This repository has been archived by the owner on Jan 17, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 234
Functionality
Thomas Perkins edited this page Nov 29, 2016
·
5 revisions
-d/--default (Scrapes Google for possible vulnerable sites)
-f/--file FILENAME (Runs through the specified file list and tries to find vulnerabilities in the sites)
-s/--spider URL (Opens the URL pulls all the URL redirects from that site, make sure it's a good URL)
-x/--run-x NUM (Runs the program the specified amount of times in a dry/batch run)
--dry-run (Runs the program but doesn't search the sites for vulnerabilities, prompts for input)
--batch (Used in conjunction with dry run, doesn't prompt for input)
-p/--proxy IP:PORT (Configure the program to run behind a proxy, must use the ":")
--rand-agent (Use a random user agent header instead of the default)
--sqlmap (Will launch sqlmap and use the SQL_VULN.LOG file as the bulk file, will prompt you for your commands)
-D/--dork DORK (Will run with your own custom dork)
Random and misc flags, these flags really have nothing to do with the programs functionality but will help with stuff, kinda..
-l/--legal (Will display the legal information, full legal along with the terms of service)
-b/--banner (Will hide whitewidows banner, meaning it won't display the version either)
--beep (Will create a beep everytime the program finds a SQL vulnerable site)
Future flags and possible updates, these flags are a future update, and possibly will be implemented into the program
--xss (If a program is found to not be SQL vulnerable, this will launch a random basic alert script from a constant, it will replace the `php?id=1` for example, one, at the end of the link with something like `<script>alert("XSS");</script>`, it will then connect to the page and check if pop alert happened. If it happened, that page is XSS vulnerable and will be logged.)
--rand-search-engine (Will use a random search engine instead of Google from a constant. This may be default and maybe used as a "pick your search engine flag" instead)
-t/--tor (Will run the program through tor. You will need to have tor downloaded on the computer, and running on the computer first, it will then connect through tor)