ZeroTrace


# What are InfoStealers?

Infostealers are a type of Malware designed to covertly steal sensitive information from infected devices. They’re commonly used by cybercriminals to harvest data that can be sold, used for further attacks, or leveraged in fraud campaigns. 

🧠 **What Do Infostealers Steal?**

Infostealers typically collect:

- Credentials (usernames, passwords, tokens)  
- Browser-stored data (cookies, autofill, session data)  
- System information (IP address, hardware details, installed apps)  
- Files and documents (especially from Desktop or Downloads folders)  
- Cryptocurrency wallet data  
- Chat and email logs  

---

🔥 **Why is Flare a Must-Have?**

Over a year and a half ago, my team integrated **Flare** into our tech stack, and it’s been a total game-changer.

## What Makes Flare Stand Out?

Right away, Flare impressed us with:

- The **most robust collection of infostealer logs** we've encountered  
- An intuitive and fun UI with **Light, Dark, Shrek, and Barbie Modes** (yes, really)  
- A rockstar support and engineering team that feels like the **1992 U.S. Olympic Basketball Dream Team** — Jordan, Magic, Bird — but with keyboards and terminal windows  

## How We Use Flare

Here’s how Flare integrates into our workflow:

### 🔍 Identify Persons of Interest

We regularly use Flare to investigate compromised identities. From credentials to alias accounts, we can pivot across accounts and link together behaviors across breached datasets.

### 🚨 Alerting for Domains

Set alerts for your organization's domains and get notified when they show up in infostealer logs. This enables proactive detection of exposed employees or infrastructure.

### 🔌 API Access

Flare’s API lets us:

- Pull leaked credentials  
- Pull leaked session cookies  
- Enrich our internal data clusters  
- Automate checks against newly exposed data  

### 💻 Infected Device Intelligence

With Flare, we can dig into:

- **All files pulled from an infected device**  
- Browser histories, session tokens, cookies  
- Autofill files (think saved usernames, addresses, and payment methods)  
- Telegram TData files  

From there, we can **build a map of compromised networks**, flag alias activity, and determine what websites, tools, or services were being used.

## Gold in the Browser History

Bad actors are shockingly bad at OPSEC when they shop online, they want their items delivered — so they use **real names and addresses**.

We’ve also seen:

- Google Translate logs revealing how non-English speaking actors communicate with buyers and collaborators  
- Evidence of forum activity, illegal service purchases, and file downloads — all on infected endpoints  

## No One Else Does This

Yes, there are other companies collecting breached data. But Flare is the only one we’ve seen that gives you **true access** to the raw data — and the tools to **investigate, correlate, and extract intelligence** from it.

Flare empowers our team to go far beyond alerts and actually **act** on threat intel.

If your team is serious about understanding and disrupting threat actor behavior, **Flare belongs in your arsenal**. 

Give their platform a try: hxxps[:]//try[.]flare[.]io/free-trial/. Let them know their #1 supporter, Cybercur, recommended them.




Is your organization locked in a constant battle against sophisticated threat actors targeting enterprise and customer accounts? Are you seeking greater visibility into how these actors gain initial access—often through compromised credentials, infostealers, or exposed assets? What if your team could not only detect these threats early but also attribute malicious activity and uncover the broader ecosystem behind it? Flare equips security teams with the intelligence they need to monitor, investigate, and disrupt threat actor operations—across the clear and dark web—in real time.


Flare[.]io – The Must-Have Tool for Your Tech Stack [Infostealer Malware]


# 🕵️‍♂️ Threat Intelligence Dorking Tool
> 👨‍💻 Coded with curiosity by `cybercur@`

# 🔍 What is Google Dorking?

**Google Dorking** (also known as **Google hacking**) is a technique that uses advanced search operators to find information that isn’t easily discoverable through normal queries. It leverages Google’s indexing power to uncover hidden or sensitive data such as:

- 🛠️ Misconfigured servers
- 📂 Exposed files (e.g. `.pdf`, `.xls`, `.env`)
- 🔐 Login pages or admin portals
- 🗂️ Directories not meant for public access
- 🔓 Vulnerable devices or software versions

These searches are made possible using operators like:

- `site:` – search within a specific domain
- `filetype:` – search for specific file types
- `intitle:` – find pages with certain words in the title
- `inurl:` – locate keywords in the URL
- `intext:` – search for specific text within page content

---

# 🧠 Why is Google Dorking Important?

### 🔐 1. Security Testing
Pentesters and ethical hackers use dorking to simulate what a malicious actor might find — helping organizations identify and fix exposed assets.

