Got IP banned using google search

[c4mx]

Hi,

Thank you guys for sharing your work.

I just tested Zeus with the example dork shown in readme and the search was banned after 3 dorks.

I want to know is that normal with Zeus? Since in the description it says it is able to bypass the IP banned when search with Google.

P.S: Before Zeus, I have also tested some other google dork scraper solutions, but no one works with google dork (Problem of search ban with captcha). Even if the query is sent from a browser every time with a new sessions and no cache, Google can also detect scraping action.

[Ekultek]

That’s interesting.. Well Zeus doesn’t scrape from the browser, it sends one request to the search engine and uses a headless browser to pull the URL, from there it connects to the URL. I’ve never been IP banned. What commands where you using?

On Sep 26, 2017, at 5:29 AM, c4mx notifications@github.com wrote:

Hi,

Thank you guys for sharing your work.

I just tested Zeus with the example dork shown in readme and the search was banned after 3 dorks.

I want to know is that normal with Zeus? Since in the description it says it is able to bypass the IP banned when search with Google.

P.S: Before Zeus, I have also tested some other google dork scraper solutions, but no one works with google dork (Problem of search ban with captcha). Even if the query is sent from a browser every time with a new sessions and no cache, Google can also detect scraping action.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[Ekultek]

Try it with a proxy and a different dork for me please, try this dork inurl:php?id=10

[Ekultek]

So here’s a possibility if you’re running behind a VPN

The blocking might be related to your use of a Virtual Private Network (VPN) browser plugin or program. You might try uninstalling the VPN from your computer or network and see if that makes a difference.

Some VPNs send traffic that violates the law or websites' terms of service. If you're an Internet Service Provider (ISP), explain to your users why they should uninstall these VPNs. When the abuse to Google's network stops, we automatically stop blocking the IP(s)/ISP(s) that were sending the bad traffic.

Zeus will successfully bypass IP blocking because it’s uses a real browser to gather the URL, if you’re behind a VPN or some type of proxy that violates the TOS of google you can try the other search engines that come preconfigured in Zeus.

[Ekultek]

I am unable to reproduce this issue, I just ran it through a file and didn't get banned:

baal@baal-Aspire-5733Z:~/bin/python/zeus-scanner$ sudo python zeus.py -l etc/dorks.txt

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.17(dev)
    https://github.com/ekultek/zeus-scanner.git
        Advanced Dork Searching...

[*] starting up at 09:49:12..

[09:49:12 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-42.log'...
[09:49:12 INFO] using default search engine...
[09:49:12 INFO] starting dork scan with query '.php?secao="'...
[09:49:12 INFO] attempting to gather query URL...
[09:49:13 INFO] firefox browser display will be hidden while it performs the query...
[09:49:13 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:24 INFO] browser will open shortly...
[09:49:26 INFO] searching 'http://google.com' using query '.php?secao="'...
[09:49:29 INFO] closing the browser and continuing process..
[09:49:29 INFO] URL successfully gathered, searching for GET parameters...
[09:49:29 INFO] no proxy configuration detected...
[09:49:30 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.17)::Python->v2.7'...
[09:49:30 INFO] found a total of 1 URL's with a GET parameter...
[09:49:30 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-3.log'...
[09:49:30 INFO] starting dork scan with query 'inurl:/content.php?inc='...
[09:49:30 INFO] attempting to gather query URL...
[09:49:30 INFO] firefox browser display will be hidden while it performs the query...
[09:49:30 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:42 INFO] browser will open shortly...
[09:49:44 INFO] searching 'http://google.com' using query 'inurl:/content.php?inc='...
[09:49:47 INFO] closing the browser and continuing process..
[09:49:47 INFO] URL successfully gathered, searching for GET parameters...
[09:49:47 INFO] no proxy configuration detected...
[09:49:47 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.17)::Python->v2.7'...
[09:49:47 INFO] found a total of 9 URL's with a GET parameter...
[09:49:47 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-4.log'...
[09:49:47 INFO] starting dork scan with query 'sw_comment.php?id='...
[09:49:47 INFO] attempting to gather query URL...
[09:49:48 INFO] firefox browser display will be hidden while it performs the query...
[09:49:48 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:59 INFO] browser will open shortly...
[09:50:00 INFO] searching 'http://google.com' using query 'sw_comment.php?id='...
[09:50:04 INFO] closing the browser and continuing process..
[09:50:04 INFO] URL successfully gathered, searching for GET parameters...
[09:50:04 INFO] no proxy configuration detected...
[09:50:05 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.17)::Python->v2.7'...
[09:50:05 INFO] found a total of 11 URL's with a GET parameter...
[09:50:05 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-5.log'...
[09:50:05 INFO] starting dork scan with query 'pagina.php?tipo='...
[09:50:05 INFO] attempting to gather query URL...
[09:50:05 INFO] firefox browser display will be hidden while it performs the query...
[09:50:05 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:50:15 INFO] browser will open shortly...
[09:50:16 INFO] searching 'http://google.com' using query 'pagina.php?tipo='...
[09:50:20 INFO] closing the browser and continuing process..
[09:50:20 INFO] URL successfully gathered, searching for GET parameters...
[09:50:20 INFO] no proxy configuration detected...
[09:50:20 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.17)::Python->v2.7'...
[09:50:20 INFO] found a total of 2 URL's with a GET parameter...
[09:50:20 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-6.log'...
[09:50:20 INFO] starting dork scan with query 'index.php?fase= index.php?fase="'...
[09:50:20 INFO] attempting to gather query URL...
[09:50:20 INFO] firefox browser display will be hidden while it performs the query...
[09:50:20 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:50:31 INFO] browser will open shortly...
[09:50:32 INFO] searching 'http://google.com' using query 'index.php?fase= index.php?fase="'...
[09:50:36 INFO] closing the browser and continuing process..
[09:50:36 INFO] URL successfully gathered, searching for GET parameters...
[09:50:36 INFO] no proxy configuration detected...
[09:50:37 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.17)::Python->v2.7'...
[09:50:37 INFO] found a total of 3 URL's with a GET parameter...
[09:50:37 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-7.log'...
[09:50:37 INFO] starting dork scan with query 'news_content.php?CategoryID='...
[09:50:37 INFO] attempting to gather query URL...
[09:50:37 INFO] firefox browser display will be hidden while it performs the query...
[09:50:37 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:50:48 INFO] browser will open shortly...
[09:50:50 INFO] searching 'http://google.com' using query 'news_content.php?CategoryID='...
^C[09:50:53 ERROR] user aborted process...

[*] shutting down at 09:50:53..

baal@baal-Aspire-5733Z:~/bin/python/zeus-scanner$ 

So my assumption would be that it has something to do on your side, for now (until you can provide more proof) I'm going to close this as invalid.

A couple things you can try:

1. Don't use a VPN, zeus can use a proxy if you would like to use it, but be careful with proxies as they can cause an issue with Google's TOS
2. Use a different search engine -A|-D|-B (AOL, DuckDuckGo, Bing). Be warned that each search engine has their own syntax for searching, for example, DDG does not use semi colons (inurl test/php?id)
3. Use a random dork with the -r flag, no guarantees but it should work.
4. Use a random user-agent using --random-agent, it could be that for some reason Google doesn't like the Zeus user-agent, or it could be blacklisting it because of the searches it's been performing lately (apparently a lot of people are using this had over 200 clones in 5 hours)

If you are able to reproduce this issue after the aforementioned, go ahead and comment it here and I'll re-open the issue and see what the deal is. I may even have to remove the bypass IP blocking part from the README if you are correct. Thanks for using Zeus.

[c4mx]

Thanks for your responses !

In fact, I have reproduced this issue with a clean IP yet another time. I will check it again today or tomorrow with your recommended search setting, like using random-agent. I will give you my feedback with details after my third check.

One word about your above tests, according to my experience, Google will more likely ban dork queries than normal queries. In your above example, it seems that only one dork query was used among 6 queries.

[Ekultek]

How do you figure?

{
    "[09:49:12 INFO] starting dork scan with query '.php?secao="'...": "[09:49:30 INFO] found a total of 1 URL's with a GET parameter...",
    "[09:49:30 INFO] starting dork scan with query 'inurl:/content.php?inc='...": "[09:49:47 INFO] found a total of 9 URL's with a GET parameter...",
    "[09:49:47 INFO] starting dork scan with query 'sw_comment.php?id='...": "[09:50:05 INFO] found a total of 11 URL's with a GET parameter...", 
    etc.. 
}

So you're telling me that it just so happens that one of these dorks was able to find different amounts of URL's in different scans?

If you look closely at the output, it will say the URL twice, the first time it will tell you what dork is starting the scan, and second time it will tell you the search engine it is using along with the dork it using to create the search.

Also, yes Google is more likely to ban a search for a dork scan. But the point of using selenium is so that you appear as a real user. If you go onto Google manually and start searching for dorks, Google isn't going to block you because you have Cache and Cookies, and Google knows that you aren't fake. Selenium will automate your browser, which basically means turn it into a robot, it will still use the same cache and same cookies as if you had actually gone to Google yourself.

