Go Dork
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Clusterfuzz | 5,016 | 5 hours ago | 40 | April 21, 2022 | 240 | apache-2.0 | Python | |||
| Scalable fuzzing infrastructure. | ||||||||||
| Google Ctf | 3,149 | 6 months ago | 1 | apache-2.0 | Go | |||||
| Google CTF | ||||||||||
| Gdown | 2,979 |  | 26 | 180 | 2 months ago | 72 | June 26, 2022 | 9 | mit | Python |
| Download a large file from Google Drive (curl/wget fails because of the security notice). | ||||||||||
| Badssl.com | 2,423 | 7 months ago | 193 | apache-2.0 | HTML | |||||
| :lock: Memorable site for testing clients against bad SSL configs. | ||||||||||
| Security Research | 1,798 | a day ago | 7 | apache-2.0 | Go | |||||
| This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. | ||||||||||
| Awesome Federated Machine Learning | 973 | 4 days ago | 2 | |||||||
| Everything about federated learning, including research papers, books, codes, tutorials, videos and beyond | ||||||||||
| Go Dork | 677 | 9 months ago | 4 | April 03, 2021 | 4 | mit | Go | |||
| The fastest dork scanner written in Go. | ||||||||||
| Awesome Zero Trust | 585 | a year ago | 1 | |||||||
| A curated collection of awesome resources for the zero-trust security model. | ||||||||||
| Google Dorks | 578 | 12 days ago | ||||||||
| Useful Google Dorks for WebSecurity and Bug Bounty | ||||||||||
| Safebrowsing | 430 | 29 | 16 | 2 days ago | May 27, 2021 | 18 | apache-2.0 | Go | ||
| Safe Browsing API Go Client | ||||||||||
go-dork
The fastest dork scanner written in Go.
There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask.
Install
- Download a prebuilt binary from releases page, unpack and run! or
- If you have Go 1.15+ compiler installed and configured:
> GO111MODULE=on go install dw1.io/[email protected]
Usage
Basic Usage
It's fairly simple, go-dork can be run with:
> go-dork -q "inurl:'...'"
Flags
> go-dork -h
This will display help for the tool. Here are all the switches it supports.
| Flag | Description |
|---|---|
| -q/--query | Search query (required) |
| -e/--engine | Provide search engine (default: Google) |
| (options: Google, Shodan, Bing, Duck, Yahoo, Ask) | |
| -p/--page | Specify number of pages (default: 1) |
| -H/--header | Pass custom header to search engine |
| -x/--proxy | Use proxy to surfing |
| -s/--silent | Silent mode, prints only results in output |
Querying
> go-dork -q "inurl:..."
Queries can also be input with stdin
> cat dorks.txt | go-dork -p 5
Defining engine
Search engine can be changed from the available engines: Google, Shodan, Bing, Duck, Yahoo, Ask.
However, if the -e flag is not defined, it will use the Google search engine by default.
> go-dork -e bing -q ".php?id="
This will do a search by the Bing engine.
Pagination
By default, go-dork scrapes the first page, you can customize using the -p flag.
> go-dork -q "intext:'jira'" -p 5
It will search sequentially from pages 1 to 5.
Adding custom headers
Maybe you want to use a search filter on the Shodan engine, you can use custom headers to add cookies or other header parts.
> go-dork -q "org:'Target' http.favicon.hash:116323821" \
--engine shodan -H "Cookie: ..." -H "User-Agent: ..."
Using proxy
Using a proxy, this can also be useful if Google or other engines meet Captcha.
> go-dork -q "intitle:'BigIP'" -p 2 -x http://127.0.0.1:8989
Chained with other tools
If you want to chain the go-dork results with another tool, use the -s flag.
> cat dorks.txt | go-dork | pwntools
> go-dork -q "inurl:'/secure' intext:'jira' site:org" -s | nuclei -t workflows/jira-exploitaiton-workflow.yaml
Supporting Materials
- Hazana. Dorking on Steroids, 11 Mar. 2021, https://hazanasec.github.io/2021-03-11-Dorking-on-Steriods/.
Help & Bugs
If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.
TODOs
- [ ] Fixes Yahoo regexes
- [ ] Fixes Google regexes if using custom User-Agent
- [x] Stopping if there's no results & page flag was set
- [ ] DuckDuckGo next page
License
MIT. See LICENSE for more details.
