SearchDiggity 3.0 is the primary attack tool of the Google Hacking Diggity Project. It is Stach & Liu’s MS Windows GUI application that serves as a front-end to the most recent versions of our Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity, CodeSearchDiggity, DLPDiggity, FlashDiggity, MalwareDiggity, PortScanDiggity, SHODANDiggity, BingBinaryMalwareSearch, and NotInMyBackYard Diggity. It includes:
FlashDiggity first leverages the GoogleDiggity tool in order to identify Adobe Flash SWF applications for target domains via Google searches, such as ext:swf. Next, the tool is used to download all of the SWF files in bulk for analysis. The SWF files are disassembled back to their original ActionScript source code, and then analyzed for code-based vulnerabilities.
DLPDiggity utilizes IFilters to search through the actual contents of files, as opposed to just the meta-data. Using .NET regular expressions, DLPDiggity can find almost any type of sensitive data within common document file formats.
MalwareDiggity first identifies off-site links of your web sites using Bing’s linkfromdomain: search directive, and then tests to see if those off-site links are to known malware distribution sites by running them against Google’s Safe Browsing API.
Essentially, Google CodeSearchDiggity provides a source code security analysis of nearly every single open source code project in existence – simultaneously.
NOTE – The Code Search API has been retired by Google as of January 15, 2012. However, the risks associated with information disclosures and vulnerabilities exposed in open-source code remains. As such, we are currently working on an alternative search API to migrate CodeSearchDiggity to in order to identify vulnerabilities in open-source code projects.
You can provide domains, hostnames, and even IP address ranges to scan in order to identify open ports ranging across all 65,535 TCP ports. An additional benefit is that this port scanning is completely passive – no need to directly communicate with target networks since Google has already performed the scanning for you.
NotInMyBackYard leverages both Google and Bing, and comes with pre-built queries that make it easy for users to find sensitive data leaks related to their organizations that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for organizations that have sensitive data leaks on domains they don’t control or operate.
SHODAN is a search engine that lets you find specific types of computers (routers, servers, etc.) using a variety of filters. Some have also described it as a search engine of service banners. Shodan collects data mostly on web servers at the moment (port 80), but there is also some data from FTP (23), SSH (22) and Telnet (21) services.
Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in finding computers running a certain piece of software (such as Apache)? Or you want to see how many anonymous FTP servers there are? Maybe a new vulnerability came out and you want to see how many hosts it could infect? Traditional web search engines don’t let you answer those questions.
Bing indexes executable filetypes, allowing us to find malware via Bing. This similiar to the now retired Google method previously used by HD Moore for similar purposes in his tool MWSearch.
SearchDiggity_v3.03.msi – MSI installation file NEW – Minor updates 10Apr2013.
SearchDiggity_v2.5.1.msi – MSI installation file.
SearchDiggity v2.5 – Standalone.zip – ZIP Standalone file.
Requires: Microsoft .NET Framework v4
Windows CMD Line Apps
NOTE – The cmdline version of GoogleDiggity still utilizes the old Google AJAX API, which is being retired. We will soon migrate the tool to the new Google JSON/ATOM Custom Search API. The GUI version of GoogleDiggity found within the SearchDiggity application has already been migrated over to the new API.
GoogleDiggity Cmdline.zip – ZIP Standalone file.
BingDiggity 1.0.zip – ZIP Standalone file.
COMING SOON – BaiduDiggity v 0.1 will be available for download shortly.
Bing Hacking Database (BHDB) – BHDB Dictionary File
The dictionary text file can be used directly as input to the –f option of the GoogleDiggity.exe command line tool. Also, it can be imported for use within the SearchDiggity GUI tool from the menu: “File”->”Import Query Definition”.
In that same spirit, we at the Diggity project were kind enough to translate their efforts into GoogleDiggity compatible input text files. These dorks are included with the standard SearchDiggity dictionary set, and can also be downloaded below.
Hacking Custom Search Engines (CSEs) – Configurations
With the retirement of the Google AJAX API announced on November 1, 2010, we’ve since migrated our Google Diggity tools to the new Google JSON/ATOM Custom Search API. With this new API, utilizing Google Custom Search Engines is now a requirement, and not just a bonus add-on feature.
This document provides a quick overview of how you can create a Google CSE of your own that simulates getting the normal full results of Google (i.e. search results across the whole Internet). We accomplish this by creating a Google CSE that returns results for all top level domains (TLDs) – examples: .com, .org. .gov, .edu, …
Hacking CSEs – Creating Google Custom Search Engines.zip – how-to and configuration file.
UPDATED – 05JAN2012 – Updated with additional configuration changes to have the custom search engine “Search the entire web…”. This is especially important for the new IP address range input feature of GoogleDiggity.