#!/bin/bash
###########################################################################
# Simple script that tries to extracts hosts, subdomains, ip and mail from
# a Google search against a specif domain or Google scraping if you prefere!
# License: GPLv3
# Name: goohost
# Author: watakushi
# Special thanks to: kartik & kamal \n \n"
###########################################################################
###########################################################################
# General stuff - usage - errors - parameters definition
#
let I=0 #Used in the while loop's Google queries
METHOD="host" #Default mode is set to host
let PAGES=5 #Default pages to download from Google
let VERBOSITY=0 #Verbosity is set to off as default
TMPRND=$RANDOM #Random number used for temporany files
REGEXPRESULT='Results <b>[0-9,]*</b> - <b>[0-9,]*</b> of[" about "]+<b>[0-9,]*</b>' #REGEXP for extraxct the number of results from a query
METHOD=host #Default method set to host
#Print the help banner and exit the script
printhelpanddie () {
printf "\n"
printf "[*] goohost v.0.0.1 Beta \n"
printf "[*] Simple script that extracts hosts/subdomains, ip or emails for a specific domain with Google search \n"
printf "[*] Author: watakushi \n"
printf "[*] Thanks to: Johnny Long and GHDB for inspiration stuff \n"
printf "[*] Special thanks to: Danya & Roberto \n \n"
printf "[*] Usage: $0 -t domain.tld [-m <host|ip|mail> -p <1-20> -v] \n \n"
printf "[*] -t: target domain. Ex: backtrack.linux.org \n"
printf "[*] -m: method: <ip|host|mail>. Default value is set to host \n"
printf "[*] host: raw google hosts and subdomains search \n"
printf "[*] ip: raw google hosts and subdomains search and performs a reverse DNS resolution \n"
printf "[*] mail:raw google email search \n"
printf "[*] -p: pages [1-20]. Max number of pages to download from Google. Default 5 \n"
printf "[*] -v: verbosity. Default is set to off \n"
printf "[*] Example: $0 -t backtrack-linux.com -m ip -p 10 -v \n \n"
exit 1
}
#Extract the number of results google gives from the query
getresult () {
RESULT=$(grep -Eio "$REGEXPRESULT" /tmp/goohost$I-$TMPRND.log | cut -d"<" -f 6 | cut -d">" -f 2| tr -d ",")
return $RESULT
}
while getopts "t:m:p:v" optname
do
case "$optname" in
"t")
DOMAIN=$OPTARG
;;
"m")
METHOD=$OPTARG
;;
"p")
let PAGES=$OPTARG
;;
"v")
let VERBOSITY=1
;;
"?")
echo "[!] Error: Unknown option!"
printhelpanddie
;;
":")
echo "[!] Error: Argument needed!"
printhelpanddie
;;
*)
echo "[!] Error: Unknown error!!!"
printhelpanddie
;;
esac
done
#Check for write permissions and several tools used in the script
if [ ! -x /usr/bin/wget ]; then
echo "[!] Error: /usr/bin/wget not found on this system!" 1>&2
exit 1
fi
if [ ! -x /usr/bin/awk ]; then
echo "[!] Error: /usr/bin/awk not found on this system!" 1>&2
exit 1
fi
if [ ! -x /bin/sed ]; then
echo "[!] Error: /bin/sed not found on this system!" 1>&2
exit 1
fi
if [ ! -w /tmp ]; then
echo "[!] Error: Can't write in /tmp ! - Permission denied" 1>&2
exit 1
fi
if [ ! -w ./ ]; then
echo "[!] Error: Can't write in ./ ! - Permission denied" 1>&2
exit 1
fi
#Print usage if parameters are not passed to the script
if [[ -z $DOMAIN ]] || [[ $METHOD != host && $METHOD != ip && $METHOD != mail ]] ; then
printhelpanddie
fi
#Use a regular expression based on the method option
case "$METHOD" in
host)
REGEXPQUERY='[a-zA-Z0-9\._-]+\.'$DOMAIN
;;
ip)
REGEXPQUERY='[a-zA-Z0-9\._-]+\.'$DOMAIN
;;
mail)
REGEXPQUERY="[a-zA-Z0-9._-]+@<em>$DOMAIN</em>"
QEMAIL="+$DOMAIN"
;;
esac
#Set the number of queries to do. Default value 5.
