dorking tools with ddgs metasearch OSINT tool
Project description
AtDork – Professional OSINT Dorking Tool
AtDork is a powerful, ethical OSINT tool that performs advanced search queries (Google Dorks) across multiple search engines simultaneously. Designed for security researchers, penetration testers, and bug bounty hunters.
Why AtDork?
- 🚀 Blazing fast – Multi‑threaded batch processing with configurable concurrency.
- 🔍 Multi‑engine – Queries DuckDuckGo, Google, Bing, Startpage, Yandex, Yahoo, and more.
- 🛡️ Anonymous – Built‑in proxy rotation, Tor integration, strict mode to prevent IP leaks. IP leak detection (
--ip-guard) stops the scan immediately if your real IP is exposed. - 🧹 Clean results – Automatic spam filtering, URL validation, and deduplication.
- 📊 Professional output – Export to JSON, CSV, TXT; SQLite database for history and resume. CSV exports are protected against formula injection.
- 🎯 Smart filtering – Vulnerability signature detection for WordPress, Joomla, SQLi, and more.
- 📝 Template system – Curated YAML‑based dork collections for instant productivity.
- 🗂️ Local dork database – 200K+ pre-built, categorized bug bounty dorks bundled and ready to load straight from disk (see Database Dorks below).
- 🌐 GHDB scraper – Pull fresh dorks directly from the public Exploit-DB Google Hacking Database, filterable by category and year.
- ⚙️ Highly configurable – 60+ CLI flags to control every aspect of your search.
- 🔧 Post‑processing – Execute external commands on discovered URLs (
--exec). - 💾 Caching – Cache search results locally to avoid redundant requests and enable offline access.
- 🔒 Safe logging – Proxy credentials are automatically redacted from log files to prevent accidental leaks.
- 🔔 Notifications – Send batch summaries to Discord, Slack, or Telegram webhooks.
Installation
From PyPI (Recommended)
pip install atdork
From Source
git clone https://github.com/amnottdevv/atdork.git
cd atdork
pip install .
Verify Installation
atdork --version
# Output: atdork 1.3.9.6
Quick Start
1. Your First Search
atdork -q "site:gov filetype:pdf" -r 10
This finds PDF files on government websites and displays the top 10 results.
2. Save Results to a File
atdork -q "intitle:index.of mp3" -r 20 --format json -o music.json
3. Batch Processing
Create a file dorks.txt:
site:edu filetype:xls
inurl:admin login
intitle:"index of" "backup"
Run them all at once:
atdork --batch-file dorks.txt -r 30 --format csv -o results.csv
4. Search with Proxy (Anonymous)
atdork -q "confidential filetype:docx" --proxy "http://user:pass@proxy:8080" --strict
Detailed Usage
Single Query
atdork -q "inurl:product.php?id=" -r 50 --backend google --region uk-en --safesearch off
| Flag | Purpose |
|---|---|
-q |
Your dork query |
-r |
Number of results (max 100) |
--backend |
Search engine: google, bing, duckduckgo, startpage, yandex, auto |
--region |
Region code: us-en, uk-en, de-de, ru-ru, etc. |
--safesearch |
on, moderate, off |
Batch Processing with Multi‑Threading
atdork --batch-file dorks.txt -r 40 --concurrency 5 --delay 2 --format json -o batch_results.json
| Flag | Purpose |
|---|---|
--batch-file |
Text file with one dork per line |
--concurrency |
Number of parallel threads (1‑10) |
--delay |
Seconds between requests (avoid rate limits) |
-o |
Save all results to a single file |
--output-dir |
Save each query result as a separate file |
Template Dorks (Pre‑Built)
List available templates:
atdork --list-templates
Use a template:
atdork --template sqli --target example.com -r 30
Combine multiple templates with custom queries:
atdork --template sqli,wordpress,exposed_config -q "site:gov filetype:pdf" -r 25
Preview what a template will do:
atdork --template login_panels --preview
Run only specific dorks from a template:
atdork --template sqli --select 1,3,5 -r 20
| Flag | Purpose |
|---|---|
--template |
Template name(s), comma‑separated |
--target |
Domain to substitute {target} in template dorks |
--select |
Run specific dork numbers from template |
--list-templates |
Show all available templates |
--preview |
Show dorks without executing |
--template-path |
Custom template folder |
Database Dorks
AtDork ships with a local collection of 200K+ dork queries, curated around common bug bounty and web pentest categories (exposed panels, misconfigurations, sensitive files/directories, and similar recon patterns). You can load these directly without hitting the network — useful for offline prep, reproducible test runs, or building your own batch lists from a known-good set.
# Extract the bundled dork collection into ./database
atdork --extract-database
# Extract to a custom location, overwriting if it already exists
atdork --extract-database-to mydorks/ --force
# List the available files and how many dorks each contains
atdork --list-database-dork
# Load dorks from one file and run them
atdork --database-dork 01_footholds -r 20
# Combine multiple files
atdork --database-dork 01_footholds,03_sensitive_directories -r 20
# Randomly sample N dorks from the combined set (reproducible with a seed)
atdork --database-dork 01_footholds --database-r 10 --database-seed 42
# Preview what would be loaded without running anything
atdork --database-dork 01_footholds --database-preview
# Point at a custom database root instead of auto-discovery
atdork --database-dork subdir/file --database-path /path/to/custom/db
| Flag | Purpose |
|---|---|
--extract-database |
Extract the bundled dork collection to ./database |
--extract-database-to PATH |
Extract to a custom destination |
--database-dork-extract PATH |
Shortcut for the two flags above |
--force |
Overwrite an existing extraction destination |
--list-database-dork |
List available dork files with counts |
--database-dork SPEC |
Load dorks from file(s); comma-separated, subdirectories supported |
--database-r N |
Randomly select N dorks from the combined set |
--database-seed N |
Seed for reproducible --database-r selection |
--database-path PATH |
Custom database root directory |
--database-preview |
Preview loaded dorks without executing them |
The files are organized by topic (web misconfigurations, exposed directories/files, exposed panels, and similar categories relevant to authorized security testing). Run
atdork --list-database-dorkto see exactly what's available in your build.
GHDB Scraper
Pull dorks live from the public Exploit-DB Google Hacking Database, with optional category/year filters.
# Show available GHDB categories and how many dorks each has
atdork --ghdb-scraper --ghdb-list-categories
# Scrape and save dorks about exposed passwords from 2022-2024
atdork --ghdb-scraper --ghdb-categories password --ghdb-years 2022-2024 --ghdb-file dorks.txt
# Limit total results, save as JSON (includes metadata)
atdork --ghdb-scraper --ghdb-categories 9,12 --ghdb-r 50 --ghdb-file dorks.json
| Flag | Purpose |
|---|---|
--ghdb-scraper |
Run the GHDB scraper mode |
--ghdb-file |
Save results to file (.json or .txt, auto-detected) |
--ghdb-categories |
Filter by category name (partial match) or numeric ID, comma-separated |
--ghdb-years |
Filter by year(s), e.g. 2024 or 2020-2023,2024 |
--ghdb-r |
Limit total number of dorks returned after filtering |
--ghdb-list-categories |
List GHDB categories with dork counts, then exit |
Proxy & Anonymity
# Single proxy
atdork -q "target" --proxy "http://user:pass@host:8080"
# Multiple proxies (comma‑separated)
atdork -q "target" --proxy "http://p1:8080,socks5://p2:1080"
# From file
atdork -q "target" --proxy-file proxies.txt
# Tor integration
atdork -q "target" --tor --strict
# Strict mode (fail if all proxies down)
atdork -q "target" --proxy-file proxies.txt --strict
# Proxy management
atdork -q "target" --proxy-file proxies.txt --proxy-cooldown 120 --max-failures 3
Proxy file format (proxies.txt):
# HTTP proxies
http://user:pass@dc1.provider.com:3128
http://user:pass@dc2.provider.com:3128
# SOCKS proxies
socks5://res1.provider.com:1080
socks5h://res2.provider.com:1080
# Comments with # are ignored
Vulnerability Filtering
# Basic WordPress detection
atdork -q "inurl:wp-content" -r 30 --filter-vuln wordpress
# Link‑only filter (only matches URLs)
atdork -q "site:example.com" --filter-vuln wordpress-link
Create your own wordlist files in wordlists/ folder:
# wordlists/myplatform.txt
wp-content
wp-admin
wp-includes
Resilience & Rate Limiting
