Skip to content

amnottdevv/AtDork

BranchesTags

Repository files navigation

AtDork – Professional OSINT Dorking Tool

Version Python License Platform Tests Lines PyPI Downloads

AtDork is a powerful, ethical OSINT tool that performs advanced search queries (Google Dorks) across multiple search engines simultaneously. Designed for security researchers, penetration testers, and bug bounty hunters, it automates the discovery of exposed documents, vulnerable parameters, misconfigured servers, and other sensitive information available on the public web.

Why AtDork?

  • 🚀 Blazing fast – Multi‑threaded batch processing with configurable concurrency.
  • 🔍 Multi‑engine – Queries DuckDuckGo, Google, Bing, Startpage, Yandex, Yahoo, and more.
  • 🛡️ Anonymous – Built‑in proxy rotation, Tor integration, strict mode to prevent IP leaks. NEW: IP leak detection (--ip-guard) stops the scan immediately if your real IP is exposed.
  • 🧹 Clean results – Automatic spam filtering, URL validation, and deduplication.
  • 📊 Professional output – Export to JSON, CSV, TXT; SQLite database for history and resume. CSV exports are now protected against formula injection.
  • 🎯 Smart filtering – Vulnerability signature detection for WordPress, Joomla, SQLi, and more.
  • 📝 Template system – Curated YAML‑based dork collections for instant productivity.
  • ⚙️ Highly configurable50+ CLI flags to control every aspect of your search.
  • 🔧 Post‑processing – Execute external commands on discovered URLs (--exec).
  • 💾 Caching – Cache search results locally to avoid redundant requests and enable offline access.
  • 🔒 Safe logging – Proxy credentials are automatically redacted from log files to prevent accidental leaks.

Installation

From PyPI (Recommended)

pip install atdork

From Source

git clone https://github.com/amnottdevv/atdork.git
cd atdork
pip install .

Verify Installation

atdork --version
# Output: atdork 1.3.8

Quick Start

1. Your First Search

atdork -q "site:gov filetype:pdf" -r 10

This finds PDF files on government websites and displays the top 10 results.

2. Save Results to a File

atdork -q "intitle:index.of mp3" -r 20 --format json -o music.json

3. Batch Processing

Create a file dorks.txt:

site:edu filetype:xls
inurl:admin login
intitle:"index of" "backup"

Run them all at once:

atdork --batch-file dorks.txt -r 30 --format csv -o results.csv

4. Search with Proxy (Anonymous)

atdork -q "confidential filetype:docx" --proxy "http://user:pass@proxy:8080" --strict

Detailed Usage

Single Query

atdork -q "inurl:product.php?id=" -r 50 --backend google --region uk-en --safesearch off
Flag Purpose
-q Your dork query
-r Number of results (max 100)
--backend Search engine: google, bing, duckduckgo, startpage, yandex, auto
--region Region code: us-en, uk-en, de-de, ru-ru, etc.
--safesearch on, moderate, off

Batch Processing with Multi‑Threading

atdork --batch-file dorks.txt -r 40 --concurrency 5 --delay 2 --format json -o batch_results.json
Flag Purpose
--batch-file Text file with one dork per line
--concurrency Number of parallel threads (1‑10)
--delay Seconds between requests (avoid rate limits)
-o Save all results to a single file
--output-dir Save each query result as a separate file

Template Dorks (Pre‑Built)

List available templates:

atdork --list-templates

Use a template:

atdork --template sqli --target example.com -r 30

Combine multiple templates with custom queries:

atdork --template sqli,wordpress,exposed_config -q "site:gov filetype:pdf" -r 25

Preview what a template will do:

atdork --template login_panels --preview

Run only specific dorks from a template:

atdork --template sqli --select 1,3,5 -r 20
Flag Purpose
--template Template name(s), comma‑separated
--target Domain to substitute {target} in template dorks
--select Run specific dork numbers from template
--list-templates Show all available templates
--preview Show dorks without executing
--template-path Custom template folder

Proxy & Anonymity

# Single proxy
atdork -q "target" --proxy "http://user:pass@host:8080"

# Multiple proxies (comma‑separated)
atdork -q "target" --proxy "http://p1:8080,socks5://p2:1080"

# From file
atdork -q "target" --proxy-file proxies.txt

# Tor integration
atdork -q "target" --tor --strict

# Strict mode (fail if all proxies down)
atdork -q "target" --proxy-file proxies.txt --strict

# Proxy management
atdork -q "target" --proxy-file proxies.txt --proxy-cooldown 120 --max-failures 3

Proxy file format (proxies.txt):

