--help / -h |
Help. |
--proxy |
Set tor proxy for scans [EX: --proxy "socks4://localhost:9050"]
Set proxy [EX: --proxy "http://12.45.44.2:8080"]
Set proxy list [EX: --proxy file] |
--prandom |
Random proxy [EX: --prandom file] or --prandom "socks://localhost:9050"] |
--motor / -m |
bing google ask yandex sogou exalead googleapis googlecache or all |
--apikey |
Apikey |
--cx |
Googleapis ID |
--mrandom |
Random of given engines |
--brandom |
Random all disponibles agents |
--freq |
Random time frequency (in seconds) |
--time |
set browser time out |
--dork / -d |
Dork to search [Ex: house [OTHER]cars [OTHER]hotel]
|
--target / -t |
Target |
--level / -l |
Scan level (Number of results pages to scan) |
--zone |
Search engine country. |
--param / -p |
Set test parameter EX:id,cat,product_ID |
--save / -s |
Output. |
--source |
Html output file |
--bugtraq |
Serach exploits and issues |
--content |
Print request content |
--data |
Post and Get forms. See examples |
--vshell |
Validate by url ex: --HOST/shell.php or file |
--post |
Use post method |
--get |
Use get method |
--header |
Set headers |
--fullHeaders |
Print full request headers |
--host |
Domain name [Ex: site.com] |
--nobanner |
Hide tool banner |
--beep |
Produce beep sound if positive scan found. |
--ifend |
Produce beep sound when scan process is finished. |
--noverbose |
No scan verbose. |
--ping |
Host ping. |
--limit |
Limit max positive scan results. |
--valid / -v |
Validate by string at least 1 is matching |
--validAll |
Validate all given strings |
--status |
Validate by http header status |
--server |
Validate by server |
--ifinurl |
Get targets with exact string matching |
--sregex |
Get targets with exact regex matching |
--exclude |
Get targets where strings do not exist in html |
--excludeAll |
Get targets where all strings do not exist in html |
--unique |
Get targets with exact dork matching |
--replace |
Replace exact string |
--replaceFROM |
Replace from string to the end of target |
--exp / -e |
Exploit/Payload will be added to full target |
--expHost |
Exploit will be added to the host |
--expIp |
Exploit will be added to the host ip |
--xss |
Xss scan |
--sql |
Sqli scan |
--lfi |
Local file inclusion |
--joomrfi |
Scan for joomla local file inclusion. |
--shell |
Shell link [Ex: http://www.site.com/shell.txt] |
--wpafd |
Scan wordpress sites for arbitrary file download |
--admin |
Get site admin page |
--shost |
Get site subdomains |
--port |
port |
--tcp |
TCP port |
--udp |
UDP port |
--getlinks |
Get target html links |
--wp |
Wordpress site |
--joom |
Joomla site |
--zip |
Get zip files |
--md5 |
Convert to md5 |
--encode64 |
Encode base64 string |
--decode64 |
decode base64 string
|
--TARGET |
Will be replaced by target in extern command |
--HOST |
Will be replaced by host in extern command |
--HOSTIP |
Will be replaced by host IP in extern command |
--PORT |
Will be replaced by open port in extern command |
--ips |
Collect Ips |
--geoloc |
Ip geolocalisation |
--regex |
Crawl to get strings matching regex |
--noquery |
Remove string value from Query url [ex: site.com/index.php?id=string] |
--command / -c |
Extern Command to execute |
--popup |
Execute Extern Command in new terminal window |
--zoneH |
Upload to Zone-H |
--cookies |
Cookies output file |
--email |
Collect emails |
rang(x-y) |
EX: --expHost "/index.php?id=rang(1-9)" --sql OR -t "site.com/index.php?id=rang(1-9)" --sql
site.com/index.php?id=1 -> 9. |
repeat(txt-y) |
EX: --expHost "/index.php?id=repeat(../-9)wp-config.php" --sql OR -t "site.com/index.php?id=../wp-config.php"
In site.com/index.php?id=../wp-config.php then site.com/index.php?id=../../wp-config.php 9 times |
[OTHER] |
To separate values ex: dork1 [OTHER]DORK2 [OTHER]DORK3 |
--googleapi |
Google Apis |
--shodan |
Shodan search |
--count |
Search Shodan without Results |
--count |
Search Shodan |
--dnsreverset |
Shodan Reverse DNS Lookup |
--dnsresolve |
Shodan Resolve DNS Lookup |
--tokens |
String filters and parameters |
--querysearch |
Search the directory of saved Shodan search queries |
--query |
List the saved Shodan search queries |
--querytags |
List the most popular Shodan tags |
--myip |
List all services that Shodan crawls |
--services |
List all services that Shodan crawls |
--apinfo |
My Shodan API Plan Information |
--ports |
List of port numbers that the crawlers are looking for |
--protocols |
List all protocols that can be used when performing on-demand Internet scans via Shodan. |
--honeyscore |
Calculates honeypot score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) in shodan |
--facets |
Shodan search facets |
--update |
Update tool |
--repair |
Repair or force tool update. |
--tool / -? |
Tool info. |
--config |
User configuration. |
--interactive / -i |
Interactive mode interface. |
--uninstall |
Uninstall Tool. |