Permalink
Browse files

initial release

  • Loading branch information...
jgor committed Sep 7, 2017
1 parent fccf34b commit e9d7fd68fb25bf6ff99fd75a6145abbecc80aaea
View
45 LICENSE
@@ -0,0 +1,45 @@
UT AUSTIN RESEARCH LICENSE (SOURCE CODE)
The University of Texas at Austin has developed certain software and documentation that it desires to make available without charge to anyone for academic, research, experimental or personal use. This license is designed to guarantee freedom to use the software for these purposes. If you wish to distribute or make other use of the software, you may purchase a license to do so from the University of Texas.
The accompanying source code is made available to you under the terms of this UT Research License (this “UTRL”). By clicking the “ACCEPT” button, or by installing or using the code, you are consenting to be bound by this UTRL. If you do not agree to the terms and conditions of this license, do not click the “ACCEPT” button, and do not install or use any part of the code.
The terms and conditions in this UTRL not only apply to the source code made available by UT, but also to any improvements to, or derivative works of, that source code made by you and to any object code compiled from such source code, improvements or derivative works.
1. DEFINITIONS.
1.1 “Commercial Use” shall mean use of Software or Documentation by Licensee for direct or indirect financial, commercial or strategic gain or advantage, including without limitation: (a) bundling or integrating the Software with any hardware product or another software product for transfer, sale or license to a third party (even if distributing the Software on separate media and not charging for the Software); (b) providing customers with a link to the Software or a copy of the Software for use with hardware or another software product purchased by that customer; or (c) use in connection with the performance of services for which Licensee is compensated.
1.2 “Derivative Products” means any improvements to, or other derivative works of, the Software made by Licensee.
1.3 “Documentation” shall mean all manuals, user documentation, and other related materials pertaining to the Software that are made available to Licensee in connection with the Software.
1.4 “Licensor” shall mean The University of Texas.
1.5 “Licensee” shall mean the person or entity that has agreed to the terms hereof and is exercising rights granted hereunder.
1.6 “Software” shall mean the computer program(s) referred to as “Dorkbot” made available under this UTRL in source code form, including any error corrections, bug fixes, patches, updates or other modifications that Licensor may in its sole discretion make available to Licensee from time to time, and any object code compiled from such source code.
2. GRANT OF RIGHTS.
Subject to the terms and conditions hereunder, Licensor hereby grants to Licensee a worldwide, non- transferable, non-exclusive license to (a) install, use and reproduce the Software for academic, research,
The University of Texas at Austin Research License (Source Code) Page 1 of 4
experimental and personal use (but specifically excluding Commercial Use); (b) use and modify the Software to create Derivative Products, subject to Section 3.2; and (c) use the Documentation, if any, solely in connection with Licensee’s authorized use of the Software.
3. RESTRICTIONS; COVENANTS.
3.1 Licensee may not: (a) distribute, sub-license or otherwise transfer copies or rights to the Software (or any portion thereof) or the Documentation; (b) use the Software (or any portion thereof) or Documentation for Commercial Use, or for any other use except as described in Section 2; (c) copy the Software or Documentation other than for archival and backup purposes; or (d) remove any product identification, copyright, proprietary notices or labels from the Software and Documentation. This UTRL confers no rights upon Licensee except those expressly granted herein.
3.2 Licensee hereby agrees that it will provide a copy of all Derivative Products to Licensor and that its use of the Derivative Products will be subject to all of the same terms, conditions, restrictions and limitations on use imposed on the Software under this UTRL. Licensee hereby grants Licensor a worldwide, non- exclusive, royalty-free license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense and distribute Derivative Products. Licensee also hereby grants Licensor a worldwide, non-exclusive, royalty-free patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Derivative Products under those patent claims licensable by Licensee that are necessarily infringed by the Derivative Products.
4. PROTECTION OF SOFTWARE.
4.1 Confidentiality. The Software and Documentation are the confidential and proprietary information of Licensor. Licensee agrees to take adequate steps to protect the Software and Documentation from unauthorized disclosure or use. Licensee agrees that it will not disclose the Software or Documentation to any third party.
4.2 Proprietary Notices. Licensee shall maintain and place on any copy of Software or Documentation that it reproduces for internal use all notices as are authorized and/or required hereunder. Licensee shall include a copy of this UTRL and the following notice, on each copy of the Software and Documentation. Such license and notice shall be embedded in each copy of the Software, in the video screen display, on the physical medium embodying the Software copy and on any Documentation:
Copyright © 2017, The University of Texas at Austin. All rights reserved.