# HTTP proxies
http://user:pass@dc1.provider.com:3128
http://user:pass@dc2.provider.com:3128

# SOCKS proxies
socks5://res1.provider.com:1080
socks5h://res2.provider.com:1080

# Comments with # are ignored

Vulnerability Filtering

# Basic WordPress detection
atdork -q "inurl:wp-content" -r 30 --filter-vuln wordpress

# Link‑only filter (only matches URLs)
atdork -q "site:example.com" --filter-vuln wordpress-link

Create your own wordlist files in wordlists/ folder:

# wordlists/myplatform.txt
wp-content
wp-admin
wp-includes

Resilience & Rate Limiting

# Enable circuit breaker & backend fallback
atdork --batch-file dorks.txt --resilient

# Adaptive delay based on backend response
atdork --batch-file dorks.txt --adaptive-delay

# Combined
atdork --batch-file dorks.txt --resilient --adaptive-delay --concurrency 5 --delay 2

Output Validation

# Disable all filtering (keep raw results)
atdork -q "test" --no-validate

# Strict filtering (require non‑empty snippet)
atdork -q "test" --strict-filter

# Granular control
atdork -q "test" --validate-url only --validate-title 10 --validate-desc 50 --validate-spam true

Database & History

# Resume interrupted batch
atdork --resume

# View search history
atdork --history

# Export database to JSON/CSV
atdork --export-db all_results.json

# Disable duplicate URL detection
atdork -q "test" --no-dedup

IP Leak Detection (NEW)

# Halt immediately if your real IP is exposed while using proxies
atdork --batch-file dorks.txt --proxy-file proxies.txt --strict --ip-guard

Post‑Processing (NEW)

# Run a command for every discovered URL
atdork -q "inurl:admin" -r 10 --exec "curl -I {} | grep Server"

# Run a command only on URLs flagged as vulnerable
atdork -q "inurl:wp-content" -r 30 --filter-vuln wordpress --exec-on-vuln "wpscan --url {}"

Cache Results (NEW)

# Cache search results for 24 hours (default)
atdork -q "site:gov filetype:pdf" -r 20 --cache

# Use cached results only (offline mode)
atdork -q "site:gov filetype:pdf" -r 20 --cache-only

# Clear all cached data
atdork --clear-cache

Complete Flag Reference

Flag Description Default
-q, --query Search dork query
-r, --max-results Maximum results (1‑100) 20
--batch-file File with one query per line
--batch-separator Separator for inline queries ;
-o, --output Save results to file
--output-dir Save each query to separate file
--format Output format: txt, json, csv txt
-v, --verbose Show results in batch mode
--no-snippet Hide snippets in terminal
--template Load dork template(s)
--target Domain for template substitution
--select Select specific dorks from template
--list-templates List available templates
--template-path Custom template directory
--preview Preview template dorks
--region Search region us-en
--safesearch on, moderate, off moderate
--timelimit d, w, m, y
--backend Search engine(s) auto
--user-agent Custom User‑Agent auto‑rotate
--timeout Request timeout (seconds) 10
--retries Retry attempts on failure 2
--delay Delay between requests (seconds) 0
--proxy Comma‑separated proxy URLs
--proxy-file File with proxy URLs
--tor Use Tor SOCKS5 proxy
--strict Fail if all proxies down
--proxy-cooldown Cooldown after proxy failure (seconds) 60
--max-failures Remove proxy after N failures 3
--concurrency Parallel threads for batch 1
--resilient Enable circuit breaker & fallback
--adaptive-delay Enable adaptive rate limiting
--ip-guard Enable IP leak detection
--exec Execute command on each result URL
--exec-on-vuln Execute command on vulnerable results
--exec-parallel Parallel --exec processes 1
--exec-timeout Timeout per --exec command (seconds) 30
--cache Enable result caching
--cache-db Cache database path atdork_cache.db
--cache-ttl Cache TTL in hours 24
--cache-only Use cache only, no network requests
--clear-cache Delete all cache before starting
--no-validate Disable spam filtering
--strict-filter Strict validation
--validate-url URL validation mode all
--validate-title Minimum title length 5
--validate-desc Minimum description length 10
--validate-spam Enable spam detection true
--filter-vuln Vulnerability platform filter
--no-fallback-backends Disable backend fallback
--no-verify Disable SSL verification
--log-file Log file path atdork.log
--db-path Database path atdork.db
--resume Resume pending queries
--history Show search history
--no-dedup Disable URL deduplication
--export-db Export database to file
--config YAML config file path
--interactive Interactive mode
--debug Enable debug logging
--version Show version and exit