Don't get me wrong I'm not trying to come off as an asshole (just re-read this sound kinda dickish) just trying to understand what you're saying. I'm going to re-open this as a discussion for now because I'm curious as to where you are coming from.

[Ekultek]

After some thought, in the beginning you said you used the same dork three continuous times correct?

[c4mx]

Also, yes Google is more likely to ban a search for a dork scan. But the point of using selenium is so that you appear as a real user. If you go onto Google manually and start searching for dorks, Google isn't going to block you because you have Cache and Cookies, and Google knows that you aren't fake. Selenium will automate your browser, which basically means turn it into a robot, it will still use the same cache and same cookies as if you had actually gone to Google yourself.

I think I totally understand what I'm saying. Let me make it clearer: The fact is Google will ban your search queries even if you use selenium. I was banned many times when I use my browser to do Google dork searching, each time I need to answer captcha to continue. You can easily test this to see if I'm correct or not.

[c4mx]

Google isn't going to block you because you have Cache and Cookies, and Google knows that you aren't fake

Yes, Google knows you are a real human. But it doesn't mean you can run mass Google dork query search, since it may violate its TOS.

[Ekultek]

I think I totally understand what I'm saying. Let me make it clearer: The fact is Google will ban your search queries even if you use selenium. I was banned many times when I use my browser to do Google dork searching, each time I need to answer captcha to continue. You can easily test this to see if I'm correct or not.

That's fair, let me try and reproduce this again and see what I can come up with

[Ekultek]

Got it reproduced, I think I have an idea on how to trick it though.

[Ekultek]

baal@baal-Aspire-5733Z:~/bin/python/testing/zeus-scanner$ sudo python zeus.py -l etc/dorks.txt --verbose --random-agent
[11:40:27 DEBUG] checking if the application has been run before...
[11:40:27 DEBUG] verifying operating system...
[11:40:27 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.17(dev)
    https://github.com/ekultek/zeus-scanner.git
        Advanced Dork Searching...

[*] starting up at 11:40:27..

[11:40:27 DEBUG] running with options '{'runInVerbose': True, 'useRandomAgent': True, 'dorkFileToUse': 'etc/dorks.txt'}'...
[11:40:27 INFO] log file being saved to '/home/baal/bin/python/testing/zeus-scanner/log/zeus-log-8.log'...
[11:40:27 DEBUG] grabbing random user-agent from '/home/baal/bin/python/testing/zeus-scanner/etc/agents.txt'...
[11:40:27 DEBUG] using default search engine (Google)...
[11:40:27 INFO] using default search engine...
[11:40:27 INFO] starting dork scan with query '.php?secao="'...
[11:40:27 DEBUG] checking for user-agent and proxy configuration...
[11:40:27 INFO] attempting to gather query URL...
[11:40:27 DEBUG] setting up the virtual display to hide the browser...
[11:40:27 INFO] firefox browser display will be hidden while it performs the query...
[11:40:27 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[11:40:27 DEBUG] running selenium-webdriver and launching browser...
[11:40:27 DEBUG] adjusting selenium-webdriver user-agent to 'Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6'...
[11:40:57 INFO] browser will open shortly...
[11:40:59 DEBUG] searching search engine for the 'q' element (search button)...
[11:40:59 INFO] searching 'http://google.com' using query '.php?secao="'...
[11:41:02 DEBUG] obtaining URL from selenium...
[11:41:02 DEBUG] found current URL from selenium browser 'http://www.google.com/search?hl=en&source=hp&biw=&bih=&q=.php%3Fsecao%3D%22&gbv=2&oq=.php%3Fsecao%3D%22&gs_l=heirloom-hp.3...671.712.0.762.12.1.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..12.0.0.DA0Hc4c5CzU'...
[11:41:02 INFO] closing the browser and continuing process..
[11:41:03 INFO] URL successfully gathered, searching for GET parameters...
[11:41:03 INFO] no proxy configuration detected...
[11:41:04 INFO] adjusting user-agent header to Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6...
[11:41:04 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[11:41:04 INFO] found a total of 1 URL's with a GET parameter...
[11:41:04 INFO] saving found URL's under '/home/baal/bin/python/testing/zeus-scanner/log/url-log/url-log-3.log'...
[11:41:04 INFO] starting dork scan with query 'inurl:/content.php?inc='...
[11:41:04 DEBUG] checking for user-agent and proxy configuration...
[11:41:04 INFO] attempting to gather query URL...
[11:41:04 DEBUG] setting up the virtual display to hide the browser...
[11:41:05 INFO] firefox browser display will be hidden while it performs the query...
[11:41:05 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[11:41:05 DEBUG] running selenium-webdriver and launching browser...
[11:41:05 DEBUG] adjusting selenium-webdriver user-agent to 'Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6'...
[11:41:26 INFO] browser will open shortly...
[11:41:28 DEBUG] searching search engine for the 'q' element (search button)...
[11:41:28 INFO] searching 'http://google.com' using query 'inurl:/content.php?inc='...
[11:41:32 DEBUG] obtaining URL from selenium...
[11:41:32 DEBUG] found current URL from selenium browser 'http://ipv6.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26source%3Dhp%26biw%3D%26bih%3D%26q%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gbv%3D2%26oq%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gs_l%3Dheirloom-hp.3...499.765.0.920.23.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..23.0.0.7oZ9OhfwflY&hl=en&q=EhAmAIgDuACGgPCMXXGWS8MsGLmGqs4FIhkA8aeDS0KKwOIbz6RNx1UpBjoNyOS7wy35MgFy'...
[11:41:32 INFO] closing the browser and continuing process..
[11:41:32 INFO] URL successfully gathered, searching for GET parameters...
[11:41:32 INFO] no proxy configuration detected...
[11:41:32 INFO] adjusting user-agent header to Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6...
[11:41:32 INFO] found a total of 0 URL's with a GET parameter...
[11:41:32 CRITICAL] did not find any usable URL's with the given query 'inurl:/content.php?inc=' using search engine ''...

[*] shutting down at 11:41:32..

baal@baal-Aspire-5733Z:~/bin/python/testing/zeus-scanner

[Ekultek]

Note to self:

If http://ipv6.google.com or http://ipv4.google.com is in the URL

Example: http://ipv6.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26source%3Dhp%26biw%3D%26bih%3D%26q%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gbv%3D2%26oq%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gs_l%3Dheirloom-hp.3...499.765.0.920.23.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..23.0.0.7oZ9OhfwflY&hl=en&q=EhAmAIgDuACGgPCMXXGWS8MsGLmGqs4FIhkA8aeDS0KKwOIbz6RNx1UpBjoNyOS7wy35MgFy

try:
    url.find("continue=") # split by
    continue with url[1]
    example: `["http://ipv6.google.com/sorry/index?continue=", "http://www.google.com/search%3Fhl%3Den%26source%3Dhp%26biw%3D%26bih%3D%26q%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gbv%3D2%26oq%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gs_l%3Dheirloom-hp.3...499.765.0.920.23.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..23.0.0.7oZ9OhfwflY&hl=en&q=EhAmAIgDuACGgPCMXXGWS8MsGLmGqs4FIhkA8aeDS0KKwOIbz6RNx1UpBjoNyOS7wy35MgFy"]
except:
    # whatever

[Ekultek]

Working on this

[c4mx]

Got it reproduced, I think I have an idea on how to trick it though.

OK.

Working on this

Hope I could help. I can share my (limited) experience or some ideas if you want.

[Ekultek]

Ideas would be wonderful at this point lol

[Ekultek]

I think I found a work around

[Ekultek]

So here’s the deal, the true URL you are trying to get to is still present in the ip ban URL (although camouflaged). I figured out a way to present the true URL from the up banned URL, just gotta put it into action. I think I just figured out how to bypass Googles IP ban permantley.. Man maybe I should just sell it back to them... I dunno if I want anyone to see this code though, so it may go unpublished, or encoded

[c4mx]

You mean it's possible to to pull the search results out even if google returns a banned URL?

[Ekultek]

Yes, let me get on my computer and give you an example

On Sep 26, 2017, at 5:00 PM, c4mx notifications@github.com wrote:

You mean it's possible to to pull the search results out even if google returns a banned URL?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

[Ekultek]

Alright it is example time!! Okay let's say you have this ban URL http://ipv6.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26source%3Dhp%26biw%3D%26bih%3D%26q%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gbv%3D2%26oq%3Dinurl%253A%252Fcontent.php%253Finc%253D%26gs_l%3Dheirloom-hp.3...499.765.0.920.23.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..23.0.0.7oZ9OhfwflY&hl=en&q=EhAmAIgDuACGgPCMXXGWS8MsGLmGqs4FIhkA8aeDS0KKwOIbz6RNx1UpBjoNyOS7wy35MgFy

Now look closely at it and you'll see a continue= query, so my theory for now is that after that continue query, the true URL sits in there.

[c4mx]

Are you sure that Google will return search results for a request of the "true URL" ? I have doubts on it....

[Ekultek]

as I said theory but I have tested it on a normal browser and seen results.

[Ekultek]

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# python zeus.py -d incontext:php?id=10 --verbose
[17:58:04 DEBUG] checking if the application has been run before...
[17:58:04 DEBUG] verifying operating system...
[17:58:04 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.18(dev)
        https://github.com/ekultek/zeus-scanner.git
                Advanced Dork Searching...

[*] starting up at 17:58:04..

[17:58:04 DEBUG] running with options '{'runInVerbose': True, 'dorkToUse': 'incontext:php?id=10'}'...
[17:58:04 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-120.log'...
[17:58:04 DEBUG] using default search engine (Google)...
[17:58:04 INFO] using default search engine...
[17:58:04 INFO] starting dork scan with query 'incontext:php?id=10'...
[17:58:04 DEBUG] checking for user-agent and proxy configuration...
[17:58:04 INFO] attempting to gather query URL...
[17:58:04 DEBUG] setting up the virtual display to hide the browser...
[17:58:04 INFO] firefox browser display will be hidden while it performs the query...
[17:58:04 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[17:58:04 DEBUG] running selenium-webdriver and launching browser...
[17:58:04 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[17:58:15 INFO] browser will open shortly...
[17:58:17 DEBUG] searching search engine for the 'q' element (search button)...
[17:58:17 INFO] searching 'http://google.com' using query 'incontext:php?id=10'...
[17:58:20 DEBUG] obtaining URL from selenium...
[17:58:20 WARNING] it appears that Google is attempting to block your IP address, attempting bypass...
[17:58:20 DEBUG] found current URL from selenium browser 'https://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=incontext%3Aphp%3Fid%3D10&gbv=1&oq=incontext%3Aphp'...
[17:58:20 INFO] closing the browser and continuing process..
[17:58:20 INFO] URL successfully gathered, searching for GET parameters...
[17:58:20 INFO] no proxy configuration detected...
[17:58:22 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[17:58:22 DEBUG] found 'https://www.youtube.com/results?gl=US&tab=w1'...
[17:58:22 DEBUG] found 'http://library.olivet.edu/forms/email/index.php?id=10&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFggaMAE&usg=AFQjCNEnP5NiMZaVQoLti3T6MgJOiyBtpQ'...
[17:58:22 DEBUG] found 'http://www.marylandfarmlink.com/dynamic_page.php?id=10&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFggcMAI&usg=AFQjCNH4bzT0-npjFq1o4ocd5JloTNR-fw'...
[17:58:22 DEBUG] found 'http://www.sunxtender.com/solarbattery.php?id=10&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFgghMAM&usg=AFQjCNECLJ_E1NbgjyPrljhRb5vhfg1h0g'...
[17:58:22 DEBUG] found 'http://www.passionsincontext.de/?id=557&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFggrMAU&usg=AFQjCNFdMvlcXTNcTAhlGDe7tuRwszMRbw'...
[17:58:22 DEBUG] found 'http://www.passionsincontext.de/?id=774&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFggwMAY&usg=AFQjCNGfTJIeFTZPxFtnKqVwilQpsrawxw'...
[17:58:22 DEBUG] found 'https://www.ecwid.com/forums/showthread.php?t=26303&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFgg2MAc&usg=AFQjCNEKl0E__sqF-ffTSExz5YL7CsQVuw'...
[17:58:22 DEBUG] found 'https://www.ecwid.com/forums/showthread.php?t=26303+incontext:php?id=10&tbo=1&sa=X&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQHwg6MAc'...
[17:58:22 DEBUG] found 'https://scope.bccampus.ca/mod/forum/user.php?id=3&mode=discussions&sa=U&ved=0ahUKEwjp1e_k-cPWAhVMzmMKHaD4BaYQFghCMAk&usg=AFQjCNEXu_fDg1k445KTYggSBVZtRk3zzQ'...
[17:58:22 INFO] found a total of 9 URL's with a GET parameter...
[17:58:22 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-8.log'...

[*] shutting down at 17:58:22..

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# 

Now for the problem, are you ready? Each query syntax has a specific ban URL divider. So now I need to figure out the syntax for the URL bans

[Ekultek]

Note to self, in context == "Fid"

[Ekultek]

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# python zeus.py -d inurl:php?id=10 --verbose
[18:00:42 DEBUG] checking if the application has been run before...
[18:00:42 DEBUG] verifying operating system...
[18:00:42 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.18(dev)
        https://github.com/ekultek/zeus-scanner.git
                Advanced Dork Searching...

[*] starting up at 18:00:42..

[18:00:42 DEBUG] running with options '{'runInVerbose': True, 'dorkToUse': 'inurl:php?id=10'}'...
[18:00:42 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-121.log'...
[18:00:42 DEBUG] using default search engine (Google)...
[18:00:42 INFO] using default search engine...
[18:00:42 INFO] starting dork scan with query 'inurl:php?id=10'...
[18:00:42 DEBUG] checking for user-agent and proxy configuration...
[18:00:42 INFO] attempting to gather query URL...
[18:00:42 DEBUG] setting up the virtual display to hide the browser...
[18:00:42 INFO] firefox browser display will be hidden while it performs the query...
[18:00:42 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[18:00:42 DEBUG] running selenium-webdriver and launching browser...
[18:00:42 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[18:00:54 INFO] browser will open shortly...
[18:00:55 DEBUG] searching search engine for the 'q' element (search button)...
[18:00:56 INFO] searching 'http://google.com' using query 'inurl:php?id=10'...
[18:00:59 DEBUG] obtaining URL from selenium...
[18:00:59 WARNING] it appears that Google is attempting to block your IP address, attempting bypass...
[18:00:59 DEBUG] found current URL from selenium browser 'https://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D10&gbv=1&oq=inurl%3Aphp'...
[18:00:59 INFO] closing the browser and continuing process..
[18:00:59 INFO] URL successfully gathered, searching for GET parameters...
[18:00:59 INFO] no proxy configuration detected...
[18:01:00 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[18:01:00 DEBUG] found 'https://www.youtube.com/results?gl=US&tab=w1'...
[18:01:00 DEBUG] found 'http://www.icdcprague.org/index.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFggUMAA&usg=AFQjCNHzZ4lFvvPuGbZVRzY5BIeuwUSV_w'...
[18:01:00 DEBUG] found 'http://www.marylandfarmlink.com/dynamic_page.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFggaMAE&usg=AFQjCNH4bzT0-npjFq1o4ocd5JloTNR-fw'...
[18:01:00 DEBUG] found 'http://www.architecturalpapers.ch/index.php?ID=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFggfMAI&usg=AFQjCNH1E_6wkxBEVbLsiA6QcJcGtydFew'...
[18:01:00 DEBUG] found 'http://www.doorlinkmfg.com/product.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFgglMAM&usg=AFQjCNHambH8Vs4r7Mcvh6qqrYA0J1la8Q'...
[18:01:00 DEBUG] found 'http://www.katun.me/page.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFggrMAQ&usg=AFQjCNHeZ8UebVQBfAKAf1dqvkyBoToh5g'...
[18:01:00 DEBUG] found 'http://www.dynatekbikes.com/news.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFggxMAU&usg=AFQjCNGFdCrk0M7ZW4-q3zashnVFpu-w5Q'...
[18:01:00 DEBUG] found 'http://www.apsf.org/initiatives.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFgg3MAY&usg=AFQjCNFctk4tVGMvNhojS2r-K_S5Zgpowg'...
[18:01:00 DEBUG] found 'http://library.olivet.edu/forms/email/index.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFgg9MAc&usg=AFQjCNEnP5NiMZaVQoLti3T6MgJOiyBtpQ'...
[18:01:00 DEBUG] found 'http://hkaudio.com/products.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFgg_MAg&usg=AFQjCNELDeYybAhkg2DioAONBGqsaJPKrQ'...
[18:01:00 DEBUG] found 'https://support.steampowered.com/kb_cat.php?id=10&sa=U&ved=0ahUKEwis86aw-sPWAhVI0WMKHT61AMYQFghEMAk&usg=AFQjCNFGWRrza2duZRygGYioUGkhg4x51Q'...
[18:01:00 INFO] found a total of 11 URL's with a GET parameter...
[18:01:00 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-9.log'...

[*] shutting down at 18:01:00..

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# 

[Ekultek]

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# python zeus.py -d incontent:php?id=213 --verbose
[18:02:26 DEBUG] checking if the application has been run before...
[18:02:26 DEBUG] verifying operating system...
[18:02:26 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.18(dev)
        https://github.com/ekultek/zeus-scanner.git
                Advanced Dork Searching...

[*] starting up at 18:02:26..

