this is strictly for educational purposes

lib/core/common.py

@@ -660,6 +660,7 @@ def setPaths():
     paths.COMMON_COLUMNS         = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
     paths.COMMON_TABLES          = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
     paths.COMMON_OUTPUTS         = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
+    paths.DORKS                  = os.path.join(paths.SQLMAP_TXT_PATH, "dorks.txt")
     paths.SQL_KEYWORDS           = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
     paths.ORACLE_DEFAULT_PASSWD  = os.path.join(paths.SQLMAP_TXT_PATH, "oracle-default-passwords.txt")
     paths.WORDLIST               = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")

lib/core/option.py

@@ -302,6 +302,20 @@ def __setRequestFromFile():
 
     __feedTargetsDict(conf.requestFile, addedTargetUrls)
 
+def __setScriptKiddie():
+    """
+    This function sets a random google dork
+    """
+    if not conf.scriptKiddie or conf.url or conf.list or conf.requestFile or conf.googleDork:
+        return
+
+    dorks = getFileItems(paths.DORKS)
+    conf.googleDork = "inurl:%s" % dorks[randomRange(0, len(dorks) - 1)]
+    conf.multipleTargets = True
+
+    logMsg = "setting random google dork to: '%s'" % conf.googleDork
+    logger.info(logMsg)
+
 def __setGoogleDorking():
     """
     This function checks if the way to request testable hosts is through
@@ -1379,7 +1393,7 @@ def init(inputOptions=advancedDict()):
     parseTargetUrl()
     parseTargetDirect()
 
-    if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest:
+    if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest or conf.scriptKiddie:
         __setHTTPTimeout()
         __setHTTPExtraHeaders()
         __setHTTPCookies()
@@ -1390,6 +1404,7 @@ def init(inputOptions=advancedDict()):
         __setHTTPProxy()
         __setSafeUrl()
         __setUnion()
+        __setScriptKiddie()
         __setGoogleDorking()
         __urllib2Opener()
         __findPageForms()

lib/parse/cmdline.py

@@ -560,7 +560,8 @@ def cmdLineParser():
         (args, _) = parser.parse_args(args)
 
         if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\
-            and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest:
+            and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest\
+            and not args.scriptKiddie:
             errMsg  = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
             errMsg += "-h for help"
             parser.error(errMsg)

