Here are the slides and links I am using for the “Database Security Using White-Hat Google Hacking” at the 2008 MySQL Users Conference and Expo.
pdf slides
Where to Start:
http://johnny.ihackstuff.com/ghdb.php
i-hacked.com/content/view/23/42
for the impatient
Google’s Terms of Service
Google Operators
More Googlehacks to run:
Page 35 of http://www.sdissa.org/downloads/San%20Diego%20ISSA%20Google%20Hacking%20and%20Beyond%20May%202006-rhd.pdf
http://pauldotcom.com/wiki/index.php/Episode81#Tech_Segment:_Google_Queries_To_Run_Against_Your_Own_Domain
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/
Goolag
Google Hacks sofware
Google Hacks Honey Pot
www.robotstxt.org
Wikto
Nikto
# sqlmap, absinthe, bsqlbf 1.1, SQLBrute, sqlget, SQLiX, SQL Power Injector, Priamos: schema mappers/data grabbers using automated [some blind] SQL injection
# pixy: detection of SQL injection and XSS vulnerabilities in PHP source code
# Wapiti, w3af: Black-box testing for web applications
# SPIKE Proxy (http and https), Wfuzz, Sandcat, XSS Shell, Odysseus: for white-hat hacking
# FG-Injector Framework, BobCat, JBroFuzz: find SQL injection vulnerabilities
-->