if [[ $PAGES -lt 1 || $PAGES -gt 20 ]] ; then
echo "[-] Warning: Pages value not in the range 1-20. Default value used!" 1>&2
let PAGES=5
printf "\n"
fi
#Check for DNS wildcards
if [[ $(host idontexist.xxxxx$TMPRND.com | grep address) ]]; then
printf "\n"
echo "[-] Warning: DNS wildcard detected! With IP method you should have some false positive results." 1>&2
printf "\n"
fi
###########################################################################
# QUERY:0 Download the first google page with the site: parameter
#
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN" #site:example.tld
;;
ip)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN" #site:example.tld
;;
mail)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN$QEMAIL" #example.tld site:example.tld
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY0" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log > result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY0
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
###########################################################################
# Start the loop, download the pages generated with different types of query
#
while [[ "$RESULT" -ge "100" && "$I" -lt $PAGES-1 ]]
do
let I=I+1
case "$I" in
1)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
ip)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
mail)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN$QEMAIL+mail" #site:example.tld example.tld mail
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY1" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY1
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
;;
2)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=*.site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
ip)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=*.site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
mail)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=$site%3A$DOMAIN$QEMAIL+mail&start=200" #site:example.tld example.tld mail
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY2" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY2
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
# Generate TOP6 file and pass the values to the next queries
case "$METHOD" in
host)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | sed -e "s/.$DOMAIN//g" > /tmp/top6-$TMPRND.log
;;
ip)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | sed -e "s/.$DOMAIN//g" > /tmp/top6-$TMPRND.log
;;
mail)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | cut -d"@" -f1 > /tmp/top6-$TMPRND.log
;;
esac
;;
3)
CURL1=$(awk NR==1 /tmp/top6-$TMPRND.log)
CURL2=$(awk NR==2 /tmp/top6-$TMPRND.log)
CURL3=$(awk NR==3 /tmp/top6-$TMPRND.log)
CURL4=$(awk NR==4 /tmp/top6-$TMPRND.log)
CURL5=$(awk NR==5 /tmp/top6-$TMPRND.log)
CURL6=$(awk NR==6 /tmp/top6-$TMPRND.log)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
ip)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
mail)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$CURL1+-intext%3A$CURL2+-intext%3A$CURL3+-intext%3A$CURL4+-intext%3A$CURL5+-intext%3A$CURL6" #site:example.tlf -intext:info
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY3" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY3
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "The TOP6 are: \n"
printf "$CURL1 $CURL2 $CURL3 $CURL4 $CURL5 $CURL6"
printf "\n"
fi
;;
4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 )
let START=($I-3)*100 #Google query top6 changed the start parameter
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
ip)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
mail)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=$QEMAILsite%3A$DOMAIN+-intext%3A$CURL1+-intext%3A$CURL2+-intext%3A$CURL3+-intext%3A$CURL4+-intext%3A$CURL5+-intext%3A$CURL6" #site:example.tlf -intext:info
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY3" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Check how many pages to download with this query
let END=($RESULT/100) #Number of page to download
if [[ $I -ge $END+3 ]]; then
let I=12
fi
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY3
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "The TOP6 are: \n"
printf "$CURL1 $CURL2 $CURL3 $CURL4 $CURL5 $CURL6"
printf "\n"
fi
;;
13)
#Generate temporary file for the random query
case "$METHOD" in
host)
sort -u result-$TMPRND.log | sed -e "s/.$DOMAIN//g" > /tmp/random-$TMPRND.log
;;
ip)
sort -u result-$TMPRND.log | sed -e "s/.$DOMAIN//g" > /tmp/random-$TMPRND.log
;;
mail)
sort -u result-$TMPRND.log | cut -d"@" -f1 > /tmp/random-$TMPRND.log
;;
esac
highest=$(wc -l /tmp/random-$TMPRND.log | cut -d" " -f1 ) #Number of hosts present in the result file
#################################################
#TODO: Exit from the case loop if highest is <= 0
#################################################
if [[ $highest -ge "1" ]]; then
R1=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R2=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R3=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R4=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R5=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R6=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
RURL1="$(awk "NR==$R1" /tmp/random-$TMPRND.log)"
RURL2="$(awk "NR==$R2" /tmp/random-$TMPRND.log)"
RURL3="$(awk "NR==$R3" /tmp/random-$TMPRND.log)"
RURL4="$(awk "NR==$R4" /tmp/random-$TMPRND.log)"
RURL5="$(awk "NR==$R5" /tmp/random-$TMPRND.log)"
RURL6="$(aewk "NR==$R6" /tmp/random-$TMPRND.log)"
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
ip)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
mail)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$RURL1+-intext%3A$RURL2+-intext%3A$RURL3+-intext%3A$RURL4+-intext%3A$RURL5+-intext%3A$RURL6" #site:example.tlf example.tld -itext:random1 -intext:random2 -intext:random3 -intext:random4 -intext:random5 -intext:random6
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY4" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY4
printf "\n"
printf "Result for query: $RESULT \n"
printf "Random hosts: $RURL1 $RURL2 $RURL3 $RURL4 $RURL5 $RURL6 \n"
printf "\n"
fi
else
let I=20
fi
;;
14 | 15 | 16 | 17 | 18 | 19)
R1=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R2=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R3=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R4=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R5=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R6=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
RURL1="$(awk "NR==$R1" /tmp/random-$TMPRND.log)"
RURL2="$(awk "NR==$R2" /tmp/random-$TMPRND.log)"
RURL3="$(awk "NR==$R3" /tmp/random-$TMPRND.log)"
RURL4="$(awk "NR==$R4" /tmp/random-$TMPRND.log)"
RURL5="$(awk "NR==$R5" /tmp/random-$TMPRND.log)"
RURL6="$(awk "NR==$R6" /tmp/random-$TMPRND.log)"
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
ip)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
mail)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$RURL1+-intext%3A$RURL2+-intext%3A$RURL3+-intext%3A$RURL4+-intext%3A$RURL5+-intext%3A$RURL6" #site:example.tlf example.tld -itext:random1 -intext:random2 -intext:random3 -intext:random4 -intext:random5 -intext:random6
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY4" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY4
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "Random hosts: $RURL1 $RURL2 $RURL3 $RURL4 $RURL5 $RURL6 \n"
printf "\n"
fi
;;
esac
done
###########################################################################
# Generate output and report file
#
#Generate different report for different methods
case "$METHOD" in
host)
printf "\n"
cat result-$TMPRND.log | sort -u > report-$TMPRND-$DOMAIN.txt
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
ip)
printf "\n"
for line in $(cat result-$TMPRND.log | sort -u); do
host $line | grep "has address" | cut -d" " -f1,4 >> report-$TMPRND-$DOMAIN.txt &
done
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
#printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
mail)
printf "\n"
cat result-$TMPRND.log | sort -u | sed -e "s/<[^>]*>//g" > report-$TMPRND-$DOMAIN.txt
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
esac
###########################################################################
# Delete temporary files
#
rm -f result-$TMPRND.log 2> /dev/null
rm -f /tmp/goohost*-$TMPRND.log 2> /dev/null
rm -f /tmp/random-$TMPRND.log 2> /dev/null
rm -f /tmp/top6-$TMPRND.log 2> /dev/null
save this script as .sh that's it
###########################################################################
# Simple script that tries to extracts hosts, subdomains, ip and mail from
# a Google search against a specif domain or Google scraping if you prefere!
# License: GPLv3
# Name: goohost
# Author: watakushi
# Special thanks to: kartik & kamal \n \n"
###########################################################################
###########################################################################
# General stuff - usage - errors - parameters definition
#
let I=0 #Used in the while loop's Google queries
METHOD="host" #Default mode is set to host
let PAGES=5 #Default pages to download from Google
let VERBOSITY=0 #Verbosity is set to off as default
TMPRND=$RANDOM #Random number used for temporany files
REGEXPRESULT='Results <b>[0-9,]*</b> - <b>[0-9,]*</b> of[" about "]+<b>[0-9,]*</b>' #REGEXP for extraxct the number of results from a query
METHOD=host #Default method set to host
#Print the help banner and exit the script
printhelpanddie () {
printf "\n"
printf "[*] goohost v.0.0.1 Beta \n"
printf "[*] Simple script that extracts hosts/subdomains, ip or emails for a specific domain with Google search \n"
printf "[*] Author: watakushi \n"
printf "[*] Thanks to: Johnny Long and GHDB for inspiration stuff \n"
printf "[*] Special thanks to: Danya & Roberto \n \n"
printf "[*] Usage: $0 -t domain.tld [-m <host|ip|mail> -p <1-20> -v] \n \n"
printf "[*] -t: target domain. Ex: backtrack.linux.org \n"
printf "[*] -m: method: <ip|host|mail>. Default value is set to host \n"
printf "[*] host: raw google hosts and subdomains search \n"
printf "[*] ip: raw google hosts and subdomains search and performs a reverse DNS resolution \n"
printf "[*] mail:raw google email search \n"
printf "[*] -p: pages [1-20]. Max number of pages to download from Google. Default 5 \n"
printf "[*] -v: verbosity. Default is set to off \n"
printf "[*] Example: $0 -t backtrack-linux.com -m ip -p 10 -v \n \n"
exit 1
}
#Extract the number of results google gives from the query
getresult () {
RESULT=$(grep -Eio "$REGEXPRESULT" /tmp/goohost$I-$TMPRND.log | cut -d"<" -f 6 | cut -d">" -f 2| tr -d ",")
return $RESULT
}
while getopts "t:m:p:v" optname
do
case "$optname" in
"t")
DOMAIN=$OPTARG
;;
"m")
METHOD=$OPTARG
;;
"p")
let PAGES=$OPTARG
;;
"v")
let VERBOSITY=1
;;
"?")
echo "[!] Error: Unknown option!"
printhelpanddie
;;
":")
echo "[!] Error: Argument needed!"
printhelpanddie
;;
*)
echo "[!] Error: Unknown error!!!"
printhelpanddie
;;
esac
done
#Check for write permissions and several tools used in the script
if [ ! -x /usr/bin/wget ]; then
echo "[!] Error: /usr/bin/wget not found on this system!" 1>&2
exit 1
fi
if [ ! -x /usr/bin/awk ]; then
echo "[!] Error: /usr/bin/awk not found on this system!" 1>&2
exit 1
fi
if [ ! -x /bin/sed ]; then
echo "[!] Error: /bin/sed not found on this system!" 1>&2
exit 1
fi
if [ ! -w /tmp ]; then
echo "[!] Error: Can't write in /tmp ! - Permission denied" 1>&2
exit 1
fi
if [ ! -w ./ ]; then
echo "[!] Error: Can't write in ./ ! - Permission denied" 1>&2
exit 1
fi
#Print usage if parameters are not passed to the script
if [[ -z $DOMAIN ]] || [[ $METHOD != host && $METHOD != ip && $METHOD != mail ]] ; then
printhelpanddie
fi
#Use a regular expression based on the method option
case "$METHOD" in
host)
REGEXPQUERY='[a-zA-Z0-9\._-]+\.'$DOMAIN
;;
ip)
REGEXPQUERY='[a-zA-Z0-9\._-]+\.'$DOMAIN
;;
mail)
REGEXPQUERY="[a-zA-Z0-9._-]+@<em>$DOMAIN</em>"
QEMAIL="+$DOMAIN"
;;
esac
#Set the number of queries to do. Default value 5.
if [[ $PAGES -lt 1 || $PAGES -gt 20 ]] ; then
echo "[-] Warning: Pages value not in the range 1-20. Default value used!" 1>&2
let PAGES=5
printf "\n"
fi
#Check for DNS wildcards
if [[ $(host idontexist.xxxxx$TMPRND.com | grep address) ]]; then
printf "\n"
echo "[-] Warning: DNS wildcard detected! With IP method you should have some false positive results." 1>&2
printf "\n"
fi
###########################################################################
# QUERY:0 Download the first google page with the site: parameter
#
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN" #site:example.tld
;;
ip)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN" #site:example.tld
;;
mail)
GOOGLEQUERY0="http://www.google.com/search?num=100&q=site%3A$DOMAIN$QEMAIL" #example.tld site:example.tld
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY0" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log > result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY0
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
###########################################################################
# Start the loop, download the pages generated with different types of query
#
while [[ "$RESULT" -ge "100" && "$I" -lt $PAGES-1 ]]
do
let I=I+1
case "$I" in
1)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
ip)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
mail)
GOOGLEQUERY1="http://www.google.com/search?num=100&q=site%3A$DOMAIN$QEMAIL+mail" #site:example.tld example.tld mail
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY1" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY1
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
;;
2)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=*.site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
ip)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=*.site%3A$DOMAIN+-inurl%3Awww.$DOMAIN" #site:example.tld -inurl:www.example.tld
;;
mail)
GOOGLEQUERY2="http://www.google.com/search?num=100&q=$site%3A$DOMAIN$QEMAIL+mail&start=200" #site:example.tld example.tld mail
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY2" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY2
printf "\n"
printf "Results for query: $RESULT \n"
printf "\n"
fi
# Generate TOP6 file and pass the values to the next queries
case "$METHOD" in
host)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | sed -e "s/.$DOMAIN//g" > /tmp/top6-$TMPRND.log
;;
ip)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | sed -e "s/.$DOMAIN//g" > /tmp/top6-$TMPRND.log
;;
mail)
grep -Eio $REGEXPQUERY result-$TMPRND.log | sort | uniq -i -c | sort -n -r | grep -Eio $REGEXPQUERY | cut -d"@" -f1 > /tmp/top6-$TMPRND.log
;;
esac
;;
3)
CURL1=$(awk NR==1 /tmp/top6-$TMPRND.log)
CURL2=$(awk NR==2 /tmp/top6-$TMPRND.log)
CURL3=$(awk NR==3 /tmp/top6-$TMPRND.log)
CURL4=$(awk NR==4 /tmp/top6-$TMPRND.log)
CURL5=$(awk NR==5 /tmp/top6-$TMPRND.log)
CURL6=$(awk NR==6 /tmp/top6-$TMPRND.log)
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
ip)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
mail)
GOOGLEQUERY3="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$CURL1+-intext%3A$CURL2+-intext%3A$CURL3+-intext%3A$CURL4+-intext%3A$CURL5+-intext%3A$CURL6" #site:example.tlf -intext:info
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY3" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY3
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "The TOP6 are: \n"
printf "$CURL1 $CURL2 $CURL3 $CURL4 $CURL5 $CURL6"
printf "\n"
fi
;;
4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 )
let START=($I-3)*100 #Google query top6 changed the start parameter
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
ip)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=site%3A$DOMAIN+-inurl%3A$CURL1+-inurl%3A$CURL2+-inurl%3A$CURL3+-inurl%3A$CURL4+-inurl%3A$CURL5+-inurl%3A$CURL6" #site:example.tlf -inurl:top1 -inurl:top2 -inurl:top3 -inurl:top4 -inurl:top5 -inurl:top6
;;
mail)
GOOGLEQUERY3="http://www.google.com/search?num=100&start=$START&q=$QEMAILsite%3A$DOMAIN+-intext%3A$CURL1+-intext%3A$CURL2+-intext%3A$CURL3+-intext%3A$CURL4+-intext%3A$CURL5+-intext%3A$CURL6" #site:example.tlf -intext:info
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY3" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Check how many pages to download with this query
let END=($RESULT/100) #Number of page to download
if [[ $I -ge $END+3 ]]; then
let I=12
fi
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY3
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "The TOP6 are: \n"
printf "$CURL1 $CURL2 $CURL3 $CURL4 $CURL5 $CURL6"
printf "\n"
fi
;;
13)
#Generate temporary file for the random query
case "$METHOD" in
host)
sort -u result-$TMPRND.log | sed -e "s/.$DOMAIN//g" > /tmp/random-$TMPRND.log
;;
ip)
sort -u result-$TMPRND.log | sed -e "s/.$DOMAIN//g" > /tmp/random-$TMPRND.log
;;
mail)
sort -u result-$TMPRND.log | cut -d"@" -f1 > /tmp/random-$TMPRND.log
;;
esac
highest=$(wc -l /tmp/random-$TMPRND.log | cut -d" " -f1 ) #Number of hosts present in the result file
#################################################
#TODO: Exit from the case loop if highest is <= 0
#################################################
if [[ $highest -ge "1" ]]; then
R1=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R2=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R3=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R4=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R5=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R6=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
RURL1="$(awk "NR==$R1" /tmp/random-$TMPRND.log)"
RURL2="$(awk "NR==$R2" /tmp/random-$TMPRND.log)"
RURL3="$(awk "NR==$R3" /tmp/random-$TMPRND.log)"
RURL4="$(awk "NR==$R4" /tmp/random-$TMPRND.log)"
RURL5="$(awk "NR==$R5" /tmp/random-$TMPRND.log)"
RURL6="$(aewk "NR==$R6" /tmp/random-$TMPRND.log)"
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
ip)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
mail)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$RURL1+-intext%3A$RURL2+-intext%3A$RURL3+-intext%3A$RURL4+-intext%3A$RURL5+-intext%3A$RURL6" #site:example.tlf example.tld -itext:random1 -intext:random2 -intext:random3 -intext:random4 -intext:random5 -intext:random6
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY4" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY4
printf "\n"
printf "Result for query: $RESULT \n"
printf "Random hosts: $RURL1 $RURL2 $RURL3 $RURL4 $RURL5 $RURL6 \n"
printf "\n"
fi
else
let I=20
fi
;;
14 | 15 | 16 | 17 | 18 | 19)
R1=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R2=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R3=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R4=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R5=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
R6=$[ ( $RANDOM % ( $[ $highest - 1 ] + 1 ) ) + 1 ]
RURL1="$(awk "NR==$R1" /tmp/random-$TMPRND.log)"
RURL2="$(awk "NR==$R2" /tmp/random-$TMPRND.log)"
RURL3="$(awk "NR==$R3" /tmp/random-$TMPRND.log)"
RURL4="$(awk "NR==$R4" /tmp/random-$TMPRND.log)"
RURL5="$(awk "NR==$R5" /tmp/random-$TMPRND.log)"
RURL6="$(awk "NR==$R6" /tmp/random-$TMPRND.log)"
#Google Query
case "$METHOD" in
host)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
ip)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=site%3A$DOMAIN+-inurl%3A$RURL1+-inurl%3A$RURL2+-inurl%3A$RURL3+-inurl%3A$RURL4+-inurl%3A$RURL5+-inurl%3A$RURL6" #site:example.tlf -inurl:random1 -inurl:random2 -inurl:random3 -inurl:random4 -inurl:random5 -inurl:random6
;;
mail)
GOOGLEQUERY4="http://www.google.com/search?num=100&q=$QEMAILsite%3A$DOMAIN+-intext%3A$RURL1+-intext%3A$RURL2+-intext%3A$RURL3+-intext%3A$RURL4+-intext%3A$RURL5+-intext%3A$RURL6" #site:example.tlf example.tld -itext:random1 -intext:random2 -intext:random3 -intext:random4 -intext:random5 -intext:random6
;;
esac
#Download with wget the page
wget -U "" "$GOOGLEQUERY4" -O /tmp/goohost$I-$TMPRND.log -q
#Extract the hosts/emails and save in the result file
grep -Eio $REGEXPQUERY /tmp/goohost$I-$TMPRND.log >> result-$TMPRND.log
#Extract the number of results google gives from the query
getresult
#Verbosity
if [ "$VERBOSITY" = "1" ]; then
printf "\n"
printf "Google Query n.$I \n"
echo $GOOGLEQUERY4
printf "\n"
printf "Result for query: $RESULT \n"
#print the top 6 host from result-$TMPRND.log
printf "Random hosts: $RURL1 $RURL2 $RURL3 $RURL4 $RURL5 $RURL6 \n"
printf "\n"
fi
;;
esac
done
###########################################################################
# Generate output and report file
#
#Generate different report for different methods
case "$METHOD" in
host)
printf "\n"
cat result-$TMPRND.log | sort -u > report-$TMPRND-$DOMAIN.txt
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
ip)
printf "\n"
for line in $(cat result-$TMPRND.log | sort -u); do
host $line | grep "has address" | cut -d" " -f1,4 >> report-$TMPRND-$DOMAIN.txt &
done
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
#printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
mail)
printf "\n"
cat result-$TMPRND.log | sort -u | sed -e "s/<[^>]*>//g" > report-$TMPRND-$DOMAIN.txt
printf "Results saved in file report-$TMPRND-$DOMAIN.txt \n"
printf "$(wc -l report-$TMPRND-$DOMAIN.txt | cut -d" " -f1) results found! \n"
;;
esac
###########################################################################
# Delete temporary files
#
rm -f result-$TMPRND.log 2> /dev/null
rm -f /tmp/goohost*-$TMPRND.log 2> /dev/null
rm -f /tmp/random-$TMPRND.log 2> /dev/null
rm -f /tmp/top6-$TMPRND.log 2> /dev/null
save this script as .sh that's it
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com