[18:02:26 DEBUG] running with options '{'runInVerbose': True, 'dorkToUse': 'incontent:php?id=213'}'...
[18:02:26 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-123.log'...
[18:02:26 DEBUG] using default search engine (Google)...
[18:02:26 INFO] using default search engine...
[18:02:26 INFO] starting dork scan with query 'incontent:php?id=213'...
[18:02:26 DEBUG] checking for user-agent and proxy configuration...
[18:02:26 INFO] attempting to gather query URL...
[18:02:26 DEBUG] setting up the virtual display to hide the browser...
[18:02:26 INFO] firefox browser display will be hidden while it performs the query...
[18:02:26 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[18:02:26 DEBUG] running selenium-webdriver and launching browser...
[18:02:26 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[18:02:37 INFO] browser will open shortly...
[18:02:38 DEBUG] searching search engine for the 'q' element (search button)...
[18:02:38 INFO] searching 'http://google.com' using query 'incontent:php?id=213'...
[18:02:42 DEBUG] obtaining URL from selenium...
[18:02:42 WARNING] it appears that Google is attempting to block your IP address, attempting bypass...
[18:02:42 DEBUG] found current URL from selenium browser 'https://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=incontent%3Aphp%3Fid%3D213&gbv=1&oq=incontent%3Aphp'...
[18:02:42 INFO] closing the browser and continuing process..
[18:02:42 INFO] URL successfully gathered, searching for GET parameters...
[18:02:42 INFO] no proxy configuration detected...
[18:02:43 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18)::Python->v2.7'...
[18:02:43 DEBUG] found 'https://www.youtube.com/results?gl=US&tab=w1'...
[18:02:43 DEBUG] found 'http://softexperters.in/content.php?id=215.</span'...
[18:02:43 DEBUG] found 'http://www.santareparata.org/database/evaluation-detail.php?id=213&amp;sa=U&amp;ved=0ahUKEwj5z7vh-sPWAhVT_WMKHXwrBsEQFggrMAQ&amp;usg=AFQjCNGbCrZ36qa4bss_mAplaiQoa_LoeA'...
[18:02:43 DEBUG] found 'http://www.media-partners-asia.com/news.php?id=213&amp;sa=U&amp;ved=0ahUKEwj5z7vh-sPWAhVT_WMKHXwrBsEQFggtMAU&amp;usg=AFQjCNHobsR0pXn_SwrfKKR0l3k6WQ62_Q'...
[18:02:43 DEBUG] found 'http://www.touchstonemag.com/archives/_author.php?id=213&amp;sa=U&amp;ved=0ahUKEwj5z7vh-sPWAhVT_WMKHXwrBsEQFggwMAY&amp;usg=AFQjCNEOeZb-FwNvDbXB56daiuVS7ZwBbw'...
[18:02:43 DEBUG] found 'https://web.alvernia.edu/faq/index.php?action=artikel&cat=61&id=213&artlang=en&amp;sa=U&amp;ved=0ahUKEwj5z7vh-sPWAhVT_WMKHXwrBsEQFgg1MAc&amp;usg=AFQjCNHpcZNm7fKYO0jpyfF7o18KuGuUaw'...
[18:02:43 DEBUG] found 'http://www.image-net.org/api/text/imagenet.synset.geturls?wnid=n04254450&amp;sa=U&amp;ved=0ahUKEwj5z7vh-sPWAhVT_WMKHXwrBsEQFgg6MAg&amp;usg=AFQjCNEAe7aEUe368H1dYujLhrzQxstQtQ'...
[18:02:43 INFO] found a total of 7 URL's with a GET parameter...
[18:02:43 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-11.log'...

[*] shutting down at 18:02:43..

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# 

[Ekultek]

Fuck me that feels good lmao.

[Ekultek]

implementation started here 526807c

More work to be done, so right now it will only work if you use Google search syntax. IE inurl:, incontext, incontent:, etc..

[Ekultek]

Forgot to close the browser, causing rogue processes, fixed here 4ba8a8a

[c4mx]

After playing around with your code, I don't understand why you said:

Well Zeus doesn’t scrape from the browser, it sends one request to the search engine and uses a headless browser to pull the URL, from there it connects to the URL.

I think what you said about "Zeus doesn't scrap from the browser" is not correct. Since the parse_search_results function in your code works as follows:

parse_search_results():
     get_urls()    -> 1) use firefox to send a google search query with session info (and then get a response)
                      2) just return the google search query (URL).
     requests.get() -> using 'requests' to send a HTTP GET for that URL.

So for a dork scan, two requests are sent to google server:

• The first GET is sent via browser
• The second GET is sent via python requests.

This can be verified using a proxy to monitor HTTP and HTTPS traffic of zeus. The following is the all requests sent during one dork scan: All requests in red box are sent by firefox, the last one is sent by requests.get.

From my experience, Google can detect both. To test my guess, I tested your new commit (bypass IP block). It was also blocked after several dorks scan.

I am pretty sure you can reproduce this with a dork text file like the following one: (don't use incontext or incontent, since they are not google advanced operators)

inurl:php?id=0
inurl:php?id=1
inurl:php?id=2
...
inurl:php?id=500

P.S: there is a bug in the ban detection code:

if "http://ipv6.google.com" or "http://ipv4.google.com" in retval:

Maybe it can be changed to:

 ban_urls = ["http://ipv6.google.com", "http://ipv4.google.com"]
 if any(u in retval for u in ban_urls):

[Ekultek]

1.) You can use —show-requests to see the HTTP requests 2.) Zeus does not scrape from the browser, it makes a request to get the URL, then sends a request and parses the search page 3.) Initial implement is done, more work to be done

I don’t have time to read your entire response right now

On Sep 27, 2017, at 5:58 AM, c4mx notifications@github.com wrote:

After playing around with your code, I don't understand why you said:

Well Zeus doesn’t scrape from the browser, it sends one request to the search engine and uses a headless browser to pull the URL, from there it connects to the URL.

I think what you said about "Zeus doesn't scrap from the browser" is not correct. Since the parse_search_results function in your code works as follows:

parse_search_results(): get_urls() -> 1) use firefox to send a google search query with session info (and then get a response) 2) just return the google search query (URL). requests.get() -> using 'requests' to send a HTTP GET for that URL. So for a dork scan, two requests are sent to google server:

The first GET is sent via browser The second GET is sent via python requests. This can be verified using a proxy to monitor HTTP and HTTPS traffic of zeus. The following is the all requests sent during one dork scan:

All requests in red box are sent by firefox, the last one is sent by requests.get.

From my experience, Google can detect both. To test my guess, I tested your new commit (bypass IP block). It was also blocked after several dorks scan.

I am pretty sure you can reproduce this with a dork text file like the following one: (don't use incontext or incontent, since they are not google advanced operators)

inurl:php?id=0 inurl:php?id=1 inurl:php?id=2 ... inurl:php?id=500 P.S: there is a bug in the ban detection code:

if "http://ipv6.google.com" or "http://ipv4.google.com" in retval: Maybe it can be changed to:

ban_urls = ["http://ipv6.google.com", "http://ipv4.google.com"] if any(u in retval for u in ban_urls): — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

[Ekultek]

Okay I have a minute,

I think what you said about "Zeus doesn't scrap from the browser" is not correct. Since the parse_search_results function in your code works as follows:

Here’s how Zeus works;

• Runs a headless hidden browser
• Connects to Google
• Creates a search using a query
• Pulls the URL of the search result page
• Closes the browser and display
• Connects to THAT search result page and parses for the URL’s

It does not scrape from the browser, the browser is just a container to get the IRL so you don’t have to make API requests.

[c4mx]

It does not scrape from the browser, the browser is just a container to get the IRL

Not true here. I understand the idea to get the request URL using a browser. But in your code you trigger the "Enter" button to get that request URL, thus you make the HTTP request to Google in browser.

    search.send_keys(query)
    search.send_keys(Keys.RETURN) ->Here you send the HTTP request to Google
    retval = browser.current_url       -> Get the request URL

See that screenshot of my proxy, you can find the browser made that search request.

Just step back, why don't you use the browser to do all scanning? What make you think getting search URL from browser then send it with requests will bypass search block? Can you explain a bit here?

[Ekultek]

I’m not sure how to further explain this to you, it does make the request to get the URL, of course it has to, that’s logical. Using the browser to do the full search would get you banned faster then using multiple moving parts to obfuscate yourself.

Having said that it would probably be a good idea to not implement a proxy and user-agent during the browser phase.

I’ve already told you, the browser is to bypass the API, obfuscating yourself with different request techniques Python != FireFox and vice versa

[Ekultek]

Let me give you an example of all the requests made by the browser:

baal@baal-Aspire-5733Z:~/bin/python/zeus-scanner$ sudo python zeus.py -d inurl:php?id=10 --verbose --show-requests
[sudo] password for baal: 
[09:38:34 DEBUG] checking if the application has been run before...
[09:38:34 DEBUG] verifying operating system...
[09:38:34 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.18.7db8(revision)
    https://github.com/ekultek/zeus-scanner.git
        Advanced Dork Searching...

[*] starting up at 09:38:34..

