Recent changes in Google’s SOAP-API rendered many security tools using Google useless. The aim of the Diggity project is to provide security researchers and network admins with a toolset to utilize Google Search and Bing again to uncover security vulnerabilities.

The two command line programs for Windows, Google Diggity and Bing Diggity, are offered as a free download on the project website.

Google Diggity:

The command line tool comes with a dataset of more than 1500 different vulnerability signatures, including insecure admin interfaces, SQL-injections, Cross-Site-Scripting vulnerabilities or documents that contain sensible information like passwords or financial data.

The commands define the nature of the search. It is possible to run the full set of known signatures against a website, server or IP, or perform a Google custom search which is limited to the first 64 results.

google diggity

With the retirement of Google’s SOAP Search API on September 7, 2009, most of the security utilities available for Google Hacking cease to function, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new MS Windows command line utility designed to help fill that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization.

BingDiggity

Bing Diggity has not been released yet, but will be available for download shorty.

BingDiggity is a new command line utility that leverages the new Bing 2.0 API and Stach & Liu’s newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies

Google Hacking Alerts and Bing Hacking Alerts

Google Alerts and Bing Alerts have been created for every vulnerability signature to assist network administrators, security researchers and webmasters with the monitoring of security vulnerabilities.

Currently, only Google Hacking Alerts are offered, with Bing Hacking Alerts released in the near future. Google Hacking Alerts make use of Google Alerts to provide realtime information about new websites appearing in Google Search that are vulnerable to one of the 1623 signatures. A Google Reader compatible RSS feed is provided on the project homepage. The RSS feed alerts are grouped into categories.

google alerts

This, in conjunction with filters makes it a solid defense strategy. The RSS feed is compatible not only with Google Reader but also other feed readers. Downloads and additional information are provided at the project website.

Our goal now is to give you a wider understanding of a thing called “google hacking”. This time we will give you a basic understanding of whats possible and how to achieve this.

Before we start with the essay I want you to make sure that you understand that every move you make on the internet leaves traces that can be used to identify you. I will write a tutorial about “anonymous surfing” soon. This article encourages no one to hack into servers that you don´t own or have the permission to hack.

Lets start by asking some questions. Besides Google and the knowledge of search commands – what do you need to do some hacking with google ?

The answer is simple, you need a vulnerability that you can search for. There are lots of sites that posts vulnerabilities, also known as exploits. I will name two that you can use as a start, you know how to use google to find more.

Packetstormsecurity.org
Securiteam.com

Lets use the packetstorm site as an example. When you open it you see lots of tables starting with filename ending with MD5 Checksum. Whats interesting to us is a) the filename and b) the description.

The description gives a short exerpt of what this exploit is about. Interessing for google hacking are only eploits that are web based or web connected. That means the first exploit for winrar 3.5 is not what we are looking for. The second in the list is more of our liking.

The description read “e107 content management system versions 0.617, 0.6171, 0.6172 resetcore.php utility SQL Injection, login bypass, remote code execution, and cross site scripting exploit.”

When we click the filename we see a textfile with lots of information about this exploit. I won´t give you information about the type of exploit (sql injection) because this time I only explain how you find new exploits and search for them using google.

The interesting line for us atm is “move to http://[target]/[path]/e107/e107_files/resetcore.php” and “e107 0.617 stable/ 0.6171 / 0.6172″

we see a filename and some folder names. in the first one and release numbers in the second one.

Using this information we open up google and enter one of the following strings, think of more if you like.

inurl:resetcore.php
“e107 powered website v0.617″

If you search for the first line make sure you check the version of the script first, second line automatically looks for the script that is vulnerable, you will have to navigate manually to the resetcore.php file

Thats all there is to do, you know now where to look for new vulnerabilities and how to use google to find vulnerable files.

There are other ways of looking for exploits, but those are for the advanced users, they find their own, for example by looking at the source code files.

If you really want to learn more try to find some sites with other exploits using google. You can also lookup what SQL Injection for instance means.

let me know if you have any problems following this article or comments about it.

Most of the hacks are pretty basic stuff, for example hack 6 “Check Your Spelling”, and the explanation “Google sometimes takes the liberty of “correcting” what it perceives is a spelling error in your query” Not such a great hack if you ask me.

Most of the hacks published there are probably not hacks but advices. The advanced user should know most of them if he uses that services, so nothing new for us.

The inexperienced user has the chance to learn some new concepts, but he might receive the same level of insight from googles help pages.

Update:The page on the O’Reilly website is no longer available, which leaves Google’s own help page as the only source for this information.

Google divides the information on multiple pages. The basic search help page offers tips for better searches. Tips on the page include keeping it simple by using as few terms as possible and choosing descriptive words. Results will for instance be better if you are searching for headaches instead of “my head hurts”.

A click on the more search tips link at the bottom of the page opens a page that lists some of the operators that are supported by Google Search.

• Phrase Search: Use double quotes to ask Google to consider the exact phrase, e.g. “ghacks technology news”.
• Search single word exactly: Use double quotes for this as well, e.g. “headaches”
• Search within a specific site: Use the site: command for that, e.g. site:ghacks.net
• Exclude terms: Use the minus sign to exclude terms from the search, e.g. apples -green
• Use wildcards: Add * where appropriate, for instance Mercedes Benz model *
• The Or operator: Google will only consider one of the OR terms, e.g. New York Mets 2010 OR 2011