SkillAgentSearch skills...

GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

GenerateConvertImprove

Install / Use

/learn @m3n0sd0n4ld/GooFuzz
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<p align="center"> <img width="460" height="300" src="images/goofuzz.png"> </p> <p align="center"> <a href="https://github.com/m3n0sd0n4ld/GooFuzz/releases"> <img src="https://img.shields.io/github/v/release/m3n0sd0n4ld/GooFuzz?include_prereleases&style=flat-square"> </a> <a href="https://www.gnu.org/licenses/gpl-3.0.en.html"> <img src="https://img.shields.io/github/license/m3n0sd0n4ld/GooFuzz?style=flat-square"> </a> <a href="https://github.com/m3n0sd0n4ld/GooFuzz/issues?q=is%3Aissue+is%3Aopen"> <img src="https://img.shields.io/github/issues/m3n0sd0n4ld/GooFuzz?style=flat-square"> <a href="https://github.com/m3n0sd0n4ld/GooFuzz/commits/master"> <img src="https://img.shields.io/github/last-commit/m3n0sd0n4ld/GooFuzz?style=flat-square"> <a href=""> <img src="https://img.shields.io/twitter/follow/David_Uton?style=flat-square"> </a> <br> <h1 align="center">GooFuzz - The Power of Google Dorks</h1> <br> </p>

Credits

Author: M3n0sD0n4ld
Twitter: @David_Uton

Description:

GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server.

What's new

Want to learn about the new features in version 2.0 and how to use the tool correctly?

Check out the following article and get the most out of the tool.

Prerequisites

  • Bash/Zsh: The main engine where the script runs.
  • curl: Used to make HTTP requests to search engines.
  • jq: Required to process and filter responses in JSON format.
  • sed: Standard text processing tool in Unix systems.
  • Google API and create a programmable search engine: Required to add the cxId and apikey to a file. Both are free.

Get your API Key

  1. Go to Google Cloud Console.
  2. Create a new project (give it a name, such as GooFuzz-Project).
  3. In the search bar at the top, type "Custom Search API" and click the Enable button.
  4. Once enabled, go to the "Credentials" tab in the left-hand menu.
  5. Click on "Create credentials" -> "API key".
  6. Keep it safe! That's your API key.

2. Get your CX ID (Programmable Search Engine)

  1. Go to the Programmable Search Engine dashboard.
  2. Click “Add” to create a new search engine.
  3. In the “What to search” section, select “Search the entire Web” (this is vital so that GooFuzz is not limited to a single website).
  4. Give it a name (e.g., GooFuzz-Search) and click Create.
  5. Now go to the settings for the search engine you just created and look for “Search engine ID.”
  6. That alphanumeric code is your cxId.

Download and install:

git clone https://github.com/m3n0sd0n4ld/GooFuzz.git
cd GooFuzz
sudo apt install jq
chmod +x GooFuzz
./GooFuzz -h

Docker version:

git clone https://github.com/m3n0sd0n4ld/GooFuzz.git
cd GooFuzz
docker build -t goofuzz .
docker run --rm -it goofuzz -h

Use:

Menu

> ./GooFuzz -h
*********************************************************
* GooFuzz v.2.0 - The Power of Google Dorks             *
*                                                       *
* David Utón (@David_Uton)                              *
*********************************************************

Usage:
    -h                        Display this help message.
    -k <FILE>                 Specify a FILE with CX_ID,API_KEY pairs, one per line.
    -w <DICTIONARY>           Specify a DICTIONARY, PATHS or FILES.
    -e <EXTENSION>            Specify comma-separated extensions.
    -t <TARGET>               Specify a DOMAIN or IP Address.
    -p <PAGES>                Specify the number of PAGES (Default: 1).
    -x <EXCLUSIONS>           EXCLUDES targets (comma-separated or file).
    -d <DELAY>                Delay in seconds between requests.
    -s                        Lists subdomains of the specified domain.
    -c <TEXT>                 Specify relevant content (comma-separated or file).
    -o <FILENAME>             Export the results to a file (results only).
    -r <PROXY>                Specify an [protocol://]host[:port] proxy.

Examples:
    GooFuzz -t site.com -k keys_file.txt -e pdf,doc,bak
    GooFuzz -t site.com -k keys_file.txt -s -p 10 -d 5 -o GooFuzz-subdomains.txt
    GooFuzz -t site.com -k keys_file.txt -w config.php,admin,/images/
    GooFuzz -t site.com -k keys_file.txt -w wordlist.txt
    GooFuzz -t site.com -k keys_file.txt -w login.html -x dev.site.com
    GooFuzz -t site.com -k keys_file.txt -w admin.html -x exclusion_list.txt
    GooFuzz -t site.com -k keys_file.txt -c P@ssw0rd!
    GooFuzz -t site.com -k keys_file.txt -e pdf -r http://proxy.example.com:8080

Lists files by extensions separated by commas.

> ./GooFuzz -t nasa.gov -e pdf,doc,docx,txt,xls,zip -p 3 -k apikey.lst -o extensions.txt

*********************************************************
* GooFuzz v.2.0 - The Power of Google Dorks             *
*********************************************************

Target: nasa.gov

===================================================================
Extension: pdf
===================================================================
https://above.nasa.gov/pdfs/20171020_ASC_Webinar.pdf
https://above.nasa.gov/safety/documents/Bear/bear_ID_brochure_BC.pdf
https://carbon.nasa.gov/pdfs/CMSAVtelecon_20150401_McKainSargent.pdf
https://fun3d.larc.nasa.gov/papers/LowPrecisionSolver.pdf
https://go.nasa.gov/385anj3
https://go.nasa.gov/42QfgGH
https://human-factors.arc.nasa.gov/publications/wenzel_1993_Localization_Head_Related.pdf
https://humansystems.arc.nasa.gov/publications/Barshi_Procedure_Checklist_Design_NASA_TM_2016.pdf
https://mars.nasa.gov/internal_resources/1489/
https://naif.jpl.nasa.gov/pub/naif/generic_kernels/spk/planets/de430_and_de431.pdf
https://nodis3.gsfc.nasa.gov/OPD_Docs/NAII_2800_2_.pdf
https://oig.nasa.gov/docs/IG-15-013.pdf
https://oig.nasa.gov/docs/IG-17-016.pdf
https://oig.nasa.gov/docs/IG-18-016.pdf
https://oig.nasa.gov/docs/IG-18-021.pdf
https://oig.nasa.gov/docs/IG-19-022.pdf
https://orbitaldebris.jsc.nasa.gov/library/usg_orbital_debris_mitigation_standard_practices_november_2019.pdf
https://s3vi.ndc.nasa.gov/ssri-kb/static/resources/529x0g1.pdf
https://sealevel.nasa.gov/internal_resources/535/Suva_Fiji_combined.pdf
https://smap.jpl.nasa.gov/files/smap2/SMAP_Handbook_FINAL_1_JULY_2014_Web.pdf
https://spacemath.gsfc.nasa.gov/moon/5Page28.pdf
https://spacemath.gsfc.nasa.gov/stars/5Page44.pdf
https://spacemath.gsfc.nasa.gov/stars/6Page106.pdf
https://spacemath.gsfc.nasa.gov/weekly/10Page55.pdf
https://spacemath.gsfc.nasa.gov/weekly/6Page89.pdf
https://spaceradiation.larc.nasa.gov/nasapapers/RP1257.pdf
https://spinoff.nasa.gov/back_issues_archives/1985.pdf
https://swift.gsfc.nasa.gov/analysis/xrt_swguide_v1_2.pdf
https://tmo.jpl.nasa.gov/progress_report2/42-44/44N.PDF
https://wind.nasa.gov/docs/MFI_Lepping_SSR1995.pdf

===================================================================
Extension: doc
===================================================================
https://acquisition.jpl.nasa.gov/download/terms-conditions/solicitation-group-a/A16-0359.doc
https://acquisition.jpl.nasa.gov/download/terms-conditions/solicitation-group-b/B13-2703.doc
https://acquisition.jpl.nasa.gov/download/terms-conditions/solicitation-group-b/B1-62-301.doc
https://acquisition.jpl.nasa.gov/download/terms-conditions/solicitation-group-b/B7-2891.doc
https://acquisition.jpl.nasa.gov/download/terms-conditions/supporting-documents/1047-NC.doc
https://acquisition.jpl.nasa.gov/download/terms-conditions/supporting-documents/JPL-Form-7112.doc
https://invention.nasa.gov/assets/downloads/nf1679.doc

===================================================================
Extension: docx
===================================================================
https://exoplanets.nasa.gov/internal_resources/1914/

===================================================================
Extension: txt
===================================================================
https://nrt3.modaps.eosdis.nasa.gov/archive/FIRMS/modis-c6.1/Canada/MODIS_C6_1_Canada_MCD14DL_NRT_2025329.txt
https://nrt3.modaps.eosdis.nasa.gov/archive/FIRMS/modis-c6.1/USA_contiguous_and_Hawaii/MODIS_C6_1_USA_contiguous_and_Hawaii_MCD14DL_NRT_2025314.txt
https://nrt3.modaps.eosdis.nasa.gov/archive/FIRMS/suomi-npp-viirs-c2/Northern_and_Central_Africa/SUOMI_VIIRS_C2_Northern_and_Central_Africa_VNP14IMGTDL_NRT_2025193.txt
https://www3.nasa.gov/robots.txt

===================================================================
Extension: xls
===================================================================
https://carbon.nasa.gov/files/tempfiles/cms_short_products_excel.xls

Lists files by extensions contained in a txt file.

> ./GooFuzz -t nasa.gov -e wordlists/extensions.txt -k apikey.lst -o extensions.txt

*********************************************************
* GooFuzz v.2.0 - The Power of Google Dorks             *
*********************************************************

Target: nasa.gov

===================================================================
Extension: pdf
===================================================================

https://history.nasa.gov/alsj/a11/A11_PressKit.pdf
https://history.nasa.gov/alsj/a13/A13_PressKit.pdf
https://history.nasa.gov/alsj/a14/A14_PressKit.pdf
https://history.nasa.gov/alsj/a15/A15_PressKit.pdf
https://history.nasa.gov/alsj/a410/A09_PressKit.pdf
https://oig.nasa.gov/NASA2011MajorChallenges.pdf
https

m3n0sd0n4ld

View profile

View on GitHub
GitHub Stars1.6k
CategoryDevelopment
Updated7d ago
Forks159
m3n0sd0n4ld/GooFuzz

Languages

Shell

Security Score

100/100

Audited on Mar 19, 2026

No findings