Набрел на оч. инетерстный проект где люди автоматизируют поиcк багов через код серч.

[Google Source Code Bug Finder] (http://www.cipher.org.uk/index.php?p=projects/bugle.project)

[Google Source Code Bug Finder - Automated Version] (http://www.cipher.org.uk/projects/bugle/BugleAutomated.php)

плюс ко всему неплохая коллекция запросов самих например

SQL inj find query (http://www.google.com/codesearch?hl=en&lr=&q=executeQuery.*getParameter&btnG=Search)

XSS in Java Apps (http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter&btnG=Search)

SQL Injection in Java App (http://www.google.com/codesearch?hl=en&lr=&q=executeQuery.*getParameter&btnG=Search)

и в завершение тулза.. GoogleRower для опять же автоматизации поиска багов по гуглу (исходники на си)
Google Rower was created to automates google searches and retrieve the links. It can brute force searches to get more results by adding a letter/number to the end of it. It combines all the results found into one file and removes the duplicates. Also it can be used to search an ip range using google's site operator.
DownloaD (http://packetstormsecurity.org/web/GoogleRower.zip)