[Owasp-board] [Owasp-google-hacking] [GPC] OWASP "Google Hacking" Project - Status - June 2010

dinis cruz dinis.cruz at owasp.org
Sun Jul 4 09:17:55 UTC 2010

Hey Steven and Brad (direct email to you)

Please don't give up on OWASP just yet :)

This is a tricky issue and we are tying to address it in a way that is
transparent and fair to all parties involved.

I really appreciate your efforts in raising the alarm for what has been
happening with the OWASP Google Hacking project.

Like I said on my last email, we are starting this process from the point of
view that Christian is innocent, but if the accusations that you guys made
are correct (note that I have not looked at what this project has delivered)
then I do share your concerns (and we will have to act accordingly)

Thanks for you help so far

Dinis Cruz

On 3 July 2010 03:19, Steven Steggles <steven.steggles at gmail.com> wrote:

> Dear OWASP,
> The source code that has been released is a single Perl script of 250
> lines, most of the code being comments. The code appears to do nothing
> besides providing a command line interface to perform a Google cache query.
> Am I to believe that this is the sum total of the famous Google Hacking
> Project? From what I understand of Christian's claims at various conferences
> across the world, the following source code is still missing:
> 1. "Speak English or Die" Google Translate Workaround.
> 2. Google SOAP Search API "Key Ring" Workaround.
> 3. "TCP Input Text" Proof of Concept (PoC) which implements the Google SOAP
> Search API to extract TCP Ports from Google Search Results as input for nmap
> and netcat.
> Christian claimed to have released this source code at Ruxcon in November
> 2008....
> It appears as though OWASP has chosen to not address this issue correctly
> and bury its head in the sand.Perhaps in the naive hope that this problem
> will quietly go away. What a disgrace! The OWASP Google Hacking project
> appears to have been solely created as a vehicle for Christian's own self
> promotion! I am ashamed to be associated with such an organization that
> turns a blind eye to this highly inappropriate behavior. What a disgrace!
> I expect that you will moderate this message but I feel that the wider
> security community should be made aware of this sham and lack of action on
> OWASP's part.
> Very disappointed,
> Steven
> On Fri, Jul 2, 2010 at 4:50 PM, Christian Heinrich <
> christian.heinrich at owasp.org> wrote:
>> Brad,
>> On Mon, Jun 28, 2010 at 10:22 PM, Brad Causey <bradcausey at owasp.org>
>> wrote:
>> > So just to be clear Christian,
>> > 1. It appears that the source, is in fact, release. We thank you for
>> that.
>> > 2. Do you have a timeline for future development? I would assume that
>> > because google depreciated it's API, that you would need to find other
>> > methods of performing queries.
>> > Thank you very much in advance.
>> 1. Yes, the RUXCON 2K8 Release is available again.
>> 2. As far as I am aware, their AJAX Search API does not have an
>> equivalent call related to retrieving content from the Google's cache.
>>  Scraping, etc would violate Google Term's of Service.  There is a
>> possibility that I could port it to Bing but I have not reviewed the
>> functionality of their SOAP API yet.
>> Having spoken with Dinis at HITB Amsterdam, his feeling was that the
>> project should be closed off and a new category be created to clarify
>> the reason why as it is not inactive, rather that development can't
>> continue due to the deprecation of the Google SOAP Search API.  I also
>> highlighted that it was only intended as a PoC as investing further
>> development in light of the closure of the SOAP Search API and would
>> be to the determent of other projects that I contribute too.
>> I will do one more review the related owasp.org wiki pages and update
>> the documentation on the repository, etc when I return to Australia
>> next weekend (i.e. 10 July) and indicate when this is completed to the
>> GPC.
>> --
>> Regards,
>> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
>> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
>> _______________________________________________
>> Owasp-google-hacking mailing list
>> Owasp-google-hacking at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-google-hacking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100704/edc55b86/attachment-0002.html>

More information about the Owasp-board mailing list