HexEsec | a pentester's view » codesearch

HexEsec | a pentester's view » codesearch http://hexesec.wordpress.com sudo apt-get install ... security? Wed, 16 Dec 2009 23:34:30 +0000 http://wordpress.com/ en hourly 1 http://www.gravatar.com/blavatar/92201dabe8b4987549fde15513466bfb?s=96&d=http://s.wordpress.com/i/buttonw-com.png HexEsec | a pentester's view » codesearch http://hexesec.wordpress.com Google Code Search for Fun & Profit http://hexesec.wordpress.com/2008/09/01/google-code-search-for-fun-and-profit/ http://hexesec.wordpress.com/2008/09/01/google-code-search-for-fun-and-profit/#comments Mon, 01 Sep 2008 04:37:30 +0000 jcran http://hexesec.wordpress.com/?p=33 ]]>

While toying around with Google code search to look for HTTP Response Splitting vulnerabilities, i discovered that code search is a treasure trove of vulnerabilities. For instance, simply try searching for “vulnerability”.

Looks like I’m about 2 years behind on this:

Chris Shiflett: http://shiflett.org/blog/2006/oct/google-code-search-for-security-vulnerabilities
Jose Nazario: http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats
Dug Song: http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/
Cipher dot org dot uk: http://www.cipher.org.uk/bugle.php (Google Hacking with Code Search)

UPDATE (09/01/2008):

Regular expression search rocks. Why can’t you do this with regular search?

]]> http://hexesec.wordpress.com/2008/09/01/google-code-search-for-fun-and-profit/feed/ 1 jcran