Google Penetration Testing Hack Database v 1.0
Google Penetration Testing Hack Database v 1.0
Database of Google Hacks and a tool for manipulating it.
Database is separated to files by categories. You could use DB alone, or
use the tool to analyse your own site by adding site search option
to all queries.
This tool will take source file (file with a list of queries) and generate
website-specific queries (-s option) by adding site:sitename.com to each
query.
run as
./googleDB-tool.py <source file> <options>
<source file> queries source file from GoogleDB (files in db directory)
Options are:
-o output.txt save output to file
-s sitename.com generate queries for this site only
Example:
./googleDB-tool.py "login_pages.txt" -o file.html -s site.com
will generate list of queries for finding login pages
on site.com and save report to "file.html"
History:
# ## 1.0 initial release
Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. With Google Hack Database tool you can find out if your website has indexed vulnerabilities in Google.
This can lead to sensitive information disclosure. This way you can find out what Google knows about you. 7974 entries, including 4203 for SQL Injection!
So be sure to scan your public facing web applications frequently and eliminate all vulnerabilities!
Features of the Google Hack DB tool:
- Find information disclosure.
- Find sensitive files.
- Find sensitive directories.
- Find vulnerable software.
- Find personal information.
These tool is really fast and will help to eliminate most of the known vulnerabilities that web application developers tend to do easily , simply and most important fast and accurate.
Download Google Penetration Testing Hack Database Tool v1.0 (google-hack-db-tool-1.0.zip) here
Re: Google Penetration Testing Hack Database v 1.0
Very cool - Thanks
In the help output it gives a -q option which is not included in the python script.
- Usage: googleDB-tool.py <sourcefile> [-s site] [-q] [-t] [-f outfile]
(i assume its meant to be "quiet"?)
Is there a way to only parse positive results?
The -t is also not included - just curious what these would do.
Re: Google Penetration Testing Hack Database v 1.0
Thanks! Very interesting!
Re: Google Penetration Testing Hack Database v 1.0
Could you give me a hint how to interpret the results?
I get a giant list of addresses that don't really mean much to me .. I used the SQL source on a local site