Real‑World Use Cases

Bug Bounty Reconnaissance with Full Protection

atdork --template sqli,xss,lfi --target target.com \
  --proxy-file proxies.txt --strict --resilient --ip-guard \
  --format json -o recon.json

Exposed Database Credentials

atdork -q 'filetype:env "DB_PASSWORD"' -r 50 --no-validate -v

Finding Admin Panels

atdork -q 'intitle:"admin panel" inurl:login' -r 30 --backend google --region uk-en

WordPress Vulnerability Scanning with Post‑Processing

atdork -q "inurl:wp-content site:example.com" -r 40 \
  --filter-vuln wordpress \
  --exec-on-vuln "wpscan --url {} --enumerate p" \
  --exec-parallel 2 --exec-timeout 60

Automated Weekly Monitoring

# Add to crontab (Linux/macOS)
0 6 * * 1 cd /path/to/atdork && atdork --batch-file weekly_dorks.txt --format csv --output-dir /reports/$(date +\%Y-\%W)/

Configuration File

Create atdork.yaml for persistent settings:

max_results: 30
region: "uk-en"
safesearch: "off"
delay: 1.0
format: "json"
output_dir: "./results"
proxy_file: "proxies.txt"

AtDork automatically loads this file from the current directory. CLI flags override YAML values.

Troubleshooting

Problem Solution
Rate limited (429) Add --delay 3, use --proxy-file, or enable --adaptive-delay
No results Try different --backend (e.g., startpage, yandex) or --region
Proxy fails Check format: scheme://user:pass@host:port
Batch stuck Reduce --concurrency, add --timeout 15, enable --resilient
Install error Use pip install -e . for development mode
IP leak with --strict Enable --ip-guard to detect leaks early; use SOCKS5h proxies
All backends exhausted Enable --resilient to activate backend fallback chain
CSV opens with formulas Update to v1.3.8+ (CSV injection fixed)
Proxy credentials in logs Update to v1.3.8+ (credentials are now redacted)

Project Structure

atdork/
├── atdork.py                    # CLI entry point
├── core/
│   ├── scanner.py               # Search engine integration
│   ├── batch_runner.py          # Batch execution (seq/parallel, resilience)
│   ├── proxy_manager.py         # Proxy pool management
│   ├── filter_vuln.py           # Vulnerability signature filtering
│   ├── template_dork.py         # YAML template loader
│   ├── post_processor.py        # External command execution on results
│   ├── manage_cache.py          # SQLite-based result caching
│   ├── database.py              # SQLite storage & export
│   ├── config.py                # YAML configuration loader
│   ├── logger.py                # Rotating file logger
│   └── case/
│       ├── circuit_breaker.py   # Prevent hammering dead backends
│       ├── ip_guard.py          # Real IP leak detection
│       ├── error_classifier.py  # Categorize exceptions
│       ├── fallback_manager.py  # Intelligent backend/proxy switching
│       ├── retry_handler.py     # Exponential backoff with jitter
│       ├── adaptive_delay.py    # Per‑backend dynamic delay
│       ├── recovery_strategy.py # Map errors to recovery actions
│       └── stats.py             # Runtime statistics collector
├── lib/
│   ├── display.py               # Terminal output formatting
│   ├── storage.py               # File export (TXT/JSON/CSV)
│   ├── validator.py             # Spam/invalid result filtering
│   └── redactor.py              # Proxy credential redaction
├── wordlists/                   # Vulnerability signatures & templates
├── tests/                       # Unit tests (pytest)
├── pyproject.toml               # Package configuration
└── README.md

Ethical Use & Disclaimer

AtDork is intended for legal, authorized security testing only.
You must have explicit written permission from the target owner before scanning.

Prohibited uses:

  • Unauthorized access to systems or data
  • Harvesting information in violation of laws
  • Any activity that infringes on privacy or intellectual property rights

The developer assumes no liability for misuse of this software.

License

Distributed under the MIT License. See LICENSE for details.

Acknowledgements

  • tg12 – for responsibly disclosing critical security vulnerabilities (CSV injection and proxy credential leakage) and helping make AtDork safer for everyone.
  • Peter7896 – for the excellent pull request that fixed packaged wordlist resources, ensuring seamless functionality for pip install users.

Contact & Support

If you find this tool useful, consider leaving a ⭐ on GitHub!

About

tools auto dorking menggunakan enggine duckduckgosearch

Topics

python cyber-security ethical-hacking dork dorking smart-system ethical-hacking-tools proxy-management dorking-tools

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

18 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 7

AtDork v1.3.5 source code Latest
Jun 20, 2026
+ 6 releases

Packages

 
 
 

Contributors

Languages