Github每日精选(第51期):Google Dorking模糊测试的工具GooFuzz

发布于:2022-11-28 ⋅ 阅读:(336) ⋅ 点赞:(0)

GooFuzz

GooFuzz 是用Bash Scripting 编写的脚本,它使用高级 Google 搜索技术来获取文件或目录中的敏感信息,而无需向Web服务器发出请求。

GooFuzz 是一种使用 OSINT 方法执行模糊测试的工具,通过高级 Google 搜索(Google Dorking)管理枚举目录、文件、子域或参数,而不在目标服务器上留下证据。

在这里插入图片描述

下载并安装

GooFuzz 的下载和安装非常的方便,传统的go安装方式:

$ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git
$ cd GooFuzz
$ chmod +x GooFuzz
$ ./GooFuzz -h

使用

  • 先看看帮助,里面有哪些命令:

在这里插入图片描述

  • 按以逗号分隔的扩展名列出文件。

在这里插入图片描述

  • 按包含在 txt 文件中的扩展名列出文件。

在这里插入图片描述

  • 按扩展名(子域或域)列出文件,并显示第一个 Google 结果。

在这里插入图片描述

  • 通过单词表列出文件、目录甚至参数(建议只使用非常小的文件)。

在这里插入图片描述

  • 通过指定路径、单词或文件名列出目录和文件。

在这里插入图片描述

  • 在您的搜索中排除子域(用逗号或列表分隔),在此示例中,我们从搜索中删除了子域“ mars.nasa.gov ”。

在这里插入图片描述

  • 我们通过三个扩展名执行普通文件搜索,并找到我们想要排除的子域。

在这里插入图片描述

  • 我们创建一个名为“ exclusion_list.txt ”的文件并插入三个要排除的子域,我们再次执行相同的搜索,但传递排除目标的列表。

在这里插入图片描述

代码分析

GooFuzz 代码就比较简单了,全部都是shell的代码:

#!/usr/bin/env bash

# Variables
## General
url="https://www.google.com/search?q="
filter="&filter=0"
start="&start="
userAgent="User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"
version="1.2"

## Effects
cBold=`tput bold`
cNormal=`tput sgr0` #No color, No bold

# Functions
## Usage
function usage {
       echo -e "\nUsage:
	-h                               Display this help message.
	-w <DICTIONARY>       Specify a DICTIONARY, PATHS or FILES.
	-e <EXTENSION>          Specify comma-separated extensions.
	-t <TARGET>                 Specify a DOMAIN or IP Address.
	-p <PAGES>                     Specify the number of PAGES.
	-x <EXCLUSIONS>               EXCLUDES targets in searches.
	   
Examples:
   	GooFuzz -t site.com -e pdf,doc,bak
	GooFuzz -t site.com -e pdf -p 2
	GooFuzz -t www.site.com -e extensionslist.txt
	GooFuzz -t www.site.com -w config.php,admin,/images/
	GooFuzz -t site.com -w wp-admin -p 1
	GooFuzz -t site.com -w wordlist.txt
	GooFuzz -t site.com -w login.html -x dev.site.com
	GooFuzz -t site.com -w admin.html -x exclusion_list.txt"
       exit 0
}

## Checking parameters
function parametersCheck(){
	if [[ ${OPTARG} =~ ^- ]]; then
		showError
	fi
}

## Show Banner
function showBanner(){
	echo -e "*********************************************************
* GooFuzz ${version} - The Power of Google Dorks		*
*********************************************************"
}

## Show Full Banner
function showFullBanner(){
	echo -e "*********************************************************
* GooFuzz ${version} - The Power of Google Dorks		*
*							*
* David Utón (@David_Uton) 				*
*							*
*********************************************************"
}

## Show errors
function showError(){
	echo -e "Error, missing or invalid argument."
	usage
}

## Show not found
function notFound(){
	
	# Checking temporal ban from Google
	checkBan
		
	if [ -n "$extension" ]; then
		echo -e "\nSorry, no results found for ${cBold}${extension}${cNormal}."
	elif [ -n "$dictionary" ]; then
		echo -e "\nSorry, no results found for ${cBold}${file}${cNormal}."
	fi
}

## Exit GooFuzz
trap ctrl_c INT

function ctrl_c(){
	echo -e "\n${cBold}[!]${cNormal} Exiting GooFuzz..."
	exit 1
}

## Google ban check
function checkBan(){
	
	checkBanStatus=$(curl -s -H "$userAgent" "${url}site:${target}${filter}${start}${pageNum}")
	
	if [[ ${checkBanStatus} =~ "The document has moved" ]]; then
		echo -e "\n${cBold}[!]${cNormal} Oops... Looks like Google has temporarily blocked your IP address."
		exit 1
	fi
}

## Exclusions
function exclusionsCheck(){
	# Needs variables
	excludeTargets="-site:"

	# Checking file exist
	if [ -f "$exclusions" ]; then
		for exclusion in $(cat "$exclusions"); do
			if [[ $multi -eq 1 ]]; then
				exclusion="+-${exclusion}"
			fi

			excludeTargets="$excludeTargets${exclusion}"
			multi=1 # On multi-liner
		done

	elif [[ "$exclusions" =~ "," ]]; then
		excludeTargetsList=$(echo "$exclusions" | sed 's/,/ /g')

		for exclusion in $excludeTargetsList; do
			if [[ $multi -eq 1 ]]; then
				exclusion="+-${exclusion}"
			fi

			excludeTargets="$excludeTargets${exclusion}"
			multi=1 # On multi-liner
		done
			
	else
		excludeTargets="${excludeTargets}${exclusions}"
	fi
}

## Calculate sending requests
function calcRequests(){
	if [[ -z $pages ]] || [[ $pages -eq 0 ]]; then
		return $totalRequests
	else
		let totalRequests=$totalRequests*$pages
		return $totalRequests
	fi
}

