{ "info": { "author": "jgor", "author_email": "jgor@utexas.edu", "bugtrack_url": null, "classifiers": [ "License :: Free for non-commercial use", "Operating System :: OS Independent", "Programming Language :: Python" ], "description": "![Image of Dorkbot](https://security.utexas.edu/sites/default/files/Artboard%203_0.png)\n\ndorkbot\n=======\n\nScan Google (or other) search results for vulnerabilities.\n\ndorkbot is a modular command-line tool for performing vulnerability scans against sets of webpages returned by Google search queries or other supported sources. It is broken up into two sets of modules:\n\n* *Indexers* - modules that return a list of targets\n* *Scanners* - modules that perform a vulnerability scan against each target\n\nTargets are stored in a local database file until they are scanned, at which point a standard JSON report is produced containing any vulnerabilities found. Indexing and scanning processes can be run separately or combined in a single command (up to one of each).\n\nUsage\n=====\n
\nusage: dorkbot.py [-h] [-c CONFIG] [-r DIRECTORY] [-d DATABASE] [-f]\n                  [-i INDEXER] [-l] [-o INDEXER_OPTIONS] [-p SCANNER_OPTIONS]\n                  [-s SCANNER]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -c CONFIG, --config CONFIG\n                        Configuration file\n  -r DIRECTORY, --directory DIRECTORY\n                        Dorkbot directory (default location of config, db,\n                        tools, reports)\n  -d DATABASE, --database DATABASE\n                        Database file/uri\n  -f, --flush           Flush table of fingerprints of previously-scanned\n                        items\n  -i INDEXER, --indexer INDEXER\n                        Indexer module to use\n  -l, --list            List targets in database\n  -o INDEXER_OPTIONS, --indexer-options INDEXER_OPTIONS\n                        Indexer-specific options (opt1=val1,opt2=val2,..)\n  -p SCANNER_OPTIONS, --scanner-options SCANNER_OPTIONS\n                        Scanner-specific options (opt1=val1,opt2=val2,..)\n  -s SCANNER, --scanner SCANNER\n                        Scanner module to use\n
\n\nRequirements\n============\nPython 2.7.x / 3.x (cross-platform)\n[psycopg2](http://initd.org/psycopg/) (if using PostgreSQL)\n\nTools\n=====\n* [PhantomJS](http://phantomjs.org/)\n* [Arachni](http://www.arachni-scanner.com/)\n* [Wapiti](http://wapiti.sourceforge.net/)\n\nAs needed, dorkbot will search for tools in the following order:\n* Directory specified via relevant module option\n* Located in dorkbot's *tools* directory, with the subdirectory named after the tool\n* Available in the user's PATH (e.g. installed system-wide)\n\nQuickstart\n==========\nCreate a Google [Custom Search Engine](https://www.google.com/cse/) and note the search engine ID, e.g. 012345678901234567891:abc12defg3h.\nDownload either Arachni or Wapiti, unpack it into the tools directory (e.g. *~/.config/dorkbot/tools/*), and rename the subdirectory to *arachni* or *wapiti* as appropriate.\n
$ sudo apt install phantomjs
\n
$ ./dorkbot.py -i google -o engine=012345678901234567891:abc12defg3h,query=\"filetype:php inurl:id\"
\n
$ ./dorkbot.py -s arachni
OR 
$ ./dorkbot.py -s wapiti
\n\nFiles\n=====\nA dorkbot directory is used to manage all configuration files, SQLite3 databases, tools, and reports. By default it is located at *~/.config/dorkbot/* (Linux / MacOS) or in the Application Data folder (Windows). It will honor $XDG_CONFIG_HOME / %APPDATA%, or you can force a specific directory with the --directory flag. Default file paths within this directory are as follows:\n* Dorkbot configuration file: *dorkbot.ini*\n* Scanner url blacklist file: *blacklist.txt*\n* SQLite3 database file: *dorkbot.db*\n* External tools directory: *tools/*\n* Scan report output directory: *reports/*\n\nConfig File\n===========\nThe configuration file (dorkbot.ini) can be used to prepopulate certain command-line flags.\n\nExample dorkbot.ini:\n
\n[dorkbot]\ndatabase=/opt/dorkbot/dorkbot.db\n
\n\nBlacklist File\n==============\nThe blacklist file (blacklist.txt) is a list of regular expressions of url patterns that should *not* be scanned. If a target url matches any line in this file it will be skipped and removed from the database. Note: do not leave any empty lines in the file.\n\nExample blacklist.txt:\n
\n^[^\\?]+$\n.*login.*\n^https?://[^.]*.example.com/.*\n
\n\nThe first line will remove any target that doesn't contain a question mark, in other words any url that doesn't contain any GET parameters to test. The second attempts to avoid login functions, and the third blacklists all target urls on example.com.\n\nIndexer Modules\n===============\n### google ###\nSearch for targets in a Google Custom Search Engine (CSE) via custom search element.\n\nRequirements: [PhantomJS](http://phantomjs.org/)\n\nOptions:\n* **engine** - CSE id\n* **query** - search query\n* phantomjs_dir - phantomjs base directory containing bin/phantomjs (default: tools/phantomjs/)\n* domain - limit searches to specified domain\n\n### google_api ###\nSearch for targets in a Google Custom Search Engine (CSE) via JSON API.\n\nRequirements: none\n\nOptions:\n* **key** - API key\n* **engine** - CSE id\n* **query** - search query\n* domain - limit searches to specified domain\n\n### commoncrawl ###\nSearch for targets within commoncrawl.org results.\n\nRequirements: none\n\nOptions:\n* **domain** - pull all results for given domain or subdomain\n* index - search a specific index, e.g. CC-MAIN-2019-22 (default: latest)\n* filter - query filter to apply to the search\n\n### wayback ###\nSearch for targets within archive.org results.\n\nRequirements: none\n\nOptions:\n* **domain** - pull all results for given domain or subdomain\n* filter - query filter to apply to the search\n* from - beginning timestamp\n* to - end timestamp\n\n### bing_api ###\nSearch for targets via Bing Web Search API.\n\nRequirements: none\n\nOptions:\n* **key** - API key\n* **query** - search query\n\n### stdin ###\nRead targets from standard input, one per line.\n\nRequirements: none\n\nOptions: none\n\nScanner Modules\n===============\n### (general options) ###\nThese options are applicable regardless of module chosen\n\n* blacklist - file containing (regex) patterns to blacklist from scans (default: blacklist.txt)\n* report_dir - directory to save vulnerability report (default: reports/)\n* log - log file to append scan activity (default: prints to stdout)\n* label - friendly name field to include in vulnerability report\n* count - number of urls to scan, or -1 to scan all urls (default: -1)\n* random - scan urls in random order\n\n### arachni ###\nScan targets with Arachni command-line scanner.\n\nRequirements: [Arachni](http://www.arachni-scanner.com/)\n\nOptions:\n* arachni_dir - arachni base directory containing bin/arachni and bin/arachni_reporter (default: tools/arachni/)\n* checks - space-delimited list of vulnerability checks to perform (default: \"active/\\*\")\n* timeout - maximum scan time in hours:minutes:seconds (default: disabled)\n* single-thread - set browser pool and max concurrency to one each\n* throttle - maximum requests per second (default: disabled)\n\n### wapiti ###\nScan targets with Wapiti command-line scanner.\n\nRequirements: [Wapiti](http://wapiti.sourceforge.net/)\n\nOptions:\n* wapiti_dir - wapiti base directory containing bin/wapiti (default: tools/wapiti/)\n* modules - space-delimited list of modules to perform (default: \"blindsql exec file permanentxss sql xss\")\n\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://dorkbot.io", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "dorkbot", "package_url": "https://pypi.org/project/dorkbot/", "platform": "", "project_url": "https://pypi.org/project/dorkbot/", "project_urls": { "Homepage": "http://dorkbot.io" }, "release_url": "https://pypi.org/project/dorkbot/0.0.5/", "requires_dist": [ "psycopg2" ], "requires_python": "", "summary": "Command-line tool to scan search results for vulnerabilities", "version": "0.0.5" }, "last_serial": 5585652, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "15a0da9a0e20d1b26f1075475be9e486", "sha256": "c1ef2cc597f9c3631c7d3e59e4e7d85f71604b7f70b4453f0756838d9951df5c" }, "downloads": -1, "filename": "dorkbot-0.0.1.tar.gz", "has_sig": false, "md5_digest": "15a0da9a0e20d1b26f1075475be9e486", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14280, "upload_time": "2019-02-14T21:28:09", "url": "https://files.pythonhosted.org/packages/3c/50/d4d3aca947fbbc7d0be41484803a95364a71d2d516ad8d2de440330f5217/dorkbot-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "2aa032010ef90eb231d3aedce42526e8", "sha256": "d7c99d98de9953eb8b2d90a0d99a81dc975080c27bbaf3832813312b82a73fa6" }, "downloads": -1, "filename": "dorkbot-0.0.2-py2-none-any.whl", "has_sig": false, "md5_digest": "2aa032010ef90eb231d3aedce42526e8", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 16239, "upload_time": "2019-02-24T19:08:50", "url": "https://files.pythonhosted.org/packages/ac/96/42bc83f6a6de772311b8d43c689323e1a0f9ec34e496a5167d1cee670c8d/dorkbot-0.0.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "01cdf66e6184090207d3c6b4fe25810b", "sha256": "9a8ef3b5380f76a8eed93bfbddbb0b8e769ce5b81e42e3c4341ceeb88bda8fa3" }, "downloads": -1, "filename": "dorkbot-0.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "01cdf66e6184090207d3c6b4fe25810b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 20606, "upload_time": "2019-02-24T19:08:51", "url": "https://files.pythonhosted.org/packages/7c/ee/367747850f5cf74966addf3923c2487db0b73168cce354ee1af090e2f2df/dorkbot-0.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c2f45048dba825d2bfcad13e8d9e5370", "sha256": "d3e1d3b5e2a3c8567df3cf0a2d150a974fbcaf3942c530278dcfa450ed9d655a" }, "downloads": -1, "filename": "dorkbot-0.0.2.tar.gz", "has_sig": false, "md5_digest": "c2f45048dba825d2bfcad13e8d9e5370", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14440, "upload_time": "2019-02-24T19:08:53", "url": "https://files.pythonhosted.org/packages/b8/2e/7583aeca364d7f144df93e85dfb76406188c187cbebc2363f97a5c663ef3/dorkbot-0.0.2.tar.gz" } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "389c1eba42f741a76f002ffec0fd0d4b", "sha256": "e9a64c9b20364572e85d3edcbc2516bfe9d0c7422f57914fb1afbb5a05c4eae3" }, "downloads": -1, "filename": "dorkbot-0.0.3-py2-none-any.whl", "has_sig": false, "md5_digest": "389c1eba42f741a76f002ffec0fd0d4b", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 16315, "upload_time": "2019-02-25T08:41:48", "url": "https://files.pythonhosted.org/packages/56/4f/84948aad367e9553d081dedc92a5ab82660420a81f31e2ba45731c2bd72a/dorkbot-0.0.3-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5e67db6485e8ed9c7e7ac94ffee89826", "sha256": "50e32b040afeb84676117b07537528aeff39a8674fa8450251277b32795bba75" }, "downloads": -1, "filename": "dorkbot-0.0.3-py3-none-any.whl", "has_sig": false, "md5_digest": "5e67db6485e8ed9c7e7ac94ffee89826", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 20686, "upload_time": "2019-02-25T08:41:50", "url": "https://files.pythonhosted.org/packages/d7/36/e3c4df0412127f8874fbfc5914cd0704bb944527379cbf73c9bab401d857/dorkbot-0.0.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "592f7ea41f324034de4254da55c27d14", "sha256": "366f4f49ce1f2384e773231f049a14905626d7e49250daee5a8d18797d043dd8" }, "downloads": -1, "filename": "dorkbot-0.0.3.tar.gz", "has_sig": false, "md5_digest": "592f7ea41f324034de4254da55c27d14", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14541, "upload_time": "2019-02-25T08:41:51", "url": "https://files.pythonhosted.org/packages/dc/2c/d89500068b8a7a8d027482eb666130f7eaa9998fbc2919deecf16bbde3ad/dorkbot-0.0.3.tar.gz" } ], "0.0.4": [ { "comment_text": "", "digests": { "md5": "d1cecbff6e24518096aca2c17b139304", "sha256": "6b367c49fdc35b16c4578a35b427966fe04fe396453629b9d6bbeb47b3233625" }, "downloads": -1, "filename": "dorkbot-0.0.4-py2-none-any.whl", "has_sig": false, "md5_digest": "d1cecbff6e24518096aca2c17b139304", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 20515, "upload_time": "2019-06-24T22:01:44", "url": "https://files.pythonhosted.org/packages/a3/c6/a17fe3566f4a35deb678f92316ac9109d886339d7a01dac7421f2240cf74/dorkbot-0.0.4-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1b95fedf885f1c6dd040205431e54f2d", "sha256": "f542266afb39d9cc176f98282a29558a5b008c8db530e2ce9253636d46b6672c" }, "downloads": -1, "filename": "dorkbot-0.0.4-py3-none-any.whl", "has_sig": false, "md5_digest": "1b95fedf885f1c6dd040205431e54f2d", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 20514, "upload_time": "2019-06-24T22:01:45", "url": "https://files.pythonhosted.org/packages/69/04/bb210a4ad002110d8fb2528aa5b7354848e7fa7a5c252d6bc21858f8b247/dorkbot-0.0.