History of major events affecting the topic of Google Hacking.
Created by tester29384 on Feb 17, 2012
Last updated: 08/01/12 at 02:45 PM
History of Google Hacking has no followers yet. Be the first one to follow.
For the past several years, the Bing Search API has made search data available for developers to innovate and build upon. Today we are announcing that the Bing Search API will transition to an offering made available on the Windows Azure Marketplace. The Windows Azure Marketplace is a one stop shop for cloud data, apps, and services, including the Microsoft Translator API. Through this platform, developers can access hundreds of data sets and APIs and distribute their applications through the marketplace.
With the transition, Bing Search API developers will have access to fresher results, improved relevancy, and more opportunities to monetize their usage of the Search API. To offer these services at scale, we plan to move to a monthly subscription model. Developers can expect subscription pricing to start at approximately $40 (USD) per month for up to 20,000 queries each month.
http://www.bing.com/community/site_blogs/b/developer/archive/2012/04/12/bing-dev-update.aspx
https://datamarket.azure.com/dataset/5BA839F1-12CE-4CCE-BF57-A49D98D29A44
http://datamarket.azure.com/dataset/5BA839F1-12CE-4CCE-BF57-A49D98D29A44
Picking up maintenance of the GHDB.
http://www.exploit-db.com/google-hacking-database-reborn/
Beginning of the end for McAfee SiteDigger v3.0 and other tools using the Google Ajax API.
http://googleajaxsearchapi.blogspot.com/2010/11/fall-housekeeping.html
Stach & Liu Unveils Google/Bing Diggity Hacking Alert RSS Feeds at Black Hat USA 2010.
Defensive strategies for protecting your organization from Google Hacking attacks traditionally have been limited, mostly falling back on the approach of “Google Hack yourself”. This approach has several shortcomings. While a few free tools exist that allow security staff to Google Hack their organization, they typically are inconvenient, only utilize one search engine, and provide only a snapshot in time your organization’s exposure.
Stach & Liu has created the first ever truly defensive tools to help protect your organization from having their vulnerabilities exposed via Google, Bing, and other popular search engines. These tools are comprised of two major types: Alert RSS Feeds and Alert RSS Monitoring Tools. Together, they form a type of intrusion detection system (IDS) for Google hacking.
http://www.stachliu.com/resources/tools/google-hacking-diggity-project/defense-tools/
IP address went from 75.126.102.193 to 10.4.223.196. Still available on PacketStorm.
http://www.goolag.org
http://toolbar.netcraft.com/site_report?url=http://www.goolag.org/
http://packetstormsecurity.org/UNIX/scanners/GoolagScanner-1.0.41.rar
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. This project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems.
http://www.stachliu.com/resources/tools/google-hacking-diggity-project/
SHODAN - Hacker Search Engine.
Indexed and makes searchable service banners for whole Internet for HTTP (Port 80), as well as some FTP (23), SSH (22) and Telnet (21) services.
http://www.shodanhq.com/
FoundStone SiteDigger v 3.0 released, using new Google Ajax API.
SiteDigger 3.0 searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.
http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
Binging - Footprinting and Discovery Tool
Binging is a simple tool to query Bing search engine. It will use your Bing API key and fetch multiple results. This particular tool can be used for cross domain footprinting for Web 2.0 applications, site discovery, reverse lookup, host enumeration etc. One can use various different directives like site, ip etc. and run queries against the engine. On top of it tool provides filtering capabilities so you can ask for unique URLs or hosts. It is also possible to filter results by applying power of regular expression. Get your Bing API key and use this tool for your audit, assessment and research.
http://www.darknet.org.uk/2009/11/binging-beta-footprinting-discovery-tool-google-hacking/
http://www.blueinfy.com/tools.html
All existing Google Hacking tools cease to function at this point.
