Skip to content

Automation of advanced Google queries to locate potentially sensitive information and security vulnerabilities in a domain.

License

Notifications You must be signed in to change notification settings

Tomas-Ortiz/googlehackingbydomain

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

Google Hacking By Domain

  • "GoogleHackingByDomain" is a pentest tool that allows you to automate advanced Google queries from a domain name.
  • It provides 11 different options to search for sensitive information and security vulnerabilities.
    1. Subdomains
    2. Directory Listing
    3. Login and registration pages
    4. Files
    5. Keywords
    6. Default pages
    7. Software versions
    8. Error messages
    9. Databases
    10. Email addresses and phone numbers
    11. Employees
  • In the results shown, the magenta color represents the title, the green the link and the yellow the description.
  • Queries are executed in Spanish and English.
  • The results obtained are saved in a text file, in the same path where the script is located.
  • Google's "Custom Search API" is used. This API is limited to 100 free queries per day.
  • For most queries the first page of results is returned. Only for some queries the first two or three pages of results are returned.
  • This tool works for Windows and Linux.
  • Due to the nature of Google searches, it is possible to obtain unwanted, repetitive or false positive results.

For this tool to work you must generate and obtain an API Key for "Custom Search API" and create a Programmable Search Engine. The steps are described below.

  1. Download the script on your computer
    - git clone https://github.com/Tomas-Ortiz/googlehackingbydomain

  2. Access the downloaded folder
    - cd googlehackingbydomain

  3. Install the required modules
    - pip install google-api-python-client colorama

  4. Generate API Key for "Custom Search API"
    - https://developers.google.com/custom-search/v1/introduction

  5. Create a Programmable Search Engine and get the Search Engine ID (CX)
    - https://programmablesearchengine.google.com/controlpanel/create

  6. Insert your API Key and search engine ID into the variables indicated in the source code of the script (API_KEY and CX)

  7. Finally, you can use the tool
    - python3 GoogleHackingByDomain.py

  8. Additionally, you can use the google console to control enabled APIs, credentials, queries, usage and so on
    - https://console.cloud.google.com/apis/dashboard


Some screenshots showing how the tool works are attached below.

About

Automation of advanced Google queries to locate potentially sensitive information and security vulnerabilities in a domain.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages