Google Code Search for Fun & Profit

While toying around with Google code search to look for HTTP Response Splitting vulnerabilities, i discovered that code search is a treasure trove of vulnerabilities. For instance, simply try searching for “vulnerability”.

Looks like I’m about 2 years behind on this:

Chris Shiflett: http://shiflett.org/blog/2006/oct/google-code-search-for-security-vulnerabilities
Jose Nazario: http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats
Dug Song: http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/
Cipher dot org dot uk: http://www.cipher.org.uk/bugle.php (Google Hacking with Code Search)

UPDATE (09/01/2008):

Regular expression search rocks. Why can’t you do this with regular search?

About these ads

Written by jcran

September 1, 2008 at 4:37 AM

Posted in vulnerability

Tagged with codesearch, google, responsesplitting, vulnerability

One Response

Subscribe to comments with RSS.

[...] google, privacy, search, web2.0 In the same vein as the earlier post on searching for vulnerabilities with Google Code Search, I realized tonight that you can search [...]

Google Calendar Search for Fun & Profit « 0×0e | a pentester’s view

September 2, 2008 at 4:24 AM

Reply

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

0x0e.org | pentesting perspective