This function performs search dorking, parses results and saves the testable hosts into the knowledge base.
()
| 354 | crawl(target[0], target[2], target[3]) |
| 355 | |
| 356 | def _doSearch(): |
| 357 | """ |
| 358 | This function performs search dorking, parses results |
| 359 | and saves the testable hosts into the knowledge base. |
| 360 | """ |
| 361 | |
| 362 | if not conf.googleDork: |
| 363 | return |
| 364 | |
| 365 | kb.data.onlyGETs = None |
| 366 | |
| 367 | def retrieve(): |
| 368 | links = search(conf.googleDork) |
| 369 | |
| 370 | if not links: |
| 371 | errMsg = "unable to find results for your " |
| 372 | errMsg += "search dork expression" |
| 373 | raise SqlmapGenericException(errMsg) |
| 374 | |
| 375 | for link in links: |
| 376 | link = urldecode(link) |
| 377 | if re.search(r"(.*?)\?(.+)", link) or conf.forms: |
| 378 | kb.targets.add((link, conf.method, conf.data, conf.cookie, None)) |
| 379 | elif re.search(URI_INJECTABLE_REGEX, link, re.I): |
| 380 | if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork: |
| 381 | message = "do you want to scan only results containing GET parameters? [Y/n] " |
| 382 | kb.data.onlyGETs = readInput(message, default='Y', boolean=True) |
| 383 | if not kb.data.onlyGETs or conf.googleDork: |
| 384 | kb.targets.add((link, conf.method, conf.data, conf.cookie, None)) |
| 385 | |
| 386 | return links |
| 387 | |
| 388 | while True: |
| 389 | links = retrieve() |
| 390 | |
| 391 | if kb.targets: |
| 392 | infoMsg = "found %d results for your " % len(links) |
| 393 | infoMsg += "search dork expression" |
| 394 | |
| 395 | if not conf.forms: |
| 396 | infoMsg += ", " |
| 397 | |
| 398 | if len(links) == len(kb.targets): |
| 399 | infoMsg += "all " |
| 400 | else: |
| 401 | infoMsg += "%d " % len(kb.targets) |
| 402 | |
| 403 | infoMsg += "of them are testable targets" |
| 404 | |
| 405 | logger.info(infoMsg) |
| 406 | break |
| 407 | |
| 408 | else: |
| 409 | message = "found %d results " % len(links) |
| 410 | message += "for your search dork expression, but none of them " |
| 411 | message += "have GET parameters to test for SQL injection. " |
| 412 | message += "Do you want to skip to the next result page? [Y/n]" |
| 413 |