[09:38:34 DEBUG] running with options '{'runInVerbose': True, 'showRequestInfo': True, 'dorkToUse': 'inurl:php?id=10'}'...
[09:38:34 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-133.log'...
[09:38:34 DEBUG] showing all HTTP requests because --show-requests flag was used...
[09:38:34 DEBUG] using default search engine (Google)...
[09:38:34 INFO] using default search engine...
[09:38:34 INFO] starting dork scan with query 'inurl:php?id=10'...
[09:38:34 DEBUG] checking for user-agent and proxy configuration...
[09:38:34 INFO] attempting to gather query URL...
[09:38:34 DEBUG] setting up the virtual display to hide the browser...
[09:38:34 INFO] firefox browser display will be hidden while it performs the query...
[09:38:34 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:38:34 DEBUG] running selenium-webdriver and launching browser...
[09:38:34 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
# send the request to get the browser started
send: 'POST /session HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nContent-Length: 3220\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n{"capabilities": {"alwaysMatch": {"acceptInsecureCerts": true, "browserName": "firefox", "moz:firefoxOptions": {"profile": "UEsDBBQAAAAIANFMO0t6lKOc4gMAAFENAAAHAAAAdXNlci5qc51XUW/bNhB+368Y/NQCM2EnK1pkwIAszYABxVLUCArshaCok8WYIjnyaMX/fkfJip1Yot29STKPvPvu+76jYwDPnYfq3awUKDw461GZNXNWK7lj6eMqFo0KQVnztft4KyU4hHL2y8+V0AHe//ZTPNrGNqwRz1zW3jbAg/TKIffRcFQNUMz14nVAC0Xp1ZbewYhCAzcC6ZXDFgwGCkAf35yB1uqNQmYAW+s3jTBiDZ6VKqQNRkMKb1t6Y7aqtDIwnvuT2Io+YWYdUsGBhdq2f5k7erQTO8Mzggnd4ugIL2B9HRP4DIncP365ZddMHMA83Vo4d9GeAx4IGhpAv2MenkBObTukEEB4We9PyGcbRAXdc+JGI3RLVMnntAd6TjUEJrS2LS92vIRKRI2jab0mYA1CY92/U6Z+qySwSvmA36IZP/LAJBFCJPJFQ6cEgoETfyP4PBp0OkbHaqKtIz5xSzt5VQJrAtqOMjO1NtbDLL9BCqbFi0zfh62zCaEoAiOgzYN5cDBR86GXnUIpU2qMh678ihTIpRehHo89Za6xqKrdY+igGokIIKNXuGMyuH3782klN2iVKW3Lyti4I8pkhSRrkJs72ziygkLpdKJR6xr17gwKb3qYeiYKG/Gm0MJsJhqnqXRPDpUn9GBs5x3thEktaJnMMHqdz6iEbdJyYJSP9bJ3nUtB03a9TsrJLX8Bqgate5g/95L8o/9lou+ZipgoS5XMUpwpbu/WrEYkkdQq1Lt5+tmRWucazBoTT68+fJg05VxljsjuMCTV8MaWQp/p5rTZDDju4b+/xM1f+WP24GenSKVkiCyQmwiMJFYS7L9R+amQozEgItppeu4HILdkF7wkpZo111ZcPDV+cMj0kHfrr6bk35qUABtGdBqn32swq0QoSu+Me6jgtNhBeb9crP4mb5JJbr+OLzbQUu8TO/9354cxk41/8cBKaaAnMh2vJHLrFdGG9xenfF0eRJnKA+yG9J9pqt1SPvL8FaPQVm60CphPctBaj/t8GMZEPIzhh3GJLjUxK4Q1GPAkuvSJTjR4PONm/0AM85UUhha92y7Zgi0/sY9l8en9zc3XHdbWzH/fXrGPbxwjKcQagquBpgC/6l4n0n8xc2U2rBMAEaIfPaf8PAI0Kepzr5uVpLi0/XJidvcUY+dtnLTYQ8dJ6PwpcHhO1zzVZ3/a4IMptLUigaX+5j3h6K7T3SCP7joS/MS9eeRmcadtmJjhF/whuMgbDx1JsPt+TlydEdVbNV2P81sKl/4szFOWQs8vEvCQF30qH8z3jiJhuWCKELSP375cdmkIoKsQXa+PnhBp5X9QSwECFAMUAAAACADRTDtLepSjnOIDAABRDQAABwAAAAAAAAAAAAAApIEAAAAAdXNlci5qc1BLBQYAAAAAAQABADUAAAAHBAAAAAA="}}, "firstMatch": [{}]}, "desiredCapabilities": {"acceptInsecureCerts": true, "browserName": "firefox", "moz:firefoxOptions": {"profile": "UEsDBBQAAAAIANFMO0t6lKOc4gMAAFENAAAHAAAAdXNlci5qc51XUW/bNhB+368Y/NQCM2EnK1pkwIAszYABxVLUCArshaCok8WYIjnyaMX/fkfJip1Yot29STKPvPvu+76jYwDPnYfq3awUKDw461GZNXNWK7lj6eMqFo0KQVnztft4KyU4hHL2y8+V0AHe//ZTPNrGNqwRz1zW3jbAg/TKIffRcFQNUMz14nVAC0Xp1ZbewYhCAzcC6ZXDFgwGCkAf35yB1uqNQmYAW+s3jTBiDZ6VKqQNRkMKb1t6Y7aqtDIwnvuT2Io+YWYdUsGBhdq2f5k7erQTO8Mzggnd4ugIL2B9HRP4DIncP365ZddMHMA83Vo4d9GeAx4IGhpAv2MenkBObTukEEB4We9PyGcbRAXdc+JGI3RLVMnntAd6TjUEJrS2LS92vIRKRI2jab0mYA1CY92/U6Z+qySwSvmA36IZP/LAJBFCJPJFQ6cEgoETfyP4PBp0OkbHaqKtIz5xSzt5VQJrAtqOMjO1NtbDLL9BCqbFi0zfh62zCaEoAiOgzYN5cDBR86GXnUIpU2qMh678ihTIpRehHo89Za6xqKrdY+igGokIIKNXuGMyuH3782klN2iVKW3Lyti4I8pkhSRrkJs72ziygkLpdKJR6xr17gwKb3qYeiYKG/Gm0MJsJhqnqXRPDpUn9GBs5x3thEktaJnMMHqdz6iEbdJyYJSP9bJ3nUtB03a9TsrJLX8Bqgate5g/95L8o/9lou+ZipgoS5XMUpwpbu/WrEYkkdQq1Lt5+tmRWucazBoTT68+fJg05VxljsjuMCTV8MaWQp/p5rTZDDju4b+/xM1f+WP24GenSKVkiCyQmwiMJFYS7L9R+amQozEgItppeu4HILdkF7wkpZo111ZcPDV+cMj0kHfrr6bk35qUABtGdBqn32swq0QoSu+Me6jgtNhBeb9crP4mb5JJbr+OLzbQUu8TO/9354cxk41/8cBKaaAnMh2vJHLrFdGG9xenfF0eRJnKA+yG9J9pqt1SPvL8FaPQVm60CphPctBaj/t8GMZEPIzhh3GJLjUxK4Q1GPAkuvSJTjR4PONm/0AM85UUhha92y7Zgi0/sY9l8en9zc3XHdbWzH/fXrGPbxwjKcQagquBpgC/6l4n0n8xc2U2rBMAEaIfPaf8PAI0Kepzr5uVpLi0/XJidvcUY+dtnLTYQ8dJ6PwpcHhO1zzVZ3/a4IMptLUigaX+5j3h6K7T3SCP7joS/MS9eeRmcadtmJjhF/whuMgbDx1JsPt+TlydEdVbNV2P81sKl/4szFOWQs8vEvCQF30qH8z3jiJhuWCKELSP375cdmkIoKsQXa+PnhBp5X9QSwECFAMUAAAACADRTDtLepSjnOIDAABRDQAABwAAAAAAAAAAAAAApIEAAAAAdXNlci5qc1BLBQYAAAAAAQABADUAAAAHBAAAAAA="}}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 448
header: Date: Wed, 27 Sep 2017 14:38:50 GMT
[09:38:50 INFO] browser will open shortly...
# send the POST to the browser to get it running to Google
send: u'POST /session/513b5b13-52cb-4313-9dbf-ea34027e89df/url HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nContent-Length: 81\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n{"url": "http://google.com", "sessionId": "513b5b13-52cb-4313-9dbf-ea34027e89df"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 13
header: Date: Wed, 27 Sep 2017 14:38:51 GMT
[09:38:51 DEBUG] searching search engine for the 'q' element (search button)...
# find the 'q' element and search for the given query
send: u'POST /session/513b5b13-52cb-4313-9dbf-ea34027e89df/element HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nContent-Length: 103\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n{"using": "css selector", "sessionId": "513b5b13-52cb-4313-9dbf-ea34027e89df", "value": "[name=\\"q\\"]"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 88
header: Date: Wed, 27 Sep 2017 14:38:51 GMT
[09:38:51 INFO] searching 'http://google.com' using query 'inurl:php?id=10'...
# get the search page results
send: u'POST /session/513b5b13-52cb-4313-9dbf-ea34027e89df/element/844c8001-0f56-49f4-8dc0-bd7377977658/value HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nContent-Length: 212\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n{"text": "inurl:php?id=10", "sessionId": "513b5b13-52cb-4313-9dbf-ea34027e89df", "id": "844c8001-0f56-49f4-8dc0-bd7377977658", "value": ["i", "n", "u", "r", "l", ":", "p", "h", "p", "?", "i", "d", "=", "1", "0"]}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 13
header: Date: Wed, 27 Sep 2017 14:38:51 GMT
send: u'POST /session/513b5b13-52cb-4313-9dbf-ea34027e89df/element/844c8001-0f56-49f4-8dc0-bd7377977658/value HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nContent-Length: 138\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n{"text": "\\ue006", "sessionId": "513b5b13-52cb-4313-9dbf-ea34027e89df", "id": "844c8001-0f56-49f4-8dc0-bd7377977658", "value": ["\\ue006"]}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 13
header: Date: Wed, 27 Sep 2017 14:38:51 GMT
[09:38:54 DEBUG] obtaining URL from selenium...
# pull the URL from the browser
send: u'GET /session/513b5b13-52cb-4313-9dbf-ea34027e89df/url HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 238
header: Date: Wed, 27 Sep 2017 14:38:54 GMT
[09:38:54 WARNING] it appears that Google is attempting to block your IP address, attempting bypass...
[09:38:54 DEBUG] found current URL from selenium browser 'https://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D10&gbv=1&oq=inurl%3Aphp'...
[09:38:54 INFO] closing the browser and continuing process..
# close the browser and continue the processing
send: u'DELETE /session/513b5b13-52cb-4313-9dbf-ea34027e89df/window HTTP/1.1\r\nHost: 127.0.0.1:52853\r\nAccept-Encoding: identity\r\nConnection: keep-alive\r\nContent-Type: application/json;charset=UTF-8\r\nAccept: application/json\r\nUser-Agent: Python http auth\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Connection: close
header: Content-Type: application/json; charset=utf-8
header: Cache-Control: no-cache
header: Content-Length: 13
header: Date: Wed, 27 Sep 2017 14:38:58 GMT
[09:38:58 INFO] URL successfully gathered, searching for GET parameters...
[09:38:58 INFO] no proxy configuration detected...
# connect to Google with requests and parse for search results
send: 'GET /search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D10&gbv=1&oq=inurl%3Aphp HTTP/1.1\r\nHost: www.google.com\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.18.4\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Wed, 27 Sep 2017 14:39:00 GMT
header: Expires: -1
header: Cache-Control: private, max-age=0
header: Content-Type: text/html; charset=ISO-8859-1
header: P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info."
header: Content-Encoding: gzip
header: Server: gws
header: X-XSS-Protection: 1; mode=block
header: X-Frame-Options: SAMEORIGIN
header: Set-Cookie: NID=113=Qv0CPYrh4wLl8IWES0vCzDsGkmbnYA8kP2Bgp6mBchmImeGEWbey06rLfdGSckvs32Mz1HK4QLBKpu0nVI83e2IvKBV7Tl_lEm6Kg_hLnxCQXkN6dM8JOaRYiCsqtvd8; expires=Thu, 29-Mar-2018 14:39:00 GMT; path=/; domain=.google.com; HttpOnly
header: Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
header: Transfer-Encoding: chunked
[09:38:59 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:38:59 DEBUG] found 'https://www.youtube.com/results?gl=US&tab=w1'...
[09:38:59 DEBUG] found 'http://www.imagesystems.com.mt/index.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFggUMAA&usg=AFQjCNEEwRLZDDn58-9iO39Tuz1wJIspBQ'...
[09:38:59 DEBUG] found 'http://www.icdcprague.org/index.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFggaMAE&usg=AFQjCNHzZ4lFvvPuGbZVRzY5BIeuwUSV_w'...
[09:38:59 DEBUG] found 'http://www.architecturalpapers.ch/index.php?ID=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFgggMAI&usg=AFQjCNH1E_6wkxBEVbLsiA6QcJcGtydFew'...
[09:38:59 DEBUG] found 'http://www.katun.me/page.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFggmMAM&usg=AFQjCNHeZ8UebVQBfAKAf1dqvkyBoToh5g'...
[09:38:59 DEBUG] found 'http://www.marylandfarmlink.com/dynamic_page.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFggsMAQ&usg=AFQjCNH4bzT0-npjFq1o4ocd5JloTNR-fw'...
[09:38:59 DEBUG] found 'http://www.dynatekbikes.com/news.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFggxMAU&usg=AFQjCNGFdCrk0M7ZW4-q3zashnVFpu-w5Q'...
[09:38:59 DEBUG] found 'http://library.olivet.edu/forms/email/index.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFgg3MAY&usg=AFQjCNEnP5NiMZaVQoLti3T6MgJOiyBtpQ'...
[09:38:59 DEBUG] found 'http://www.apsf.org/initiatives.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFgg5MAc&usg=AFQjCNFctk4tVGMvNhojS2r-K_S5Zgpowg'...
[09:38:59 DEBUG] found 'http://hkaudio.com/products.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFgg_MAg&usg=AFQjCNELDeYybAhkg2DioAONBGqsaJPKrQ'...
[09:38:59 DEBUG] found 'http://www.aaainc.org/index.php?id=10&sa=U&ved=0ahUKEwipxZmFzMXWAhUY9mMKHY9YB8EQFghEMAk&usg=AFQjCNHAuLUkDfGbXJ6r2gJB1Ns9YIGBhg'...
[09:38:59 INFO] found a total of 11 URL's with a GET parameter...
[09:38:59 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-13.log'...

