -*- coding: utf-8 -*-
#LazyDorks Tool v0.2 Written by Itzik Moshe, Jan 2013
#See-Security Hacking Defined Experts 39
try:
	import mechanize
except ImportError:
	print "LazyDorks require Mechanize library.\nPlease Install: 'sudo pip install mechanize'"
	exit()
try:
	from bs4 import BeautifulSoup
except ImportError:
	print "LazyDorks require BeautifulSoup4 library.\nPlease Install: 'sudo pip install beautifulsoup4'\nor 'easy_install beautifulsoup4'"
	exit()
import httplib
import urlparse
import re
import random
import socket
import time
from time import sleep
import csv

#### Browser Object Setting ####
socket.setdefaulttimeout(15)
br = mechanize.Browser()
br.set_handle_robots(False)
####		END 			####
intro		=	'\033[93m'+'''
                                                         _
                                                       ,//)
                                                       ) /
                                                      / /
        ╭╮╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━━━╮╱╱╱╱╭╮             _,^^,/ /
        ┃┃╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰╮╭╮┃╱╱╱╱┃┃            (C,00<_/          ┃┃╱╱╭━━┳━━━┳╮╱╭╮╱┃┃┃┣━━┳━┫┃╭┳━━╮       _/\_,_)          ┃┃╱╭┫╭╮┣━━┃┃┃╱┃┃╱┃┃┃┃╭╮┃╭┫╰╯┫━━┫      / _    \  ,' )                 ┃╰━╯┃╭╮┃┃━━┫╰━╯┃╭╯╰╯┃╰╯┃┃┃╭╮╋━━┃     / /"\    \/  ,_\          ╰━━━┻╯╰┻━━━┻━╮╭╯╰━━━┻━━┻╯╰╯╰┻━━╯  __(,/   >  e ) / (_\.oO
        ╱╱╱╱╱╱╱╱╱╱╱╭━╯┃                   \_ /   (   -,_/    \_/
        ╱╱╱╱╱╱╱╱╱╱╱╰━━╯                     U     \_, _)
                                                   (  /
                                                    >/
                                                    (.oO
        #LazyDorks Tool v0.2 Written by Itzik Moshe
        #See-Security Hacking Defined Experts 39
        #Choose your option and insert the domain you would like to scan.
				'''+ '\033[0m'

admins_list =	['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
				 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
				 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
				 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
				 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
				 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
				 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
				 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
				 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
				 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
				 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
				 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
				 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
				 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
				 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
				 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
				 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
				 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
				 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','wp-admin','moodle/login','?q=admin','?q=user/login','user']

agents		=	['Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11',
				 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1',
				 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17',
				 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15',
				 'Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
				 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1',
				 'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1']

login_dorks =   ['inurl:admin|login|myphp|phpliteadmin|phpadmin|phpmyadmin|administrator|webadmin|adm_auth|sysadmin|user',
				 'intitle:"admin | login | log-in | administrator | phpadmin | phpmyadmin | adminphp"',
				 'intext:"admin | username | password | login | log-in | phpadmin | phpmyadmin | adminphp"']

pw_dork		= 	 'pwd|pass|password|passwords|passwd|user|users|usr|admin|username|usernames'

files_type	=	['txt','xls','sql','inc','con','cnf']
dork_type	=	['inurl:','intext:']
results 	=	[]
adminbf_porxy = []
###Domain Name Checker####
def domain_check(domain,dorkt):
	if (dorkt is "login") or (dorkt is "pw"):
		url = urlparse.urlsplit(domain)
		if url.netloc == '':
			if 'www.' in url.path:
				domain 	=	url.path.split('www.')[1]
			else:
				domain 	=	url.path
		else:
			if 'www.' in url.netloc:
				domain 	=	url.netloc.split('www.')[1]
			else:
				domain 	=	url.netloc

	if (dorkt is "robots") or (dorkt is "adminbf"):
		y = urlparse.urlsplit(domain)
		if y.netloc == '':
			domain = "http://"+domain
			url = urlparse.urlsplit(domain)
			domain = url.netloc

	return domain
####		End			####

####Log Colors Functions####
def logm(msg):
	print '\033[96m' + msg + '\033[0m'
def erm(msg):
	print '\033[91m' + msg + '\033[0m'
def sysm(msg):
	print '\033[94m' + msg + '\033[0m'
####		End			####

