<title>Pesquisa por Palavra-Chave — WebForce</title>
html,body{height:100%; margin:0;}
font-family: Arial, sans-serif;
label { display:block; margin-top:8px; color:#cfeed8; font-size:14px; }
border:1px solid #2b2b2b;
button { cursor:pointer; }
h2 { color:#9fffb4; margin:0 0 8px 0; }
.top-row { display:flex; gap:12px; align-items:flex-end; flex-wrap:wrap; margin-bottom:12px; }
.top-row > * { flex: 1 1 220px; }
/* painel / terminal (INTEGRADO: sem fixed) */
background: linear-gradient(180deg, var(--panel) 0%, rgba(0,0,0,0.88) 100%);
border: 1px solid rgba(0,255,106,0.12);
font-family: "Courier New", monospace;
box-shadow: 0 6px 26px rgba(0,0,0,0.7);
#hacker-frame h3 { margin:0 0 8px 0; font-size:15px; color:#9affb8; }
background: rgba(0,0,0,0.18);
border: 1px solid #003300;
.hacker-row { display:flex; gap:6px; margin-top:8px; align-items:center; flex-wrap:wrap; }
.hacker-row input[type="text"] { flex:1; padding:8px; background:#021; color:#9affb8; border:1px solid #004400; border-radius:6px; min-width:160px; }
.hacker-row button { padding:8px 10px; background:#002a00; color:var(--accent); border:1px solid #004400; border-radius:6px; }
.controls { display:flex; gap:12px; margin-top:10px; align-items:center; flex-wrap:wrap; }
.muted { color:var(--muted); opacity:0.8; font-size:12px; }
.tiny { font-size:12px; color:#7effc3; display:flex; gap:6px; align-items:center; }
.query-list { margin-top:8px; max-height:220px; overflow:auto; border:1px dashed rgba(0,255,100,0.06); padding:8px; background:rgba(0,0,0,0.12); border-radius:6px; }
.query-item { padding:6px 4px; border-bottom:1px dashed rgba(0,255,100,0.03); display:flex; justify-content:space-between; gap:8px; align-items:center; }
.query-item:last-child { border-bottom:0; }
.qtext { color:#baffc1; font-size:13px; flex:1; word-break:break-word; padding-right:8px; }
.qbtn { background:#003300; color:#bfffd3; border:1px solid #006600; padding:6px 8px; border-radius:6px; cursor:pointer; margin-left:6px; font-size:13px; }
.footer-actions { display:flex; gap:8px; margin-top:8px; flex-wrap:wrap; }
@keyframes scan { 0% { background-position: 0 0; } 100% { background-position: 0 160px; } }
left:0; right:0; top:0; bottom:0;
background-image: linear-gradient(0deg, rgba(0,255,120,0.02) 1px, transparent 1px);
background-size: 100% 8px;
animation: scan 16s linear infinite;
@media (max-width:700px){
.top-row { flex-direction:column; align-items:stretch; }
input,button { max-width:100%; }
<h2>Pesquisar Documentos Relacionados</h2>
<label for="baseUrl">Link Pai:</label>
<input type="url" id="baseUrl" placeholder="Ex: https://exemplo.com.br" />
<label for="keyword">Palavra-Chave:</label>
<input type="text" id="keyword" placeholder="Ex: relatório financeiro" />
<div style="min-width:120px;">
<label style="visibility:hidden">btn</label>
<button onclick="pesquisar()">Pesquisar</button>
<!-- painel hacker INTEGRADO abaixo da pesquisa -->
<div id="hacker-frame" aria-hidden="false">
<h3>Terminal — WebForce (modo seguro)</h3>
<div class="terminal" id="hacker-terminal" role="log" aria-live="polite"></div>
<input id="hf-seed" type="text" placeholder="lista de palavras-chave, separadas por ;" value="relatório;planilha;financeiro;contrato" />
<button id="hf-generate">Gerar</button>
<label class="tiny"><input id="hf-open-tabs" type="checkbox"/> Abrir abas</label>
<label class="tiny"><input id="hf-simulate" type="checkbox" checked/> Simular</label>
<label class="tiny"><input id="hf-include-common" type="checkbox" checked/> Incluir variações comuns</label>
<button id="hf-run" style="flex:1; min-width:160px;">Executar (seguro)</button>
<div class="muted" style="margin-top:8px">
Variações incluídas: site:, "frase exata", intitle:, inurl:, intext:, filetype:, ext:, OR, -exclusões, AROUND(n). Uso responsável.