### 📊 2. Open Source Intelligence (OSINT)
Investigators and analysts use it to uncover public data across websites, social platforms, and forums.

### 🧪 3. Vulnerability Discovery
Discovering misconfigurations, outdated software, or unprotected directories can help prevent real-world exploits.

---

# 🧰 How can this script help you?

Manually writing dorks over and over is inefficient and error-prone. A tool like **Threat Intelligence Dorking Tool** solves that by:

### ✅ Automating the Dork Creation
- No need to memorize syntax.
- Just select the type, fill in the fields, and it builds the query for you.

### 🌐 Multi-Engine Support
- Use Google, Bing, DuckDuckGo — or even dark web engines like Ahmia


## ⚙️ Features

- 🧠 Multiple dorking options:
  - `site:example.com keyword`
  - `filetype:pdf confidential`
  - `intitle:login`
  - `inurl:admin`
  - `intext:password`
  - `site:twitter.com breach`
- 🔍 Supports 20+ search engines
- 🌐 Supports dark web (.onion) search engines
- 🖥️ Built with a simple graphical interface using Tkinter
- 📤 Opens search in user's default browser (or warns if it's a `.onion` search)

---

## 🧠 Logic Breakdown

### 1. **Initialization**
- Creates a main `Tk` window.
- Sets title and size of the GUI.

### 2. **Dropdown Menu (Dork Type Selector)**
- Lets users pick from predefined dork types (e.g. `intitle:`, `inurl:`, etc.).

### 3. **Dynamic Input Fields**
- Based on the selected dork type, the app dynamically displays relevant input fields (e.g. website, file type, search terms).

### 4. **Search Engine Selection**
- For `site:` dorks, users can choose from a long list of search engines, including:
  - ☁️ Clear web: Google, Bing, DuckDuckGo, etc.
  - 🌑 Dark web: Ahmia, Haystak, Tor66

### 5. **Generate Dork Button**
- Concatenates the user’s input into a formatted dork string.
- Displays it in a scrollable text area.

### 6. **Open in Browser Button**
- Detects selected engine and encodes the dork string into a URL.
- Opens it in the default browser.
- 🛑 If the selected engine is a Tor-based `.onion` domain, it shows a warning message to ensure the Tor browser is running.

---

## 🔐 Use Cases

- 💼 OSINT Investigations
- 🧪 Penetration Testing
- 🔍 Vulnerability Discovery
- 👀 Social Media Intelligence

---

## 🚀 Example

If the user selects:

- Dork Type: `Search within a specific site`
- Site: `example[.]com`
- Term: `login`
- Engine: `Google`

The tool will generate: site:example[.]com login
And open: hxxps[:]//www[.]google[.]com/search?q=site%3Aexample[.]com+login

yaml
Copy
Edit


---

## 🧰 Requirements

- Python 3.x
- Tkinter (comes with most Python installs)

---

## 🧪 Want More?

You could easily extend this with:
- 📂 Export to file
- 📊 Import dork presets
- 🤖 Scrape and analyze results
- 🔒 Tor integration via SOCKS proxy

