Skip to content

Commit

Permalink
adding dirb payload + nordvpn support proxy + todo nordvpn rotate ip
Browse files Browse the repository at this point in the history
  • Loading branch information
ElNiak committed Jun 15, 2024
1 parent fcb413b commit 3dc67fb
Show file tree
Hide file tree
Showing 59 changed files with 1,161,998 additions and 223 deletions.
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0
hooks:
- id: trailing-whitespace
# - id: trailing-whitespace
# - id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
# - id: check-added-large-files
- id: check-ast
- id: check-json
- id: check-merge-conflict
Expand Down
1 change: 1 addition & 0 deletions bounty_drive/attacks/dorks/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from tqdm import tqdm
90 changes: 45 additions & 45 deletions bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt
Original file line number Diff line number Diff line change
Expand Up @@ -60,48 +60,48 @@ inurl:".php?z="
inurl:"contentPage.php?id="
inurl:"displayResource.php?id="
pages/match_report.php?mid= pages/match_report.php?mid=
inurl:/search?query=<script>alert('XSS')</script>
inurl:/login?username=<script>alert('XSS')</script>
inurl:/signin?email=<script>alert('XSS')</script>
inurl:/register?fullname=<script>alert('XSS')</script>
inurl:/contact?message=<script>alert('XSS')</script>
inurl:/comment?text=<script>alert('XSS')</script>
inurl:/feedback?subject=<script>alert('XSS')</script>
inurl:/guestbook?message=<script>alert('XSS')</script>
inurl:/feedback?comment=<script>alert('XSS')</script>
inurl:/post?body=<script>alert('XSS')</script>
inurl:/search?q=<script>alert('XSS')</script>
inurl:/profile?username=<script>alert('XSS')</script>
inurl:/user?name=<script>alert('XSS')</script>
inurl:/about?content=<script>alert('XSS')</script>
inurl:/portfolio?project=<script>alert('XSS')</script>
inurl:/testimonial?feedback=<script>alert('XSS')</script>
filetype:js "<script>alert('XSS')</script>"
filetype:js "document.write('<script>alert('XSS')</script>')"
filetype:js "window.location.href='javascript:alert('XSS')'"
filetype:js "eval('<script>alert('XSS')</script>')"
filetype:html "<script>alert('XSS')</script>"
filetype:html "onload=alert('XSS')"
filetype:html "onclick=alert('XSS')"
filetype:html "onmouseover=alert('XSS')"
inurl:/page?name=<script>alert('XSS')</script>
inurl:/search?query=<script>alert('XSS')</script>
inurl:/profile?id=<script>alert('XSS')</script>
inurl:/article?title=<script>alert('XSS')</script>
inurl:/post?id=<script>alert('XSS')</script>
inurl:/search?query=<script>alert('XSS')</script>
inurl:/view?item=<script>alert('XSS')</script>
inurl:/category?name=<script>alert('XSS')</script>
intext:"<form action" "<input type='text' onfocus='alert('XSS')'>"
intext:"<form action" "<textarea onfocus='alert('XSS')'></textarea>"
intext:"<form action" "<input type='password' onfocus='alert('XSS')'>"
intext:"<form action" "<input type='email' onfocus='alert('XSS')'>"
intext:"<form action" "<input type='url' onfocus='alert('XSS')'>"
intext:"<form action" "<input type='tel' onfocus='alert('XSS')'>"
intext:"<form action" "<input type='number' onfocus='alert('XSS')'>"
intext:"<button onclick='alert('XSS')'>Click Me</button>"
intext:"<a href='#' onclick='alert('XSS')'>Click Here</a>"
intext:"<div onmouseover='alert('XSS')'>Hover Me</div>"
intext:"<img src='x' onerror='alert('XSS')'>"
intext:"<input type='text' onblur='alert('XSS')'>"
intext:"<select onchange='alert('XSS')'><option>Select</option></select>"
inurl:/search?query=
inurl:/login?username=
inurl:/signin?email=
inurl:/register?fullname=
inurl:/contact?message=
inurl:/comment?text=
inurl:/feedback?subject=
inurl:/guestbook?message=
inurl:/feedback?comment=
inurl:/post?body=
inurl:/search?q=
inurl:/profile?username=
inurl:/user?name=
inurl:/about?content=
inurl:/portfolio?project=
inurl:/testimonial?feedback=
filetype:js ""
filetype:js "document.write('')"
filetype:js "window.location.href='javascript:
filetype:js "eval('')"
filetype:html ""
filetype:html "onload=
filetype:html "onclick=
filetype:html "onmouseover=
inurl:/page?name=
inurl:/search?query=
inurl:/profile?id=
inurl:/article?title=
inurl:/post?id=
inurl:/search?query=
inurl:/view?item=
inurl:/category?name=
intext:"<form action" "<input type='text' onfocus=
intext:"<form action" "<textarea onfocus='
intext:"<form action" "<input type='password' onfocus=
intext:"<form action" "<input type='email' onfocus=
intext:"<form action" "<input type='url' onfocus=
intext:"<form action" "<input type='tel' onfocus=
intext:"<form action" "<input type='number' onfocus=
intext:"<button onclick=
intext:"<a href='#' onclick='
intext:"<div onmouseover=
intext:"<img src='x' onerror=
intext:"<input type='text' onblur=
intext:"<select onchange='
6 changes: 0 additions & 6 deletions bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt
Original file line number Diff line number Diff line change
Expand Up @@ -448,9 +448,6 @@
<dialog onmouseup=
<dir onmousedown=
<dir onmouseup=
<dlHere is an expanded list of potential XSS injection points, adding 100 more entries to the previous list. This covers various HTML tags and attributes where user input might be vulnerable to injection attacks:

```txt
<a href="
<a onclick=
<a onmouseover=
Expand Down Expand Up @@ -902,9 +899,6 @@
<dir onmousedown=
<dir onmouseup=
<dl onmousedown=
<dl onmouseupHere's an expanded list of potential XSS injection points, adding 100 new entries to the previous list. This covers various HTML tags and attributes where user input might be vulnerable to injection attacks:

