Skip to content
/ googlehackingbydomain Public

Automation of advanced Google queries to locate potentially sensitive information and security vulnerabilities in a domain.

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Tomas-Ortiz/googlehackingbydomain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

GoogleHackingByDomain.py

GoogleHackingByDomain.py

 
 

README.md

README.md

 
 

license

license

 
 

Repository files navigation

Google Hacking By Domain

  • "GoogleHackingByDomain" is a pentest tool that allows you to automate advanced Google queries from a domain name.
  • It provides 11 different options to search for sensitive information and security vulnerabilities.
    1. Subdomains
    2. Directory Listing
    3. Login and registration pages
    4. Files
    5. Keywords
    6. Default pages
    7. Software versions
    8. Error messages
    9. Databases
    10. Email addresses and phone numbers
    11. Employees
  • In the results shown, the magenta color represents the title, the green the link and the yellow the description.
  • Queries are executed in Spanish and English.
  • The results obtained are saved in a text file, in the same path where the script is located.
  • Google's "Custom Search API" is used. This API is limited to 100 free queries per day.
  • For most queries the first page of results is returned. Only for some queries the first two or three pages of results are returned.
  • This tool works for Windows and Linux.
  • Due to the nature of Google searches, it is possible to obtain unwanted, repetitive or false positive results.

For this tool to work you must generate and obtain an API Key for "Custom Search API" and create a Programmable Search Engine. The steps are described below.

  1. Download the script on your computer
    - git clone https://github.com/Tomas-Ortiz/googlehackingbydomain

  2. Access the downloaded folder
    - cd googlehackingbydomain

  3. Install the required modules
    - pip install google-api-python-client colorama

  4. Generate API Key for "Custom Search API"
    - https://developers.google.com/custom-search/v1/introduction

  5. Create a Programmable Search Engine and get the Search Engine ID (CX)
    - https://programmablesearchengine.google.com/controlpanel/create

  6. Insert your API Key and search engine ID into the variables indicated in the source code of the script (API_KEY and CX)

  7. Finally, you can use the tool
    - python3 GoogleHackingByDomain.py

  8. Additionally, you can use the google console to control enabled APIs, credentials, queries, usage and so on
    - https://console.cloud.google.com/apis/dashboard


Some screenshots showing how the tool works are attached below.

About

Automation of advanced Google queries to locate potentially sensitive information and security vulnerabilities in a domain.

Topics

python automation queries osint pentest hacking-tool google-dorks google-hacking pentest-tools custom-search-api osint-tool

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages