GNUCITIZEN

GHDB

published: May 21st, 2007

GHDB (a.k.a. Google Hacking Database) is HTML/JavaScript wrapper application that uses advance JavaScript techniques to scrape information from Johnny’s Google Hacking Database without the need for hosted server side scripts.

Why this application is interesting you may ask? We are not hosing any server side scripts on our side, and Johnny’s johnny.ihackstuff.com does not provide any JSON export of the database either, how the heck we still manage to fetch the data? Well, we are using a PIPE which is entirely online based. Online services are very Web2.0 so expect to see more of them very soon. For Web based malware perspective, this means that they no longer need server side support.

You can use this tool as a browser based replacement of the cDc’s (cult of the dead cow) Goolag tool.

The project is now part of GNUCITIZEN’s Secapps application stack.

Launch: GHDB

more | comments | comments rss | posted by pdp

Martin says:

May 21, 2007 at 3:34 pm

I think this example really highlights the dangers you have spent the last god-knows-how-many posts talking about – Same Origin Policy violations are so easy with JSON services developing before browsers have even had a chance to implement JSONRequest or similar. Not that that will necessarily fix anything – offsite script linking isn’t going to disappear – I guess we should all just agree – you are right and the way the web is heading this will only get worse.

Dain says:

May 21, 2007 at 5:34 pm

Most impressive, as is all of the work you’re doing. Javascript masters give me nightmares.

pdp says:

May 21, 2007 at 5:35 pm

The Dapper service is sometimes unreliable. However, it is still very good. There are a bunch of other similar services but I prefer Dapper as it is easier to use. So, if the app is down, or it is not responding, give it a couple of minutes and try again.

f0rg3 says:

May 22, 2007 at 1:21 am

Nice work man. I just bought the book you co-authored and I am enjoying it immensely. Most people should not be fooled by FUD. The dangers are there but mitigation is also there. Enlightenment is the key and gnucitizen is providing just that. Big up. Love your work.

pdp says:

May 22, 2007 at 2:49 pm

cool man, thanks

Aodhhan says:

May 25, 2007 at 2:11 pm

The curse of Web Services. Having to expose your network to anothers in order to obtain the service. Not knowing their standards for security, and how well they maintain them. Right now, we restrict WS to very few enclaves. Even then, every packet route is restricted restricted in its routing from subnet to subnet.

Which is good current, yet it undermines the true vision of webservices. IN which you can find anything you need, anytime you want. Getting and sending information to profit both ends. A big headache.

Thanks for keeping it visible! We need all the help we can get.

Sergey Vzloman says:

May 29, 2007 at 2:26 pm

For this purposes can be used Google – CodeSearch. Malware can search inside code lines like

include($_GET"

More info: http://www.neworder.box.sk/new.....wsid=15697

gpaharenko says:

December 14, 2007 at 11:34 am

Hi!

Perhaps it could be interesting for funs of ghdb. I’ve made a sample page which scans automaticall all 1500 entires from ghdb against set of sites, details here:
http://gpaharenko.livejournal.com/2869.html

Neo Anderson says:

May 24, 2008 at 1:11 am

Hey i am able to produce some key combination for brute force but how can i send it to a running application password area to break the password

Varun says:

September 12, 2008 at 5:34 am

http://www.gnucitizen.org/ghdb/ is broken :-(

pdp says:

September 13, 2008 at 7:31 am

it will be back online soon. we are still moving infrastructures. i will post an update when we are done. thanks.

Michael says:

January 1, 2009 at 11:12 pm

Hello,

how can i contribute additional dorks for ghdb ?

Greetings from germany,
Michael

pdp says:

January 2, 2009 at 2:26 am

Hi Michael,

We are planning to open our GHDB app to the public soon. I will try to speedup the project since the official GHDB database seams to be down right now. Perhaps you can help with the design of the backend?