Skip to content

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

License

Notifications You must be signed in to change notification settings

pakkiraja/GooFuzz

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


GooFuzz - The Power of Google Dorks


Credits

Author: M3n0sD0n4ld
Twitter: @David_Uton

Description:

GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server.

Download and install:

$ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git
$ cd GooFuzz
$ chmod +x GooFuzz
$ ./GooFuzz -h

Use:

Menu

Screenshot

Lists files by extensions separated by commas.

Screenshot

Lists files by extensions contained in a txt file.

Screenshot

Lists files by extension, either subdomain or domain and showing the first Google result.

Screenshot

List files, directories and even parameters by means of a wordlist (it is recommended to use only very small files).

Screenshot

Lists directories and files by specifying paths, words or file names.

Screenshot

Exclusion of subdomains in your searches (separated by commas or by a list)

Example 1:

In this example we remove the subdomain "mars.nasa.gov" from the search.

Screenshot

Example 2:

We perform a normal file search by three extensions and locate subdomains that we want to exclude.

Screenshot

We create a file called "exclusion_list.txt" and insert the three subdomains to exclude, we perform the same search again, but passing the list of excluded targets.

Screenshot

Disclaimer

  • I am not responsible for the misuse of the tool.
  • Google Search has mechanisms to prevent abusive use or detection of suspicious activity. If at any time the tool does not show results, Google has temporarily blocked you (e.g. Captcha).
  • All the information obtained is public and through Google results.
  • Logically, the searches are in Google, so it leaves no evidence in the logs of the target's server.
  • And very important, if you see a file, directory, subdomain, etc... Indexed in Google, does not mean that it still exists on the server (or it does ;)).

Useful?

If you like the tool, find it useful in your work, Bug Bounty or as a hobby, you could help me like this:

  • Tell your friends and co-workers about it.
  • Contribute new ideas or help me to improve it by correcting bugs from here.
  • How? Do you want to buy me a coffee? Thank you very much!

About

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 100.0%