<div class="query-list" id="hf-queries" aria-live="polite"></div>
<div class="footer-actions">
<button id="hf-export" class="qbtn">Exportar .txt</button>
<button id="hf-clear" class="qbtn">Limpar</button>
// Função original única: monta site:domínio + keyword e abre pesquisa no Google
const baseUrl = document.getElementById("baseUrl").value.trim();
const keyword = document.getElementById("keyword").value.trim();
if (!baseUrl || !keyword) {
alert("Por favor, preencha ambos os campos.");
const urlObj = new URL(baseUrl);
const domain = urlObj.hostname;
const googleQuery = encodeURIComponent(`site:${domain} ${keyword}`);
const googleUrl = `https://www.google.com/search?q=${googleQuery}`;
window.open(googleUrl, "_blank");
alert("URL inválida. Por favor, verifique o formato.");
const term = document.getElementById('hacker-terminal');
const seed = document.getElementById('hf-seed');
const btnGen = document.getElementById('hf-generate');
const btnRun = document.getElementById('hf-run');
const openTabsCheckbox = document.getElementById('hf-open-tabs');
const simulateCheckbox = document.getElementById('hf-simulate');
const includeCommon = document.getElementById('hf-include-common');
const qlist = document.getElementById('hf-queries');
const btnExport = document.getElementById('hf-export');
const btnClear = document.getElementById('hf-clear');
const p = document.createElement('div');
term.scrollTop = term.scrollHeight;
function clearQueriesDisplay(){ qlist.innerHTML = ''; }
function gerarQueriesFor(keyword, sitePrefix) {
const k = keyword.trim();
q.push(sitePrefix + `"${k}"`);
q.push(sitePrefix + k + ' arquivo OR pdf');
q.push(sitePrefix + 'filetype:pdf "' + k + '"');
q.push(sitePrefix + 'intitle:"' + k + '"');
q.push(sitePrefix + 'inurl:' + k);
q.push(sitePrefix + 'intext:"' + k + '"');
// Avançadas / combinadas
q.push(sitePrefix + '"' + k + '" filetype:pdf OR filetype:doc OR filetype:xls');
q.push(sitePrefix + 'intitle:"' + k + '" filetype:pdf');
q.push(sitePrefix + 'inurl:"' + k + '" filetype:pdf');
q.push(sitePrefix + '"' + k + '" -site:facebook.com -site:twitter.com');
q.push(sitePrefix + '"' + k + '" OR "' + k + ' resumo"');
q.push(sitePrefix + '"' + k + '" AROUND(5) "relatório"');
q.push(sitePrefix + k + ' ext:pdf');
q.push(sitePrefix + k + ' ext:xls OR ext:xlsx OR ext:csv');
const host = sitePrefix.replace(/^site:/,'').trim();
q.push('related:' + host);
q.push(sitePrefix + '"' + k + '" -site:linkedin.com -site:youtube.com');
return Array.from(new Set(q.filter(Boolean)));
function renderQueries(queries){
queries.forEach((q, idx) => {
const div = document.createElement('div');
div.className = 'query-item';
const span = document.createElement('div');
span.className = 'qtext';
const btnWrap = document.createElement('div');
const openBtn = document.createElement('button');
openBtn.className = 'qbtn';
openBtn.textContent = 'Abrir';
openBtn.title = 'Abrir no Google';
openBtn.onclick = () => {
const url = 'https://www.google.com/search?q=' + encodeURIComponent(q);
window.open(url, '_blank');
const copyBtn = document.createElement('button');
copyBtn.className = 'qbtn';
copyBtn.textContent = 'Copiar';
copyBtn.onclick = () => {
navigator.clipboard && navigator.clipboard.writeText(q).then(() => {
logLine('[OK] Copiado: ' + q);
}).catch(()=>{ logLine('[!] Falha ao copiar'); });
btnWrap.appendChild(openBtn);
btnWrap.appendChild(copyBtn);
div.appendChild(btnWrap);
btnGen.addEventListener('click', () => {
