Metabigor allows you do query from command line to awesome Search Engines (like Shodan, Censys, Fofa, etc) without any API key.
But Why ?
Also Read – PhoneSploit : Using Open ADB Ports We Can Exploit A Android Device
How it works?
It gonna use your cookie or not to simulate search from browser and optimize the query to get more result.
Search Engine currently supported
Installation
git clone https://github.com/j3ssie/Metabigor
cd Metabigor
pip3 install -r requirements.txt
Demo
How to use
Basic Usage
./metabigor.py -s -q ‘‘ [options]
Check out the Advanced Usage to explore some awesome options
Example commands
Note: Fill your credentials or your sessions on config.conf
if you want to get more results.
./metabigor.py -s fofa -q ‘title=”Dashboard – Confluence” && body=”.org”‘
./metabigor.py -s fofa -q ‘title=”Dashboard – Confluence” && body=”.org”‘ -b –disable_pages
./metabigor.py -s shodan -q ‘port:”3389″ os:”Windows”‘ –debug
Options
[*] Setup session
Do command below or direct modify config.conf file
./metabigor.py -s shodan –cookies=
./metabigor.py -s censys –cookies=
./metabigor.py -s fofa –cookies=
[*] Basic Usage
./metabigor.py -s -q ” [options]
[*] More Options
-d OUTDIR, –outdir OUTDIR
Directory output
-o OUTPUT, –output OUTPUT
Output file name
–raw RAW Directory to store raw query
–proxy PROXY Proxy for doing request to search engine e.g:
http://127.0.0.1:8080
-b Auto brute force the country code
–disable_pages Don’t loop though the pages
–store_content Store the raw HTML souce or not
–hh Print this message
–debug Print debug output
[*] Example commands
./metabigor.py -s fofa -q ‘title=”Dashboard – Confluence” && body=”.org”‘ -b
./metabigor.py -s fofa -q ‘title=”Dashboard – Confluence” && body=”.org”‘ -b –disable_pages
./metabigor.py -s shodan -q ‘port:”3389″ os:”Windows”‘ –debug
./metabigor.py -s shodan -Q list_of_query.txt –debug -o rdp.txt
./metabigor.py -s censys -q ‘(scada) AND protocols: “502/modbus”‘ -o something –debug –proxy socks4://127.0.0.1:9050
Disclaimer
This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it’s your fault, and your fault only.
Credit: Vitaly Gorbachev and Picascii
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…