UNIVERSITY EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES CONCERNING THIS SOFTWARE AND DOCUMENTATION, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, NON- INFRINGEMENT AND WARRANTIES OF PERFORMANCE, AND ANY WARRANTY THAT MIGHT OTHERWISE ARISE FROM COURSE OF DEALING OR USAGE OF TRADE. NO WARRANTY IS EITHER EXPRESS OR IMPLIED WITH RESPECT TO THE USE OF THE SOFTWARE OR DOCUMENTATION. Under no circumstances shall University be liable for incidental, special, indirect, direct or consequential damages or loss of profits, interruption of business, or related expenses which may arise from use of Software or Documentation, including but not limited to those resulting from defects in Software and/or Documentation, or loss or inaccuracy of data of any kind.
5. WARRANTIES.
5.1 Disclaimer of Warranties. TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE AND DOCUMENTATION ARE BEING PROVIDED ON AN “AS IS” BASIS WITHOUT ANY
The University of Texas at Austin Research License (Source Code) Page 2 of 4
WARRANTIES OF ANY KIND RESPECTING THE SOFTWARE OR DOCUMENTATION, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF DESIGN, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
5.2 Limitation of Liability. UNDER NO CIRCUMSTANCES UNLESS REQUIRED BY APPLICABLE LAW SHALL LICENSOR BE LIABLE FOR INCIDENTAL, SPECIAL, INDIRECT, DIRECT OR CONSEQUENTIAL DAMAGES OR LOSS OF PROFITS, INTERRUPTION OF BUSINESS, OR RELATED EXPENSES WHICH MAY ARISE AS A RESULT OF THIS LICENSE OR OUT OF THE USE OR ATTEMPT OF USE OF SOFTWARE OR DOCUMENTATION INCLUDING BUT NOT LIMITED TO THOSE RESULTING FROM DEFECTS IN SOFTWARE AND/OR DOCUMENTATION, OR LOSS OR INACCURACY OF DATA OF ANY KIND. THE FOREGOING EXCLUSIONS AND LIMITATIONS WILL APPLY TO ALL CLAIMS AND ACTIONS OF ANY KIND, WHETHER BASED ON CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE), OR ANY OTHER GROUNDS.
6. INDEMNIFICATION.
Licensee shall indemnify, defend and hold harmless Licensor, the University of Texas System, their Regents, and their officers, agents and employees from and against any claims, demands, or causes of action whatsoever caused by, or arising out of, or resulting from, the exercise or practice of the license granted hereunder by Licensee, its officers, employees, agents or representatives.
7. TERMINATION.
If Licensee breaches this UTRL, Licensee’s right to use the Software and Documentation will terminate immediately without notice, but all provisions of this UTRL except Section 2 will survive termination and continue in effect. Upon termination, Licensee must destroy all copies of the Software and Documentation.
8. GOVERNING LAW; JURISDICTION AND VENUE.
The validity, interpretation, construction and performance of this UTRL shall be governed by the laws of the State of Texas. The Texas state courts of Travis County, Texas (or, if there is exclusive federal jurisdiction, the United States District Court for the Central District of Texas) shall have exclusive jurisdiction and venue over any dispute arising out of this UTRL, and Licensee consents to the jurisdiction of such courts. Application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.
9. EXPORT CONTROLS.
This license is subject to all applicable export restrictions. Licensee must comply with all export and import laws and restrictions and regulations of any United States or foreign agency or authority relating to the Software and its use.
10. U.S. GOVERNMENT END-USERS.
The Software is a “commercial item,” as that term is defined in 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212 (Sept. 1995) and 48 C.F.R. 227.7202 (June 1995). Consistent with 48 C.F.R. 12.212, 48 C.F.R. 27.405(b)(2) (June 1998) and 48 C.F.R. 227.7202, all U.S. Government End Users acquire the Software with only those rights as set forth herein.
The University of Texas at Austin Research License (Source Code) Page 3 of 4
11. MISCELLANEOUS
If any provision hereof shall be held illegal, invalid or unenforceable, in whole or in part, such provision shall be modified to the minimum extent necessary to make it legal, valid and enforceable, and the legality, validity and enforceability of all other provisions of this UTRL shall not be affected thereby. Licensee may not assign this UTRL in whole or in part, without Licensor’s prior written consent. Any attempt to assign this UTRL without such consent will be null and void. This UTRL is the complete and exclusive statement between Licensee and Licensor relating to the subject matter hereof and supersedes all prior oral and written and all contemporaneous oral negotiations, commitments and understandings of the parties, if any. Any waiver by either party of any default or breach hereunder shall not constitute a waiver of any provision of this UTRL or of any subsequent default or breach of the same or a different kind.
