cDc automates Google Hacking
PrintKewl for cats
Posted in Software & Security, 22nd February 2008 17:14 GMT
Free whitepaper – Managing desktop software for fun and profit
Infamous hacking group the Cult of the Dead Cow (cDc) has published a tool that searches for vulnerabilities and private data using carefully-selected Google search queries.
The process of so-called Google hacking is already well known, largely due to the efforts of Johnny "I Hack Stuff" Long, whose presentation on the subject have become a fixture of conferences such as Black Hat. cDc's Goolag Scan allows unskilled hackers or the simply curious to use the same techniques.
cDc is most famous for creating Back Orifice remote administration/back door package for Windows ten years ago. It describes Goolag Scanner as a web auditing tool, allowing users to check their own website for vulnerabilities. Searches can be restricted to an individual domain or extended to an entire top-level domain as desired.
There's nothing in the Windows-based application to stop hackers using the tool, a feature it shares with other utilities and one which makes making value judgements of dual use hacking/auditing tools a tricky business.
Goolag Scan provides 1,500 pre-configured Google search queries in categories such as "vulnerable servers", "sensitive online shopping information" and "files containing juicy information", Heise Security reports. The tool presents its findings in the form of of list of URLs that can be opened directly in a browser.
Links to downloads and the cDc's description of the utility can be found here. ®
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
New storage architectures make SSDs more cost-effective
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs