In this post I will share how to find vuln websites using termux. The goal, of course, is to simplify and speed up the search process.
As we know, one of the requirements to be able to deface a website is the existence of a weakness on the web. Therefore we must find it so that it can be used as a live target.
With termux, we only need to enter the dork and then determine the range of the number of websites.
Example :
Suppose we want to search by inurl for 100 websites search results. Then termux will then check the 100 websites and will show which websites have vuln status.
This is more effective than searching one by one by entering the xss code into the comments field or website search box.
Alright, let’s learn more.
What is a vuln?
Vuln is an abbreviation of vulnerability, which means a vulnerability in the system caused by an error in the system itself, causing a loophole for exploitative action.
So a vuln website is a website that has a security hole because it displays an error when a certain algorithm is added.
Example :
If website A displays error 1 for executing this algorithm:
"><img src=x onerror=prompt(1)>
So website A has a vuln status.
“> is one of the algorithms to check whether a website has gaps or not.
All right, now you understand, right? Then proceed to the termux process.
How to find vuln websites using termux?
There are 3 easy steps to find website gaps using termux.
1. Install script vulnerability checker
This script works automatically by entering algorithms into the website to detect security holes.
There are lots of script options, but I prefer to use ko-dork. The reason is because it is easy to organize.
2. Determine the google dork query
Google dork is useful for making it easier to find a list of websites in google search results. In addition, we can also filter any website that will be the target.
Example :
inurl: /admin/hubungi.php site: .go.id
inurl: /admin/contact.php to find a website that contains a link admin/contact.php
site: .go.id to filter so that only government websites appear.
3. Operate script to find results
After installing the script, we also have to operate it in order to find the vuln website.
You do this by executing google dork parameters on the input script.
As an example, I will share the use of the ko-dork script.
Here’s how to find a vuln website using ko-dork
1. Install the ko-dork script to termux
Open the termux application then enter this command:
pkg install git python2
Then enter again:
git clone https://github.com/CiKu370/ko-dork
2. Run the ko-dork script through the main file
Because the main file is in the cloned folder, we must first enter the ko dork scripts folder to find it.
How to write this command:
cd ko-dork
Then to run the main file use this command:
python2 dork.py
After that the script will run and the initial display looks like this:
3. Enter the data to start the search
There are 3 data that you must enter, namely the google dork, the number of websites, and the domain suffix.
inurl : google dork query based on link
site : filter the domain names that appear
max-page : limit on the number of websites for checking
Example :
Here is my data to look for website vulnerabilities:
inurl : product.php?id= site: com max-page : 50
Information :
I will look for 50 shopping websites with .com sites with vuln status.
4. Open the vuln.txt file to see which website results are vuln
After the search is complete, ko-dork will display the number of web vulns then save the list in the vuln.txt file.
To open the file, use this command:
cat vuln.txt
That is a list of websites that have security holes based on the ko dork algorithm.
That’s how to find vuln websites using termux. The point is, you just need to determine the right google dork so you can quickly find the gap.
How, have you found a website to be a live target?
If not, please include what dork parameters you are using in the comments column. I’ll fix it later to get a satisfactory result.
