The fastest dork scanner written in Go.

Overview

go-dork

License contributions welcome

The fastest dork scanner written in Go.

There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask.

Install

  • Download a prebuilt binary from releases page, unpack and run! or
  • If you have Go 1.15+ compiler installed and configured:
> GO111MODULE=on go get -v -u dw1.io/go-dork

Usage

Basic Usage

It's fairly simple, go-dork can be run with:

> go-dork -q "inurl:'...'"

Flags

> go-dork -h

This will display help for the tool. Here are all the switches it supports.

Flag Description
-q/--query Search query (required)
-e/--engine Provide search engine (default: Google)
(options: Google, Shodan, Bing, Duck, Yahoo, Ask)
-p/--page Specify number of pages (default: 1)
-H/--header Pass custom header to search engine
-x/--proxy Use proxy to surfing
-s/--silent Silent mode, prints only results in output

Querying

> go-dork -q "inurl:..."

Queries can also be input with stdin

> cat dorks.txt | go-dork -p 5

Defining engine

Search engine can be changed from the available engines: Google, Shodan, Bing, Duck, Yahoo, Ask. However, if the -e flag is not defined, it will use the Google search engine by default.

> go-dork -e bing -q ".php?id="

This will do a search by the Bing engine.

Pagination

By default, go-dork scrapes the first page, you can customize using the -p flag.

> go-dork -q "intext:'jira'" -p 5

It will search sequentially from pages 1 to 5.

Adding custom headers

Maybe you want to use a search filter on the Shodan engine, you can use custom headers to add cookies or other header parts.

> go-dork -q "org:'Target' http.favicon.hash:116323821" \
  --engine shodan -H "Cookie: ..." -H "User-Agent: ..."

Using proxy

Using a proxy, this can also be useful if Google or other engines meet Captcha.

> go-dork -q "intitle:'BigIP'" -p 2 -x http://127.0.0.1:8989

Chained with other tools

If you want to chain the go-dork results with another tool, use the -s flag.

> cat dorks.txt | go-dork | pwntools
> go-dork -q "inurl:'/secure' intext:'jira' site:org" -s | nuclei -t workflows/jira-exploitaiton-workflow.yaml

Supporting Materials

Help & Bugs

If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.

TODOs

  • Fixes Yahoo regexes
  • Fixes Google regexes if using custom User-Agent
  • Stopping if there's no results & page flag was set
  • DuckDuckGo next page

License

MIT. See LICENSE for more details.

Comments
  • Chain with nuclei doesn't work

    Chain with nuclei doesn't work

    when running the command set in the example to chain with other tools like nuclei, for jira, after I debug this is what showed up [WRN] [microstrategy-detect] Could not execute request for : parse "\x1b[32m/\x1b[0m": net/url: invalid control character in URL This doesn't happen if I save the urls into a file and cat those out; nuclei will correctly identify the technologies. So.. is there anyway you could fix the pipe option? I believe it's because your logo still shows up in silent mode. Thank you so much. Let me know if you need more examples

    opened by whitehat92 2
  • input from dorks in stdin is all added into a single query

    input from dorks in stdin is all added into a single query

    if you have in your dorks file like this: "Index of/" inurl:example.com

    the script will read and transform in a query as ["Index of" inurl:example.com]. All the dorks are added to the query in a single line, which decreases the odds of getting any desirable result. As a workaround, what I'm doing is basically cat dorks | xargs -I {} go-dork -q "{}" -e . Works just fine Because of this, it would be nice to run from stdin and for each line on dorks file adding a new line in the query. So, instead of interpreting each line as new data to be added to a single query, just run it for each line and run as a single query for each line: query "index of/" --> search query "inurl:example.com --> search

    Wonderful tool, never the less. Very good job!

    opened by whitehat92 2
  • Problem installing with build

    Problem installing with build

    When trying to build or using get, always this error of some package that is not in GOROOT

    golang_org/x/net/lex/httplex: package golang_org/x/net/lex/httplex is not in GOROOT (/usr/lib/go-1.7/src/golang_org/x/net/lex/httplex)

    I'm not sure if the error is on my side. If possible, please update the release file, in order to reflect https://github.com/dwisiswant0/go-dork/issues/12

    Thank you very much and great job, once again :)

    bug 
    opened by whitehat92 1
  • [BUG]

    [BUG]

    hello i get log errors and cant run it bcs of them how can i fix them log is imported also i did go get on gits and everything idk help me please

    Actual

    Specifications

    • Version:
    • Platform:
    • Subsystem:
    bug 
    opened by SafeMalware 1
  • Update README.md

    Update README.md

    Installing executables with "go get" in module mode is deprecated. "go install [email protected]" should be used instead. For more information, see https://go.dev/doc/go-get-install-deprecation

    opened by adilsoybali 0
  • socket: too many open files

    socket: too many open files

    I executed cat dork.txt | ./go-dork_1.0.0_linux_amd64 -e bing -x socks5://0.0.0.0:9050 and expected it to run but instead I get this error [FTL] Get "https://www.bing.com/search?q=bycategory.php%3Fid%3D&first=11": socks connect tcp 0.0.0.0:9050->www.bing.com:443: dial tcp 0.0.0.0:9050: socket: too many open files.

    bug 
    opened by zer-far 0
  • go-dork: -h command not found

    go-dork: -h command not found

    i have go installed, version : go1.12.2 gcc , ubuntu. and kali

    when i run go-dork -h , i get command not found, even when i run from /go/pkg/mod/github.com/dwisiswant0/[email protected] still same , command not found ? am able to build .go files successfully and run too .

    and with command go run go-dork -h , get package go-dork : cannot find package "go-dork" in any off: /usr/src/go-dork /home/username/go/src/go-dork ( " /root/go/src/go-dork " for kali )

    tested on ubuntu / kali. thanks in advance for help

    opened by catechopy 0
Releases(v1.0.2)
Owner
dw1
Bashturbation
dw1
Gbu-scanner - Go Blog Updates (Scanner service)

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

null 1 Jan 10, 2022
GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Luis Javier 61 Nov 18, 2022
Fastest recursive HTTP fuzzer, like a Ferrari.

Medusa Fastest recursive HTTP fuzzer, like a Ferrari. Usage Usage: medusa [options...] Options: -u Single URL -uL

Rıza Sabuncu 74 Oct 14, 2022
IIS shortname scanner written in Go

sns IIS shortname scanner written in Go Installation Make sure you've a recent version of the Go compiler installed on your system. Then just run: GO1

null 153 Nov 19, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

ProjectDiscovery 2.8k Dec 1, 2022
A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets.

ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the g

kleiton0x00 356 Nov 17, 2022
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Future Corp 9.7k Nov 29, 2022
Prototype Pollution Scanner

protoscan Prototype Pollution Scanner made in Golang, it was actually made by @tomnomnom in NahamCon2021 https://www.youtube.com/watch?v=Gv1nK6Wj8qM I

Kathan Patel 82 Sep 22, 2022
simple webshell scanner

shellboy ShellBoy is a useful web shell finder. It simply knows the signatures of active or inactive webshells on the market and looks for these signa

Oğuzhan YILMAZ 36 Feb 10, 2022
MX1014 is a flexible, lightweight and fast port scanner.

MX1014 MX1014 是一个遵循 “短平快” 原则的灵活、轻便和快速端口扫描器 此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任! Version 1.1.1 - 版本修改日志 Features 兼容 nmap 的端口和目标语法 支持各

L 98 Nov 14, 2022
null 1.1k Nov 23, 2022
Another JS scanner but in Go

NipeJS Read list of JS files and look for sensitive data via regex. ☕ Install go get github.com/i5nipe/nipejs ☕ Regular expressions Download the file

iSnipe 18 Nov 9, 2022
Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

4ra1n 116 Dec 30, 2021
Example mini project golang scanner application

Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu

Restu Wahyu Saputra 6 Nov 19, 2022
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

VMware 5 Nov 1, 2022
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

chenk 22 Aug 28, 2022
A scanner for running security-related configuration checks such as CIS benchmarks

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

Google 30 Nov 2, 2022
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

Anchore, Inc. 4.8k Nov 28, 2022
Network scanner for Netbox IPAM with VRF support

Installation git clone https://github.com/axxyhtrx/netbox-rollcall.git cd netbox-rollcall Pre-requirements Create config.yaml file in a root of the pr

Anatoly Kolpakov 5 Sep 21, 2022