## Request
function requestRun(){
	# Reset variables
	requestStorage=""
	page=0
		
	# Checking pages value
	if [[ -z $pages ]] || [[ $pages -eq 0 ]]; then
		pages=1
	fi
	
	until [[ $page -eq $pages ]]; do
		let pageNum=$page*10
	
		if [ -n "$extension" ]; then
			request=$(curl -s -H "$userAgent" "${url}site:${target}+filetype:${extension}+${excludeTargets}${filter}${start}${pageNum}" | grep -oP '<a href="(.*?)"' | grep "${target}" | grep -vE "google|search\?q=site" | grep -oP '"(.*?)"' | sort -u | sed 's/"//g')

		elif [ -n "$dictionary" ]; then
			request=$(curl -s -H "$userAgent" "${url}site:${target}+inurl:${file}+${excludeTargets}${filter}${start}${pageNum}" | grep -oP '<a href="(.*?)"' | grep "${target}" | grep -vE "google|search\?q=site" | grep -oP '"(.*?)"' | sort -u | sed 's/"//g')
		fi

		# Request storage
		requestStorage="$requestStorage
$request"
	
		# Pages Incremental
		((page++))

	done
}

## GooFuzz Dictionary Attack
function dictionaryAttack(){
	echo -e "\nTarget: ${cBold}${target}${cNormal}"

	# Checking file exist
	if [ -f "$dictionary" ]; then
		
		# Count lines
		totalRequests=$(wc -l "${dictionary}" | awk '{printf $1}')
		
		# Calculate
		calcRequests
		
		echo -e "Dictionary: ${cBold}${dictionary}${cNormal}"
		echo -e "Total requests: ${totalRequests}"
	
		for file in $(cat "$dictionary"); do
			# Send request
			requestRun
		
			# Show information
			if [ -n "$request" ]; then
			echo -e "\n==================================================================="				
			echo -e "Directories/Files: ${cBold}${file}${cNormal}"
			echo -e "==================================================================="
			echo "$requestStorage"
			else
				notFound
			fi
		done
		
		# Close script
		exit 1
		
	elif [[ "$dictionary" =~ "," ]]; then
		filesList=$(echo "$dictionary" | sed 's/,/ /g')
		
		for file in $filesList; do
			# Send request
			requestRun
				
			# Show information
			if [ -n "$request" ]; then
				echo -e "\n==================================================================="
				echo -e "Directories/Files: ${cBold}${file}${cNormal}"
				echo -e "==================================================================="
				echo "$requestStorage"
			else
				notFound
			fi
		done
		
		# Close script
		exit 1
			
	else
		# Send request
		file="$dictionary"
		requestRun

		# Show information
		if [ -n "$request" ]; then
			echo -e "\n==================================================================="
			echo -e "Directories/Files: ${cBold}${file}${cNormal}"
			echo -e "==================================================================="
			echo "$requestStorage"
		else
			notFound
		fi
	fi
}

## GooFuzz Extension Attack
function extensionAttack(){
	echo -e "\nTarget: ${cBold}${target}${cNormal}"

	# Checking file exist
	if [ -f "$extension" ]; then
	
		# Count lines
		totalRequests=$(wc -l "${extension}" | awk '{printf $1}')
				
		# Calculate
		calcRequests
		
		echo -e "Total requests: ${totalRequests}"
		
		for extension in $(cat "$extension"); do
			# Send request
			requestRun
			
			# Show information
			if [ -n "$request" ]; then
				echo -e "\n==================================================================="
				echo -e "Extension: ${cBold}${extension}${cNormal}"
				echo -e "==================================================================="
				echo "$requestStorage"
			else
				notFound
			fi
		done
		
		# Close script
		exit 1
	
	# Checking various extensions
	elif [[ "$extension" =~ "," ]]; then
		extensionsList=$(echo "$extension" | sed 's/,/ /g')
		
		for extension in $extensionsList; do
			# Send request
			requestRun
			
			# Show information
			if [ -n "$request" ]; then
				echo -e "\n==================================================================="
				echo -e "Extension: ${cBold}${extension}${cNormal}"
				echo -e "==================================================================="
				echo "$requestStorage"
			else
				notFound
			fi
		done
		
		# Close script
		exit 1
	
	else
	
		# Send request
		requestRun

		# Show information
		if [ -n "$request" ]; then
			echo -e "\n==================================================================="
			echo -e "Extension: ${cBold}${extension}${cNormal}"
			echo -e "==================================================================="
			echo "$requestStorage"
		else
			notFound
		fi
	fi
}

# Script execute

## Options

while getopts :p:x:w:e:t:h option; do
	case ${option} in
		h)
			showFullBanner
			usage
			break
			exit 1
		;;
		p)
			parametersCheck
			pages=${OPTARG}
		;;
		x)
			parametersCheck
			exclusions=${OPTARG}
			exclusionsCheck
		;;
		w)
			parametersCheck
			dictionary=${OPTARG}
		;;
		e)
			parametersCheck
			extension=${OPTARG}
		;;
		t)
			parametersCheck
			target=${OPTARG}
		;;
		*)
			showFullBanner
			showError
		;;
	esac
done

## Continue
showBanner

if [ -n "$target" ] && [ -n "$dictionary" ]; then 
	dictionaryAttack
	
elif [ -n "$target" ] && [ -n "$extension" ]; then
	extensionAttack
else
	showError
fi
本文含有隐藏内容,请 开通VIP 后查看

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布