diff --git a/lib/core/common.py b/lib/core/common.py index 11cbba0ab..4048efcf6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -660,6 +660,7 @@ def setPaths(): paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt") paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt") paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') + paths.DORKS = os.path.join(paths.SQLMAP_TXT_PATH, "dorks.txt") paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt") paths.ORACLE_DEFAULT_PASSWD = os.path.join(paths.SQLMAP_TXT_PATH, "oracle-default-passwords.txt") paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt") diff --git a/lib/core/option.py b/lib/core/option.py index eed6e02b4..09190fb8a 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -302,6 +302,20 @@ def __setRequestFromFile(): __feedTargetsDict(conf.requestFile, addedTargetUrls) +def __setScriptKiddie(): + """ + This function sets a random google dork + """ + if not conf.scriptKiddie or conf.url or conf.list or conf.requestFile or conf.googleDork: + return + + dorks = getFileItems(paths.DORKS) + conf.googleDork = "inurl:%s" % dorks[randomRange(0, len(dorks) - 1)] + conf.multipleTargets = True + + logMsg = "setting random google dork to: '%s'" % conf.googleDork + logger.info(logMsg) + def __setGoogleDorking(): """ This function checks if the way to request testable hosts is through @@ -1379,7 +1393,7 @@ def init(inputOptions=advancedDict()): parseTargetUrl() parseTargetDirect() - if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest: + if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest or conf.scriptKiddie: __setHTTPTimeout() __setHTTPExtraHeaders() __setHTTPCookies() @@ -1390,6 +1404,7 @@ def init(inputOptions=advancedDict()): __setHTTPProxy() __setSafeUrl() __setUnion() + __setScriptKiddie() __setGoogleDorking() __urllib2Opener() __findPageForms() diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index eeba9f0ce..45ae27309 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -560,7 +560,8 @@ def cmdLineParser(): (args, _) = parser.parse_args(args) if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\ - and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest: + and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest\ + and not args.scriptKiddie: errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), " errMsg += "-h for help" parser.error(errMsg) diff --git a/txt/dorks.txt b/txt/dorks.txt new file mode 100644 index 000000000..f453bf23e --- /dev/null +++ b/txt/dorks.txt @@ -0,0 +1,365 @@ +index.php?id= +trainers.php?id= +buy.php?category= +article.php?id= +play_old.php?id= +declaration_more.php?decl_id= +pageid= +games.php?id= +page.php?file= +newsdetail.php?id= +gallery.php?id= +show.php?id= +staff_id= +newsitem.php?num= +readnews.php?id= +top10.php?cat= +historialeer.php?num= +reagir.php?num= +stray-questions-view.php?num= +forum_bds.php?num= +game.php?id= +view_product.php?id= +newsone.php?id= +sw_comment.php?id= +news.php?id= +avd_start.php?avd= +event.php?id= +product-item.php?id= +sql.php?id= +news_view.php?id= +select_biblio.php?id= +humor.php?id= +aboutbook.php?id= +fiche_spectacle.php?id= +communique_detail.php?id= +sem.php3?id= +kategorie.php4?id= +faq2.php?id= +show_an.php?id= +preview.php?id= +loadpsb.php?id= +opinions.php?id= +spr.php?id= +pages.php?id= +announce.php?id= +clanek.php4?id= +participant.php?id= +download.php?id= +main.php?id= +review.php?id= +chappies.php?id= +read.php?id= +prod_detail.php?id= +viewphoto.php?id= +person.php?id= +productinfo.php?id= +showimg.php?id= +view.php?id= +website.php?id= +hosting_info.php?id= +rub.php?idr= +view_faq.php?id= +artikelinfo.php?id= +detail.php?id= +index.php?