GooFuzz - The Power of Google Dorks

Credits

Author: M3n0sD0n4ld

Twitter: @David_Uton

Description:

GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server.

Download and install:

$ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git
$ cd GooFuzz
$ chmod +x GooFuzz
$ ./GooFuzz -h

Use:

Lists files by extensions separated by commas.

Lists files by extensions contained in a txt file.

Lists files by extension, either subdomain or domain and shows the first Google result.

List files, directories, and even parameters by means of a wordlist (it is recommended to use only very small files).

Lists directories and files by specifying paths, words, or file names.

Exclusion of subdomains in your searches (separated by commas or by a list)

Example 1:

In this example, we remove the subdomain "mars.nasa.gov" from the search

Example 2:

We perform a normal file search by three extensions and locate subdomains that we want to exclude.

We create a file called "exclusion_list.txt" and insert the three subdomains to exclude, we perform the same search again, but passing the list of excluded targets.

Disclaimer

I am not responsible for the misuse of the tool.
Google Search has mechanisms to prevent abusive use or detection of suspicious activity. If at any time the tool does not show results, Google has temporarily blocked you (e.g. Captcha).
All the information obtained is public and through Google results.
Logically, the searches are in Google, so it leaves no evidence in the logs of the target's server.
And very important, if you see a file, directory, subdomain, etc... Indexed in Google, does not mean that it still exists on the server (or it does ;)).

Useful?

If you like the tool, find it useful in your work, Bug Bounty, or as a hobby, you could help me like this:

Tell your friends and co-workers about it.
Contribute new ideas or help me to improve them by correcting bugs from here.
How? Do you want to buy me a coffee? Thank you very much!

January 30, 2023

Author

Hakin9 TEAM: Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.

Latest Articles

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Inline Feedbacks

View all comments

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.