A long time ago in a galaxy far away, Google hacking was easy enough. Google hacking queries such as the following :
GET /ajax/services/search/web?v=1.0&rsz=large&start=0&q=site%3aWWW.SUPERCONFIGURE.COM+%22powered+by+my+little+forum%22 HTTP/1.1
Referer: superconfigure.com
Host: ajax.googleapis.com
Proxy-Connection: Keep-Alive
would produce a usable json response:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Fri, 11 Jan 2013 14:41:45 GMT
Content-Type: text/javascript; charset=utf-8
X-Embedded-Status: 200
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 325
{"responseData": {"results":[],"cursor":{"moreResultsUrl":"http://www.google.com/search?oe\u003dutf8\u0026ie\u003dutf8\u0026source\u003duds\u0026start\u003d0\u0026hl\u003den\u0026q\u003dsite:SOME.SITE.COM+%22powered+by+my+little+forum%22","searchResultTime":"0.24"}}, "responseDetails": null, "responseStatus": 200}
Unfortunately, Google restricts this such that doing so will block your IP after several requests are performed, in my case this took all of a few seconds and one ~hundred’ish queries, now Google responds with the following:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Fri, 11 Jan 2013 14:46:26 GMT
Content-Type: text/javascript; charset=utf-8
X-Embedded-Status: 403
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 133
{"responseData": null, "responseDetails": "Quota Exceeded. Please see http://code.google.com/apis/websearch", "responseStatus": 403}
Using tools such as FoundStone’s SiteDigger (An old tool [http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx], company was bought by McAfee and many of their tools although still online, are outdated) fall under these limitations, use it for more than a few queries, and you’ll simply block your IP…
Enter SearchDiggity. http://www.stachliu.com/resources/tools/google-hacking-diggity-project/
Not only will this work for Google Hacking without blocking you, but it supports a number of additional search engines, including the great Shodan. In short,
“With the retirement of Google’s AJAX Search API on November 1, 2010, most of the security utilities available for Google Hacking cease to function properly, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new utility designed to help fill that need, now leveraging the Google JSON/ATOM Custom Search API, so it will not get you blocked by Google bot detection while scanning.”
The list of Google queries can be seen here: http://www.stachliu.com/dictionaries/Google%20Queries.txt
The list of Bing queries can be seen here: http://www.stachliu.com/dictionaries/Bing%20Queries.txt
Here’s what its query now looks like:
GET /search?q=%22powered+by+php+photo+album%22+%7c+instreamset%3aurl%3a%22main.php%3fcmd%3dalbum%22+-demo2+-pitanje+site%3asuperconfigure.com&first=151 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko Firefox/11.0
Referer: http://www.bing.com/search?q="powered+by+php+photo+album"+|+instreamset:url:"main.php?cmd=album"+-demo2+-pitanje+site:superconfigure.com&first=101
Host: www.bing.com
Cookie: SRCHHPGUSR=NEWWND=0&NRSLT=50&SRCHLANG=&AS=1; MUIDB=0DC3B069C2FB66870E23B43BC3EA6659; SRCHUID=V=2&GUID=42ED8475E3CB4C4AA841641C311C698B; _FS=NU=1; _SS=SID=14A24A7BD3D4449FA207C9F11B1C7D8C; MUID=0DC3B069C2FB66870E23B43BC3EA6659; OrigMUID=0DC3B069C2FB66870E23B43BC3EA6659%2c0666d89df2244490bbbf8d4c3d2b0958; SRCHD=MS=2646195&D=2646192&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20130111; _FS=NU=1; _SS=SID=14A24A7BD3D4449FA207C9F11B1C7D8C; MUID=0DC3B069C2FB66870E23B43BC3EA6659; OrigMUID=0DC3B069C2FB66870E23B43BC3EA6659%2c0666d89df2244490bbbf8d4c3d2b0958; SRCHD=MS=2646195&D=2646192&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20130111
Montreal blog on Internet Security & Software 