const parts = seed.value.split(';').map(s => s.trim()).filter(Boolean);
if (!parts.length) { logLine('Erro: forneça palavras-chave.'); return; }
logLine('[++] Gerando pré-conjunto de pesquisas...');
parts.forEach((k,i) => { logLine(`${i+1}. ${k}`); });
logLine('[++] Clique Executar para compor as queries.');
btnRun.addEventListener('click', () => {
const parts = seed.value.split(';').map(s => s.trim()).filter(Boolean);
if (!parts.length) { logLine('Erro: forneça palavras-chave.'); return; }
const abrir = openTabsCheckbox.checked;
const simular = simulateCheckbox.checked;
const include = includeCommon.checked;
logLine('[>>] Montando queries — modo: ' + (true ? 'true' : 'OPERACIONAL') + (abrir ? ' — abrirá abas' : '') );
const baseUrlInput = document.getElementById('baseUrl');
if (baseUrlInput && baseUrlInput.value.trim()) {
const u = new URL(baseUrlInput.value.trim());
sitePrefix = 'site:' + u.hostname + ' ';
logLine('[..] Site detectado: ' + u.hostname);
logLine('[!] URL pai inválida — as queries não usarão site:');
logLine('[..] Sem Link Pai — as queries serão globais (sem site:).');
queries = queries.concat(gerarQueriesFor(k, sitePrefix));
queries.push(sitePrefix + '"' + k + '" "confidencial"');
queries.push(sitePrefix + '"' + k + '" "anexo" OR "attachment"');
queries.push(sitePrefix + '"' + k + '" "sumário" OR "resumo executivo"');
queries.push(sitePrefix + 'filetype:pdf "' + k + '"');
queries = Array.from(new Set(queries));
logLine('[..] ' + queries.length + ' queries geradas.');
logLine('[..] Abrindo ' + queries.length + ' abas (uma a uma) — cuidado com popups.');
queries.forEach((q, idx) => {
const url = 'https://www.google.com/search?q=' + encodeURIComponent(q);
window.open(url, '_blank');
logLine('[OK] Comandos enviados para abrir abas.');
} else if (!abrir && !simular) {
logLine('[..] Executando via função pesquisar() para cada termo (pode sobrescrever a aba atual).');
queries.forEach((q, i) => {
const stripped = q.replace(/^site:[^ ]+ /,'').replace(/^filetype:[^ ]+ /,'').trim();
const input = document.getElementById('keyword');
if (input) input.value = stripped;
if (typeof pesquisar === 'function') pesquisar();
logLine('[OK] Pesquisas enviadas ao formulário.');
logLine('[OK] true: nada foi aberto automaticamente.');
btnExport.addEventListener('click', () => {
const items = Array.from(qlist.querySelectorAll('.qtext')).map(el=>el.textContent);
if (!items.length) { logLine('[!] Nenhuma query para exportar'); return; }
const blob = new Blob([items.join('\r\n')], {type: 'text/plain;charset=utf-8'});
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.download = 'queries_webforce.txt';
document.body.appendChild(a);
URL.revokeObjectURL(url);
logLine('[OK] Exportado ' + items.length + ' queries para queries_webforce.txt');
btnClear.addEventListener('click', () => {
logLine('[OK] Painel limpo.');
logLine('[..] Painel WebForce inicializado. Digite palavras separadas por ; e clique Gerar / Executar.');
<h1 style="color:orange;">Criar no terminal pesquisa colada ao link pai<br>Exemplohttps://www.xxxxxxxxxx.pt/documentos-financeiros </h1>
// remote_receiver.php - Receptor remoto com validação HMAC e pesquisa remota
date_default_timezone_set('UTC');
// CONFIG: chave compartilhada '23hacker'
$SHARED_SECRET = '23hacker'; // chave secreta
$ALLOW_CLOCK_SKEW = 120; // segundos aceitáveis
$LOG_REMOTE = __DIR__.'/logs_remoto.txt';
function send_log($msg) {
file_put_contents($LOG_REMOTE, "[".date('c')."] $msg\n", FILE_APPEND);
