- March 20th, 2010
- Write comment
This weekend I was finally able to finish up a minuscule, open source, research project of mine that I’ve been working on. It’s called ProminentDork. I wrote ProminentDork to act as a very simple and generic multi-threaded web application fuzzer that uses Google dorking to obtain domain specific URLs that may be vulnerable to a variety of web vulnerabilities such as SQLi, XSS, LFI, RFI, or anything else you can scan website source for. Although using Google dorks for web application pen-testing is nothing new, I thought it would be interesting to research Google search automation and URL aggregation, as well as learning more about how they validate a search session by using captchas in the process. In the process, I decided to build in a simple and flexible solution for scanning the collected results for a variety of different vulnerabilities that can be detected by a string being concatenated to the end of the requested URL and then analyzing the source of the response.
Many pre-existing or current security tools that use Google dorks for auditing, are used strictly in conjunction with the Google Hacking Database or focus primarily on a specific type of vulnerability. Although, automating web auditing with Google dorks is a great way to get a quick grasp of your sites security based on popular query results, it does not, in anyway, obsolete the effectiveness of using a web crawler to generate a full site-map based on files/directories listed in the source, and then scanning those files/directories independently in conjunction with analyzing the sites structure.
ProminentDork currently supports features such as: Multiple query, error string, and appended request string support, Google Hacking Database support, proxy support, and Google captcha support. More features are sure to come as time progresses.
I wrote ProminentDork to be simple and broad enough to support many kinds of web vulnerabilities using the same method of gather->append->request->analyze. Surprisingly, that simple four step process is great for auditing your website for common web vulnerabilities. It is nice to be able to have an automated solution use Google to aggregate a list of potentially insecure/popular web pages from your specified domain and test them against a variety of different exploits that you supply. In the next release, I plan on adding in a more in depth scanning solution that will obtain all the GET and POST variables from the source and build requests off of those to return more results. I already wrote a small script in python a few months ago to do just that and I plan on implementing it into ProminentDork soon.
I wrote ProminentDork in C#, to experiment with the proclaimed ease and efficiency of implementing a thread queue through the System.Threading.ThreadPool class in .NET. The source can be downloaded from the link at the bottom. I have released the code under the GNU General Public License as published by the Free Software Foundation.
IMPORTANT: I wrote this code as a simple research project, I am not responsible for or condone any misuse or illegal use of this code or application. Its purpose is meant STRICTLY for research and must not be used illegally. Do NOT perform malicious scans on websites you do not legally own. If you are to use this application, you must abide by Google’s Terms of Service as well as the law.
Compile using Visual Studio for Windows or MONO for Linux.
Download: ProminentDork.zip 115 KB