[Owasp-google-hacking] [GPC] OWASP "Google Hacking" Project - Status - June 2010
steven.steggles at gmail.com
Sun Jul 4 06:49:41 EDT 2010
Which parts of the email do you wish to quote? What is the blog post about?
On Sun, Jul 4, 2010 at 5:47 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> Hi Steven
> You are raising very important points, can I quote this email on a blog
> post I'm writing about this issue?
> Dinis Cruz
> On 3 Jul 2010, at 03:19, Steven Steggles <steven.steggles at gmail.com>
> Dear OWASP,
> The source code that has been released is a single Perl script of 250
> lines, most of the code being comments. The code appears to do nothing
> besides providing a command line interface to perform a Google cache query.
> Am I to believe that this is the sum total of the famous Google Hacking
> Project? From what I understand of Christian's claims at various conferences
> across the world, the following source code is still missing:
> 1. "Speak English or Die" Google Translate Workaround.
> 2. Google SOAP Search API "Key Ring" Workaround.
> 3. "TCP Input Text" Proof of Concept (PoC) which implements the Google SOAP
> Search API to extract TCP Ports from Google Search Results as input for nmap
> and netcat.
> Christian claimed to have released this source code at Ruxcon in November
> It appears as though OWASP has chosen to not address this issue correctly
> and bury its head in the sand.Perhaps in the naive hope that this problem
> will quietly go away. What a disgrace! The OWASP Google Hacking project
> appears to have been solely created as a vehicle for Christian's own self
> promotion! I am ashamed to be associated with such an organization that
> turns a blind eye to this highly inappropriate behavior. What a disgrace!
> I expect that you will moderate this message but I feel that the wider
> security community should be made aware of this sham and lack of action on
> OWASP's part.
> I WILL NO LONGER BE PARTICIPATING IN OWASP RELATED MEETINGS OR CONFERENCES.
> Very disappointed,
> On Fri, Jul 2, 2010 at 4:50 PM, Christian Heinrich <<christian.heinrich at owasp.org>
> christian.heinrich at owasp.org> wrote:
>> On Mon, Jun 28, 2010 at 10:22 PM, Brad Causey < <bradcausey at owasp.org>
>> bradcausey at owasp.org> wrote:
>> > So just to be clear Christian,
>> > 1. It appears that the source, is in fact, release. We thank you for
>> > 2. Do you have a timeline for future development? I would assume that
>> > because google depreciated it's API, that you would need to find other
>> > methods of performing queries.
>> > Thank you very much in advance.
>> 1. Yes, the RUXCON 2K8 Release is available again.
>> 2. As far as I am aware, their AJAX Search API does not have an
>> equivalent call related to retrieving content from the Google's cache.
>> Scraping, etc would violate Google Term's of Service. There is a
>> possibility that I could port it to Bing but I have not reviewed the
>> functionality of their SOAP API yet.
>> Having spoken with Dinis at HITB Amsterdam, his feeling was that the
>> project should be closed off and a new category be created to clarify
>> the reason why as it is not inactive, rather that development can't
>> continue due to the deprecation of the Google SOAP Search API. I also
>> highlighted that it was only intended as a PoC as investing further
>> development in light of the closure of the SOAP Search API and would
>> be to the determent of other projects that I contribute too.
>> I will do one more review the related <http://owasp.org>owasp.org wiki
>> pages and update
>> the documentation on the repository, etc when I return to Australia
>> next weekend (i.e. 10 July) and indicate when this is completed to the
>> Christian Heinrich - <http://www.owasp.org/index.php/user:cmlh>
>> OWASP "Google Hacking" Project Lead - <http://sn.im/owasp_google_hacking>
>> Owasp-google-hacking mailing list
>> <Owasp-google-hacking at lists.owasp.org>
>> Owasp-google-hacking at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-google-hacking