gs = GoogleSplogger.GoogleSplogger('username', 'password')
feed = feedparser.parse(' # we are going to import
this feed into our blog
for e in feed.entries:
gs.post('my blog name', e.title, e.content[0].value, 'author')
Figure 10.18 - Import Blog Entries
This script, entered as shown in Figure 10.18, will import all feed entries from
GNUCITIZEN’s blog into your blog, effectively creating a spam blog as shown in Figure
10.19.
Hacking Google Services • Chapter 10 401
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 401
Figure 10.19 The new Splog
Notice how quickly we created a new blog with content.
There are completely different set of strategies that can be undertaken to make the splog
achieve its purposes however due to the size of this topic we can’t really cover all of them in
this book. It is important to understand the security and ethical implications that are related
to splogging. Again, remember that spamming Google or any other service is totally prohib-
ited by the terms of service.You can potentially damage your account and all data that it
holds.
Signaling Alerts
Very often we need to track changes in Google’s result set. For example, let’s say that we
want to monitor a certain site for vulnerabilities. How can we do that? We can simply run
scanners every once in a while but this is a noisy exercise and will definitely take loads of
time. Instead, being dedicated Google hackers, we can use Google itself and use a few pow-
erful Google dorks to locate the things that we are interested in without the need for auto-
mated scanning software.Then we can setup a cron task to monitor the results returned by
Google and when a change is detected email us the result.
Then again, we could simply use Google Alerts as shown in see Figure 10.20.
402 Chapter 10 • Hacking Google Services
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 402
Figure 10.20 Google Alerts

Google Alerts is a powerful system that detects when a query’s result set changes.The
system can be modified to send updates once a day, once a week, or as they happen. Keep in
mind that only the first 10 entries (the first page) are taken into consideration. Nevertheless,
the Alert system does a good job when optimized.
This is a great tool, but it can be used for more interesting purposes. Let’s say that we
know that a target is using MsSQL as database backend. We could use Google alerts to poll
the target, searching for error messages as they pop up.That search might look something
like this:
"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" -forum -thread -
showthread site:example.com
For the type of alert select We b, usually default option. Select the frequency of the alert,
and your email address and click Create Alert.
Notice that the query that we use for this alert is domain restricted
(site:example.com). Also pay attention to the actual Google dork. Obviously we look for
messages that look like being generated failures in the SQL queries sent to backend.These
types of messages are sign for SQL Injection vulnerable resources.
A malicious user can use this service to alert whenever a vulnerability or interesting
message appears on a target site.This is very low-profile, and does not alert the target; the
Hacking Google Services • Chapter 10 403
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 403
transaction happens between the user and Google. An attacker could even enter alerts for
every entry in the Google Hacking Database. Although this would be overkill, some of the
entries in the database reveal extremely sensitive information, which could be harvested with
very little further effort.
Google Co-op
Google Co-op (www.google.com/coop) is a powerful service that allows you to create pow-
erful custom search engines.You do not need to be registered Google user in order to use
the service but if you want to create an engine, it is required. In the following section, we’ll
guide you through some of the most interesting features of this service and we’ll show you
how to create your own search engines.

Let’s start with the simplest of search engines. Browse the Google Go-op page and click
Create a Custom Search Engine, or simply browse to www.google.com/coop/cse. From
the Custom Engine configuration page (Figure 10.21), we need define the characteristics we
need.
Figure 10.21 Google Custom Search Engine Creation page
404 Chapter 10 • Hacking Google Services
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 404
First enter a search engine name. We’ll call ours the “Google Hacking Database Search”.
Enter a description and some basic search keywords, both of which are optional.The key-
words are primary used by Google to find the most relevant results.This means that our
query will be mingled with these keywords. For now, we’ll leave this alone. Moving forward,
to the field titled What do you want to search, we will define the scope of the search queries.
For this example, we are going to use the default option entitled Only sites that I select.
Now, the interesting part- we need to supply the URLs Google will look into when
performing the queries. Since our search engine will do stuff around the Google Hacking
Database located at we’ll simply drop that URL
into this field. We’ll customize this entry option further with the use of wildcards, in order
to search URLs that match a specific syntax. Here are a few examples taken from Cop-op’s
documentation:
www.mysite.com/mypage.html - look for information within mypage.html part of the
www.mysite.com domain
www.mysite.com/* - look for information within the entire context of www.mysite.com
www.mysite.com/*about* - look for information within URLs from www.mysite.com that
has the about keyword
*.mydomain.com - look for information within sub-domains of mysite.com.
For our example, the main page is located at />in order to make Co-op go a couple of levels down from that location, we must change the
site URL to (note the star at the end).This is
because the URL for an individual database entry contains parameters tacked onto the data
after the name of the ghdb.php script the following format:
/>The rest of the options from the Go-op Custom engine creation page are irrelevant at

