STACH & LIU

With the retirement of Google’s AJAX Search API on November 1, 2010, most of the security utilities available for Google Hacking cease to function properly, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new utility designed to help fill that need, now leveraging the Google JSON/ATOM Custom Search API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization.

Leverages the new Bing 2.0 API and Stach & Liu’s newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies.

Automates Google searching/downloading/decompiling/analysis of SWF files to identify Flash vulnerabilities and information disclosures.

FlashDiggity first leverages the GoogleDiggity tool in order to identify Adobe Flash SWF applications for target domains via Google searches, such as ext:swf. Next, the tool is used to download all of the SWF files in bulk for analysis. The SWF files are disassembled back to their original ActionScript source code, and then analyzed for code-based vulnerabilities.

Data loss prevention tool that leverages Google/Bing to identify exposures of sensitive information (e.g. SSNs, credit card numbers, etc.) via common document formats such as .doc, .xls, and .pdf.

DLPDiggity utilizes IFilters to search through the actual contents of files, as opposed to just the meta-data. Using .NET regular expressions, DLPDiggity can find almost any type of sensitive data within common document file formats.

Leverages the Bing 2.0 API and the Google Safe Browsing API together to provide an answer to a simple question, “Am I being used as a platform to distribute malware to people who visit my website?”

MalwareDiggity first identifies off-site links of your web sites using Bing’s linkfromdomain: search directive, and then tests to see if those off-site links are to known malware distribution sites by running them against Google’s Safe Browsing API.

Utilizes Google Code Search to identifies vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, Github, and more. The tool comes with over 130 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, and much more.

Essentially, Google CodeSearchDiggity provides a source code security analysis of nearly every single open source code project in existence – simultaneously.

NOTE – The Code Search API has been retired by Google as of January 15, 2012. However, the risks associated with information disclosures and vulnerabilities exposed in open-source code remains. As such, we are currently working on an alternative search API to migrate CodeSearchDiggity to in order to identify vulnerabilities in open-source code projects.

Attack footprinting tool that leverages Bing’s linkfromdomain: search directive to find off-site links. From those results the tool then enumerates lists of applications, hostnames, domains, and sub-domains related to your attack target.

With the retirement of Google’s SOAP Search API on September 7, 2009, most of the security utilities available for Google Hacking cease to function, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new MS Windows command line utility designed to help fill that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization.

NOTE – The cmdline version of GoogleDiggity still utilizes the old Google AJAX API, which is being retired. We will soon migrate the tool to the new Google JSON/ATOM Custom Search API. The GUI version of GoogleDiggity found within the SearchDiggity application has already been migrated over to the new API.

BingDiggity is a new command line utility that leverages the new Bing 2.0 API and Stach & Liu’s newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies.

First ever Baidu hacking tool, which targets vulnerabilities disclosed by China’s dominant search engine.

COMING SOON – BaiduDiggity v 0.1 will be available for download shortly.

In the past, MSN/Bing hacking utilities were limited purely to footprinting techniques, as Microsoft took steps to prevent traditional Google Hacking techniques via Bing back in 2007. The Bing Hacking Database (BHDB) was created by Stach & Liu so that the Bing search engine could actually be used to discover vulnerabilities within target applications and infrastructure. It provides over 1300 Bing searches that return vulnerability data.

New GoogleDiggity input dictionary file containing 121 queries that allow users to uncover SharePoint specific vulnerabilities exposed via the Google search engine. This dictionary helps assessors locate exposures of common SharePoint administrative pages, web services, and site galleries that an organization typically would not want to be made available to the public, let alone indexed by Google.

The dictionary text file can be used directly as input to the –f option of the GoogleDiggity.exe command line tool. Also, it can be imported for use within the SearchDiggity GUI tool from the menu: “File”->”Import Query Definition”.

Information Coming Soon

The good folks over at Exploit-DB.com were kind enough to pick up where Johnny Long left off and resurrect the GHDB. They now maintain an updated version of the GHDB in a project labeled Google Hacking Database Reborn.

In that same spirit, we at the Diggity project were kind enough to translate their efforts into GoogleDiggity compatible input text files. These dorks are included with the standard SearchDiggity dictionary set, and can also be downloaded below.

Previously, the Google Diggity hacking tools provided an extra bonus feature of allowing you to specify a Google Custom Search Engine (CSE) id to have search queries performed against a custom Google engine of your creation.

With the retirement of the Google AJAX API announced on November 1, 2010, we’ve since migrated our Google Diggity tools to the new Google JSON/ATOM Custom Search API. With this new API, utilizing Google Custom Search Engines is now a requirement, and not just a bonus add-on feature.

This document provides a quick overview of how you can create a Google CSE of your own that simulates getting the normal full results of Google (i.e. search results across the whole Internet). We accomplish this by creating a Google CSE that returns results for all top level domains (TLDs) – examples: .com, .org. .gov, .edu, …