= +profile_view.php?id= +category.php?id= +publications.php?id= +fellows.php?id= +downloads_info.php?id= +prod_info.php?id= +shop.php?do=part&id= +collectionitem.php?id= +band_info.php?id= +product.php?id= +releases.php?id= +pray.php?id= +produit.php?id= +pop.php?id= +shopping.php?id= +productdetail.php?id= +post.php?id= +viewshowdetail.php?id= +clubpage.php?id= +memberinfo.php?id= +section.php?id= +theme.php?id= +page.php?id= +shredder-categories.php?id= +tradecategory.php?id= +product_ranges_view.php?id= +shop_category.php?id= +channel_id= +item_id= +newsid= +news-full.php?id= +news_display.php?getid= +index2.php?option= +material.php?id= +viewapp.php?id= +galeri_info.php?l= +iniziativa.php?in= +curriculum.php?id= +labels.php?id= +story.php?id= +look.php?id= +tekst.php?idt= +newscat.php?id= +newsticker_info.php?idn= +rubrika.php?idr= +rubp.php?idr= +offer.php?idf= +part.php?idm= +title.php?id= +info.php?id= +pro.php?id= +php?=id+gov +ogl_inet.php?ogl_id= +transcript.php?id= +recruit_details.php?id= +index.php?cpath +.asp?bookid= +.asp?cart= +.asp?cartid= +.asp?catalogid= +.asp?category_list= +.asp?categoryid= +.asp?catid= +.asp?cid= +.asp?code_no= +.asp?code= +.asp?designer= +.asp?framecode= +.asp?id= +.asp?idcategory= +.asp?idproduct= +.asp?intcatalogid= +.asp?intprodid= +.asp?item_id= +.asp?item= +.asp?itemid= +.asp?maingroup= +.asp?misc= +.asp?newsid= +.asp?order_id= +.asp?p= +.asp?pid= +.asp?prodid= +.asp?product_id= +.asp?product= +.asp?productid= +.asp?showtopic= +.asp?sku= +.asp?storeid= +.asp?style_id= +.asp?styleid= +.asp?userid= +about.asp?cartid= +accinfo.asp?cartid= +acclogin.asp?cartid= +add.asp?bookid= +add_cart.asp?num= +addcart.asp? +additem.asp +add-to-cart.asp?id= +addtocart.asp?idproduct= +addtomylist.asp?prodid= +admineditproductfields.asp?intprodid= +advsearch_h.asp?idcategory= +affiliate.asp?id= +affiliate-agreement.cfm?storeid= +affiliates.asp?id= +ancillary.asp?id= +archive.asp?id= +article.asp?id= +aspx?pageid +basket.asp?id= +book.asp?bookid= +book_list.asp?bookid= +book_view.asp?bookid= +bookdetails.asp?id= +browse.asp?catid= +browse_item_details.asp +browse_item_details.asp?store_id= +buy.asp? +buy.asp?bookid= +bycategory.asp?id= +cardinfo.asp?card= +cart.asp?action= +cart.asp?cart_id= +cart.asp?id= +cart_additem.asp?id= +cart_validate.asp?id= +cartadd.asp?id= +cat.asp?icat= +catalog.asp +catalog.asp?catalogid= +catalog_item.asp?id= +catalog_main.asp?catid= +category.asp +category.asp?catid= +category_list.asp?id= +categorydisplay.asp?catid= +checkout.asp?cartid= +checkout.asp?userid= +checkout_confirmed.asp?order_id= +checkout1.asp?cartid= +comersus_listcategoriesandproducts.asp?idcategory = +comersus_optemailtofriendform.asp?idproduct= +comersus_optreviewreadexec.asp?idproduct= +comersus_viewitem.asp?idproduct= +comments_form.asp?id= +contact.asp?cartid= +content.asp?id= +customerservice.asp?textid1= +default.asp?catid= +description.asp?bookid= +details.asp?bookid= +details.asp?press_release_id= +details.asp?product_id= +details.asp?service_id= +display_item.asp?id= +displayproducts.asp +downloadtrial.asp?intprodid= +emailproduct.asp?itemid= +emailtofriend.asp?idproduct= +events.asp?id= +faq.asp?cartid= +faq_list.asp?id= +faqs.asp?id= +feedback.asp?title= +freedownload.asp?bookid= +fulldisplay.asp?item= +getbook.asp?bookid= +getitems.asp?itemid= +giftdetail.asp?id= +help.asp?cartid= +home.asp?id= +index.asp?cart= +index.asp?cartid= +index.asp?id= +info.asp?id= +item.asp?eid= +item.asp?item_id= +item.asp?itemid= +item.asp?model= +item.asp?prodtype= +item.asp?shopcd= +item_details.asp?catid= +item_list.asp?maingroup +item_show.asp?code_no= +itemdesc.asp?cartid= +itemdetail.asp?item= +itemdetails.asp?catalogid= +learnmore.asp?cartid= +links.asp?catid= +list.asp?bookid= +list.asp?catid= +listcategoriesandproducts.asp?idcategory= +modline.asp?id= +myaccount.asp?catid= +news.asp?id= +order.asp?bookid= +order.asp?id= +order.asp?item_id= +orderform.asp?cart= +page.asp?partid= +payment.asp?cartid= +pdetail.asp?item_id= +powersearch.asp?cartid= +price.asp +privacy.asp?cartid= +prodbycat.asp?intcatalogid= +prodetails.asp?prodid= +prodlist.asp?catid= +product.asp?bookid= +product.asp?intprodid= +product_info.asp?item_id= +productdetails.asp?idproduct= +productdisplay.asp +productinfo.asp?item= +productlist.asp?viewtype=category&categoryid= +productpage.asp +products.asp?id= +products.asp?keyword= +products_category.asp?categoryid= +products_detail.asp?categoryid= +productsbycategory.asp?intcatalogid= +prodview.asp?idproduct= +promo.asp?id= +promotion.asp?catid= +pview.asp?item= +resellers.asp?idcategory= +results.asp?cat= +savecart.asp?cartid= +search.asp?cartid= +searchcat.asp?search_id= +select_item.asp?id= +services.asp?id= +shippinginfo.asp?cartid= +shop.asp?a= +shop.asp?action= +shop.asp?bookid= +shop.asp?cartid= +shop_details.asp?prodid= +shopaddtocart.asp +shopaddtocart.asp?catalogid= +shopbasket.asp?bookid= +shopbycategory.asp?catid= +shopcart.asp?title= +shopcreatorder.asp +shopcurrency.asp?cid= +shopdc.asp?bookid= +shopdisplaycategories.asp +shopdisplayproduct.asp?catalogid= +shopdisplayproducts.asp +shopexd.asp +shopexd.asp?catalogid= +shopping_basket.asp?cartid= +shopprojectlogin.asp +shopquery.asp?catalogid= +shopremoveitem.asp?cartid= +shopreviewadd.asp?id= +shopreviewlist.asp?id= +shopsearch.asp?categoryid= +shoptellafriend.asp?id= +shopthanks.asp +shopwelcome.asp?title= +show_item.asp?id= +show_item_details.asp?item_id= +showbook.asp?bookid= +showstore.asp?catid= +shprodde.asp?sku= +specials.asp?id= +store.asp?id= +store_bycat.asp?id= +store_listing.asp?id= +store_viewproducts.asp?cat= +store-details.asp?id= +storefront.asp?id= +storefronts.asp?title= +storeitem.asp?item= +storeredirect.asp?id= +subcategories.asp?id= +tek9.asp? +template.asp?action=item&pid= +topic.asp?id= +tuangou.asp?bookid= +type.asp?itype= +updatebasket.asp?bookid= +updates.asp?id= +view.asp?cid= +view_cart.asp?title= +view_detail.asp?id= +viewcart.asp?cartid= +viewcart.asp?userid= +viewcat_h.asp?idcategory= +viewevent.asp?eventid= +viewitem.asp?recor= +viewprd.asp?idcategory= +viewproduct.asp?misc= +votelist.asp?item_id= +whatsnew.asp?idcategory= +wsancillary.asp?id= +wspages.asp?id= \ No newline at end of file