Morse Runner is a Windows-based contest simulator developed by Alex Shovkoplyas, VE3NEA. Using Wineskin, it has been successfully and seamlessly run under OSX, and made available here for download. Sure, you could use Wineskin to do this yourself (and save me some bandwidth), or you can pull the ready-made dmg from here.
Running Catalina? Go to 'Download' to read the latest (and grab a box of tissues)
The string inurl:index.php?id=1 shop install is a common search operator—often called a "Google Dork"—used to find specific web pages or vulnerabilities in web applications. Purpose and Function Targeting Installations: This specific query is typically used to locate the installation pages
or administrative interfaces of older or poorly configured e-commerce software (shops). Search Parameters:
: Instructs Google to look for the following keywords within the URL of a website. index.php?id=1 : A common URL structure for PHP-based sites where
often refers to the first entry in a database (like a default admin or home page). : Narrows the results to e-commerce or retail platforms. inurl index php id 1 shop install
: Targets setup files that should ideally be deleted after a site goes live. Security Context
In the world of cybersecurity, researchers or malicious actors use these strings to find websites that are: Unfinished: Sites that were never fully set up but are still online. Vulnerable:
Sites that left their installation scripts active, which could allow an attacker to overwrite the site’s configuration or gain administrative access. Leaking Information: The string inurl:index
Pages that might reveal database structures or server configurations. Safety Note:
Security scanners and malicious bots constantly scrape Google results for dorks like this one. Once found, they automatically launch attacks. If your site appears in such a search, it is only a matter of hours—sometimes minutes—before an automated exploit attempts to compromise it.
A WAF (like ModSecurity, Cloudflare, or Sucuri) can detect and block SQL injection patterns, including attempts to access id=1 with malicious payloads. Note: robots.txt is a polite request
Many PHP shopping carts require running an installation script before first use. Scripts like /install/, setup.php, or install.sql are meant to be deleted after setup. However, if left in place, an attacker can:
The presence of "shop install" in the page content or URL suggests these files may still be live.
Let's break down inurl:index.php?id=1 shop install piece by piece to understand the mechanics:
inurl: This operator tells Google to look specifically within the URL of a webpage. It ignores the page content and focuses solely on the address bar.index.php?id=1 This is the target structure.
index.php indicates a site likely running on PHP, a very common server-side scripting language.?id=1 is a parameter. This usually tells the server to fetch a specific item (like a product with ID #1) from a database.shop This keyword narrows the search down to e-commerce websites.install This is perhaps the most critical part of the query for this specific context. It looks for directories or files related to installation scripts.Use robots.txt to disallow crawling of dynamic parameters:
User-agent: *
Disallow: /index.php?id=
Disallow: /install/
Note: robots.txt is a polite request, not a security control. Do not rely on it alone.
Confirmed working on: El Capitan, Mavericks, Sierra, High Sierra, & Mojave
MANY reports that it DOES NOT work on Catalina. It is very unlikely that it will work under Catalina in the near future, as it would require some pretty hefty development on Wine (they're working on it). The only other option I see is for some nice macOS developer to take the original code (it's open source!) and re-write it to run natively on 64bit macOS (go ask any developer, this is a lot of work). Since Xcode is now free if you're running Catalina, I'm happy to give it a try... when I can afford to buy a system that can run Catalina :)
If you have questions or comments about using this application under OSX, please email them to ki4stu k4iz at arrl dot net.