END OF LICENSE
View
112 README.md
@@ -1 +1,111 @@
# dorkbot
dorkbot
=======
Scan Google search results for vulnerabilities.
dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules:
* *Indexers* - modules that issue a search query and return the results as targets
* *Scanners* - modules that perform a vulnerability scan against each target
Targets are stored in a local database upon being indexed. Once scanned, any vulnerabilities found by the chosen scanner are written to a standard JSON report file. Indexing and scanning processes can be run separately or combined in a single command.
Usage
=====
<pre>
usage: dorkbot.py [-h] [-c CONFIG] [-b BLACKLIST] [-d DATABASE] [-i INDEXER]
[-l] [-o INDEXER_OPTIONS] [-p SCANNER_OPTIONS] [-s SCANNER]
[-v VULNDIR]
optional arguments:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
Configuration file
-b BLACKLIST, --blacklist BLACKLIST
File containing (regex) patterns to blacklist from
scans
-d DATABASE, --database DATABASE
SQLite3 database file
-i INDEXER, --indexer INDEXER
Indexer module to use
-l, --list List targets in database
-o INDEXER_OPTIONS, --indexer-options INDEXER_OPTIONS
Indexer-specific options (opt1=val1,opt2=val2,..)
-p SCANNER_OPTIONS, --scanner-options SCANNER_OPTIONS
Scanner-specific options (opt1=val1,opt2=val2,..)
-s SCANNER, --scanner SCANNER
Scanner module to use
-v VULNDIR, --vulndir VULNDIR
Directory to store vulnerability output reports
</pre>
Platform
========
Python 2.7.x / 3.x (Linux / Mac OS / Windows)
(requires [python-dateutil](https://pypi.python.org/pypi/python-dateutil))
Quickstart
==========
1. Download [PhantomJS](http://phantomjs.org/) and either [Arachni](http://www.arachni-scanner.com/) or [Wapiti](http://wapiti.sourceforge.net/) for your platform, and make sure you have installed any required dependencies for each.
1. Extract each tool into the tools directory and rename the directory after the tool (dorkbot/tools/phantomjs/, dorkbot/tools/arachni/, etc).
1. Create a Google [Custom Search Engine](https://www.google.com/cse/) and note the search engine ID, e.g. 012345678901234567891:abc12defg3h.
1. Install python-dateutil (e.g.: pip install python-dateutil)
Example: use arachni to scan php pages that contain the string "id" in the url:
<pre>
$ ./dorkbot.py -i google -o engine=012345678901234567891:abc12defg3h,query="filetype:php inurl:id" -s arachni
</pre>
Indexer Modules
===============
### google ###
Search for targets in a Google Custom Search Engine (CSE) via custom search element.
Requirements: [PhantomJS](http://phantomjs.org/)
Options:
* **engine** - CSE id
* **query** - search query
* phantomjs_dir - phantomjs base directory containing bin/phantomjs (default: tools/phantomjs/)
* domain - limit searches to specified domain
### google_api ###
Search for targets in a Google Custom Search Engine (CSE) via JSON API.
Requirements: none
Options:
* **key** - API key
* **engine** - CSE id
* **query** - search query
* domain - limit searches to specified domain
### stdin ###
Read targets from standard input, one per line.
Requirements: none
Options: none
Scanner Modules
===============
### arachni ###
Scan targets with Arachni command-line scanner.
Requirements: [Arachni](http://www.arachni-scanner.com/)
Options:
* arachni_dir - arachni base directory containing bin/arachni and bin/arachni_reporter (default: tools/arachni/)
* report_dir - directory to save arachni scan binary and JSON scan report output (default: reports/)
* checks - which vulnerability checks to perform (default: active/\*,-csrf,-unvalidated_redirect,-source_code_disclosure,-response_splitting,-no_sql_injection_differential
### wapiti ###
Scan targets with Wapiti command-line scanner.
Requirements: [Wapiti](http://wapiti.sourceforge.net/)
Options:
* wapiti_dir - wapiti base directory containing bin/wapiti (default: tools/wapiti/)
* report_dir - directory to save wapiti JSON scan report (default: reports/)
View
@@ -0,0 +1,4 @@
*
!.gitignore
!dorkbot.ini.example
!blacklist.txt.example
@@ -0,0 +1,2 @@
.*login.*
^https?://[^.]*.example.com/.*
@@ -0,0 +1,2 @@
[dorkbot]
database=/opt/dorkbot/dorkbot.db
View
@@ -0,0 +1,2 @@
*
!.gitignore
Oops, something went wrong.

0 comments on commit e9d7fd6

Please sign in to comment.