[*] shutting down at 09:38:59..

[Ekultek]

Also, about getting banned with your list file:

baal@baal-Aspire-5733Z:~/bin/python/zeus-scanner$ sudo !!
sudo python zeus.py -l dorks.txt --verbose
[09:48:31 DEBUG] checking if the application has been run before...
[09:48:31 DEBUG] verifying operating system...
[09:48:31 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.18.7db8(revision)
    https://github.com/ekultek/zeus-scanner.git
        Advanced Dork Searching...

[*] starting up at 09:48:31..

[09:48:31 DEBUG] running with options '{'runInVerbose': True, 'dorkFileToUse': 'dorks.txt'}'...
[09:48:31 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-134.log'...
[09:48:31 DEBUG] using default search engine (Google)...
[09:48:31 INFO] using default search engine...
[09:48:31 INFO] starting dork scan with query 'inurl:php?id=0'...
[09:48:31 DEBUG] checking for user-agent and proxy configuration...
[09:48:31 INFO] attempting to gather query URL...
[09:48:31 DEBUG] setting up the virtual display to hide the browser...
[09:48:31 INFO] firefox browser display will be hidden while it performs the query...
[09:48:31 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:48:31 DEBUG] running selenium-webdriver and launching browser...
[09:48:31 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:48:48 INFO] browser will open shortly...
[09:48:49 DEBUG] searching search engine for the 'q' element (search button)...
[09:48:49 INFO] searching 'http://google.com' using query 'inurl:php?id=0'...
[09:48:52 DEBUG] obtaining URL from selenium...
[09:48:52 DEBUG] found current URL from selenium browser 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D0&gbv=1&oq=inurl%3Aphp%3Fid%3D0&gs_l=heirloom-hp.3...464.629.0.685.14.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..14.0.0.sikM8qwXrEg'...
[09:48:52 INFO] closing the browser and continuing process..
[09:48:52 INFO] URL successfully gathered, searching for GET parameters...
[09:48:52 INFO] no proxy configuration detected...
[09:48:53 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:48:53 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[09:48:53 DEBUG] found 'https://www.reportingproject.net/jailcrunch/video.php?id=0&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFggUMAA&usg=AFQjCNEo8VqnBNi0s_y02vqBdRNxQX7AYA'...
[09:48:53 DEBUG] found 'https://www.reportingproject.net/jailcrunch/video.php?id=0+inurl:php?id=0&tbo=1&sa=X&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQHwgYMAA'...
[09:48:53 DEBUG] found 'http://www.animenewsnetwork.com/encyclopedia/anime.php?id=19161&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFgggMAI&usg=AFQjCNGreTyI2-mSqOp1Z1_3jFtSvyhT9Q'...
[09:48:53 DEBUG] found 'http://www.greenlandjo.com/newsid.php?id=0&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFgglMAM&usg=AFQjCNFZUN2IDm11CN4qebmBmOM-fRuY8w'...
[09:48:53 DEBUG] found 'http://www.caribmap.org/literature.php?id=0&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFggqMAU&usg=AFQjCNHqAGfKtAT2nnzxJR0llqWFnWrQ4A'...
[09:48:53 DEBUG] found 'http://www.kaaos.com/Gaming/index.php?id=0&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFgg8MAg&usg=AFQjCNFHUBRGzBVem82Rej9URaXghizPzQ'...
[09:48:53 DEBUG] found 'http://www.lizziefinn.com/index.php?id=0&sa=U&ved=0ahUKEwjCqZWgzsXWAhVH5GMKHa4fDMcQFghCMAk&usg=AFQjCNFBlvKiapJ8vU0HvNKso2ttPIiEQw'...
[09:48:53 INFO] found a total of 8 URL's with a GET parameter...
[09:48:53 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-14.log'...
[09:48:53 INFO] starting dork scan with query 'inurl:php?id=1'...
[09:48:53 DEBUG] checking for user-agent and proxy configuration...
[09:48:53 INFO] attempting to gather query URL...
[09:48:53 DEBUG] setting up the virtual display to hide the browser...
[09:48:53 INFO] firefox browser display will be hidden while it performs the query...
[09:48:53 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:48:53 DEBUG] running selenium-webdriver and launching browser...
[09:48:53 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:03 INFO] browser will open shortly...
[09:49:04 DEBUG] searching search engine for the 'q' element (search button)...
[09:49:04 INFO] searching 'http://google.com' using query 'inurl:php?id=1'...
[09:49:07 DEBUG] obtaining URL from selenium...
[09:49:07 DEBUG] found current URL from selenium browser 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D1&gbv=1&oq=inurl%3Aphp%3Fid%3D1&gs_l=heirloom-hp.3...440.485.0.531.14.1.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..14.0.0.ga6R29Loz1U'...
[09:49:07 INFO] closing the browser and continuing process..
[09:49:07 INFO] URL successfully gathered, searching for GET parameters...
[09:49:07 INFO] no proxy configuration detected...
[09:49:08 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:08 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[09:49:08 DEBUG] found 'http://www.bible-history.com/subcat.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFggUMAA&usg=AFQjCNFJs5z8GrUwqg5D0fV01nvbyQJM8w'...
[09:49:08 DEBUG] found 'http://www.romanianwriters.ro/s.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFggaMAE&usg=AFQjCNFJOmu_7YUpNoslw6_38tO4L1zQ1A'...
[09:49:08 DEBUG] found 'http://www.dipintoguitars.com/category.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFgggMAI&usg=AFQjCNHrRorGUjqqa4lFzRZNAsENFIEuKg'...
[09:49:08 DEBUG] found 'http://www.teamgear.us/store.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFggmMAM&usg=AFQjCNHLl9svXnPBIQXNq3wpHvhYCNwrlw'...
[09:49:08 DEBUG] found 'http://www.xrayrisk.com/calculator/calculator-normal-studies.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFggrMAQ&usg=AFQjCNGWnw41T9wQVBdfEdUKwcy8LqBdUw'...
[09:49:08 DEBUG] found 'http://www.bpc.gov.bd/contactus.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFggwMAU&usg=AFQjCNESfqqK4k2p0tavNvwTRtPugpzCjw'...
[09:49:08 DEBUG] found 'https://www.knipex.com/index.php?id=1216&L=1&page=group_detail&parentID=&groupID=2028&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFgg2MAY&usg=AFQjCNFVphQ4FBZeJaIrp_TNpIoxoLLTxw'...
[09:49:08 DEBUG] found 'http://www.jbctools.com/cataleg.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFgg7MAc&usg=AFQjCNHIfxiSjdNYNi6e4kVJxRycftn3Hw'...
[09:49:08 DEBUG] found 'http://pakpips.com/about.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFghBMAg&usg=AFQjCNHaSci43WswPyRWTbWygZadwRXlfw'...
[09:49:08 DEBUG] found 'http://esjindex.org/search.php?id=1&sa=U&ved=0ahUKEwiBsJ2nzsXWAhVR52MKHTG_AcUQFghHMAk&usg=AFQjCNFFOPPTXwOhCYnTYUwN3QUQqyOS-w'...
[09:49:08 INFO] found a total of 11 URL's with a GET parameter...
[09:49:08 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-15.log'...
[09:49:08 INFO] starting dork scan with query 'inurl:php?id=2'...
[09:49:08 DEBUG] checking for user-agent and proxy configuration...
[09:49:08 INFO] attempting to gather query URL...
[09:49:08 DEBUG] setting up the virtual display to hide the browser...
[09:49:08 INFO] firefox browser display will be hidden while it performs the query...
[09:49:08 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:08 DEBUG] running selenium-webdriver and launching browser...
[09:49:08 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:18 INFO] browser will open shortly...
[09:49:19 DEBUG] searching search engine for the 'q' element (search button)...
[09:49:19 INFO] searching 'http://google.com' using query 'inurl:php?id=2'...
[09:49:22 DEBUG] obtaining URL from selenium...
[09:49:22 DEBUG] found current URL from selenium browser 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D2&gbv=1&oq=inurl%3Aphp%3Fid%3D2&gs_l=heirloom-hp.3...456.505.0.544.14.1.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..14.0.0.q5Pe5a3pl0Q'...
[09:49:22 INFO] closing the browser and continuing process..
[09:49:22 INFO] URL successfully gathered, searching for GET parameters...
[09:49:22 INFO] no proxy configuration detected...
[09:49:23 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:23 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[09:49:23 DEBUG] found 'http://www.bible-history.com/subcat.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFggUMAA&usg=AFQjCNEXmZlXZLbKj9VESEepeo3xeZLvKA'...
[09:49:23 DEBUG] found 'http://www.putridflowers.com/music.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFggaMAE&usg=AFQjCNFvC4_k3ZE4tKCP30ZlFzH0ry_hIQ'...
[09:49:23 DEBUG] found 'http://www.dipintoguitars.com/product.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFgggMAI&usg=AFQjCNHYeHszKIvk3v_PFl_3a1N5dli5eg'...
[09:49:23 DEBUG] found 'http://www.i2t2.com/index1.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFggmMAM&usg=AFQjCNFo9Np7DF3KmULJ4oBwErOvzWADXw'...
[09:49:23 DEBUG] found 'http://atmarine.fi/index.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFggsMAQ&usg=AFQjCNF1DP9oAVMYnWy8hVo5WRiFNmvELw'...
[09:49:23 DEBUG] found 'http://www.redseahotels.com/index.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFggyMAU&usg=AFQjCNHvLZxjlFuXUEwUKHm1igzmXe9p5g'...
[09:49:23 DEBUG] found 'http://www.vancouversupermoto.com/page.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFgg4MAY&usg=AFQjCNH567pfCoYT7y9aiFykNf-glvZX5w'...
[09:49:23 DEBUG] found 'http://www.floconsolutions.com/sub_page.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFgg-MAc&usg=AFQjCNHMlv9v0JXjf2yEsQYBLviIBFsLRg'...
[09:49:23 DEBUG] found 'http://www.data-rx.com/index.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFghDMAg&usg=AFQjCNHe8i1s3bfTtPecKA-knAprfIIkdg'...
[09:49:23 DEBUG] found 'http://redwheelweiser.com/p.php?id=2&sa=U&ved=0ahUKEwivhKiuzsXWAhUO7mMKHbApCccQFghIMAk&usg=AFQjCNEjWjmgJnpWOXJwjhrbQipQFd2R7A'...
[09:49:23 INFO] found a total of 11 URL's with a GET parameter...
[09:49:23 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-16.log'...
[09:49:23 INFO] starting dork scan with query 'inurl:php?id=3'...
[09:49:23 DEBUG] checking for user-agent and proxy configuration...
[09:49:23 INFO] attempting to gather query URL...
[09:49:23 DEBUG] setting up the virtual display to hide the browser...
[09:49:23 INFO] firefox browser display will be hidden while it performs the query...
[09:49:23 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:23 DEBUG] running selenium-webdriver and launching browser...
[09:49:23 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:32 INFO] browser will open shortly...
[09:49:33 DEBUG] searching search engine for the 'q' element (search button)...
[09:49:33 INFO] searching 'http://google.com' using query 'inurl:php?id=3'...
[09:49:36 DEBUG] obtaining URL from selenium...
[09:49:36 DEBUG] found current URL from selenium browser 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D3&gbv=1&oq=inurl%3Aphp%3Fid%3D3&gs_l=heirloom-hp.3...377.527.0.574.14.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..14.0.0.fYlhlekPlN8'...
[09:49:36 INFO] closing the browser and continuing process..
[09:49:36 INFO] URL successfully gathered, searching for GET parameters...
[09:49:36 INFO] no proxy configuration detected...
[09:49:37 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:37 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[09:49:37 DEBUG] found 'http://www.minedition.com/en/illustrator_detail.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFggUMAA&usg=AFQjCNEctOFKWwIec-CCKu6CMqynVgrAEw'...
[09:49:37 DEBUG] found 'http://www.webloadmpstore.com/product.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFggaMAE&usg=AFQjCNHqCjs6HsTCPusKEt0nxASWv3a1pQ'...
[09:49:37 DEBUG] found 'http://www.kbccp.org/hot_events.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFgggMAI&usg=AFQjCNH2bktDqboUH7_oIziUwR7K4Q4-xA'...
[09:49:37 DEBUG] found 'http://www.opentextbookstore.com/details.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFggmMAM&usg=AFQjCNEpOcHh8NUVYpyCwJEBUaNJEy-h2A'...
[09:49:37 DEBUG] found 'http://www.dipintoguitars.com/product.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFggsMAQ&usg=AFQjCNFu44EJb3Jqcknhe6yN4CnuNJWfJg'...
[09:49:37 DEBUG] found 'https://support.steampowered.com/kb_cat.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFggyMAU&usg=AFQjCNGxgRvCzre-9bHECiUmvNLgbFB5EQ'...
[09:49:37 DEBUG] found 'https://support.steampowered.com/kb_cat.php?id=3+inurl:php?id=3&tbo=1&sa=X&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQHwg2MAU'...
[09:49:37 DEBUG] found 'http://www.steelvapetech.com/products.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFgg4MAY&usg=AFQjCNGgtGi2Fx7ozGa1clZDFZr-akDPsw'...
[09:49:37 DEBUG] found 'http://www.f10products.co.za/index.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFgg9MAc&usg=AFQjCNHteRMSOlw-xIi7SEemdXhQrK-JTQ'...
[09:49:37 DEBUG] found 'http://www.go100percent.org/cms/index.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFghCMAg&usg=AFQjCNEzN69rxyRFB6UOTA8m4-Fybr3Gzw'...
[09:49:37 DEBUG] found 'http://www.edgeofexistence.org/mammals/species_info.php?id=3&sa=U&ved=0ahUKEwirupG1zsXWAhVK7WMKHU3uC8YQFghIMAk&usg=AFQjCNFbx17AFsbU4KsPRXzn2zj6h92Agw'...
[09:49:37 INFO] found a total of 12 URL's with a GET parameter...
[09:49:37 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-17.log'...
[09:49:37 INFO] starting dork scan with query 'inurl:php?id=4'...
[09:49:37 DEBUG] checking for user-agent and proxy configuration...
[09:49:37 INFO] attempting to gather query URL...
[09:49:37 DEBUG] setting up the virtual display to hide the browser...
[09:49:37 INFO] firefox browser display will be hidden while it performs the query...
[09:49:37 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[09:49:37 DEBUG] running selenium-webdriver and launching browser...
[09:49:37 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:48 INFO] browser will open shortly...
[09:49:49 DEBUG] searching search engine for the 'q' element (search button)...
[09:49:49 INFO] searching 'http://google.com' using query 'inurl:php?id=4'...
[09:49:52 DEBUG] obtaining URL from selenium...
[09:49:52 DEBUG] found current URL from selenium browser 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3Fid%3D4&gbv=1&oq=inurl%3Aphp%3Fid%3D4&gs_l=heirloom-hp.3...471.640.0.714.14.2.0.0.0.0.0.0..0.0....0...1.1.34.heirloom-hp..14.0.0.Vlqat7UHzXc'...
[09:49:52 INFO] closing the browser and continuing process..
[09:49:53 INFO] URL successfully gathered, searching for GET parameters...
[09:49:53 INFO] no proxy configuration detected...
[09:49:53 INFO] adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.18.7db8)::Python->v2.7'...
[09:49:53 DEBUG] found 'http://www.youtube.com/results?gl=US&tab=w1'...
[09:49:53 DEBUG] found 'http://www.webscantest.com/datastore/search_get_by_id.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFggUMAA&usg=AFQjCNGH1tBfzzSCQ0hqBl-s6HcASl6G_A'...
[09:49:53 DEBUG] found 'http://yggdrasilrecords.net/artists.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFggaMAE&usg=AFQjCNGcYtmO9kN9w7ItfOYbcM4910rb_g'...
[09:49:53 DEBUG] found 'http://coda.cc/product/product.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFggfMAI&usg=AFQjCNF5ms_jYmday2Y2Q_qJiotES0Fkiw'...
[09:49:53 DEBUG] found 'http://www.romanianwriters.ro/author.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFgglMAM&usg=AFQjCNEhzVFP-swp84baC7OTcGFlWtG0qA'...
[09:49:53 DEBUG] found 'http://www.patriciapiccinini.net/essay.php/?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFggrMAQ&usg=AFQjCNH8-PzL7S_8QOBXG7QoIiHTXchdIw'...
[09:49:53 DEBUG] found 'http://www.dipintoguitars.com/product.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFggxMAU&usg=AFQjCNGXc9KHQfE3KOkknoC94u9SR0X45w'...
[09:49:53 DEBUG] found 'http://predictablesuccess.info/quiz/quiz.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFgg3MAY&usg=AFQjCNEmZymrmhq_oN0AkIPG_D3d_gA1DQ'...
[09:49:53 DEBUG] found 'http://www.jamestrussart.com/models_detail.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFgg5MAc&usg=AFQjCNFjFpeXuNjrCSMFqeUY3dRjyD6orQ'...
[09:49:53 DEBUG] found 'http://www.lifeskillstraining.com/faq.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFgg_MAg&usg=AFQjCNHLZ4Q1UreHEJb50BhYVP6xh0xs0Q'...
[09:49:53 DEBUG] found 'http://www.cacert.org/index.php?id=4&sa=U&ved=0ahUKEwjZou28zsXWAhUI22MKHd8rCo4QFghEMAk&usg=AFQjCNG1dOBSSwHLzhJmH5Lr_2mrVVgo0g'...
[09:49:53 INFO] found a total of 11 URL's with a GET parameter...
[09:49:53 INFO] saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-18.log'...

