An enterprise-grade, asynchronous web directory scanner and search engine dorking utility. Engineered with Python's asyncio framework for high-throughput concurrency, aiohttp for non-blocking network requests, and rich for an interactive CLI experience.
XDGe operates on two primary modes of discovery: Asynchronous Directory Bruteforcing and Multi-Engine Search Dorking.
Instead of classic sequential scanning, XDGe utilizes asyncio.Semaphore to manage a configurable pool of concurrent HTTP/S connections.
- Smart Concurrency: Capable of executing hundreds of requests per second without depleting system sockets.
- Evasion & Stealth: Automatically rotates through a pool of realistic browser User-Agents and routes traffic via user-provided proxy lists (rotating proxies per request).
- Robust Error Handling: Connection timeouts, SSL handshake failures, and DNS resets are gracefully isolated so that a single network drop does not interrupt the scanner.
Retrieves public links matching custom queries using major search providers (Google, Bing, DuckDuckGo).
- Automatic CAPTCHA / Rate-Limit Evasion: Recognizes search-engine blockpages and automatically rotates to a secondary search provider.
- Jittered Scheduling: Employs a random delay (1.5s – 4.5s) between queries to blend with normal browser behavior.
- Result Sanitization: Dynamically parses search engine outputs, excludes platform-specific helper links, and extracts clean target URLs.
- Run it with zero arguments to launch an interactive setup wizard that guides you through wordlist choices, thread pools, and output locations.
- Pass CLI flags to instantly skip prompts and run automated scans in headless environments.
- High-Performance Asynchronous I/O: Powered by
asyncioandaiohttp. - Stealth & Evasion: Random User-Agent selection and proxy rotation.
- Vulnerability-Specific Checks: Built-in wordlists tailored for specific enterprise server tech (Apache, IIS, Tomcat, WebLogic, WebSphere, SharePoint).
- Google, Bing, & DuckDuckGo Dorking: Automated queries with self-healing rotation on rate limits.
- Bespoke Multi-Format Reports: Generates structured raw text lists, JSON payloads, CSV data sheets, and self-contained interactive Dark-Mode HTML reports.
Make sure you have Python 3.8 or higher installed on your system.
Extract the files into a directory of your choice.
Run the following command to install the required external libraries:
pip install -r requirements.txtThis will install:
aiohttp(for non-blocking asynchronous HTTP operations)rich(for rendering beautiful terminal UI tables, progress bars, and prompt wizard panels)
Simply execute the script with no options to initiate the configuration wizard:
python XDGe.pyRun a fast asynchronous directory scan with 100 concurrent workers using HEAD requests:
python XDGe.py -t https://target.com -T 100 -m HEADRun a custom wordlist scan using proxy rotation:
python XDGe.py -t https://target.com -w my_list.txt -p proxies.txtRun a search dorking scan:
python XDGe.py -t https://target.com -d GODORKS.txt -e googleExport results in all available formats (JSON + CSV + HTML):
python XDGe.py -t https://target.com -f allDisclaimer: This tool is intended only for authorized security audits and educational research. Always obtain explicit permission before scanning target infrastructure.