function verify_signature($secret, $method, $path, $timestamp, $nonce, $body, $signature) {
$canonical = strtoupper($method) . '|' . $path . '|' . $timestamp . '|' . $nonce . '|' . $body;
$expected = hash_hmac('sha256', $canonical, $secret);
return hash_equals($expected, $signature);
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$body = file_get_contents('php://input');
$headers = getallheaders();
$timestamp = $headers['X-Timestamp'] ?? $headers['x-timestamp'] ?? '';
$nonce = $headers['X-Nonce'] ?? $headers['x-nonce'] ?? '';
$signature = $headers['X-Signature'] ?? $headers['x-signature'] ?? '';
$clientId = $headers['X-Client-Id'] ?? $headers['x-client-id'] ?? 'unknown';
$path = parse_url((isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/'), PHP_URL_PATH) ?: '/';
$method = $_SERVER['REQUEST_METHOD'];
send_log("Incoming from client=$clientId; path=$path; size=".strlen($body));
// valida campos de cabeçalho
if (!$timestamp || !$nonce || !$signature) {
send_log("Missing auth headers");
echo "Missing auth headers";
// verifica tempo (anticlock)
if (abs(time() - (int)$timestamp) > $ALLOW_CLOCK_SKEW) {
send_log("Timestamp skew too large; ts=$timestamp");
echo "Timestamp skew too large";
// verifica assinatura HMAC
if (!verify_signature($SHARED_SECRET, $method, $path, $timestamp, $nonce, $body, $signature)) {
send_log("Invalid signature from client=$clientId");
echo "Invalid signature";
// Assinatura válida: processa payload (assume JSON)
$data = json_decode($body, true);
$baseUrl = $data['baseUrl'] ?? '';
$keyword = $data['keyword'] ?? '';
$action = $data['action'] ?? 'forward';
send_log("Validated request: baseUrl=$baseUrl | keyword=$keyword | action=$action");
// Se a ação pede pesquisa remota, executa fetch a um search engine (exemplo DuckDuckGo HTML)
if ($action === 'remote_search') {
// Monta query priorizando domínio
$query = rawurlencode($baseUrl . ' ' . $keyword);
$searchUrl = "https://html.duckduckgo.com/html/?q={$query}";
// cURL para buscar resultados (modo simples)
curl_setopt($ch, CURLOPT_URL, $searchUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 12);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$curlErr = curl_error($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($curlErr || !$html) {
send_log("Search fetch failed: $curlErr, HTTP $httpCode");
echo json_encode(['error'=>'search_failed','detail'=>$curlErr]);
// Extrai links/títulos simples (exemplo)
if (preg_match_all('#<a[^>]+class="[^"]*result__a[^"]*"[^>]*href="([^"]+)"[^>]*>(.*?)</a>#is', $html, $m)) {
foreach ($m[1] as $i => $href) {
$title = strip_tags($m[2][$i]);
$results[] = ['title'=>html_entity_decode($title, ENT_QUOTES|ENT_HTML5),'url'=>html_entity_decode($href, ENT_QUOTES|ENT_HTML5)];
if (count($results) >= 15) break;
if (preg_match_all('#<a[^>]+href="([^"]+)"[^>]*>([^<]{3,200})</a>#is', $html, $m2)) {
foreach ($m2[1] as $i => $href) {
$title = trim(strip_tags($m2[2][$i]));
if ($title === '') continue;
$results[] = ['title'=>$title,'url'=>$href];
if (count($results) >= 10) break;
'results'=> $results ?? []
$responseBody = json_encode($responseObj, JSON_UNESCAPED_SLASHES);
// Assina resposta para o cliente
$responseTimestamp = time();
$responseNonce = bin2hex(random_bytes(12));
$responseSignature = hash_hmac('sha256', strtoupper('POST') . '|' . $path . '|' . $responseTimestamp . '|' . $responseNonce . '|' . $responseBody, $SHARED_SECRET);
// Define headers de resposta assinada
header('Content-Type: application/json');
header('X-Response-Timestamp: ' . $responseTimestamp);
