Why now allow using dorks from duckduckgo?

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool

http://sqlmap.org

Other

32.14k stars 5.68k forks source link

Why now allow using dorks from duckduckgo? #1296

Closed brunoamancio closed 9 years ago

brunoamancio commented 9 years ago

DuckDuckGo uses dorks, just like google. Scanning from google makes them suspicious and temporarily ban by IP. If using proxy is not wanted, having DuckDuckGo as option 2 would be nice.

What do you guys think?

stamparm commented 9 years ago

It seems that they have a pretty harsh anti-scrapping/robot policy. Trying:

curl --data "q=foobar" "https://duckduckgo.com/html/"

curl "https://duckduckgo.com/d.js?q=inurl%3A%22%3Fid%3D1%22"

cut me out after cca. 10 requests.

brunoamancio commented 9 years ago

Indeed. I hadn't noticed that.

stamparm commented 9 years ago

Also, automatically being used in case of failing with Google:

https://github.com/sqlmapproject/sqlmap/blob/master/lib/utils/google.py#L111-L159