QueryDorker/QueryDorker.py at main · pand-coder/QueryDorker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104


DORKS = {
    "Directory Listing": 'intitle:index.of',
    "Sensitive Files": 'ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini',
    "SQL Errors": 'intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near"',
    "Wordpress": 'inurl:wp-content | inurl:wp-includes',
    "Log Files": 'ext:log',
    "Backup Files": 'ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup',
    "Login Pages": 'inurl:login | inurl:signin | intitle:Login | intitle:Signin | inurl:auth',
    "Find Subdomains": 'site:*.',
    "Exposed Email Addresses": "intext:'@",
    "Open FTP Servers": 'inurl:ftp://',
    "Database Files": 'ext:sql | ext:dbf | ext:mdb',
    "Apache Config": 'filetype:config "apache"',
    "Public Documents": 'ext:doc | ext:docx | ext:pdf | ext:rtf | ext:ppt | ext:pptx | ext:csv',
    "Phpinfo": 'ext:php | intext:phpinfo',
    "Backdoors": 'inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd',
    "Open Redirects": 'inurl:redirect | inurl:url | inurl:next',
    "Php Config": 'ext:php inurl:config',
    "Exposed JSON": 'ext:json',
    "Sitemaps": 'filetype:xml inurl:sitemap',
    "SQL Dumps": "ext:sql intext:'INSERT INTO'",
    "Printers": 'inurl:hp/device/this.LCDispatcher',
    "Admin Panels": 'inurl:/admin/',
    "Firewalls/Routers": 'inurl:/main.cgi | inurl:/status.cgi',
    "API Keys": "intext:'API_KEY='",
    "Env Files": "ext:env intext:'DB_PASSWORD='",
    "Jenkins": 'inurl:/script | inurl:/manage',
    "Docker Registries": 'inurl:/v2/_catalog',
    "Exposed Configs": 'ext:json | ext:yaml | ext:yml | ext:conf',
    "phpMyAdmin": 'inurl:phpmyadmin',
    "Kibana": 'inurl:/app/kibana',
    "Grafana": 'inurl:/d/',
    "WP Debug Logs": 'inurl:debug.log',
    "OpenVPN Configs": 'ext:ovpn',
    "AWS Keys": "intext:'AWS_ACCESS_KEY_ID='",
    "Firebase": "inurl:'firebaseio.com'",
    "Private Keys": "ext:key | ext:ppk | ext:pem intext:'BEGIN RSA PRIVATE KEY'",
    "JIRA": 'inurl:/browse/',
    "Exposed .git": 'inurl:.git',
    "Exposed .svn": 'inurl:.svn',
    "JIRA Users": "inurl:jira intext:'Reporter:'",
    "MongoDB": 'inurl:mongodb://',
    "ElasticSearch": 'inurl:/_search',
    "Admin Dashboards": 'inurl:admin | inurl:dashboard',
    "API Logs": "inurl:/logs intext:'API'",
    "Sensitive Excel": 'ext:xls | ext:xlsx',
    "Code Repos": 'inurl:repo',
    "Security Policies": 'inurl:/security-policy',
    "Unpatched Software": 'inurl:/changelog',
    "VPN Config": "ext:conf intext:'vpn'",
    "Payment Pages": 'inurl:checkout',
    "Captcha": 'inurl:captcha',
    "GraphQL": 'inurl:/graphql',
    "Swagger": 'inurl:/swagger',
    "Support Tickets": 'inurl:/helpdesk',
    "Public Repos": 'inurl:/repos',
    "Test Pages": 'inurl:/test',
    "Leaked Source Code": 'inurl:/src',
    "Exposed JWTs": "intext:'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9'",
    "CORS Misconfig": "intext:'Access-Control-Allow-Origin'",
    "CSP Reports": 'inurl:csp-report',
    "Public Images Directory": "intitle:'Index of' inurl:/images/",
    "Backup Archives": 'ext:zip | ext:tar | ext:gz',
    "Open APIs": 'inurl:/api/',
    "Jenkins Jobs": 'inurl:/job/',
    "Nginx Configs": "intext:'server {'",
    "Browser Storage": "intext:'localStorage' | intext:'sessionStorage'",
    "Message Queues": 'inurl:/queue/',
    "Open Video Streams": 'inurl:live.m3u8',
    "Webcams": 'inurl:/view.shtml',
    "IoT Devices": 'inurl:/device_status',
    "Debug Interfaces": 'inurl:/debug/'
}

def main():
    domain = input("🔍 Enter domain (e.g. google.com): ").strip()
    if not domain:
        print("❌ Domain cannot be empty.")
        return

    generated = {}
    print("\n🔎 Generated Google Dorks:\n" + "-" * 40)

    for category, dork in DORKS.items():
        if "Subdomains" in category:
            full_query = f"site:*.{domain} -www"
        elif "@https://" in dork:
            full_query = f"site:{domain} intext:'@{domain}'"
        else:
            full_query = f"site:{domain} {dork}"
        generated[category] = full_query
        print(f"[{category}]\n{full_query}\n")

    # Always save to txt only
    filename_base = domain.replace('.', '_')
    with open(f"{filename_base}_dorks.txt", 'w') as f:
        for cat, query in generated.items():
            f.write(f"[{cat}]\n{query}\n\n")
    print(f"📝 TXT saved as: {filename_base}_dorks.txt")

if __name__ == "__main__":
    main()