###Print Results Function####
def print_results(dorkt):
	if dorkt is "login":
		erm("Results for pages might be a login page:")
	if dorkt is "pw":
		erm("Results for files might contain usernames and passwords")
	if dorkt is "robots":
		erm("Disallowed pages by robots.txt:")
	if dorkt is "adminbf":
		erm("Possible Admin Page:")
	if dorkt is "owndork":
		erm("Your Google Dorking Results:")
	for p in results:
		erm(p)
#### 		End 		####

####Proxy Handle####
def proxy_setter():
	proxy = raw_input('\033[94m'+'Please Insert Proxy (IP:Port):'+'\033[0m')
	check = proxy_checker(proxy)
	if check == "Working":
		logm("Setting Proxy...")
		br.set_proxies({"http":proxy})
	elif check == "Bad":
		erm("Your Proxy is not working well,Please try different one.")
		proxy_setter()

def proxy_checker(proxy):
	try:
		logm("Testing Proxy, Please Wait...")
		test_br = mechanize.Browser()
		test_br.addheaders = [('User-agent','Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.101 Safari/537.11')]
		test_br.set_proxies({"http": proxy})
		start  = time.gmtime()
		test_br.open('http://google.com')
		finish = time.gmtime()
		logm("Proxy is Online")
		if (finish.tm_min*60+finish.tm_sec) - (start.tm_min*60+start.tm_sec) > 45:
			erm("Proxy is Pretty slow!\nSlow Proxy Might Cause Timeout!!\nContinue?(Yes/No):")
			inp = raw_input('')
			if (inp == "no") or (inp == "No"):
				erm("\nThank you for using LazyDorks :)")
				exit()
		return "Working"
	except:
		return "Bad"
####		End of Proxy Handle 	####

####Export results Functions####
def txt_export(dorkt):
	t = time.gmtime()
	filename = "lazydork_result{}{}{}{}.txt".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
	f = open(filename,'w')
	if dorkt is "login":
		f.write("Results for pages might be a login page:\n")
	if dorkt is "pw":
		f.write("Results for files might contain usernames and passwords:\n")
	if dorkt is "robots":
		f.write("Disallowed pages by robots.txt:\n")
	if dorkt is "adminbf":
		f.write("Possible Admin Page:\n")
	if dorkt is "owndork":
		f.write("Your Google Dork Results:\n")
	for w in results:
		f.write(w+'\n')
	f.close()
	logm('Export Results to {}'.format(filename))

def csv_export(dorkt):
	t = time.gmtime()
	filename = "lazydork_result{}{}{}{}.csv".format(t.tm_year,t.tm_mday,t.tm_min,t.tm_sec)
	f = open(filename,'wb')
	w = csv.writer(f, dialect='excel')
	if dorkt is "login":
		w.writerow(['Results for pages might be a login page:',])
	if dorkt is "pw":
		w.writerow(['Results for files might contain usernames and passwords:',])
	if dorkt is "robots":
		w.writerow(['Disallowed pages by robots.txt:',])
	if dorkt is "adminbf":
		w.writerow(['Possible Admin Page:',])
	if dorkt is "owndork":
		w.writerow(['Your Google Dork Results:',])
	for item in results:
		w.writerow([item,])
	f.close()
	logm('Export Results to {}'.format(filename))

####		End			####

####Admin Brute Force Function####
def adminbf(domain):
	logm("Brute Forcing {} for Admin page(in case no results try with 'www.')\nIt might take a few minutes, Please Wait...".format(domain))
	for a in admins_list:
		con = httplib.HTTPConnection(domain)
		con.request("GET",'/'+a)
		logm("{}/{}".format(domain,a))
		res = con.getresponse()
		if res.status == 200:
			results.append("{}/{}".format(domain,a))
#### 		End 		####

###Google Scraping Functions###
def dorker(query,dorkt):
	if dorkt is "owndork":logm("Google Dorking your query: {}\nPlease Wait...".format(query))
	br.addheaders = [('User-agent', agents[random.randrange(0,len(agents))])]
	br.open('http://www.google.com')
	br.select_form(nr=0)
	br.form['q'] = query
	try:
		br.submit()
	except:
		erm("Something Went Wrong,Check Your internet connection or Proxy")
		exit()
	scrapper(br,dorkt)
	n_t = random.randrange(5,9)
	sleep(int(n_t))

def scrapper(br,dorkt):
	while(True):
		Get_Links(br,dorkt)
		next = get_Npage(br)
		if next is 'Done' : break
		n_t  = random.randrange(1,4)
		sleep(int(n_t))
		try:
			br.open(next)
		except:
			erm("Something Went Wrong, Please Check your internet connection or replace Proxy")
			exit()

