[Owasp-google-hacking] Google hacking code

George Anelopolis george.anelopolis at gmail.com
Sat Jun 12 04:57:59 EDT 2010


Christian,

As your code for the Google hacking project did not include any "work
around" of the SOAP Search API, there is no violation of Google TOS.

It's highly unethical to present research at industry conferences if
you do not wish to fully disclose the findings. It seems that Mr.
Empeigne has made a legitimate request, and you should be doing all
you can to assist.

George.

On Sat, Jun 12, 2010 at 4:48 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> George,
>
> As http://code.google.com/apis/soapsearch/api_faq.html#tech15 is no
> longer offered by Google any "workaround" of the "SOAP Search API" is
> a violation of http://www.google.com/accounts/TOS which is cited
> within the "Google's search service" clause of the "Terms and
> Conditions for Google SOAP Search API".
>
> The OWASP Global Project Committee was made aware that further
> development of SOAP Search related functionality ceased and the
> Release withdrawn from limited circulation once Google removed
> http://api.google.com/GoogleSearch.wsdl.
>
> Please refer to
> http://www.owasp.org/index.php/Testing:_Spiders,_Robots,_and_Crawlers_%28OWASP-IG-001%29
> to address the reduce information leakage of a web application via
> Google.
>
> On Sat, Jun 12, 2010 at 11:23 AM, George Anelopolis
> <george.anelopolis at gmail.com> wrote:
>> I have read the Terms and Conditions for Google SOAP Search API very carefully:
>>
>>>OWASP does *not* promote/endorse the use of a workaround that violates
>>>the "Terms and Conditions for Google SOAP Search API Service" i.e.
>>>http://code.google.com/apis/soapsearch/api_terms.html
>>
>> Personal use of your tool is fine. There is no violation of any laws
>> or proprietary rights by making use of functionality provided directly
>> through the Google SOAP Search API, so there's no reason why your code
>> should not be released. If you are legitimately under pressure to not
>> release such code, then I'd like to question why an illegal project
>> would be sponsored by OWASP in the first place.
>>
>> In addition, you're familiar with the OWASP project principles at
>> http://www.owasp.org/index.php/About_OWASP. You need to obey the
>> obligations you have to other community members, by making the tool
>> free for anybody interested in improving application security.
>
> --
> Regards,
> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> _______________________________________________
> Owasp-google-hacking mailing list
> Owasp-google-hacking at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-google-hacking
>


More information about the Owasp-google-hacking mailing list