Code Monkey home page Code Monkey logo

googlehackingbydomain's Introduction

Google Hacking By Domain

  • "GoogleHackingByDomain" is a pentest tool that allows you to automate advanced Google queries from a domain name.
  • It provides 11 different options to search for sensitive information and security vulnerabilities.
    1. Subdomains
    2. Directory Listing
    3. Login and registration pages
    4. Files
    5. Keywords
    6. Default pages
    7. Software versions
    8. Error messages
    9. Databases
    10. Email addresses and phone numbers
    11. Employees
  • In the results shown, the magenta color represents the title, the green the link and the yellow the description.
  • Queries are executed in Spanish and English.
  • The results obtained are saved in a text file, in the same path where the script is located.
  • Google's "Custom Search API" is used. This API is limited to 100 free queries per day.
  • For most queries the first page of results is returned. Only for some queries the first two or three pages of results are returned.
  • This tool works for Windows and Linux.
  • Due to the nature of Google searches, it is possible to obtain unwanted, repetitive or false positive results.

For this tool to work you must generate and obtain an API Key for "Custom Search API" and create a Programmable Search Engine. The steps are described below.

  1. Download the script on your computer
    - git clone https://github.com/Tomas-Ortiz/googlehackingbydomain

  2. Access the downloaded folder
    - cd googlehackingbydomain

  3. Install the required modules
    - pip install google-api-python-client colorama

  4. Generate API Key for "Custom Search API"
    - https://developers.google.com/custom-search/v1/introduction

  5. Create a Programmable Search Engine and get the Search Engine ID (CX)
    - https://programmablesearchengine.google.com/controlpanel/create

  6. Insert your API Key and search engine ID into the variables indicated in the source code of the script (API_KEY and CX)

  7. Finally, you can use the tool
    - python3 GoogleHackingByDomain.py

  8. Additionally, you can use the google console to control enabled APIs, credentials, queries, usage and so on
    - https://console.cloud.google.com/apis/dashboard


Some screenshots showing how the tool works are attached below.

googlehackingbydomain's People

Contributors

tomas-ortiz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.