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "83007a592e8fa6dd4fc824b881ce4b73", "sha256": "5f3560759b795f0de9a1131c7486fe0555af02d6a7d03d3a7acba0b2c99d226d" }, "downloads": -1, "filename": "dorkbot-0.0.4.tar.gz", "has_sig": false, "md5_digest": "83007a592e8fa6dd4fc824b881ce4b73", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14565, "upload_time": "2019-06-24T22:01:47", "url": "https://files.pythonhosted.org/packages/27/14/3e5955b43adb6e4959f94b60294fd2d7357e0775097671d44a6f5a409dae/dorkbot-0.0.4.tar.gz" } ], "0.0.5": [ { "comment_text": "", "digests": { "md5": "57e2c12cc551f659bdb1cea74ffef3b6", "sha256": "db0701eb98b1da2e25b10e2c1160e3429863003474b894eac594e0a4e15280e4" }, "downloads": -1, "filename": "dorkbot-0.0.5-py2-none-any.whl", "has_sig": false, "md5_digest": "57e2c12cc551f659bdb1cea74ffef3b6", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 21481, "upload_time": "2019-07-25T21:03:59", "url": "https://files.pythonhosted.org/packages/af/22/81372bf279af5e78ecb5033363189faa6a46fc50c1147b720237701cd908/dorkbot-0.0.5-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7438a6e82cb6b37cedf3465963c4ebd4", "sha256": "683fb0831e18099e8d04999466e7dfbcbd0ca0fcf6c824b11b7e15f4ba075c57" }, "downloads": -1, "filename": "dorkbot-0.0.5-py3-none-any.whl", "has_sig": false, "md5_digest": "7438a6e82cb6b37cedf3465963c4ebd4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 21480, "upload_time": "2019-07-25T21:04:00", "url": "https://files.pythonhosted.org/packages/da/4a/0f60225a470ce4ef75612c38c8aacc11c8f71900516f168e097b02eef72c/dorkbot-0.0.5-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0400e779e2606328e338ccd635ed19da", "sha256": "972617fb22db534016e683d57cf1bd45335f1a60fc6012016e88f3f4e52fcac0" }, "downloads": -1, "filename": "dorkbot-0.0.5.tar.gz", "has_sig": false, "md5_digest": "0400e779e2606328e338ccd635ed19da", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14999, "upload_time": "2019-07-25T21:04:02", "url": "https://files.pythonhosted.org/packages/56/00/7b3b745d6574d9c652bfb274b2401b9d0d9eab7abf835f8f1ce1f3598489/dorkbot-0.0.5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "57e2c12cc551f659bdb1cea74ffef3b6", "sha256": "db0701eb98b1da2e25b10e2c1160e3429863003474b894eac594e0a4e15280e4" }, "downloads": -1, "filename": "dorkbot-0.0.5-py2-none-any.whl", "has_sig": false, "md5_digest": "57e2c12cc551f659bdb1cea74ffef3b6", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 21481, "upload_time": "2019-07-25T21:03:59", "url": "https://files.pythonhosted.org/packages/af/22/81372bf279af5e78ecb5033363189faa6a46fc50c1147b720237701cd908/dorkbot-0.0.5-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7438a6e82cb6b37cedf3465963c4ebd4", "sha256": "683fb0831e18099e8d04999466e7dfbcbd0ca0fcf6c824b11b7e15f4ba075c57" }, "downloads": -1, "filename": "dorkbot-0.0.5-py3-none-any.whl", "has_sig": false, "md5_digest": "7438a6e82cb6b37cedf3465963c4ebd4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 21480, "upload_time": "2019-07-25T21:04:00", "url": "https://files.pythonhosted.org/packages/da/4a/0f60225a470ce4ef75612c38c8aacc11c8f71900516f168e097b02eef72c/dorkbot-0.0.5-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0400e779e2606328e338ccd635ed19da", "sha256": "972617fb22db534016e683d57cf1bd45335f1a60fc6012016e88f3f4e52fcac0" }, "downloads": -1, "filename": "dorkbot-0.0.5.tar.gz", "has_sig": false, "md5_digest": "0400e779e2606328e338ccd635ed19da", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14999, "upload_time": "2019-07-25T21:04:02", "url": "https://files.pythonhosted.org/packages/56/00/7b3b745d6574d9c652bfb274b2401b9d0d9eab7abf835f8f1ce1f3598489/dorkbot-0.0.5.tar.gz" } ] }