---


```python

import tkinter as tk
from tkinter import ttk, scrolledtext, messagebox
import webbrowser
import urllib.parse

class DorkGUI:
    def __init__(self, master):
        self.master = master
        master.title("Threat Intelligence Dorking Tool")
        master.geometry("900x700")

        self.create_widgets()

    def create_widgets(self):
        # Dork type dropdown
        ttk.Label(self.master, text="Select Dork Type:").pack(pady=5)
        self.dork_type = tk.StringVar()
        self.dork_choices = [
            "Search within a specific site",
            "Search for specific file types",
            "Search for pages with specific words in the title",
            "Search for pages with specific words in the URL",
            "Search for pages containing specific text",
            "Search social media platforms"
        ]
        self.dork_menu = ttk.Combobox(self.master, textvariable=self.dork_type, values=self.dork_choices, state="readonly", width=50)
        self.dork_menu.pack(pady=5)
        self.dork_menu.bind("<<ComboboxSelected>>", self.on_dork_select)

        # Frame for dynamic input fields
        self.input_frame = ttk.Frame(self.master)
        self.input_frame.pack(pady=10)

        # Text area for displaying generated dork
        self.result_text = scrolledtext.ScrolledText(self.master, wrap=tk.WORD, width=80, height=10)
        self.result_text.pack(pady=10)

        # Generate and Open buttons
        ttk.Button(self.master, text="Generate Dork", command=self.generate_dork).pack(pady=5)
        ttk.Button(self.master, text="Open in Browser", command=self.open_in_browser).pack(pady=5)

    def on_dork_select(self, event):
        # Clear previous input fields
        for widget in self.input_frame.winfo_children():
            widget.destroy()

        dork_type = self.dork_type.get()

        # Render inputs based on selected dork type
        if dork_type == "Search within a specific site":
            ttk.Label(self.input_frame, text="Website:").grid(row=0, column=0, sticky=tk.W)
            self.site_entry = ttk.Entry(self.input_frame, width=40)
            self.site_entry.grid(row=0, column=1, padx=5)
            ttk.Label(self.input_frame, text="Search term:").grid(row=1, column=0, sticky=tk.W)
            self.term_entry = ttk.Entry(self.input_frame, width=40)
            self.term_entry.grid(row=1, column=1, padx=5)
            ttk.Label(self.input_frame, text="Search Engine:").grid(row=2, column=0, sticky=tk.W)
            self.engine_var = tk.StringVar()
            engines = [
                "Google", "Bing", "Yahoo", "DuckDuckGo", "Baidu", "Yandex",
                "Ask", "Naver", "AOL", "Ecosia", "Startpage", "Qwant",
                "Swisscows", "Mojeek", "Gigablast", "MetaGer", "Oscobo",
                "Lukol", "Disconnect Search", "Searx",
                "Ahmia (Tor)", "Haystak (Tor)", "Tor66 (Tor)"
            ]
            self.engine_menu = ttk.Combobox(self.input_frame, textvariable=self.engine_var, values=engines, state="readonly", width=37)
            self.engine_menu.grid(row=2, column=1, padx=5)
            self.engine_menu.set("Google")

        elif dork_type == "Search for specific file types":
            ttk.Label(self.input_frame, text="File type:").grid(row=0, column=0, sticky=tk.W)
            self.filetype_entry = ttk.Entry(self.input_frame, width=40)
            self.filetype_entry.grid(row=0, column=1, padx=5)
            ttk.Label(self.input_frame, text="Search term:").grid(row=1, column=0, sticky=tk.W)
            self.term_entry = ttk.Entry(self.input_frame, width=40)
            self.term_entry.grid(row=1, column=1, padx=5)

        elif dork_type in [
            "Search for pages with specific words in the title",
            "Search for pages with specific words in the URL",
            "Search for pages containing specific text"]:
            ttk.Label(self.input_frame, text="Search term:").grid(row=0, column=0, sticky=tk.W)
            self.term_entry = ttk.Entry(self.input_frame, width=40)
            self.term_entry.grid(row=0, column=1, padx=5)

        elif dork_type == "Search social media platforms":
            ttk.Label(self.input_frame, text="Platform:").grid(row=0, column=0, sticky=tk.W)
            self.platform_var = tk.StringVar()
            platforms = ["Twitter", "Facebook", "LinkedIn", "Instagram", "Reddit"]
            self.platform_menu = ttk.Combobox(self.input_frame, textvariable=self.platform_var, values=platforms, state="readonly", width=37)
            self.platform_menu.grid(row=0, column=1, padx=5)
            self.platform_menu.set("Twitter")
            ttk.Label(self.input_frame, text="Search term:").grid(row=1, column=0, sticky=tk.W)