txt/dorks.txt

@@ -0,0 +1,365 @@
+index.php?id=
+trainers.php?id=
+buy.php?category=
+article.php?id=
+play_old.php?id=
+declaration_more.php?decl_id=
+pageid=
+games.php?id=
+page.php?file=
+newsdetail.php?id=
+gallery.php?id=
+show.php?id=
+staff_id=
+newsitem.php?num=
+readnews.php?id=
+top10.php?cat=
+historialeer.php?num=
+reagir.php?num=
+stray-questions-view.php?num=
+forum_bds.php?num=
+game.php?id=
+view_product.php?id=
+newsone.php?id=
+sw_comment.php?id=
+news.php?id=
+avd_start.php?avd=
+event.php?id=
+product-item.php?id=
+sql.php?id=
+news_view.php?id=
+select_biblio.php?id=
+humor.php?id=
+aboutbook.php?id=
+fiche_spectacle.php?id=
+communique_detail.php?id=
+sem.php3?id=
+kategorie.php4?id=
+faq2.php?id=
+show_an.php?id=
+preview.php?id=
+loadpsb.php?id=
+opinions.php?id=
+spr.php?id=
+pages.php?id=
+announce.php?id=
+clanek.php4?id=
+participant.php?id=
+download.php?id=
+main.php?id=
+review.php?id=
+chappies.php?id=
+read.php?id=
+prod_detail.php?id=
+viewphoto.php?id=
+person.php?id=
+productinfo.php?id=
+showimg.php?id=
+view.php?id=
+website.php?id=
+hosting_info.php?id=
+rub.php?idr=
+view_faq.php?id=
+artikelinfo.php?id=
+detail.php?id=
+index.php?=
+profile_view.php?id=
+category.php?id=
+publications.php?id=
+fellows.php?id=
+downloads_info.php?id=
+prod_info.php?id=
+shop.php?do=part&id=
+collectionitem.php?id=
+band_info.php?id=
+product.php?id=
+releases.php?id=
+pray.php?id=
+produit.php?id=
+pop.php?id=
+shopping.php?id=
+productdetail.php?id=
+post.php?id=
+viewshowdetail.php?id=
+clubpage.php?id=
+memberinfo.php?id=
+section.php?id=
+theme.php?id=
+page.php?id=
+shredder-categories.php?id=
+tradecategory.php?id=
+product_ranges_view.php?id=
+shop_category.php?id=
+channel_id=
+item_id=
+newsid=
+news-full.php?id=
+news_display.php?getid=
+index2.php?option=
+material.php?id=
+viewapp.php?id=
+galeri_info.php?l=
+iniziativa.php?in=
+curriculum.php?id=
+labels.php?id=
+story.php?id=
+look.php?id=
+tekst.php?idt=
+newscat.php?id=
+newsticker_info.php?idn=
+rubrika.php?idr=
+rubp.php?idr=
+offer.php?idf=
+part.php?idm=
+title.php?id=
+info.php?id=
+pro.php?id=
+php?=id+gov
+ogl_inet.php?ogl_id=
+transcript.php?id=
+recruit_details.php?id=
+index.php?cpath
+.asp?bookid=
+.asp?cart=
+.asp?cartid=
+.asp?catalogid=
+.asp?category_list=
+.asp?categoryid=
+.asp?catid=
+.asp?cid=
+.asp?code_no=
+.asp?code=
+.asp?designer=
+.asp?framecode=
+.asp?id=
+.asp?idcategory=
+.asp?idproduct=
+.asp?intcatalogid=
+.asp?intprodid=
+.asp?item_id=
+.asp?item=
+.asp?itemid=
+.asp?maingroup=
+.asp?misc=
+.asp?newsid=
+.asp?order_id=
+.asp?p=
+.asp?pid=
+.asp?prodid=
+.asp?product_id=
+.asp?product=
+.asp?productid=
+.asp?showtopic=
+.asp?sku=
+.asp?storeid=
+.asp?style_id=
+.asp?styleid=
+.asp?userid=
+about.asp?cartid=
+accinfo.asp?cartid=
+acclogin.asp?cartid=
+add.asp?bookid=
+add_cart.asp?num=
+addcart.asp?
+additem.asp
+add-to-cart.asp?id=
+addtocart.asp?idproduct=
+addtomylist.asp?prodid=
+admineditproductfields.asp?intprodid=
+advsearch_h.asp?idcategory=
+affiliate.asp?id=
+affiliate-agreement.cfm?storeid=
+affiliates.asp?id=
+ancillary.asp?id=
+archive.asp?id=
+article.asp?id=
+aspx?pageid
+basket.asp?id=
+book.asp?bookid=
+book_list.asp?bookid=
+book_view.asp?bookid=
+bookdetails.asp?id=
+browse.asp?catid=
+browse_item_details.asp
+browse_item_details.asp?store_id=
+buy.asp?
+buy.asp?bookid=
+bycategory.asp?id=
+cardinfo.asp?card=
+cart.asp?action=
+cart.asp?cart_id=
+cart.asp?id=
+cart_additem.asp?id=
+cart_validate.asp?id=
+cartadd.asp?id=
+cat.asp?icat=
+catalog.asp
+catalog.asp?catalogid=
+catalog_item.asp?id=
+catalog_main.asp?catid=
+category.asp
+category.asp?catid=
+category_list.asp?id=
+categorydisplay.asp?catid=