this point. Agree to Google’s terms of service and click on the next button.You must see
something similar to Figure 10.22.
Hacking Google Services • Chapter 10 405
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 405
Figure 10.22 2nd Stage of Google’s Custom Engine Creation Process
No we’ll test how the search engine works.Type a few queries like “index” or “secret”,
and you’ll see some sample results. If everything works as expected, click finish, and the
custom search engine will be displayed as shown in Figure 10.234.
Figure 10.23 GHDB Custom Search Engine
406 Chapter 10 • Hacking Google Services
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 406
The purpose of our search engine is find interesting queries within Johnny Long’s excel-
lent Google dorks collection which does not (at the time of this writing) support searching.
For example, a query for passwd will return results similar to those in Figure 10.24.
Figure 10.24 Search Results
It’s simple to create other customized search engines as well. For example, we could
search Phenoelit’s database of default passwords found at www.phenoelit-
us.org/dpl/dpl.html. It normally takes ages to load the file and most browsers cannot
handle its enormous size. Let’s create a custom search engine to search this excellent page.
Following the same process as before, we will use a site restriction of www.phenoelit-
us.org/dpl/dpl.htmlinstead of Bake the engine and
give it a try. Figure 10.25 shows the result of query for cisco.
Hacking Google Services • Chapter 10 407
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 407
Figure 10.25 Default Password List Search Engine
Notice that the resulting page contains all the details that we need, including the default
username and password. We can improve this engine by adding more default password lists.
Notes from the Underground…
Google’s Custom Search Engine
The GNUCITIZEN group has discovered that Google’s

Custom Search Engine platform can be used for many other useful things such as fin-
gerprinting and enumerating hidden web servers. It is well known fact that not all
Web resources are exposed to the Internet. We call that part of the network the
Hidden Web. By using Custom Search Engines we can recover them and enumerate
their content. Among the gathered information, we may find Intranet interfaces,
Administrative panels and other types of sensitive information.
408 Chapter 10 • Hacking Google Services
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 408
Google AJAX Search API Integration
Earlier in this chapter we discussed how to use the AJAX API to embed search engine facili-
ties in your own applications and even do automated queries. Here we will do the same but
this time we are going to use the Google Hacking Database custom search engine that we
have created.
The first most important thing is to locate the unique identifier of your search engine.
Just access the engine page and have a look at the URL bar. It should be similar to the
following:
/>The cx parameter is the unique identifier for that engine. Remember that value and
substitute it for the placeholder in the following example:
<html>
<head>
<title>Hacking AJAX API</title>
</head>
<body>
<script>
function our_callback(a, b, c, d, e) {
for (var i = 0; i < b.results.length; i++) {
var link = document.createElement('a');
link.href = b.results[i].url;
link.innerHTML = b.results[i].url;
document.body.appendChild(link);

var br = document.createElement('br');
document.body.appendChild(br);
}
}
</script>
<script type="text/javascript"
&q=test&key=internal&v=1.0&cx=016629205230705557969%3Assouol31jqq"></script>
</body>
</html>
Hacking Google Services • Chapter 10 409
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 409
There are tones of interesting and quite valuable things that can be accomplished with
the AJAX Search API and Google Co-op. It is just a matter of imagination, something that
hackers and computer security experts has quite a lot.
Google Code
Google Code is an offering to the open source community allowing for free-for-all project
hosting. Feature-wise, the service is very much like the well the known Sourceforge.
Developers are provided with a Wiki for hosting the project documentation, Bug tracking
system and version control through SVN. At the time of this writing, each user is restricted
by the number of projects they can spawn. However, this logical restriction can be easily
bypassed.
Google Code is more then just a development environment - it is a free hosting
provider. We can use the system to stash all sorts of stuff in there.
In order to open a Google Code project, you’ll first need a Google account. Simply visit
fill in the necessary details and you are ready
to upload your content as shown in Figure 10.26.
Figure 10.26 Google Code Project Registration
As we mentioned earlier, Google Code operates on the top of SVN (Subversion). In
order to upload content, you will need the svn client which comes bundled with most
Linux/Unix distributions. Windows users can obtain the svn client from

410 Chapter 10 • Hacking Google Services
452_Google_2e_10.qxd 10/5/07 1:13 PM Page 410