# Enable circuit breaker & backend fallback
atdork --batch-file dorks.txt --resilient
# Adaptive delay based on backend response
atdork --batch-file dorks.txt --adaptive-delay
# Combined
atdork --batch-file dorks.txt --resilient --adaptive-delay --concurrency 5 --delay 2
Output Validation
# Disable all filtering (keep raw results)
atdork -q "test" --no-validate
# Strict filtering (require non‑empty snippet)
atdork -q "test" --strict-filter
# Granular control
atdork -q "test" --validate-url only --validate-title 10 --validate-desc 50 --validate-spam true
Database & History (SQLite)
# Resume interrupted batch
atdork --resume
# View search history
atdork --history
# Export database to JSON/CSV
atdork --export-db all_results.json
# Disable duplicate URL detection
atdork -q "test" --no-dedup
IP Leak Detection
# Halt immediately if your real IP is exposed while using proxies
atdork --batch-file dorks.txt --proxy-file proxies.txt --strict --ip-guard
Post‑Processing
# Run a command for every discovered URL
atdork -q "inurl:admin" -r 10 --exec "curl -I {} | grep Server"
# Run a command only on URLs flagged as vulnerable
atdork -q "inurl:wp-content" -r 30 --filter-vuln wordpress --exec-on-vuln "wpscan --url {}"
Cache Results
# Cache search results for 24 hours (default)
atdork -q "site:gov filetype:pdf" -r 20 --cache
# Use cached results only (offline mode)
atdork -q "site:gov filetype:pdf" -r 20 --cache-only
# Clear all cached data
atdork --clear-cache
Notifications
Send batch summaries to Discord, Slack, or Telegram after searches complete.
Discord Webhook
atdork --batch-file dorks.txt -r 20 \
--notify "discord:https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN"
Slack Webhook
atdork --batch-file dorks.txt -r 20 \
--notify "slack:https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
Telegram Bot
# Format: telegram:<bot_token>/<chat_id>
atdork --batch-file dorks.txt -r 20 \
--notify "telegram:123456789:ABCDefGHIjklmnoPQRstUVwxyz/987654321"
Notification Options
# Send notification only if vulnerable results were found
atdork --batch-file dorks.txt --notify "discord:..." --notify-if-vuln
Setup Instructions:
- Discord: Create a webhook in your server's channel settings > Integrations > Webhooks
- Slack: Create an incoming webhook at api.slack.com/apps > Create New App > Incoming Webhooks
- Telegram: Get your bot token from @BotFather and chat ID by messaging your bot and visiting
https://api.telegram.org/bot<TOKEN>/getUpdates
Complete Flag Reference
| Flag | Description | Default |
|---|---|---|
-q, --query |
Search dork query | |
-r, --max-results |
Maximum results (1‑100) | 20 |
--batch-file |
File with one query per line | |
--batch-separator |
Separator for inline queries | ; |
-o, --output |
Save results to file | |
--output-dir |
Save each query to separate file | |
--format |
Output format: txt, json, csv |
txt |
-v, --verbose |
Show results in batch mode | |
--no-snippet |
Hide snippets in terminal | |
--template |
Load dork template(s) | |
--target |
Domain for template substitution | |
--select |
Select specific dorks from template | |
--list-templates |
List available templates | |
--template-path |
Custom template directory | |
--preview |
Preview template dorks | |
--extract-database |
Extract bundled dork collection to ./database |
|
--extract-database-to |
Custom extraction destination | |
--database-dork-extract |
Shortcut: extract to given path | |
--force |
Overwrite existing extraction destination | |
--list-database-dork |
List available database dork files | |
--database-dork |
Load dorks from database file(s) | |
--database-r |
Randomly select N dorks from database | |
--database-seed |
Seed for reproducible --database-r |
|
--database-path |
Custom database root directory | |
--database-preview |
Preview database dorks without running | |
--ghdb-scraper |
Run GHDB scraper mode | |