```txt
<a href="
<a onclick=
<a onmouseover=
Expand Down
190 changes: 143 additions & 47 deletions bounty_drive/attacks/dorks/google_dorking.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,70 +5,143 @@
# Proxy-aware Google search function
import glob
import random
import threading
import time
from tqdm import tqdm
import sys
import re
import concurrent.futures
from termcolor import cprint
from tqdm import tqdm

from attacks.dorks import dorking_config
from attacks.dorks.dorking_config import dorking_config
from utils.app_config import (
DEFAULT_TOTAL_OUTPUT,
EXTENSION,
LANG,
POTENTIAL_PATHS,
TOTAL_OUTPUT,
USER_AGENTS,
use_nordvpn,
)
from utils.proxies import round_robin_proxies
from utils.request_manager import param_converter, start_request
from utils.results_manager import safe_add_result

from nordvpn_switcher.nordvpn_switch import initialize_VPN, rotate_VPN, terminate_VPN


def change_vpn(time=300):
rotate_VPN()
time.sleep(time)


def google_search_with_proxy(dork_tuple, proxy, category, retries=3, advanced=False):
def google_search_with_proxy(
dork_tuple,
proxy,
category,
retries=1,
advanced=False,
total_output=TOTAL_OUTPUT,
generated_dorks=True,
secured=True,
):
try:
query, extension, category = dork_tuple
except ValueError:
query = dork_tuple
extension = ""

base_url = "https://www.google.com/search"
headers = {"User-Agent": random.choice(USER_AGENTS)}
proxies = {"http": proxy, "https": proxy}

full_query = generate_dork_query(query, extension)

# Threat data as path
is_json = False
# url = param_converter(data, url) # TODO
data = None
GET, POST = True, False
params = {
# "client": "ubuntu-sn",
# "channel": "fs",
"q": full_query,
"num": TOTAL_OUTPUT, # Prevents multiple requests
"hl": LANG,
headers = {
"User-Agent": random.choice(USER_AGENTS),
"Connection": "close",
}

urls = None
for _ in range(retries):
urls = start_request(
proxies=proxies,
advanced=advanced,
GET=GET,
data=data,
headers=headers,
params=params,
base_url=base_url,
full_query=full_query,
is_json=is_json,
category=category,
scrap_urls=True,
)
if urls:
return category, urls, full_query
return category, urls, full_query
if "socks5" in proxy:
proxies = {"https": proxy}
else:
proxies = {"http": proxy, "https": proxy}

