[Owasp-board] [Owasp-google-hacking] Google hacking code

Tue Jul 20 11:42:02 UTC 2010

Brad et al,

As mentioned before, I am on the process of drafting an inquiry methodology
for Board’s and GPC’s approval but I am progressing very slowly. For one
thing, the benchmarking I’ve been intensively doing has hardly produced any
helpful result. For another, my lack of proper juridical knowledge, the
destructive potential of this issue and the need to devising a general
methodology that can be used in the future to deal with other similar
matters are also slowing down my progress. In addition, as I always need to
keep myself answering to my other OWASP calls, I have been unable to
allocate all my time to sort this out. 

However, I still think that I can come up with something for your review. I
will of course keep you updated. 

Having said this, if you have in mind an alternative approach to produce a
frame to solve this issue, please let me know. I will be more than happy to
assist in any possible way.

Thanks, 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

From: Brad Empeigne [mailto:brad.empeigne at gmail.com] 
Sent: terça-feira, 20 de Julho de 2010 05:01
To: Paulo Coimbra; dinis cruz
Subject: Fwd: [Owasp-google-hacking] Google hacking code

Hi Paulo and Dinis, has there been any progress on the investigation?

I appreciate that Christian has now released the code and all (and also his
TIT code), but at the same time I don't feel impressed that it took a month
of debating and arm twisting, not to mention the work was so disappointing
to see in the end. I would be interested to hear how the enquiry has gone
from your end so far and when you think it may be complete? Thanks.

-- Brad

---------- Forwarded message ----------

From: Christian Heinrich <christian.heinrich at owasp.org>

Date: Sun, Jul 11, 2010 at 12:35 PM

Subject: Re: [Owasp-google-hacking] Google hacking code

To: Brad Empeigne <brad.empeigne at gmail.com>

Cc: owasp-google-hacking at lists.owasp.org

Brad,

The "Post Google SOAP Search API Deprecation Release" is now available i.e.
http://code.google.com/p/dic/source/browse/trunk/dic.pl

You will be violating Google's Term of Service if you execute this release
post
http://googlecode.blogspot.com/2009/08/well-earned-retirement-for-soap-searc
h.html

even in light of a valid SOAP Search API Key.

As I stated before Sensepost's Aura does not support doGetCachedPage SOAP
Message but it should execute without any errors excluding that multiple
warnings are now displayed e.g.

<quote>

$ ./dic.pl -key "demo" -query "site:owasp.org" -wsdl "./GoogleSearch.wsdl"
-start 80

"Download Indexed Cache" Proof of Concept (PoC) v0.2 (Post Google SOAP
Search API Deprecation Release)

Copyright 2008, 2009 Christian Heinrich

Licensed under the Apache License, Version 2.0

WARNING: You are violating Google's Terms of Service if you execute this
post
http://googlecode.blogspot.com/2009/08/well-earned-retirement-for-soap-searc
h.html

Appending ./siteowasp.org/dic

Downloading http://www.owasp.org/ from Google Cache [0k] as 80.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/download/ from Google Cache [0k] as 81.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org:443/ from Google Cache [0k] as 82.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading
http://www.owasp.org/images/3/33/Schwachstellen_in_SAP_Web_Anwendungen.pdf

from Google Cache [0k] as 83.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/Cincinnati from Google Cache [0k]
as 84.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/Malaysia from Google Cache [0k]
as 85.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/AppSensor_DetectionPoints

from Google Cache [0k] as 86.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/San_Antonio from Google Cache
[0k] as 87.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009

from Google Cache [0k] as 88.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
Downloading http://www.owasp.org/index.php/Testing_Guide_Introduction

from Google Cache [0k] as 89.html

WARNING: Sensepost's Aura does not support doGetCachedPage SOAP Message
</quote>

I finalizing the (PoC) v0.2 Post Google SOAP Search API Deprecation Release
for download from http://code.google.com/p/dic/downloads/list

at the moment - this should be available shortly.

Please let me know if you need any further information or assistance?

On Fri, Jun 11, 2010 at 10:36 AM, Brad Empeigne <brad.empeigne at gmail.com>
wrote:

> Hi everyone, as advised I am emailing the google hacking mailing list.

> As far as I understand the repository was taken offline due to the 

> Google SOAP API becoming end of life. However if the project is still 

> active I believe the code should be public so others can learn and 

> help contribute to add functionality and get it working with something 

> like Aura. Is anyone able to share the code? Thanks for your time.

> 

> --Brad

> _______________________________________________

> Owasp-google-hacking mailing list

> Owasp-google-hacking at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/owasp-google-hacking

> 

--

Regards,

Christian Heinrich - http://www.owasp.org/index.php/user:cmlh

OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100720/b5b0920d/attachment-0002.html>