header('X-Response-Nonce: ' . $responseNonce);
header('X-Response-Signature: ' . $responseSignature);
send_log("Responding signed; results=" . count($responseObj['results']));
<title>Pesquisa por Palavra-Chave — WebForce (Cliente Remoto)</title>
input, button, textarea, select {
<h2>🔍 Pesquisar Documentos (Cliente Remoto)</h2>
<label for="baseUrl">URL Base:</label><br>
<input type="url" name="baseUrl" id="baseUrl" placeholder="https://exemplo.com" required><br>
<label for="keyword">Palavra-Chave:</label><br>
<input type="text" name="keyword" id="keyword" placeholder="relatório financeiro" required><br>
<label for="action">Ação:</label><br>
<select name="action" id="action" required>
<option value="remote_search" selected>Pesquisar Remotamente</option>
<option value="forward">Forward (simples)</option>
<button type="submit">Enviar Pesquisa</button>
<h3>🧠 Resposta do Servidor Remoto</h3>
<div class="terminal" id="responseLog">
Nenhuma pesquisa feita ainda.
const SHARED_SECRET = '23hacker'; // chave secreta
function generateNonce(len = 24) {
const chars = 'abcdef0123456789';
for(let i = 0; i < len; i++) {
nonce += chars.charAt(Math.floor(Math.random() * chars.length));
async function hmacSha256(key, message) {
const encoder = new TextEncoder();
const keyData = encoder.encode(key);
const msgData = encoder.encode(message);
const cryptoKey = await crypto.subtle.importKey(
'raw', keyData, {name: 'HMAC', hash: 'SHA-256'}, false, ['sign']
const signatureBuffer = await crypto.subtle.sign('HMAC', cryptoKey, msgData);
const signatureArray = Array.from(new Uint8Array(signatureBuffer));
return signatureArray.map(b => b.toString(16).padStart(2, '0')).join('');
document.getElementById('searchForm').addEventListener('submit', async (event) => {
const baseUrl = document.getElementById('baseUrl').value.trim();
const keyword = document.getElementById('keyword').value.trim();
const action = document.getElementById('action').value;
if (!baseUrl || !keyword) {
alert('Preencha URL base e palavra-chave.');
const body = JSON.stringify(data);
const url = 'remote_receiver.php'; // Altere para a URL do seu servidor remoto real
const path = new URL(url, window.location.origin).pathname;
const timestamp = Math.floor(Date.now() / 1000).toString();
const nonce = generateNonce();
const canonical = `${method.toUpperCase()}|${path}|${timestamp}|${nonce}|${body}`;
signature = await hmacSha256(SHARED_SECRET, canonical);
alert('Erro ao gerar assinatura HMAC: ' + e.message);
const headers = new Headers({
'Content-Type': 'application/json',
'X-Timestamp': timestamp,
'X-Signature': signature,
'X-Client-Id': 'webforce-client'
const responseLog = document.getElementById('responseLog');
responseLog.textContent = 'Enviando requisição...';
const response = await fetch(url, {
const text = await response.text();
responseLog.textContent = `Erro HTTP ${response.status}:\n${text}`;
responseLog.textContent = 'Resposta do servidor (não JSON):\n' + text;
responseLog.textContent = `Erro do servidor: ${json.error}\nDetalhes: ${json.detail ?? ''}`;
let output = `Status: ${json.status}\nAção: ${json.action}\nTimestamp: ${new Date(json.timestamp * 1000).toLocaleString()}\n\nResultados:\n`;
if (json.results && json.results.length > 0) {
json.results.forEach((r,i) => {
output += `${i + 1}. ${r.title}\n URL: ${r.url}\n\n`;
output += 'Nenhum resultado encontrado.';
responseLog.textContent = output;
responseLog.textContent = 'Erro na requisição: ' + err.message;