Command-line tool to scan Google search results for vulnerabilities
Python JavaScript
Switch branches/tags
Nothing to show
Latest commit cf616d4 Nov 21, 2017 @jgor jgor Update
Failed to load latest commit information.
config initial release Sep 7, 2017
databases initial release Sep 7, 2017
indexers rewrote phantomjs search code Nov 21, 2017
reports initial release Sep 7, 2017
scanners use proper argument order for wapiti Nov 21, 2017
tools initial release Sep 7, 2017
vulnerabilities initial release Sep 7, 2017
LICENSE initial release Sep 7, 2017 Update Nov 21, 2017 initial release Sep 7, 2017


Scan Google search results for vulnerabilities.

dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules:

  • Indexers - modules that issue a search query and return the results as targets
  • Scanners - modules that perform a vulnerability scan against each target

Targets are stored in a local database file upon being indexed. Once scanned, any vulnerabilities found by the chosen scanner are written to a standard JSON report file. Indexing and scanning processes can be run separately or combined in a single command.


usage: [-h] [-c CONFIG] [-b BLACKLIST] [-d DATABASE] [-i INDEXER]
                  [-l] [-o INDEXER_OPTIONS] [-p SCANNER_OPTIONS] [-s SCANNER]
                  [-v VULNDIR]

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        Configuration file
  -b BLACKLIST, --blacklist BLACKLIST
                        File containing (regex) patterns to blacklist from
  -d DATABASE, --database DATABASE
                        SQLite3 database file
  -i INDEXER, --indexer INDEXER
                        Indexer module to use
  -l, --list            List targets in database
                        Indexer-specific options (opt1=val1,opt2=val2,..)
                        Scanner-specific options (opt1=val1,opt2=val2,..)
  -s SCANNER, --scanner SCANNER
                        Scanner module to use
  -v VULNDIR, --vulndir VULNDIR
                        Directory to store vulnerability output reports


Python 2.7.x / 3.x (Linux / Mac OS / Windows) (requires python-dateutil)


As needed, dorkbot will search for tools in the following order:

  • Directory specified via relevant module option
  • Located in dorkbot's tools directory, with the subdirectory named after the tool
  • Available in the user's PATH (e.g. installed system-wide)


Create a Google Custom Search Engine and note the search engine ID, e.g. 012345678901234567891:abc12defg3h.

$ sudo apt install python-dateutil phantomjs wapiti
$ ./ -i google -o engine=012345678901234567891:abc12defg3h,query="filetype:php inurl:id" -s wapiti

Indexer Modules


Search for targets in a Google Custom Search Engine (CSE) via custom search element.

Requirements: PhantomJS


  • engine - CSE id
  • query - search query
  • phantomjs_dir - phantomjs base directory containing bin/phantomjs (default: tools/phantomjs/)
  • domain - limit searches to specified domain


Search for targets in a Google Custom Search Engine (CSE) via JSON API.

Requirements: none


  • key - API key
  • engine - CSE id
  • query - search query
  • domain - limit searches to specified domain


Read targets from standard input, one per line.

Requirements: none

Options: none

Scanner Modules


Scan targets with Arachni command-line scanner.

Requirements: Arachni


  • arachni_dir - arachni base directory containing bin/arachni and bin/arachni_reporter (default: tools/arachni/)
  • report_dir - directory to save arachni scan binary and JSON scan report output (default: reports/)
  • checks - space-delimited list of vulnerability checks to perform (default: "active/* -csrf -unvalidated_redirect -source_code_disclosure -response_splitting -no_sql_injection_differential")


Scan targets with Wapiti command-line scanner.

Requirements: Wapiti


  • wapiti_dir - wapiti base directory containing bin/wapiti (default: tools/wapiti/)
  • report_dir - directory to save wapiti JSON scan report (default: reports/)