[Owasp-board] FW: [SPAM] Re: [Owasp-google-hacking] [GPC] OWASP "Google Hacking" Project - Status - June 2010

Paulo Coimbra paulo.coimbra at owasp.org
Sat Jul 3 06:05:49 UTC 2010

For your information. 




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Steven Steggles [mailto:steven.steggles at gmail.com] 
Sent: sábado, 3 de Julho de 2010 03:19
To: owasp-google-hacking at lists.owasp.org; dinis.cruz at owasp.org;
paulo.coimbra at owasp.org; jeff.williams at owasp.org; brad.empeigne at gmail.com
Subject: [SPAM] Re: [Owasp-google-hacking] [GPC] OWASP "Google Hacking"
Project - Status - June 2010



The source code that has been released is a single Perl script of 250 lines,
most of the code being comments. The code appears to do nothing besides
providing a command line interface to perform a Google cache query. Am I to
believe that this is the sum total of the famous Google Hacking Project?
>From what I understand of Christian's claims at various conferences across
the world, the following source code is still missing:

1. "Speak English or Die" Google Translate Workaround.
2. Google SOAP Search API "Key Ring" Workaround.
3. "TCP Input Text" Proof of Concept (PoC) which implements the Google SOAP
Search API to extract TCP Ports from Google Search Results as input for nmap
and netcat. 

Christian claimed to have released this source code at Ruxcon in November

It appears as though OWASP has chosen to not address this issue correctly
and bury its head in the sand.Perhaps in the naive hope that this problem
will quietly go away. What a disgrace! The OWASP Google Hacking project
appears to have been solely created as a vehicle for Christian's own self
promotion! I am ashamed to be associated with such an organization that
turns a blind eye to this highly inappropriate behavior. What a disgrace!

I expect that you will moderate this message but I feel that the wider
security community should be made aware of this sham and lack of action on
OWASP's part.


Very disappointed,

On Fri, Jul 2, 2010 at 4:50 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:


On Mon, Jun 28, 2010 at 10:22 PM, Brad Causey <bradcausey at owasp.org> wrote:
> So just to be clear Christian,
> 1. It appears that the source, is in fact, release. We thank you for that.
> 2. Do you have a timeline for future development? I would assume that
> because google depreciated it's API, that you would need to find other
> methods of performing queries.
> Thank you very much in advance.

1. Yes, the RUXCON 2K8 Release is available again.
2. As far as I am aware, their AJAX Search API does not have an
equivalent call related to retrieving content from the Google's cache.
 Scraping, etc would violate Google Term's of Service.  There is a
possibility that I could port it to Bing but I have not reviewed the
functionality of their SOAP API yet.

Having spoken with Dinis at HITB Amsterdam, his feeling was that the
project should be closed off and a new category be created to clarify
the reason why as it is not inactive, rather that development can't
continue due to the deprecation of the Google SOAP Search API.  I also
highlighted that it was only intended as a PoC as investing further
development in light of the closure of the SOAP Search API and would
be to the determent of other projects that I contribute too.

I will do one more review the related owasp.org wiki pages and update
the documentation on the repository, etc when I return to Australia
next weekend (i.e. 10 July) and indicate when this is completed to the


Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking

Owasp-google-hacking mailing list
Owasp-google-hacking at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100703/dd4b301f/attachment-0002.html>

More information about the Owasp-board mailing list