--ghdb-file |
Save GHDB results to file | |
--ghdb-categories |
Filter GHDB by category name/ID | |
--ghdb-years |
Filter GHDB by year(s)/range | |
--ghdb-r |
Limit total GHDB results | |
--ghdb-list-categories |
List GHDB categories, then exit | |
--region |
Search region | us-en |
--safesearch |
on, moderate, off |
moderate |
--timelimit |
d, w, m, y |
|
--backend |
Search engine(s) | auto |
--user-agent |
Custom User‑Agent | auto‑rotate |
--timeout |
Request timeout (seconds) | 10 |
--retries |
Retry attempts on failure | 2 |
--delay |
Delay between requests (seconds) | 0 |
--proxy |
Comma‑separated proxy URLs | |
--proxy-file |
File with proxy URLs | |
--tor |
Use Tor SOCKS5 proxy | |
--strict |
Fail if all proxies down | |
--proxy-cooldown |
Cooldown after proxy failure (seconds) | 60 |
--max-failures |
Remove proxy after N failures | 3 |
--concurrency |
Parallel threads for batch | 1 |
--resilient |
Enable circuit breaker & fallback | |
--adaptive-delay |
Enable adaptive rate limiting | |
--ip-guard |
Enable IP leak detection | |
--exec |
Execute command on each result URL | |
--exec-on-vuln |
Execute command on vulnerable results | |
--exec-parallel |
Parallel --exec processes |
1 |
--exec-timeout |
Timeout per --exec command (seconds) |
30 |
--cache |
Enable result caching | |
--cache-db |
Cache database path | atdork_cache.db |
--cache-ttl |
Cache TTL in hours | 24 |
--cache-only |
Use cache only, no network requests | |
--clear-cache |
Delete all cache before starting | |
--notify |
Send notification to webhook (<platform>:<url>) |
|
--notify-if-vuln |
Only notify if vulnerable results found | |
--no-validate |
Disable spam filtering | |
--strict-filter |
Strict validation | |
--validate-url |
URL validation mode | all |
--validate-title |
Minimum title length | 5 |
--validate-desc |
Minimum description length | 10 |
--validate-spam |
Enable spam detection | true |
--filter-vuln |
Vulnerability platform filter | |
--no-fallback-backends |
Disable backend fallback | |
--no-verify |
Disable SSL verification | |
--log-file |
Log file path | atdork.log |
--db-path |
SQLite history/dedup database path | atdork.db |
--resume |
Resume pending queries | |
--history |
Show search history | |
--no-dedup |
Disable URL deduplication | |
--export-db |
Export history database to file | |
--config |
YAML config file path | |
--interactive |
Interactive mode | |
--debug |
Enable debug logging | |
--version |
Show version and exit |
Real‑World Use Cases
Bug Bounty Reconnaissance with Full Protection
atdork --template sqli,xss,lfi --target target.com \
--proxy-file proxies.txt --strict --resilient --ip-guard \
--format json -o recon.json
Reproducible Recon Runs from the Local Database
atdork --database-dork 01_footholds,03_sensitive_directories \
--database-r 25 --database-seed 7 \
--proxy-file proxies.txt --format json -o recon_batch.json
Finding Admin Panels
atdork -q 'intitle:"admin panel" inurl:login' -r 30 --backend google --region uk-en
WordPress Vulnerability Scanning with Post‑Processing
atdork -q "inurl:wp-content site:example.com" -r 40 \
--filter-vuln wordpress \
--exec-on-vuln "wpscan --url {} --enumerate p" \
--exec-parallel 2 --exec-timeout 60
Automated Weekly Monitoring with Notifications
# Add to crontab (Linux/macOS)
0 6 * * 1 cd /path/to/atdork && atdork --batch-file weekly_dorks.txt --format csv --output-dir /reports/$(date +\%Y-\%W)/ --notify "slack:https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
Configuration File
Create atdork.yaml for persistent settings:
max_results: 30
region: "uk-en"
safesearch: "off"
delay: 1.0
format: "json"
output_dir: "./results"
proxy_file: "proxies.txt"
notify: "discord:https://discord.com/api/webhooks/YOUR_ID/YOUR_TOKEN"
AtDork automatically loads this file from the current directory. CLI flags override YAML values.