            self.social_term_entry = ttk.Entry(self.input_frame, width=40)
            self.social_term_entry.grid(row=1, column=1, padx=5)

    def generate_dork(self):
        # Build dork string based on input
        dork_type = self.dork_type.get()
        dork = ""

        if dork_type == "Search within a specific site":
            site = self.site_entry.get()
            term = self.term_entry.get()
            engine = self.engine_var.get()
            dork = f"site:{site} {term}"
            self.result_text.delete("1.0", tk.END)
            self.result_text.insert(tk.END, f"Your {engine} dork is:\n{dork}")
            return

        elif dork_type == "Search for specific file types":
            filetype = self.filetype_entry.get()
            term = self.term_entry.get()
            dork = f"filetype:{filetype} {term}"

        elif dork_type == "Search for pages with specific words in the title":
            term = self.term_entry.get()
            dork = f"intitle:{term}"

        elif dork_type == "Search for pages with specific words in the URL":
            term = self.term_entry.get()
            dork = f"inurl:{term}"

        elif dork_type == "Search for pages containing specific text":
            term = self.term_entry.get()
            dork = f"intext:{term}"

        elif dork_type == "Search social media platforms":
            platform = self.platform_var.get()
            term = self.social_term_entry.get()
            dork = f"site:{platform.lower()}.com {term}"

        self.result_text.delete("1.0", tk.END)
        self.result_text.insert(tk.END, f"Your dork is:\n{dork}")

    def open_in_browser(self):
        # Get final dork string from result box
        dork = self.result_text.get("1.0", tk.END).strip().split("\n")[-1]
        engine = self.engine_var.get() if hasattr(self, 'engine_var') else "Google"

        # If engine is .onion, warn the user
        if "(Tor)" in engine:
            warning = (
                "You're trying to use a .onion search engine.\n"
                "Please make sure the Tor Browser is installed and running.\n"
                "Would you like to proceed?"
            )
            if not messagebox.askyesno("Tor Required", warning):
                return

        # Define search URLs
        search_urls = {
            "Google": "https://www.google.com/search?q={}",
            "Bing": "https://www.bing.com/search?q={}",
            "Yahoo": "https://search.yahoo.com/search?p={}",
            "DuckDuckGo": "https://duckduckgo.com/?q={}",
            "Baidu": "https://www.baidu.com/s?wd={}",
            "Yandex": "https://yandex.com/search/?text={}",
            "Ask": "https://www.ask.com/web?q={}",
            "Naver": "https://search.naver.com/search.naver?query={}",
            "AOL": "https://search.aol.com/aol/search?q={}",
            "Ecosia": "https://www.ecosia.org/search?q={}",
            "Startpage": "https://www.startpage.com/do/search?q={}",
            "Qwant": "https://www.qwant.com/?q={}",
            "Swisscows": "https://swisscows.com/web?query={}",
            "Mojeek": "https://www.mojeek.com/search?q={}",
            "Gigablast": "https://www.gigablast.com/search?q={}",
            "MetaGer": "https://metager.org/meta/meta.ger3?eingabe={}",
            "Oscobo": "https://www.oscobo.com/search.php?q={}",
            "Lukol": "https://www.lukol.com/s.php?q={}",
            "Disconnect Search": "https://search.disconnect.me/searchTerms/search?query={}",
            "Searx": "https://searx.me/?q={}",
            "Ahmia (Tor)": "http://msydqstlz2kzerdg.onion/search/?q={}",
            "Haystak (Tor)": "http://haystakvxad7wbk5n.onion/search?q={}",
            "Tor66 (Tor)": "http://tor66sezptuu2nta.onion/search.php?q={}"
        }

        # Open in browser (Tor or normal)
        search_url = search_urls.get(engine, search_urls["Google"]).format(urllib.parse.quote(dork))
        webbrowser.open(search_url)

# Launch GUI
def main():
    root = tk.Tk()
    app = DorkGUI(root)
    root.mainloop()

if __name__ == "__main__":
    main()
```


This Python script creates a **desktop GUI application** using `Tkinter` that helps you quickly generate **search engine dorks**. It supports popular engines like **Google** and **DuckDuckGo**, and even includes **dark web search engines** like **Ahmia** and **Haystak**. Users can select a dork type, input relevant parameters, generate a dork string, and open the results directly in their browser (or Tor browser for `.onion` links).

Posts tagged with #Threat-Hunting

Flare[.]io – The Must-Have Tool for Your Tech Stack [Infostealer Malware]

Threat Hunting w/ Google Dorking [Python]