Skip to main content

dorxng

DorXNG is an advanced OSINT data harvesting tool designed for automated security workflows within the Canva platform. It simultaneously queries 14 search engines over the Tor network to extract valuable intelligence with strict engine attribution. Each result shows which search engines found it, providing confidence indicators for discovered data.

Ideal Use Cases & Fit

This tool excels in scenarios requiring comprehensive reconnaissance through diverse search engines, particularly when targeting sensitive data such as credentials, API keys, configuration files, or database dumps. It is most effective when the input consists of well-crafted search queries or "dorks" formatted in newline-separated files using universal operators like site:, inurl:, filetype:, intitle:, and intext:.

DorXNG queries 14 engines (Bing, Yahoo, DuckDuckGo, Qwant, Brave, Mojeek, Startpage, Seznam, Yep, Presearch, Yandex, Baidu, Wikipedia, Ask) with Tor circuit rotation every 10 seconds for anonymity. It is particularly suited for identifying security vulnerabilities or misconfigurations across publicly accessible resources. Note that Google is often blocked due to aggressive bot detection, but Startpage provides Google results via proxy. The tool requires ~30-40 seconds startup time for Tor initialization.

Value in Workflows

DorXNG adds significant value to security workflows by automating the information-gathering phase across multiple search engines simultaneously, dramatically improving data collection efficiency over single-engine approaches. Its integration into workflows allows for early reconnaissance, providing critical insights that inform further assessment stages. Results are automatically deduplicated across all engines to ensure accuracy, and the engine attribution shows which search engines found each result - URLs discovered by multiple engines indicate higher confidence and relevance. This multi-engine approach uncovers data that individual search engines miss due to varying indexing, filtering, and rate limiting.

Input Data

DorXNG requires input in the form of a newline-separated file containing search queries (dorks). Each query is sent to all 14 search engines, with each engine interpreting operators according to its native capabilities. For best cross-engine coverage, use universal operators supported by most engines: site:, inurl:, filetype:, intitle:, intext:, boolean operators (|, -, "").

Example dork queries:

  • site:example.com filetype:env - Environment configuration files
  • site:github.com "api_key" OR "apikey" - API keys in repositories
  • filetype:sql intext:INSERT INTO - SQL database dumps
  • intitle:"index of" confidential - Directory listings
  • inurl:admin intitle:login - Admin login pages

Configuration

  • pages (-n): Number of page iterations to fetch per query; defaults to 1. Higher values (8-16) provide more comprehensive results but increase execution time.
  • timeout (-t): Timeout between requests in seconds; defaults to 4. Set to 0 when processing query lists to avoid unnecessary delays between queries.
  • raw_output (--raw_output): Optional flag to output plaintext instead of JSON. By default, DorXNG outputs JSON format with structured data including query, title, url, and engines array for each result.

Output Structure

Default JSON output includes engine attribution:

[
  {
    "query": "site:github.com security",
    "title": "GitHub Security Best Practices",
    "url": "https://github.com/company/security-docs",
    "engines": ["bing", "duckduckgo", "mojeek"]
  }
]

Results found by multiple engines (comma-separated) indicate higher reliability and relevance. Updated: 2026-02-11