[*] shutting down at 09:49:53..

baal@baal-Aspire-5733Z:~/bin/python/zeus-scanner$ 

[Ekultek]

If you, have any ideas about how to do any bypasses, or any suggestions, create a pull request for them. Don't just sit here and complain about it, this is open source, I am more then willing to look at your ideas, an listen to your feedback about information that is presented to me. If you want something changed, make a pull request, thanks,

[Ekultek]

Initial support is done via 526807c. Still more work to be done, moving onto fixing the XSS scanner for now.

[Ekultek]

PS:

ban_urls = ["http://ipv6.google.com", "http://ipv4.google.com"] if any(u in retval for u in ban_urls):

Will be implemented next push

[Ekultek]

I’m going to reopen this and reference #56 here, I have an idea of what I need to do

[Ekultek]

http://ipv6.google.com/sorry/index?continue=http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl%3Aphp%3F*index*%3D&gbv=1&oq=inurl%3Aphp%3F*index*%3D&gs_l=heirloom-hp.3..0i131l3j0l2j0i131j0j0i131l2j0.899.1431.0.1609.18.2.0.0.0.0.98.98.1.1.0....0...1.1.34.heirloom-hp..17.1.97.fsJgHog94G4&hl=en&q=EhAmAIgDuACGgPCMXXGWS8MsGIXb784FIhkA8aeDS11kWUxSD1ojYj720fGhHcXKsbLIMgFy

URL: http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl:php?*index*=&gbv=1&oq=inurl:php?*index*=

[Ekultek]

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# python zeus.py -d inurl:php?id=0 --verbose
[15:00:18 DEBUG] checking if the application has been run before...
[15:00:18 DEBUG] verifying operating system...
[15:00:18 DEBUG] already ran, skipping...

    __          __________                             __   
   / /          \____    /____  __ __  ______          \ \  
  / /    ______   /     // __ \|  |  \/  ___/  ______   \ \ 
  \ \   /_____/  /     /\  ___/|  |  /\___ \  /_____/   / / 
   \_\          /_______ \___  >____//____  >          /_/  
                       \/   \/           \/  v1.0.34.98ac(revision)
        https://github.com/ekultek/zeus-scanner.git
                Advanced Dork Searching...

[*] starting up at 15:00:18..

[15:00:18 DEBUG] running with options '{'runInVerbose': True, 'dorkToUse': 'inurl:php?id=0'}'...
[15:00:18 INFO] log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-27.log'...
[15:00:18 DEBUG] using default search engine (Google)...
[15:00:18 INFO] using default search engine...
[15:00:18 INFO] starting dork scan with query 'inurl:php?id=0'...
[15:00:18 DEBUG] checking for user-agent and proxy configuration...
[15:00:18 INFO] attempting to gather query URL...
[15:00:18 DEBUG] setting up the virtual display to hide the browser...
[15:00:19 INFO] firefox browser display will be hidden while it performs the query...
[15:00:19 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[15:00:19 DEBUG] running selenium-webdriver and launching browser...
[15:00:19 DEBUG] adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.34.98ac)::Python->v2.7'...
[15:00:32 INFO] browser will open shortly...
[15:00:35 DEBUG] searching search engine for the 'q' element (search button)...
[15:00:35 INFO] searching 'http://google.com' using query 'inurl:php?id=0'...
[15:00:38 DEBUG] obtaining URL from selenium...
[15:00:38 WARNING] it appears that Google is attempting to block your IP address, attempting bypass...
[15:00:38 PROMPT] zeus was able to successfully extract the URL from Google's ban URL it is advised to shutdown zeus and attempt to extract the URL's manually. failing to do so will most likely result in no results being found by zeus. would you like to shutdown[y/N]: y
[15:00:44 INFO] successfully wrote found items to '/home/baal/bin/python/zeus-scanner/log/extracted-url-log/extracted-url-3.log'...
[15:00:44 INFO] it is advised to use the built in blackwidow crawler with the extracted URL (IE -b 'http://www.google.com/search?ie=ISO-8859-1&hl=en&source=hp&biw=&bih=&q=inurl:php?id=0&gbv=1&oq=inurl:php?id=0')

[*] shutting down at 15:00:44..

root@baal-Aspire-5733Z:~/bin/python/zeus-scanner# 

So I can extract the URL from the ban URL but cannot continue from it because Google doesn't like that, I can however get the URL and save it for you:

Gonna close this, because you will still be bale to get the Google URL successfully. It's up to you what you do with it