The Register® — Biting the hand that feeds IT

Feeds

cDc automates Google Hacking

Kewl for cats

By John Leyden, 22nd February 2008
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Infamous hacking group the Cult of the Dead Cow (cDc) has published a tool that searches for vulnerabilities and private data using carefully-selected Google search queries.

The process of so-called Google hacking is already well known, largely due to the efforts of Johnny "I Hack Stuff" Long, whose presentation on the subject have become a fixture of conferences such as Black Hat. cDc's Goolag Scan allows unskilled hackers or the simply curious to use the same techniques.

cDc is most famous for creating Back Orifice remote administration/back door package for Windows ten years ago. It describes Goolag Scanner as a web auditing tool, allowing users to check their own website for vulnerabilities. Searches can be restricted to an individual domain or extended to an entire top-level domain as desired.

There's nothing in the Windows-based application to stop hackers using the tool, a feature it shares with other utilities and one which makes making value judgements of dual use hacking/auditing tools a tricky business.

Goolag Scan provides 1,500 pre-configured Google search queries in categories such as "vulnerable servers", "sensitive online shopping information" and "files containing juicy information", Heise Security reports. The tool presents its findings in the form of of list of URLs that can be opened directly in a browser.

Links to downloads and the cDc's description of the utility can be found here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (34)
Latest Comments
Bob Hoskins

Nothing new.

Foundstone did this years ago and better with SIteDigger.

0
0
Geoff Mackenzie

IE blocking

I prefer a more generous approach; allow users in, but add a warning for their eyes only that their browser is broken and don't allow them to submit bug reports relating to the markup. I don't code for IE any more but I agree that shutting out IE users entirely is a little excessive.

0
0
Myles Long

Wowie

> 25,000 Goolag Scanner downloads to date.

http://www.goolag.org/ | http://www.cultdeadcow.com/

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
126
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13