Post

Deep Dork

Posted Updated
Preview Image
By Diogo Lages
5 min read
Deep Dork

Deep Dork is an advanced Google Dorking tool designed to automate and streamline the process of discovering sensitive information exposed on the web. It leverages Google’s search engine, proxies, CAPTCHA bypass mechanisms, and result parsing to provide a powerful utility for ethical security research and reconnaissance.

In addition to the Python CLI version, Deep Dork Web is now available as a browser-based tool, offering an intuitive interface for performing advanced Google Dork searches without requiring local setup or dependencies. The web version supports real-time search filtering, dynamic query generation, and seamless integration with search engines like Google, making it accessible to users of all skill levels.

Deep Dork Repository

Features

  • Advanced Search with Google Dorks: Use predefined or custom Google Dork queries to uncover specific types of data, such as exposed files, directories, or vulnerable endpoints.
  • Proxy Support: Configure and validate HTTP, SOCKS4, and SOCKS5 proxies to anonymize requests and avoid IP blocking.
  • CAPTCHA Handling: Built-in mechanisms to bypass CAPTCHAs using Selenium headless browsing or third-party CAPTCHA-solving services.
  • Multi-threaded Proxy Validation: Efficiently test and validate large proxy lists in parallel to ensure reliability.
  • Search History & Export: Maintain a history of searches and export results in JSON or CSV format for further analysis.
  • Customizable Dork Templates: Load predefined Dork templates from a JSON file or create your own for tailored searches.
  • Interactive Menu System (CLI): A user-friendly command-line interface for seamless navigation and operation.
  • Real-Time Search Filtering (Web): Dynamically filter dorks based on search terms and categories in the browser-based version.
  • Dynamic Query Generation (Web): Replace placeholders in dork queries with user-provided input for personalized searches.
  • Search Engine Integration (Web): Generate direct links to Google search results for selected dorks.

How It Works

  1. Query Construction: The tool allows users to input a domain, name, or other target-specific keywords. These are combined with predefined or custom Google Dork templates to form search queries.
  2. Search Execution: The tool sends requests to Google’s search engine using randomized User-Agent headers and optional proxies to avoid detection and blocking.
  3. Result Parsing: The HTML response from Google is parsed using BeautifulSoup to extract relevant details like titles, URLs, and snippets.
  4. CAPTCHA Bypass: If a CAPTCHA is encountered, the tool can either use Selenium to simulate browser behavior or delegate solving to a third-party service like 2Captcha.
  5. Proxy Management: Proxies are tested for validity and performance before being used. The tool rotates through available proxies to distribute requests evenly.
  6. Output & Export: Results are displayed in the CLI or web interface and can be saved to a file in JSON or CSV format for offline analysis.

For the web version, users simply visit the hosted URL, enter their search terms, and click on generated links to view results directly in their browser.

Code Structure

The project is organized into two main classes:

  1. GoogleDorkSearch:
    • Handles the core functionality of constructing queries, sending requests, parsing results, and managing proxies.
    • Includes methods for testing proxies, bypassing CAPTCHAs, and parsing search results.
  2. DorkMenu:
    • Provides an interactive menu system for users to configure proxies, run searches, view history, and export results.
    • Manages search history persistence and integrates with GoogleDorkSearch for executing operations.

Key Modules:

  • requests and BeautifulSoup: For sending HTTP requests and parsing HTML responses.
  • selenium: For CAPTCHA bypass using headless Chrome.
  • fake_useragent: To generate random User-Agent strings for request headers.
  • threading: For concurrent proxy validation and testing.
  • json and csv: For saving and exporting search results and history.

For the web version, the tool uses:

  • HTML/CSS/JavaScript: For the responsive and modern user interface.
  • fetch API: To load predefined dorks from a JSON file dynamically.
  • Dynamic Link Generation: To integrate seamlessly with search engines like Google.

Interface

CLI Version

The tool provides an intuitive CLI-based interface with the following options:

  1. Advanced Search: Run custom or predefined Google Dork queries.
  2. Run All Dorks Automatically: Iterate through a list of predefined Dork templates and execute them sequentially.
  3. Configure Proxies: Add proxies manually or load them from a file, with automatic validation.
  4. View History: Display past searches and their results.
  5. Export Results: Save search results to a file in JSON or CSV format.
  6. Test Proxies: Validate the configured proxies to ensure they are functional.
  7. Solve CAPTCHA: Use a third-party CAPTCHA-solving service to handle blocked requests.
  8. Exit: Save the search history and exit the program.

Output CLI 1 Output CLI 2

Web Version

The web interface includes:

  1. Search Bar: Enter keywords or phrases to filter dorks dynamically.
  2. Category Filter: Narrow down results by selecting specific categories.
  3. Real-Time Results: View matching dorks with their queries, categories, and descriptions.
  4. Direct Links: Click on generated links to open search results in Google or other supported search engines.
  5. Responsive Design: Accessible and functional on both desktop and mobile devices.

Output Web

Limitations

  • Rate Limiting: Google may impose rate limits or block IPs despite using proxies, requiring careful configuration.
  • CAPTCHA Dependency: CAPTCHA bypass mechanisms may fail if Google implements stricter anti-bot measures.
  • Ethical Constraints: The tool should only be used for authorized security assessments. Misuse can lead to legal consequences.
  • Proxy Reliability: The effectiveness of the tool depends on the quality and availability of proxies.

Future Enhancements

  • Enhanced CAPTCHA Handling: Integrate additional CAPTCHA-solving services or machine learning models for improved accuracy.
  • GUI Implementation: Develop a graphical user interface (GUI) for broader accessibility.
  • API Integration: Provide an API endpoint for integrating the tool into larger security workflows.
  • Support for Other Search Engines: Extend functionality to include Bing, DuckDuckGo, and other search engines.
  • Automated Report Generation: Generate detailed reports with insights and recommendations based on search results.

Ethical Considerations

This tool is intended for ethical use only, such as penetration testing, vulnerability assessments, and security research. Unauthorized use of this tool to access or exploit sensitive information is strictly prohibited and may violate laws and regulations. Always ensure you have explicit permission before conducting any reconnaissance or scanning activities.

By using this tool, you agree to abide by all applicable laws and ethical guidelines. The developers and contributors of this project are not responsible for any misuse or illegal activities carried out with this software.

Python, Deep Dork
Python Deep Dork
This post is licensed under CC BY 4.0 by the author.