G00gle D0rk Automation l1k3 4 g0d

Hello people of cyber security, I am ferreira, a random enthusiast of Information Security, I especially enjoy recon, and stuff related. In this article, I will be abording a technique that not all of you know, something a lot of tools try to put into practice, however, without too much success like this “JUMP THE CAT” I’m going to talk about.

l33ts g00💀

> First of all, I appreciate a lot the work of master tomnomnom, he created this tool, which makes us able to chain this technique with a bunch of things.

The first thing we will need to have tomnomnom’s hacks github, prepare your machines yall.

git clone https://github.com/tomnomnom/hacks
cd hacks
ls -lah webpaste

Here comes the fun part, the magic is with webpaste from tomnomnom, this tool is magic, all we need to do is set some things up.

• This tool consists in literally clicking into a button and sending the output of a search or google dork to our vps or our machine 🔥.

Setting up stuff

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Here is a resume of we need to do:

1. Go to webpaste directory, run go build, and you will get “webpaste” binary file.
2. Before starting webpaste, set environment variable: export WEBPASTE_TOKEN=iloveweb
3. Install the Extension
4. Click on the button and be happy

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Server Configuration

After you git clone tomnomnom hacks, go to the folder `webpaste` inside hacks folder.

| It will be needed to set the WEBPASTE_TOKEN, the webpaste_token is the “password” to communicate with, browser — machine. Change the value from iloveweb for whatever “password” you want to set.

export WEBPASTE_TOKEN=iloveweb

Inside hacks/webpaste folder, run go build to get webpaste binary.

cd hacks/webpaste ; go build main.go ; chmod +x main ; mv main /usr/bin/webpaste

To start the server, type

webpaste
# use with something to save it's output ->
webpaste | tee -a webpaste_output.txt

Installing the Extension

1. Activate developer mode

Open your browser, go to extensions, if you are using chrome, use this =>

• chrome://extensions/

Activate developer mode, click in the right button of the page

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

2. Import the extension

Go to https://github.com/tomnomnom/hacks/tree/master/webpaste

Get the extension folder

DRAG it to the extension tab, and we are ready. =>

Now a icon like this will appear in your bar =>

Right click on it, and click in options

Note the first functionalities which will appear is

In “Server” set it to your server, it can be your vps, or your local machine, `publicip:port`, Ex: http://129.123.45.5:8080

Scroll down and look for “Add Snippet”

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Steps to Create a Snippet

1. Name
2. Javascript code to get data => list
3. OnSuccess Function ( optional )

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Ok so let’s create our first Snippet =>

• Give a name ( For the google dorks purpose )
• Paste into “Code” the following code =>

[...document.querySelectorAll('div.yuRUbf>a:first-child')].map(n=>n.href)

• And “On Success” =>

document.location=document.querySelectorAll('a#pnnext')[0].href;

The Snippet =>

Now, for google dorks, all g00d.

Pratical Usage

With server running, click on your recent created Snippet and see the magic 💀

Magic ==>

Note: When you click the snippet, It will send the data, and skip to the next page.

| Now you have the ability to SPAM clicking into the button, with whatever Google Dork you want, instead of copy and pasting manually, allowing us to do recon easily with gathered urls.

Sn1pp3ts B0nus

Before this article end, I’ve decided to send you guys a bonus, some snippets which allow you to pull hackerone, bugcrowd, and intigriti target domains with one click.

Hackerone Snippet

Name - Scrap Hackerone

Code =>

[...document.getElementsByClassName("spec-asset-identifier break-word")].map(n=>n.innerText)

OnSuccess => Nothing

Usage Example

Bugcrowd Snippet

Name - Bugcrowd

Code =>

[...document.getElementsByClassName("cc-rewards-link-table__endpoint")].map(n=>n.outerText).filter((n)=>{return n.indexOf(".") == true})

OnSuccess => Nothing

Usage Example

Intigriti Snippet

Name - Intigriti

Code =>

[...document.getElementsByClassName("reference")].map(n=>n.outerText).filter((n)=>{return n.indexOf(".") == true})

OnSuccess => Nothing

Usage Example

End

That is it.

| Hope you enjoy this article, It was my first one, so be kind. Thank you, and see you the next time.

Ferreira 💀