MRL Wiki	Main Page | About | Help | FAQ | Special pages | Log in
	Printable version | Disclaimers | Privacy policy

OSHDB

From MRL Wiki

Contents 1 Initial thoughts for OSHDB project 1.1 Goals 1.2 Naming 1.3 Technical details 1.4 Milestones/Tasks 1.4.1 Milestone 0 1.4.2 Milestone 1 1.4.3 Milestone 2 1.5 Other ideas

[edit] Initial thoughts for OSHDB project

This is all subject to change

[edit] Goals

• A more open (and easy) submit and consume policy
  • Allow direct export for anyone?
  • GPL licensed (v2 or v3?)
• Create new more resilient home for GHDB
• Abstract the concept of google-hacking to apply to other search engines as well
  • Automatic translations of site-specific operators
  • If no direct translation exists, make sure to flag (or possibly adapt) the rule
• Ramp up the community so that more updates are happening
  • Rating system based on the number and quality of dorks submitted
• Will initially import the existing GHDB content

[edit] Naming

• OSHDB - Open Search Hack Database

[edit] Technical details

• None of this is set in stone, it's just the default path that I'd take without other input (so give input)
• Written in turbogears?

[edit] Milestones/Tasks

[edit] Milestone 0

• Make sure licensing issues are clear
  • Ownership of dork submissions
  • Re-use of source code (once engine is developed)
• Compile a list of dedicated developers
  • Hold first introductory/brainstorming meeting
  • Survey availability
  • Agree on roles (try to split up work into semi-autonomous mini-projects)
• Agree on technologies used for the project
  • mrl/oshdb or dedicated domain (maybe? oshdb.org/.com/.net)
  • Turbo-Gears
  • LAMP server (where?)
• Set up development
• Schedule regular (weekly/bi-weekly) meetings that all participating parties can attend (skype?)

[edit] Milestone 1

• Announce project and put up original GHDB.xml
• Create initial page with basic functionality similar to GHDB
  • GUI interface for GHDB.xml
  • Google only

[edit] Milestone 2

• Community building
  • User registration
  • User submission
  • Dork-rating

• Database features
  • SE Abstraction engine (Google, Yahoo, MSN, etc.)
  • Export feature (Generate XML dump of the database) for other tools (seat, bidiblah, etc.)

[edit] Other ideas

• Since we have a more open submission policy, we need a way to rate the submitted dorks
  • This may mean an approval queue for initial submission
  • We need an easy way to get feedback/rating on the effectiveness of the dorks, otherwise the searching will become noise. This could be a simple up/down digg style rating, but will more likely need the ability to flag with other attributes
    • Attributes could include "dead", false positive ratio
  • Possibly build this into SEAT?
• Determine if a policy is needed for submission into the DB. Are there cases where this information could be too targeted?
• CVE correlation?
• Integration/Correlation with OSVDB?
• Merge in the other sources that SEAT uses
• Create a common export format so that other tools can use it
  • Maybe create some libraries for it as well
• Finish SEAT-lite
  • Use data collected in OSHDB for SEAT-lite

Edit this page | Discuss this page | Page history | What links here | Related changes Main Page | About MRL Wiki | Find: This page has been accessed 6,428 times. This page was last modified on 25 January 2009, at 04:51.