The Extreme, Web-based Google Hacking Tool

I am happy to inform you that I’ve been doing some work on our Google Hacking Database Tool lately. The tool is now pretty stable and it has a better looking, and a lot more intuitive interface. You can enjoy the tool right now from here, as it is entirely web-based.

The GNUCITIZEN’s GHDB project was started back in May 2007. The initial version wasn’t that nice and it sulfured from numerous bugs. The current version is kind of stable but works on Mozilla-based browsers mainly. Somehow Opera and IE does not like some of the jQuery plugins I make use of. That will change with time as web technologies hopefully will become more stable and standard compliant. If you feel like you can resolve some of these issues and help us build the next generation of Google Hacking Tools, please let us know as we are very interested to collaborate on this project. Of course, credits will go where due. The biggest credit receives Johnny and his Google Hacking crew for putting the database together.

Btw, the tool dynamically fetches the Google Hacking Database at run-time from its original source. Therefore the tool is always up-to-date. If you want to learn about how to become a Master Google Hacker, you might be interested in checking the following book: Google Hacking for Penetration Testers Second Edition.

Update Monday 29 September 2008

The project is now part of GNUCITIZEN’s Secapps application stack.

Comments

Baphomet responds:

The following application can be used for experimental purposes only. GNUCITIZEN disclaims any responsibility for your own actions. The tool currently works on Firefox2 and Firefox3 – the best browser in the entire world. Switch to firefox now!

Hu? Opera > FF. C’mon, don’t force us to use the fox :p

pdp responds:

don’t know, FF seams to work all the time :)

Marchiner responds:

Seens to be working fine…

Did u click in the big logo “GHDB” in this screen?

and if asked to you about: “keep script runing?”
-You need “autorize” the script!

por4e2 responds:

Нещо не зарежда, на ФФ даже сайдбара не зарежда :)

pdp responds:

patience is a virtue, unfortunately, because the database is pulled at runtime via a JSON feed, there is no way I can find out how much has been downloaded and as such show some kind of progress bar. You have to wait. The next version will include a fallback mechanism which will try to pull the remote JSON feed but if that fails in 30 seconds, it will switch to a local one which will be loaded with a progress bar. Also the next version will include full scan options and wizards.

pdp responds:

btw, the tools works flawlessly on Safari.

buherator responds:

Prism doesn’t like it, but nice job, way better than that Goolag “I need .NET to fetch a website and don’t know what XML is” Scanner

Adrian Pastor responds:

This is way cool pdp! I think lots of people would prefer a web-based tool as opposed to a desktop-installable app.

C4 responds:

I agree very cool and usefull app. I was playing with it some yesterday, does the search only display the fist 10 results with no option to scroll to the next page or do you have to search it through google to be able to see multiple pages?

Awesome AnDrEw responds:

This is an excellent tool, pdp. Does Google still limit the number of queries per day to 1,000 for this application (not that I ever make that type of query volume)?

pdp responds:

the tool is based entirely on Google’s AJAX api. There is no point of parsing the entire query result set as eventually you have to present it to some form to the user. Instead of wasting time on it, I am using much clever apprach. Just outsource the task to google, which are doing that thing anyway.

dave responds:

On launch: Not Content Found. We were not able to process your request!

pdp responds:

Hi dave,

we are still in the process of moving our infrastructure. The applcation is most likely to end up on ghdb.gnucitizen.org but we will see.

GNUCITIZEN Products

Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.

Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.

Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.

Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.

Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

Visit the GNUCITIZEN Network for a complete listing of all GNUCITIZEN initiatives, products and partnering organizations.

GNUCITIZEN

Navigation