diff --git a/INSTALL.md b/INSTALL.md
index 02a1a8a..92e4f6f 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1,5 +1,11 @@
# Installation
+## Pre-Commit
+
+python3 -m pip install pre-commit
+pre-commit installed at .git/hooks/pre-commit
+
+
## Classical
## PyPy
\ No newline at end of file
diff --git a/README.md b/README.md
index 1ab5b70..b671d3d 100644
--- a/README.md
+++ b/README.md
@@ -11,15 +11,15 @@ make
```
## Usage
```bash
-python3 bounty_drive.py
+python3 py
```
```bash
-Please specify the website extension(eg- .in,.com,.pk) [default: ] ----->
+Please specify the website extension(eg- .in,.com,.pk) [default: ] ----->
Do you want to restrict search to subdomain present in target.txt ? [default: true (vs false)] -----> true
-Please specify the total no. of websites you want [default: 10] ---->
-From which Google page you want to start(eg- 1,2,3) [default: 1] ---->
-Do you want to do the Google dorking scan phase ? [default: true (vs false)] ---->
+Please specify the total no. of websites you want [default: 10] ---->
+From which Google page you want to start(eg- 1,2,3) [default: 1] ---->
+Do you want to do the Google dorking scan phase ? [default: true (vs false)] ---->
Do you want to do the Github dorking scan phase ? [default: true (vs false)] ----> false
Do you want to test for XSS vulnerability ? [default: true (vs false)] ----> true
Do you want to encode XSS payload ? [default: true (vs false)] ----> false
@@ -40,6 +40,10 @@ Updated at 2024-02-18 15:32:02 UTC.
TODO: we should proxy proxy chains
+## TODO
+
+- use singletons for config !!!
+
# HAPPY HUNTING
@@ -64,5 +68,7 @@ https://github.com/spekulatius/infosec-dorks
https://github.com/RevoltSecurities/Subdominator
+https://github.com/Raghavd3v/CRLFsuite/blob/main/crlfsuite/db/wafsignatures.json
+
# TODO
add a vulnerable wordpress plugin and then dork to find vulnerable wordpress sites
\ No newline at end of file
diff --git a/bounty_drive/attacks/dorks/dorking_config.py b/bounty_drive/attacks/dorks/dorking_config.py
index f001011..310611d 100644
--- a/bounty_drive/attacks/dorks/dorking_config.py
+++ b/bounty_drive/attacks/dorks/dorking_config.py
@@ -1 +1,6 @@
-SUBDOMAIN = None # TODO use target.txt and allow multiple domain
+class DorkingConfig:
+ SUBDOMAIN = [] # TODO use target.txt and allow multiple domain
+ CRAWL = False
+
+
+dorking_config = DorkingConfig()
diff --git a/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt b/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt
index 24492fa..28fc5c8 100644
--- a/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt
+++ b/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt
@@ -22,9 +22,9 @@
/view.php?PID= /view.php?PID=
/winners.php?year=2008&type= /winners.php?year=2008&type=
/winners.php?year=2008&type= /winners.php?year=2008&type=
-index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
-index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
-intext:”Website by Mile High Creative”
+index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations"
+index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations"
+intext:"Website by Mile High Creative"
inurl:.com/search.asp
inurl:/poll/default.asp?catid=
inurl:/products/classified/headersearch.php?sid=
@@ -37,28 +37,28 @@ inurl:com_feedpostold/feedpost.php?url=
inurl:headersearch.php?sid=
inurl:scrapbook.php?id=
inurl:search.php?q=
-inurl:”.php?author=”
-inurl:”.php?cat=”
-inurl:”.php?cmd=”
-inurl:”.php?feedback=”
-inurl:”.php?file=”
-inurl:”.php?from=”
-inurl:”.php?keyword=”
-inurl:”.php?mail=”
-inurl:”.php?max=”
-inurl:”.php?pass=”
-inurl:”.php?q=”
-inurl:”.php?query=”
-inurl:”.php?search=”
-inurl:”.php?searchstring=”
-inurl:”.php?searchstring=”
-inurl:”.php?tag=”
-inurl:”.php?txt=”
-inurl:”.php?vote=”
-inurl:”.php?years=”
-inurl:”.php?z=”
-inurl:”contentPage.php?id=”
-inurl:”displayResource.php?id=”
+inurl:".php?author="
+inurl:".php?cat="
+inurl:".php?cmd="
+inurl:".php?feedback="
+inurl:".php?file="
+inurl:".php?from="
+inurl:".php?keyword="
+inurl:".php?mail="
+inurl:".php?max="
+inurl:".php?pass="
+inurl:".php?q="
+inurl:".php?query="
+inurl:".php?search="
+inurl:".php?searchstring="
+inurl:".php?searchstring="
+inurl:".php?tag="
+inurl:".php?txt="
+inurl:".php?vote="
+inurl:".php?years="
+inurl:".php?z="
+inurl:"contentPage.php?id="
+inurl:"displayResource.php?id="
pages/match_report.php?mid= pages/match_report.php?mid=
inurl:/search?query=
inurl:/login?username=
diff --git a/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt b/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt
new file mode 100644
index 0000000..8cae83f
--- /dev/null
+++ b/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt
@@ -0,0 +1,1359 @@
+
intext:"mysql_numrows()" +site:il
intext:"GetArray()" +site:il
intext:"FetchRow()" +site:il