def Get_Links(br,dorkt):
	html = br.response().read()
	soup = BeautifulSoup(html)
	for link in soup.find_all('h3',{"class":"r"}):
		for links in link.find_all('a'):
			if not "http://" in links.get('href') and not "https://" in links.get('href'):
				continue
			if 'google.com/' in links.get('href'):
				continue
			if not '/url?q=' in links.get('href'):
				results.append(links.get('href'))
			if '/url?q=' in links.get('href'):
				results.append(links.get('href').split('/url?q=')[1].split('&sa=U')[0])

def get_Npage(br):
	html  = br.response().read()
	soup  = BeautifulSoup(html)
	Npage = 'Done'
	try:
		for link in soup.find_all('td',{"class":"b"}):
			for links in link.find_all('a'):
				if links.get('id')	 == 'pnnext':
					Npage = links.get('href')
					if not "http://www.google.com" in Npage:
						Npage = "http://www.google.com{}".format(Npage)
		return Npage
	except:
		return 'Done'
#### 			End 			####

def dork(domain,dorkt):
	if dorkt is "login":
		logm("Google Dorking Login Pages\nIt might take a few minutes, Please Wait...")
		for login_dork in login_dorks:
			dorker("site:{} {}".format(domain,login_dork),dorkt)
	elif dorkt is "pw":
		logm("Google Dorking Pages that might contain Passwords or Usernames\nIt might take a few minutes, Please Wait...")
		for files in files_type:
			for dork_t in dork_type:
				dorker("site:{} filetype:{} {}{}".format(domain,files,dork_t,pw_dork),dorkt)
	elif dorkt is "robots":
		br.addheaders = [('User-agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')]
		try:
			logm("Searching For Robots.txt")
			br.open('http://{}/robots.txt'.format(domain))
			for x in br.response().readlines():
				if "Disallow:" in x:
					results.append(x.split('Disallow:')[1].split('\n')[0].strip())
		except:
			erm("Couldn't Find Robots.txt")
	elif dorkt is "adminbf":
		adminbf(domain)

def choosedork():
	sysm('''	Please Choose Your Option:
	1)Google Dork Login Pages
	2)Google Dork Pages Might Contain Usernames/Passwords
	3)Google Dork Your Own Query
	4)Disallowed Pages in robots.txt
	5)Admin Page Brute Force (does not support proxies)
	''')
	o = raw_input('\033[94m' +'Your Option: '+ '\033[0m')
	if o is "1":
		return 'login'
	elif o is "2":
		return 'pw'
	elif o is "4":
		return 'robots'
	elif o is "5":
		return 'adminbf'
	elif o is "3":
		return 'owndork'
	else:
		erm('No Such Option, Please Choose Again.')
		choosedork()

def result_handler(dorkt):
	sysm('''LazyDorks Found Results, What would you like to do:
1)Export Results to .txt File
2)Export Results to .csv File
3)Print Results Here
	''')
	o = raw_input('\033[94m' +'Your Option:'+ '\033[0m')
	if o is "1":
		txt_export(dorkt)
	elif o is "2":
		csv_export(dorkt)
	elif o is "3":
		print_results(dorkt)
	else:
		erm("No such option, please choose again")
		result_handler(dorkt)

def owndork(dorkt):
	query = raw_input('\033[94m' +"Insert Your Google Dorking Query: "+ '\033[0m')
	dorker(query,dorkt)

def main():
	print intro
	dorkt  = choosedork()
	if not dorkt is "adminbf":
		px     = raw_input('\033[94m' +'Would you like to use a proxy?\nPlease type Yes/No: '+ '\033[0m')
		if (px == "yes") or (px == "Yes"):
			proxy_setter()
	if not dorkt is "owndork":
		domain = raw_input('\033[94m'+'Insert Domain (Example.com): '+ '\033[0m')
		domain = domain_check(domain,dorkt)
		dork(domain,dorkt)
		logm("Done Searching")
	elif dorkt is "owndork":
		owndork(dorkt)
		logm("Done Searching")
	if results:
		result_handler(dorkt)
	else:
		erm("LazyDorks Couldn't Find Any Results")

	erm("\nThank you for using LazyDorks :)")

if "__main__" : main()

2 Comments

  1. Hi guys,
    you can also find the script in pastebin(with the original design :P)
    http://pastebin.com/ZUZhTVzd

    Itzik

  2. ITZIK , You are #1 !!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please type the characters of this captcha image in the input box

Please type the characters of this captcha image in the input box

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>