When Google stopped issuing new Google SOAP API keys in 2006, it was the beginning of the end for all of the Google hacking tools available at the time. The Google SOAP API was interface that hacking tools used to make Google queries. These tools hobbled along with partial functionality until Sept 2009 when Google closed down the Google SOAP API entirely. Because of this, the art of Google hacking and technique/tool development was pretty much stagnant from 2006-2009.
http://googlecode.blogspot.com/2009/08/well-earned-retirement-for-soap-search.html
FOCA FREE 3.0.2 is a tool for carrying out processes and information gathering fingerprinting in web audit work. Free version makes finding servers, domains, URLs and documents published, as well as the discovery of versions of software on servers and clients. FOCA became famous for extracting metadata of public documents, but today is much more than that.
http://www.informatica64.com/DownloadFOCA/
Google Alerts adds RSS feed capability, giving you updated access to search results. This will pave the way for the future Diggity Hacking Alert feeds.
http://googleblog.blogspot.com/2008/10/feed-me-google-alerts-not-just-for.html
cDc (Cult of the Dead Cow) releases a GUI driven tool for Google Hacking called Goolag.
http://www.darknet.org.uk/2008/03/goolag-gui-tool-for-google-hacking/
Specifically disabled to prevent Google Hacking type techniques against Bing.
http://www.bing.com/community/blogs/search/archive/2007/03/28/we-are-flattered-but.aspx
When Google stopped issuing new Google SOAP API keys in 2006, it was the beginning of the end for all of the Google hacking tools available at the time. The Google SOAP API was interface that hacking tools used to make Google queries. These tools hobbled along with partial functionality until Sept 2009 when Google closed down the Google SOAP API entirely. Because of this, the art of Google hacking and technique/tool development was pretty much stagnant from 2006-2009.
http://googlecode.blogspot.com/2006/12/beyond-soap-search-api.html
HD Moore releases MWSearch, a tool that searches for malware executables via Google Binary Search. Using a database of digital fingerprints of known malware--called "signatures"--the Malware Search tool uses the popular search engine to find a number of known worms and viruses. It was developed by HD Moore, the researcher best known as the developer of the widely used Metasploit hacking tool.
http://www.pcworld.com/article/126450/new_tool_searches_google_for_malware.html
http://djtechnocrat.blogspot.com/2006/07/mwsearch-finding-malware-with-google.html
http://www.pcworld.com/article/126450/new_tool_searches_google_for_malware.html
MSNPawn - Footprinting, Profiling & Assessment with MSN Search.
MSNPawn has been designed and developed on the .Net framework and must be installed on the system. The following utilities have been bundled with MSNPawn:
MSNHostFP - Supply an IP Address or IP Address range to fetch all possible virtual hosts or application running on each IP addresses.
MSNDomainFP - Supply a domain name to fetch the top 50 child domains, considering the supplied domain name as parent.
MSNCrossDomainFP - Supply an application domain to fetch the top 50 domains pointing to this particular domain on the Internet.
MSNCrawler - Supply a domain or application name to fetch all possible links crawled by the search engine.
MSNFetch - Supply a domain and rules file. The tool will run each rule in the file against the domain specified and fetch the first five results of the resultant query. This can help in assessing an application.
Search.MSN - Provides place to run your search against MSN and gather all URLs.
MSNPawn White Paper:
http://net-square.com/msnpawn/MSNPawn_research_usage.pdf
http://net-square.com/msnpawn/index.shtml
Google Hacking v1 released by Johnny Long
http://www.amazon.com/Google-Hacking-Penetration-Testers-1/dp/1931836361
Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.
http://ghh.sourceforge.net/
SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.
http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
Google Hacking Database (GHDB) officially begins.
http://www.hackersforcharity.org/ghdb/
From Johnny's blog on Oct 5, 2004:
The googledorks databse has been renamed. The new title, the Google Hacking Database (GHDB) more accurately reflects the fact that this is more than just a hobby now. Thanks to the members of the Search Engine Hacking Forums (click here), the moderators that keep things running smoothly, and the overwhelming press around this topic, the database is literally the original and most comprehensive list of Google hacking queries on the planet.
The GHDB has done so well, that we're working harder than ever to integrate it into the leading tools out there. To that end, we've ported the GHDB to work with both Athena and SiteDigger. These ports will be available shortly.
Thanks for your continued support, and welcome aboard. We're glad you're here.
http://web.archive.org/web/20070707185932/http://johnny.ihackstuff.com/blog/my-blog-like-thing/google-hacking-database.html
Foundstone SiteDigger v1 released.
SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.
http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
Johnny Long begins to collect interesting Google searches and labels them googleDorks.
http://web.archive.org/web/20021208144443/http://johnny.ihackstuff.com/security/googleDorks.shtml
Update Sources