if generated_dorks:
full_query = generate_dork_query(query, extension)
else:
full_query = query

if isinstance(full_query, list):
for q in full_query:
# Threat data as path
is_json = False
# url = param_converter(data, url) # TODO
data = None
GET, POST = True, False
params = {
# "client": "ubuntu-sn",
# "channel": "fs",
"q": q,
"num": total_output, # Prevents multiple requests
"hl": LANG,
}

urls = None
for retry_no in range(retries):
urls = start_request(
proxies=proxies,
advanced=advanced,
GET=GET,
data=data,
headers=headers,
params=params,
base_url=base_url,
full_query=q,
is_json=is_json,
category=category,
scrap_urls=True,
retry_no=retry_no,
secured=secured,
)
if urls:
result = category, urls, q
safe_add_result(result)
return
else:
# Threat data as path
is_json = False
# url = param_converter(data, url) # TODO
data = None
GET, POST = True, False
params = {
# "client": "ubuntu-sn",
# "channel": "fs",
"q": full_query,
"num": total_output, # Prevents multiple requests
"hl": LANG,
}

urls = None
for retry_no in range(retries):
urls = start_request(
proxies=proxies,
advanced=advanced,
GET=GET,
data=data,
headers=headers,
params=params,
base_url=base_url,
full_query=full_query,
is_json=is_json,
category=category,
scrap_urls=True,
retry_no=retry_no,
secured=secured,
)
if urls:
result = category, urls, full_query
safe_add_result(result)
return

result = category, urls, full_query
safe_add_result(result)
return


google_dork_tags = [
Expand Down Expand Up @@ -123,24 +196,41 @@ def generate_dork_query(query, extension):

query = in_url_query + " | " + in_text_query

query = query + " | " + "inurl:&"
query = query + " | " # + "inurl:&"

# Incorporate subdomain into the search query if specified
if len(dorking_config.SUBDOMAIN) > 0:
# Remove any existing site: tag and its value
full_query = []
query = re.sub(r"site:[^\s]+", "", query)
to_search = " | ".join(f"site:{domain}" for domain in dorking_config.SUBDOMAIN)
full_query = f"({to_search}) & ({query})".strip()
for domain in dorking_config.SUBDOMAIN:
to_search = f"site:{domain}"
full_query.append(f"({to_search}) & ({query})".strip())
else:
full_query = f"({query})".strip()

if extension and len(extension) > 0:
full_query = full_query + f" & filetype:{extension}"
if isinstance(extension, full_query):
full_query_copy = []
for q in full_query:
q = q + f" & filetype:{q}"
full_query_copy.append(q)
full_query = full_query_copy
else:
full_query = full_query + f" & filetype:{extension}"

return full_query # Indicate failure after retries


def load_google_dorks_and_search(extensions=None, proxies=None):
if proxies and len(proxies) < 1:
cprint(
f"Using proxies -> you should have at least one UP",
"red",
file=sys.stderr,
)
exit()

proxy_cycle = round_robin_proxies(proxies)

search_tasks = {}
Expand Down Expand Up @@ -171,13 +261,21 @@ def load_google_dorks_and_search(extensions=None, proxies=None):
f"Total number of dorks: {len(search_tasks_fill)}", "yellow", file=sys.stderr
)

if use_nordvpn:
thread = threading.Thread(target=change_vpn)
thread.start()

# Now, append a proxy to each task
number_of_worker = min(len(proxies), 30) # /2
cprint(f"Number of workers: {number_of_worker}", "yellow", file=sys.stderr)
search_tasks_with_proxy = []
for task, cat in search_tasks_fill:
proxy = next(proxy_cycle)
search_tasks_with_proxy.append({"dork": task, "proxy": proxy, "category": cat})

with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
with concurrent.futures.ThreadPoolExecutor(
max_workers=number_of_worker
) as executor:
future_to_search = {
executor.submit(
google_search_with_proxy, task["dork"], task["proxy"], task["category"]
Expand All @@ -189,9 +287,7 @@ def load_google_dorks_and_search(extensions=None, proxies=None):
total=len(future_to_search),
desc="Searching for vulnerable website",
unit="site",
leave=True,
position=0,
# leave=True,
# position=0,
):
result = future.result()
if result:
safe_add_result(result)
future.result()
Loading

0 comments on commit 3dc67fb

Please sign in to comment.