GHDB

published: May 21st, 2007

GHDB (a.k.a. Google Hacking Database) is HTML/JavaScript wrapper application that uses advance JavaScript techniques to scrape information from Johnny’s Google Hacking Database without the need for hosted server side scripts.

Why this application is interesting you may ask? We are not hosing any server side scripts on our side, and Johnny’s johnny.ihackstuff.com does not provide any JSON export of the database either, how the heck we still manage to fetch the data? Well, we are using a PIPE which is entirely based online. Online services are very Web2.0 so expect to see more of them very soon. For Web based malware, this means that they no longer need for server side support.

You can use this tool as a browser based replaced of the cDc’s (cult of the dead cow) Goolag tool.

Update Monday 29 September 2008

The project is now part of GNUCITIZEN’s Secapps application stack.

Launch Application: GHDB

» more | » comments rss | posted by pdp | syndication and integration ( )

Comments

Martin responds:

I think this example really highlights the dangers you have spent the last god-knows-how-many posts talking about - Same Origin Policy violations are so easy with JSON services developing before browsers have even had a chance to implement JSONRequest or similar. Not that that will necessarily fix anything - offsite script linking isn’t going to disappear - I guess we should all just agree - you are right and the way the web is heading this will only get worse.

Dain responds:

Most impressive, as is all of the work you’re doing. Javascript masters give me nightmares.

pdp responds:

The Dapper service is sometimes unreliable. However, it is still very good. There are bunch of other similar services but I prefer this one. So, if it is down, or it is not responding, give it a couple of minutes and try again.

f0rg3 responds:

Nice work man. I just bought the book you co-authored and I am enjoying it immensely. Most people should not be fooled by FUD. The dangers are there but mitigation is also there. Enlightenment is the key and gnucitizen is providing just that. Big up. Love your work.

pdp responds:

cool man, thanks

script kid responds:

Yay more tools to cause damage and do no good!
Without you I don’t know what I’d do! I hope this will plug into jikto, no?

Thanks PDP!

- Script Kiddie

pdp responds:

script kid, it will take some time for people like you to grasp the idea and see the real potentials behind the work we do in GNUCITIZEN. So, I am not worried at all. Moreover, I am far from thinking that I am the only one that has been toying with Mashups in the last couple of months.

Aodhhan responds:

The curse of Web Services. Having to expose your network to anothers in order to obtain the service. Not knowing their standards for security, and how well they maintain them. Right now, we restrict WS to very few enclaves. Even then, every packet route is restricted restricted in its routing from subnet to subnet.

Which is good current, yet it undermines the true vision of webservices. IN which you can find anything you need, anytime you want. Getting and sending information to profit both ends. A big headache.

Thanks for keeping it visible! We need all the help we can get.

Sergey Vzloman responds:

For this purposes can be used Google - CodeSearch. Malware can search inside code lines like

include($_GET"

More info: http://www.neworder.box.sk/new.....wsid=15697

gpaharenko responds:

Hi!

Perhaps it could be interesting for funs of ghdb. I’ve made a sample page which scans automaticall all 1500 entires from ghdb against set of sites, details here:
http://gpaharenko.livejournal.com/2869.html

Neo Anderson responds:

Hey i am able to produce some key combination for brute force but how can i send it to a running application password area to break the password

Varun responds:

http://www.gnucitizen.org/ghdb/ is broken :-(

pdp responds:

it will be back online soon. we are still moving infrastructures. i will post an update when we are done. thanks.

Michael responds:

Hello,

how can i contribute additional dorks for ghdb ?

Greetings from germany,
Michael

pdp responds:

Hi Michael,

We are planning to open our GHDB app to the public soon. I will try to speedup the project since the official GHDB database seams to be down right now. Perhaps you can help with the design of the backend?

Respond

In order to preserve the high standards of GNUCITIZEN, before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to GNUCITIZEN.

name: (required)

mail: (required)

website:

comment:

GNUCITIZEN Products

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.