GHDB

Mon, 21 May 2007 13:24:45 GMT

Ggoogle Dark

GHDB (a.k.a. Google Hacking Database) is HTML/JavaScript wrapper application that uses advance JavaScript techniques to scrape information from Johnny's Google Hacking Database without the need for hosted server side scripts.

Why this application is interesting you may ask? We are not hosing any server side scripts on our side, and Johnny's johnny.ihackstuff.com does not provide any JSON export of the database either, how the heck we still manage to fetch the data? Well, we are using a PIPE which is entirely online based. Online services are very Web2.0 so expect to see more of them very soon. For Web based malware perspective, this means that they no longer need server side support.

You can use this tool as a browser based replacement of the cDc's (cult of the dead cow) Goolag tool.

The project is now part of GNUCITIZEN's Secapps application stack.

MartinMartin
I think this example really highlights the dangers you have spent the last god-knows-how-many posts talking about - Same Origin Policy violations are so easy with JSON services developing before browsers have even had a chance to implement JSONRequest or similar. Not that that will necessarily fix anything - offsite script linking isn't going to disappear - I guess we should all just agree - you are right and the way the web is heading this will only get worse.
DainDain
Most impressive, as is all of the work you're doing. Javascript masters give me nightmares.
pdppdp
The Dapper service is sometimes unreliable. However, it is still very good. There are a bunch of other similar services but I prefer Dapper as it is easier to use. So, if the app is down, or it is not responding, give it a couple of minutes and try again.
f0rg3f0rg3
Nice work man. I just bought the book you co-authored and I am enjoying it immensely. Most people should not be fooled by FUD. The dangers are there but mitigation is also there. Enlightenment is the key and gnucitizen is providing just that. Big up. Love your work.
pdppdp
cool man, thanks
AodhhanAodhhan
The curse of Web Services. Having to expose your network to anothers in order to obtain the service. Not knowing their standards for security, and how well they maintain them. Right now, we restrict WS to very few enclaves. Even then, every packet route is restricted restricted in its routing from subnet to subnet. Which is good current, yet it undermines the true vision of webservices. IN which you can find anything you need, anytime you want. Getting and sending information to profit both ends. A big headache. Thanks for keeping it visible! We need all the help we can get.
Sergey VzlomanSergey Vzloman
For this purposes can be used Google - CodeSearch. Malware can search inside code lines like
include($_GET"
More info: http://www.neworder.box.sk/newsread.php?newsid=15697
gpaharenkogpaharenko
Hi! Perhaps it could be interesting for funs of ghdb. I've made a sample page which scans automaticall all 1500 entires from ghdb against set of sites, details here: http://gpaharenko.livejournal.com/2869.html
Neo AndersonNeo Anderson
Hey i am able to produce some key combination for brute force but how can i send it to a running application password area to break the password
VarunVarun
http://www.gnucitizen.org/ghdb/ is broken :-(
pdppdp
it will be back online soon. we are still moving infrastructures. i will post an update when we are done. thanks.
MichaelMichael
Hello, how can i contribute additional dorks for ghdb ? Greetings from germany, Michael
pdppdp
Hi Michael, We are planning to open our GHDB app to the public soon. I will try to speedup the project since the official GHDB database seams to be down right now. Perhaps you can help with the design of the backend?
Aung KhantAung Khant
The link is now broken.
pdppdp
should be alright now!
wizwiz
links is down again
360degreestech360degreestech
The link is broken could u update it pls