[Owasp-google-hacking] [GPC] OWASP "Google Hacking" Project - Status - June 2010

Steven Steggles steven.steggles at gmail.com
Fri Jul 2 22:19:07 EDT 2010


The source code that has been released is a single Perl script of 250 lines,
most of the code being comments. The code appears to do nothing besides
providing a command line interface to perform a Google cache query. Am I to
believe that this is the sum total of the famous Google Hacking Project?
>From what I understand of Christian's claims at various conferences across
the world, the following source code is still missing:

1. "Speak English or Die" Google Translate Workaround.
2. Google SOAP Search API "Key Ring" Workaround.
3. "TCP Input Text" Proof of Concept (PoC) which implements the Google SOAP
Search API to extract TCP Ports from Google Search Results as input for nmap
and netcat.

Christian claimed to have released this source code at Ruxcon in November

It appears as though OWASP has chosen to not address this issue correctly
and bury its head in the sand.Perhaps in the naive hope that this problem
will quietly go away. What a disgrace! The OWASP Google Hacking project
appears to have been solely created as a vehicle for Christian's own self
promotion! I am ashamed to be associated with such an organization that
turns a blind eye to this highly inappropriate behavior. What a disgrace!

I expect that you will moderate this message but I feel that the wider
security community should be made aware of this sham and lack of action on
OWASP's part.


Very disappointed,

On Fri, Jul 2, 2010 at 4:50 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Brad,
> On Mon, Jun 28, 2010 at 10:22 PM, Brad Causey <bradcausey at owasp.org>
> wrote:
> > So just to be clear Christian,
> > 1. It appears that the source, is in fact, release. We thank you for
> that.
> > 2. Do you have a timeline for future development? I would assume that
> > because google depreciated it's API, that you would need to find other
> > methods of performing queries.
> > Thank you very much in advance.
> 1. Yes, the RUXCON 2K8 Release is available again.
> 2. As far as I am aware, their AJAX Search API does not have an
> equivalent call related to retrieving content from the Google's cache.
>  Scraping, etc would violate Google Term's of Service.  There is a
> possibility that I could port it to Bing but I have not reviewed the
> functionality of their SOAP API yet.
> Having spoken with Dinis at HITB Amsterdam, his feeling was that the
> project should be closed off and a new category be created to clarify
> the reason why as it is not inactive, rather that development can't
> continue due to the deprecation of the Google SOAP Search API.  I also
> highlighted that it was only intended as a PoC as investing further
> development in light of the closure of the SOAP Search API and would
> be to the determent of other projects that I contribute too.
> I will do one more review the related owasp.org wiki pages and update
> the documentation on the repository, etc when I return to Australia
> next weekend (i.e. 10 July) and indicate when this is completed to the
> GPC.
> --
> Regards,
> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> _______________________________________________
> Owasp-google-hacking mailing list
> Owasp-google-hacking at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-google-hacking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-google-hacking/attachments/20100703/80f25126/attachment-0001.html 

More information about the Owasp-google-hacking mailing list