Skip to content

Commit

Permalink
update to have result csv + adding config file
Browse files Browse the repository at this point in the history
  • Loading branch information
ElNiak committed Jun 17, 2024
1 parent 955f3a7 commit 145212f
Show file tree
Hide file tree
Showing 34 changed files with 2,308 additions and 1,265 deletions.
60 changes: 38 additions & 22 deletions bounty_drive/attacks/dorks/github_dorking.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

#########################################################################################
# Github Dorking and searching functions
#########################################################################################
Expand All @@ -13,36 +12,45 @@
from termcolor import cprint

from utils.github_config import GITHUB_API_URL, TOKENS_LIST
from utils.app_config import *
from utils.app_config import *

token_index = 0


def token_round_robin():
global token_index
token = TOKENS_LIST[token_index]
token_index = (token_index + 1) % len(TOKENS_LIST)
return token


# URL Encoding Function
def __urlencode(str):
return str.replace(':', '%3A').replace('"', '%22').replace(' ', '+')
return str.replace(":", "%3A").replace('"', "%22").replace(" ", "+")


def rate_limit_handler(headers):
if 'X-RateLimit-Reset' in headers:
reset_time = datetime.fromtimestamp(int(headers['X-RateLimit-Reset']))
wait_time = (reset_time - datetime.now()).total_seconds() + 10 # Adding 10 seconds buffer
if "X-RateLimit-Reset" in headers:
reset_time = datetime.fromtimestamp(int(headers["X-RateLimit-Reset"]))
wait_time = (
reset_time - datetime.now()
).total_seconds() + 10 # Adding 10 seconds buffer
print(f"Rate limit hit. Waiting for {wait_time} seconds.")
time.sleep(wait_time)



def get_rate_limit_status():
headers = {"Authorization": f"token {token_round_robin()}"}
response = requests.get(f"{GITHUB_API_URL}/rate_limit", headers=headers)
if response.status_code == 200:
rate_limit = response.json()['rate']
print(f"Limit: {rate_limit['limit']}, Remaining: {rate_limit['remaining']}, Reset: {datetime.fromtimestamp(rate_limit['reset'])}")
rate_limit = response.json()["rate"]
print(
f"Limit: {rate_limit['limit']}, Remaining: {rate_limit['remaining']}, Reset: {datetime.fromtimestamp(rate_limit['reset'])}"
)
else:
print("Failed to fetch rate limit status")



# TODO
def github_search_with_proxy(dork_tuple, proxy, category, retries=3, advanced=False):
# TODO advanced search
Expand All @@ -54,33 +62,40 @@ def github_search_with_proxy(dork_tuple, proxy, category, retries=3, advanced=Fa
full_query = f"{query} {extension}".strip()
base_url = f"{GITHUB_API_URL}/search/code?q=" + __urlencode(extension + " " + query)
headers = {
'User-Agent': random.choice(USER_AGENTS),
"Authorization": f"token {token_round_robin()}"
"User-Agent": random.choice(USER_AGENTS),
"Authorization": f"token {token_round_robin()}",
}
proxies = {'http': proxy, 'https': proxy}
proxies = {"http": proxy, "https": proxy}
urls = []
for _ in range(retries):
try:
cprint(f"Searching for {full_query} ({category}) with proxy {proxy}...", 'yellow', file=sys.stderr)
response = requests.get(base_url, headers=headers, params=params, proxies=proxies, timeout=10)

cprint(
f"Searching for {full_query} ({category}) with proxy {proxy}...",
"yellow",
file=sys.stderr,
)
response = requests.get(
base_url, headers=headers, params=params, proxies=proxies, timeout=10
)

# Parse
soup = BeautifulSoup(response.text, "html.parser")
result_block = soup.find_all("div", attrs={"class": "g"})
for result in result_block:
# Find link, title, description
link = result.find("a", href=True)
title = result.find("h3")
description_box = result.find(
"div", {"style": "-webkit-line-clamp:2"})
description_box = result.find("div", {"style": "-webkit-line-clamp:2"})
if description_box:
description = description_box.text
if link and title and description:
if advanced:
urls.append(SearchResult(link["href"], title.text, description))
urls.append(
SearchResult(link["href"], title.text, description)
)
else:
urls.append(link["href"])

# Placeholder for URL extraction logic
return category, urls # Return the category and a placeholder result
except requests.exceptions.RequestException as e:
Expand All @@ -89,5 +104,6 @@ def github_search_with_proxy(dork_tuple, proxy, category, retries=3, advanced=Fa

return category, None # Indicate failure after retries

def load_github_dorks_and_search(extension=DEFAULT_EXTENSION, total_output=DEFAULT_TOTAL_OUTPUT, page_no=DEFAULT_PAGE_NO, proxies=None):
pass

# def load_github_dorks_and_search(extension=DEFAULT_EXTENSION, total_output=DEFAULT_TOTAL_OUTPUT, page_no=DEFAULT_PAGE_NO, proxies=None):
# pass
25 changes: 25 additions & 0 deletions bounty_drive/attacks/dorks/google/sqli/SQLi-parameters.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
?id=
?page=
?dir=
?search=
?category=
?file=
?class=
?url=
?news=
?item=
?menu=
?lang=
?name=
?ref=
?title=
?view=
?topic=
?thread=
?type=
?date=
?form=
?join=
?main=
?nav=
?region=
10 changes: 5 additions & 5 deletions bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@
/index.php?view=help&faq=1&ref=
/info.asp?page=fullstory&key=1&news_type=news&onvan=
/info.asp?page=fullstory&key=1&news_type=news&onvan=
/main.php?sid= /main.php?sid=
/news.php?id= /news.php?id=
/notice.php?msg= /notice.php?msg=
/main.php?sid=
/news.php?id=
/notice.php?msg=
/preaspjobboard//Employee/emp_login.asp?msg1=
/schoolmv2/html/studentmain.php?session=
/search.php?search_keywords= /search.php?search_keywords=
/ser/parohija.php?id= /ser/parohija.php?id=
/showproperty.php?id= /showproperty.php?id=
/ser/parohija.php?id=
/showproperty.php?id=
/site_search.php?sfunction= /site_search.php?sfunction=
/strane/pas.php?id= /strane/pas.php?id=
/vehicle/buy_do_search/?order_direction=
Expand Down
25 changes: 25 additions & 0 deletions bounty_drive/attacks/dorks/google/xss/xss-parameters.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
?q=
?s=
?search=
?id=
?lang=
?keyword=
?query=
?page=
?keywords=
?year=
?view=
?email=
?type=
?name=
?p=
?month=
?image=
?list_type=
?url=
?terms=
?categoryid=
?key=
?login=
?begindate=
?enddate=
Loading

0 comments on commit 145212f

Please sign in to comment.