Troubleshooting
| Problem | Solution |
|---|---|
| Rate limited (429) | Add --delay 3, use --proxy-file, or enable --adaptive-delay |
| No results | Try different --backend (e.g., startpage, yandex) or --region |
| Proxy fails | Check format: scheme://user:pass@host:port |
| Batch stuck | Reduce --concurrency, add --timeout 15, enable --resilient |
| Install error | Use pip install -e . for development mode |
| IP leak with --strict | Enable --ip-guard to detect leaks early; use SOCKS5h proxies |
| All backends exhausted | Enable --resilient to activate backend fallback chain |
| CSV opens with formulas | Update to v1.3.8+ (CSV injection fixed) |
| Proxy credentials in logs | Update to v1.3.8+ (credentials are now redacted) |
| Notification not sent | Check webhook format and URL; ensure no trailing spaces; verify platform credentials |
| "Database directory not found" | Run atdork --extract-database first, or pass --database-path |
Project Structure
atdork/
├── atdork.py # CLI entry point
├── core/
│ ├── scanner.py # Search engine integration
│ ├── batch_runner.py # Batch execution (seq/parallel, resilience)
│ ├── proxy_manager.py # Proxy pool management
│ ├── filter_vuln.py # Vulnerability signature filtering
│ ├── template_dork.py # YAML template loader
│ ├── database_dork.py # Local dork database loader/extractor
│ ├── ghdb_scraper.py # Exploit-DB GHDB scraper
│ ├── post_processor.py # External command execution on results
│ ├── manage_cache.py # SQLite-based result caching
│ ├── notification.py # Discord, Slack, Telegram webhooks
│ ├── database.py # SQLite storage & export (history/dedup)
│ ├── config.py # YAML configuration loader
│ ├── logger.py # Rotating file logger
│ └── case/
│ ├── circuit_breaker.py # Prevent hammering dead backends
│ ├── ip_guard.py # Real IP leak detection
│ ├── error_classifier.py # Categorize exceptions
│ ├── fallback_manager.py # Intelligent backend/proxy switching
│ ├── retry_handler.py # Exponential backoff with jitter
│ ├── adaptive_delay.py # Per‑backend dynamic delay
│ ├── recovery_strategy.py # Map errors to recovery actions
│ └── stats.py # Runtime statistics collector
├── lib/
│ ├── display.py # Terminal output formatting
│ ├── storage.py # File export (TXT/JSON/CSV)
│ ├── validator.py # Spam/invalid result filtering
│ └── redactor.py # Proxy credential redaction
├── database/ # Bundled dork collection (extract with --extract-database)
├── wordlists/ # Vulnerability signatures & templates
├── tests/ # Unit tests (pytest)
├── pyproject.toml # Package configuration
└── README.md
Ethical Use & Disclaimer
AtDork is intended for legal, authorized security testing only. You must have explicit written permission from the target owner before scanning.
Prohibited uses:
- Unauthorized access to systems or data
- Harvesting information in violation of laws
- Any activity that infringes on privacy or intellectual property rights
The developer assumes no liability for misuse of this software.
License
Distributed under the MIT License. See LICENSE for details.
Acknowledgements
- tg12 – for responsibly disclosing critical security vulnerabilities (CSV injection and proxy credential leakage) and helping make AtDork safer for everyone.
- Peter7896 – for the excellent pull request that fixed packaged wordlist resources, ensuring seamless functionality for
pip installusers.
Contact & Support
- GitHub: github.com/amnottdevv/atdork
- Issues: github.com/amnottdevv/atdork/issues
- PyPI: pypi.org/project/atdork
If you find this tool useful, consider leaving a ⭐ on GitHub!
Code Quality Metrics
| Metric | Score | Status |
|---|---|---|
| Cyclomatic Complexity | 5.67 avg | ✅ Good |
| Maintainability Index | 63.9 | ✅ Good |
| Test Coverage | 31.3% | ⚠️ Fair |
| Pylint Score | 8.75/100 | ✅ Good |
Analysis: atdork.py, core/, lib/ • Last updated: 2026-07-09 UTC
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file atdork-1.3.9.6.1.tar.gz.
File metadata
- Download URL: atdork-1.3.9.6.1.tar.gz
- Upload date:
- Size: 10.5 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e1843af1e407a3d89df18f6eee65c62c0226fe2e5ac534e549a37c425d29dd34
|
|
| MD5 |
af01bef6e19d440368938d9d1e027fc3
|
|
| BLAKE2b-256 |
970755d1dadd9be908feb5d2188f24ae96bb3d75d1f47cb2cd220d7b7da70a28
|
File details
Details for the file atdork-1.3.9.6.1-py3-none-any.whl.
File metadata
- Download URL: atdork-1.3.9.6.1-py3-none-any.whl
- Upload date:
- Size: 10.7 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1b205448b1fd9614776d13cc0cecc381a813664e5c115f266d11cc8eae0e801b
|
|
| MD5 |
16a5cf78a669e2aa7f78318eaa6c7496
|
|
| BLAKE2b-256 |
d52cdfdbd6d7805f926ce9c4ba953384677c5be711c69a740eb007b0e81a4b77
|