In this tutorial I will show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes.

So what exactly are we going to do?

First of all if you don't know what the callbacks in general are used for then I suggest that it's better to read the What is what? documentation on that topic.


Let's make a scheme that shows you what we're planning to do:

Looks confusing?
Don't worry just follow this tutorial in order to see what happens.

1- thc_ss sends a request to thc_do
2- thc_do searches for the google dork that has been specified, retrieve the results and store them
3- thc_ss will wait for thc_do to finish
4- once finished it will send a new request to thc_ii
5- thc_ss will wait for thc_ii to complete
6- thc_ii will fetch the google dork results from thc_do
7- thc_ii pollutes the parameters with an exploit and stores the results
8- thc_ss will analyze the results

That's all there is to it, but where do we start?
We actually don't need that much code to make this work, most work is done by the modules. However you need to know exactly how the screen files work in the modules.


First of all we need to understand these two files and what parameters they both expect:
- thc_ii/screen.php
- thc_do/screen.php

POST Parameters THC_II:
- iAttackType: value must be 1 because we're going to do a mass scan
- sUseFile: location to the url file in THC_II
- sTarget: you can leave this empty (only applies to a single url scan)
- aExploits: exploits to use, expects an array, use array("sqli") as value
- submit: type of action to fulfill, use Scan as value

POST Parameters THC_DO:
- sDork: dork to search for
- iType: type of scan, use 1
- iAmount: amount of results to fetch from Google, use 10
- iMode: insert manually for your convenience, again use 1
- iSave: save to a file, use value 1 to enable logging
- submit: use Save

Before we start writing the code, let me tell you that you need to be EXTREMELY cautious with using this tool combination, you definitely don't want yourself to get blacklisted on Google. Index only a small amount of dorks spreaded throughout the day, the more scans you start the more likely it is that you will find yourself being unable to use Google. Best is always to make use of proxies or vpns.


In order to know when the modules finished the tasks we need to know how to monitor the tasks. This is quite easy. All tasks will be written to the Data/running.txt file.

Tasks have a structure like:

module_name|time_start|time_end|task_identifier_hash\n

You can use the RawToArray function to read out all the tasks that are running and completed.

So what you want to do is poll this file once every x seconds and see when time_end isn't 0, which means that the task is finished.
THC_DO creates a file in the RESULTS folder, the file associated with your dork search is named [timestamp].txt eg 132234234.txt.
You can identify the file you need easily because the timestamp in the task file is the same as the filename.

Example line in running.txt:

thc_do|1234567890|0|de3232fcab\n

The file associated with this scan would be RESULTS/1234567890.txt.


Before we're going to make the callback itself, let's make the Curl requests. Note that we don't want to return the transfers, we will just keep on monitoring the running.txt file, because this way we know when to start with the next step.

Request for THC_DO:

Request for THC_II:


THC_II only allows to get files containing target urls from a local folder in the module itself, that's why we need to copy the file holding the results from THC_DO to the urls folder in THC_II. We will do this in the callback because the modules itself are static.

Now the only thing left is to create the callback, we will be using the development wizard for that. On the menubar in your hacksuite click on the development link and then on create new callback:

From this step on we will be creating the callback, if you don't know what a callback is or how it works, you're recommended to read the documentation on that before proceeding.

values for the callback
name of callback: eg Mass Inject
location: unique filename where to store the callback eg massinject.php
url to scan: here you will need to enter the full location to the screen file of THC_DO eg http://127.0.0.1/thc_hacksuite/thc_do/screen.php
scan interval(s): 10
end after match: uncheck
regex search: uncheck
string to find: doesn't matter what you type n here, just type something we won't use this value anyway
method to send: post
scan type: select temporary scan act on string found
notification: don't notify me
time to scan(s): 15
send vars: sDork=inurl:index.php?id=&iType=1&iAmount=10&iMode=1&iSave=1&submit=Save
callback function: add the code below

function Callbck(){
}

Submit the form and your callback will be generated, it's not the end result of course but here's how it looks so far:

First of all you need to wrap the Callbck function in a function_exists statement, we will do that later, first we need to know what files and functions we need to use to make this callback work.

We need the RawToArray function to keep track of the running tasks and we need to know where the Google dorks file will be stored. I've already discussed everything in this tutorial so here's the final code for the callback: