Alvin Dork Scanner

The Alvin Dork Scanner is a powerful and efficient tool designed to enhance security assessments by leveraging Google Dorking techniques through the Serper API. This utility allows users to search for potentially vulnerable websites and exposed information using predefined lists of search queries (dorks).

Features

• Comprehensive Dork Categories: Alvin systematically scans Google with specific dorks tailored for:
  • Cross-Site Scripting (XSS): Primarily focused on .tr domains.
  • SQL Injection (SQLi): Targeting .tr domains for vulnerabilities.
  • Sensitive Documents & Exposures: Utilizing general dorks to uncover potentially leaked files and sensitive configurations.
  • Exposed CCTV/DVR Panels: Identifying accessible camera interfaces with specialized dorks.
• Utilization of Serper API: Fast and efficient search results using the reliable Serper API.
• Configurability: Users can adjust the number of Google search result pages to scan for each dork category.
• User-Friendly Command-Line Interface: Select specific dork categories directly from the command-line environment.
• Output Management: Saves unique found links to a specified file (default is vulnerable_links.txt).
• Throttle Control: Implements a delay between requests (time.sleep(1.5)) to prevent hitting API rate limits too quickly.

Requirements

• Python 3.x
• requests library: Install using pip install requests.
• Serper API Key: Obtain one from serper.dev.

Usage Instructions

Run the script from the terminal, ensuring at least one dork category is specified:

python alvin_scanner.py [options]

Options Available

• --xss: Use the XSS dorks list for scanning.
• --sqli: Use the SQLi dorks list.
• --sensitive-documents: Scan for sensitive document exposures.
• --cctv: Scan utilizing CCTV/DVR dorks.
• --output <filename>: Specify an output filename (default: vulnerable_links.txt).
• -h, --help: Display help information and exit.

Execution Flow

1. Execute the script with the desired category flags (example: --xss --sqli).
2. If no flags are provided, the script will display the help message and terminate.
3. Input the number of Google search result pages to scan for each dork category.
4. The script queries the Serper API and tracks progress while gathering found links.
5. Unique URLs are then compiled and saved to the specified output file.

Example Scenarios

• Scan for XSS and SQLi vulnerabilities across 5 pages:

python alvin_scanner.py --xss --sqli
# Input: How many pages to scan per dork? Enter 5

• Scan sensitive documents and CCTV systems, scanning 3 pages and saving to a custom file:

python alvin_scanner.py --sensitive-documents --cctv --output exposed_systems.txt
# Input: How many pages to scan per dork? Enter 3

• Scan all categories while limiting the search to 2 pages:

python alvin_scanner.py --xss --sqli --sensitive-documents --cctv
# Input: How many pages to scan per dork? Enter 2

Output

The Alvin Dork Scanner generates a text file (default: vulnerable_links.txt) containing a comprehensive list of unique URLs identified during the scan, with each URL neatly arranged on a separate line.

Disclaimer

⚠️ This tool is intended for educational and research purposes only.

• Employing this script for unauthorized scanning or accessing systems without explicit permission is both illegal and unethical.
• Responsibility for misuse or damage caused by this script lies solely with the user. Compliance with all applicable laws and terms of service (including those of Google and Serper) is essential. Use this tool responsibly, exclusively on systems owned or tested with explicit, written consent.