+checkout.asp?cartid=
+checkout.asp?userid=
+checkout_confirmed.asp?order_id=
+checkout1.asp?cartid=
+comersus_listcategoriesandproducts.asp?idcategory =
+comersus_optemailtofriendform.asp?idproduct=
+comersus_optreviewreadexec.asp?idproduct=
+comersus_viewitem.asp?idproduct=
+comments_form.asp?id=
+contact.asp?cartid=
+content.asp?id=
+customerservice.asp?textid1=
+default.asp?catid=
+description.asp?bookid=
+details.asp?bookid=
+details.asp?press_release_id=
+details.asp?product_id=
+details.asp?service_id=
+display_item.asp?id=
+displayproducts.asp
+downloadtrial.asp?intprodid=
+emailproduct.asp?itemid=
+emailtofriend.asp?idproduct=
+events.asp?id=
+faq.asp?cartid=
+faq_list.asp?id=
+faqs.asp?id=
+feedback.asp?title=
+freedownload.asp?bookid=
+fulldisplay.asp?item=
+getbook.asp?bookid=
+getitems.asp?itemid=
+giftdetail.asp?id=
+help.asp?cartid=
+home.asp?id=
+index.asp?cart=
+index.asp?cartid=
+index.asp?id=
+info.asp?id=
+item.asp?eid=
+item.asp?item_id=
+item.asp?itemid=
+item.asp?model=
+item.asp?prodtype=
+item.asp?shopcd=
+item_details.asp?catid=
+item_list.asp?maingroup
+item_show.asp?code_no=
+itemdesc.asp?cartid=
+itemdetail.asp?item=
+itemdetails.asp?catalogid=
+learnmore.asp?cartid=
+links.asp?catid=
+list.asp?bookid=
+list.asp?catid=
+listcategoriesandproducts.asp?idcategory=
+modline.asp?id=
+myaccount.asp?catid=
+news.asp?id=
+order.asp?bookid=
+order.asp?id=
+order.asp?item_id=
+orderform.asp?cart=
+page.asp?partid=
+payment.asp?cartid=
+pdetail.asp?item_id=
+powersearch.asp?cartid=
+price.asp
+privacy.asp?cartid=
+prodbycat.asp?intcatalogid=
+prodetails.asp?prodid=
+prodlist.asp?catid=
+product.asp?bookid=
+product.asp?intprodid=
+product_info.asp?item_id=
+productdetails.asp?idproduct=
+productdisplay.asp
+productinfo.asp?item=
+productlist.asp?viewtype=category&categoryid=
+productpage.asp
+products.asp?id=
+products.asp?keyword=
+products_category.asp?categoryid=
+products_detail.asp?categoryid=
+productsbycategory.asp?intcatalogid=
+prodview.asp?idproduct=
+promo.asp?id=
+promotion.asp?catid=
+pview.asp?item=
+resellers.asp?idcategory=
+results.asp?cat=
+savecart.asp?cartid=
+search.asp?cartid=
+searchcat.asp?search_id=
+select_item.asp?id=
+services.asp?id=
+shippinginfo.asp?cartid=
+shop.asp?a=
+shop.asp?action=
+shop.asp?bookid=
+shop.asp?cartid=
+shop_details.asp?prodid=
+shopaddtocart.asp
+shopaddtocart.asp?catalogid=
+shopbasket.asp?bookid=
+shopbycategory.asp?catid=
+shopcart.asp?title=
+shopcreatorder.asp
+shopcurrency.asp?cid=
+shopdc.asp?bookid=
+shopdisplaycategories.asp
+shopdisplayproduct.asp?catalogid=
+shopdisplayproducts.asp
+shopexd.asp
+shopexd.asp?catalogid=
+shopping_basket.asp?cartid=
+shopprojectlogin.asp
+shopquery.asp?catalogid=
+shopremoveitem.asp?cartid=
+shopreviewadd.asp?id=
+shopreviewlist.asp?id=
+shopsearch.asp?categoryid=
+shoptellafriend.asp?id=
+shopthanks.asp
+shopwelcome.asp?title=
+show_item.asp?id=
+show_item_details.asp?item_id=
+showbook.asp?bookid=
+showstore.asp?catid=
+shprodde.asp?sku=
+specials.asp?id=
+store.asp?id=
+store_bycat.asp?id=
+store_listing.asp?id=
+store_viewproducts.asp?cat=
+store-details.asp?id=
+storefront.asp?id=
+storefronts.asp?title=
+storeitem.asp?item=
+storeredirect.asp?id=
+subcategories.asp?id=
+tek9.asp?
+template.asp?action=item&pid=
+topic.asp?id=
+tuangou.asp?bookid=
+type.asp?itype=
+updatebasket.asp?bookid=
+updates.asp?id=
+view.asp?cid=
+view_cart.asp?title=
+view_detail.asp?id=
+viewcart.asp?cartid=
+viewcart.asp?userid=
+viewcat_h.asp?idcategory=
+viewevent.asp?eventid=
+viewitem.asp?recor=
+viewprd.asp?idcategory=
+viewproduct.asp?misc=
+votelist.asp?item_id=
+whatsnew.asp?idcategory=
+wsancillary.asp?id=
+wspages.asp?id=