OSINT Tool: SiteDorks
Reading Time: 2 Minutes
SiteDorks
SiteDorks by Zarcolio is a tool that allows users to query multiple websites across various search engines such as Google, Bing, Brave, DuckDuckGo, Yahoo, and Yandex. It utilizes predefined lists of “dorkable” websites—websites that can be searched using specific advanced search queries (dorks) with a default list containing 576 websites.
By default, the following categories are on file:
- analysis(13)
- cloud(86)
- comm(82)
- dev(70)
- docs(78)
- edu(13)
- fin(15)
- forms(12)
- orgs(55)
- other(7)
- remote(1)
- shortener(38)
- social(98)
- storage(9)
See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course
Why use SiteDorks?
Why wouldn’t you just enter dorks for several websites manually? Think of this:
- It’s really easy to query different search engines.
- Dorks can be executed per 1 or more categories.
- It’s easy to create different input files for different uses.
- Adding new websites to your search query can be arranged by just adding them to an input file (either a CSV with categories or just a list of sites).
- It already has a lot of dorkable websites included.
- The list with dorkable websites is updated regularly.
- Some search engines ignore too many keywords/characters in a query and with argument -count it’s easy to split your dork into more queries.
- It contains a list of several bug bounty platforms. With 1 command you can search domains of programs on several bug bounty platforms. Find the “easter egg” in this feature.
- It contains generic lists for other counties such as China, France, Germany, Korea, The Netherlands and Russia.
- It contains a list of Dutch governmental agencies and educational services. With 1 command you can search domains of either the Dutch government or educational services.
- Because you want to help plant more trees using the search engine Ecosia (Bing based).
Install
SiteDorks should be able to run with a default Kali Linux installation using Python 3 without installing additional Python packages. Just run:
git clone https://github.com/Zarcolio/sitedorks
cd sitedorks
bash install.sh
See Also: Malware Analysis Tool: retoolkit
See Also: Recon Tool: RecoX
Usage
usage: sitedorks [-h] [-browser <browser>] [-cat <category>] [-cats] [-count <count>] [-engine <engine>] [-file <file>]
[-query <query>] [-site <on|off|inurl>] [-excl <domains>] [-echo]
Use your favorite search engine to search for a search term with different websites. Use single quotes around a
query with double quotes. Be sure to enclose a query with single quotes it contains shell control characters like
space, ';', '>', '|', etc.
optional arguments:
-h, --help Show this help message, print categories on file (add -file to check other CSV file) and exit.
-hh, --help2 Show the help inside a .csv file being called. Lines in the beginning of the script starting with # are displayed as help.
-browser <browser> Supply the browser executable to use or use the default browser.
-cat <category> Choose from 1 or more categories, use ',' (comma) as delimiter. Defaults to all categories.
-cats Show all categories on file, use with or without -file.
-count <count> How many websites are searched per query. Google has a maximum length for queries.
-engine <engine> Search with 'google', 'baidu', 'bing', 'brave', 'bing-ecosia', 'duckduckgo' 'yahoo' or 'yandex', defaults to 'google'.
-file <file> Enter a custom website list.
-filter <string> Only query for sites with this string.
-query <query> Enter a mandatory search term.
-site <on|off|inurl> Turn the 'site:' operator 'on' or 'off', or replace it with 'inurl:' (only for Google), defaults to 'on'.
-excl <domains> Excluded these domains from the search query.
-echo Prints the search query URLs, for further use like piping or bookmarking.
-ubb Updates bug bounty files (in en out scope) and exits. Uses bbrecon.
-wait <seconds> Wait x seconds, defaults to 7 seconds.
Examples
Small warning here: if you don’t use -cat SiteDorks will open a lot of tabs in your browser and probably will make Google throw you a CAPTCHA. Increase waiting time with option ‘-wait’ to decrease the chance of getting a CAPTCHA.
Want to look for “uber.com” with different sites containing all kinds of content using Google? Use the following command:
sitedorks -query '"uber.com"'
Want to look for “uber website” (with quotes and spaces in the query)? Use the following command:
sitedorks -query '"uber website"'
Want to search for communication invites with Yandex but leave site: out of the query? Just use the following command:
sitedorks -cat comm -site disable -engine yandex -query uber
And if you want to see which categories are on file, for example with the hackerone platform:
sitedorks -file sitedorks-bbrecon.csv -cats
If you want to download/update the bug bounty files, you can use the -ubb parameter (it uses bbrecon):
sitedorks -ubb
The -ubb argument creates two files: sitedorks-bbrecon-inscope.csv and sitedorks-bbrecon-outscope.csv. Use the following command for finding exploitable systems or juicy info (always check if a system is in scope, although these these domains are in scope, it doesn’t always mean that this subdomain or system is):
sitedorks -file sitedorks-bbrecon-inscope.csv -cat somevdp -query "exploitable systems/juicy info"
Use this command for finding juicy info only, because these domains are out of scope:
sitedorks -file sitedorks-bbrecon-outscope.csv -cat somevdp -query "juicy info"
For searching in Dutch (para)medical websites, use the following command:
sitedorks -cat medi -file sitedorks-nl.csv -query somekeyword
Clone the repo from here: GitHub Link