G00gle D0rk Automation l1k3 4 g0d
Hello people of cyber security, I am ferreira, a random enthusiast of Information Security, I especially enjoy recon, and stuff related. In this article, I will be abording a technique that not all of you know, something a lot of tools try to put into practice, however, without too much success like this “JUMP THE CAT” I’m going to talk about.
l33ts g00💀
> First of all, I appreciate a lot the work of master tomnomnom, he created this tool, which makes us able to chain this technique with a bunch of things.
The first thing we will need to have tomnomnom’s hacks github, prepare your machines yall.
git clone https://github.com/tomnomnom/hacks
cd hacks
ls -lah webpaste
Here comes the fun part, the magic is with webpaste
from tomnomnom, this tool is magic, all we need to do is set some things up.
- This tool consists in literally
clicking into a button and sending the output of a search or google dork to our vps or our machine
🔥.
Setting up stuff
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Here is a resume of we need to do:
- Go to webpaste directory, run go build, and you will get “webpaste” binary file.
- Before starting webpaste, set environment variable: export WEBPASTE_TOKEN=iloveweb
- Install the Extension
- Click on the button and be happy
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Server Configuration
After you git clone tomnomnom hacks, go to the folder `webpaste` inside hacks folder.
| It will be needed to set the WEBPASTE_TOKEN, the webpaste_token is the “password” to communicate with, browser — machine. Change the value from iloveweb for whatever “password” you want to set.
export WEBPASTE_TOKEN=iloveweb
Inside hacks/webpaste folder, run go build
to get webpaste binary.
cd hacks/webpaste ; go build main.go ; chmod +x main ; mv main /usr/bin/webpaste
To start the server, type
webpaste
# use with something to save it's output ->
webpaste | tee -a webpaste_output.txt
Installing the Extension
- Activate developer mode
Open your browser, go to extensions, if you are using chrome, use this =>
- chrome://extensions/
Activate developer mode, click in the right button of the page
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
2. Import the extension
Go to https://github.com/tomnomnom/hacks/tree/master/webpaste
Get the extension folder
DRAG it to the extension tab, and we are ready. =>
Now a icon like this will appear in your bar =>
Right click on it, and click in options
Note the first functionalities which will appear is
In “Server” set it to your server, it can be your vps, or your local machine, `publicip:port`, Ex: http://129.123.45.5:8080
Scroll down and look for “Add Snippet”
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Steps to Create a Snippet
- Name
- Javascript code to get data => list
- OnSuccess Function ( optional )
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Ok so let’s create our first Snippet =>
- Give a name ( For the google dorks purpose )
- Paste into “Code” the following code =>
[...document.querySelectorAll('div.yuRUbf>a:first-child')].map(n=>n.href)
- And “On Success” =>
document.location=document.querySelectorAll('a#pnnext')[0].href;
The Snippet =>
Now, for google dorks, all g00d.
Pratical Usage
With server running, click on your recent created Snippet and see the magic 💀
Magic ==>
Note: When you click the snippet, It will send the data, and skip to the next page.
| Now you have the ability to SPAM clicking into the button, with whatever Google Dork you want, instead of copy and pasting manually, allowing us to do recon easily with gathered urls.
Sn1pp3ts B0nus
Before this article end, I’ve decided to send you guys a bonus, some snippets which allow you to pull hackerone, bugcrowd, and intigriti target domains with one click.
Hackerone Snippet
Name - Scrap Hackerone
Code =>
[...document.getElementsByClassName("spec-asset-identifier break-word")].map(n=>n.innerText)
OnSuccess => Nothing
Usage Example
Bugcrowd Snippet
Name - Bugcrowd
Code =>
[...document.getElementsByClassName("cc-rewards-link-table__endpoint")].map(n=>n.outerText).filter((n)=>{return n.indexOf(".") == true})
OnSuccess => Nothing
Usage Example
Intigriti Snippet
Name - Intigriti
Code =>
[...document.getElementsByClassName("reference")].map(n=>n.outerText).filter((n)=>{return n.indexOf(".") == true})
OnSuccess => Nothing
Usage Example
End
That is it.
| Hope you enjoy this article, It was my first one, so be kind. Thank you, and see you the next time.
Ferreira 💀