Infamous hacking group the Cult of the Dead Cow (cDc) has published a tool that searches for vulnerabilities and private data using carefully-selected Google search queries.

The process of so-called Google hacking is already well known, largely due to the efforts of Johnny "I Hack Stuff" Long, whose presentation on the subject have become a fixture of conferences such as Black Hat. cDc's Goolag Scan allows unskilled hackers or the simply curious to use the same techniques.

There's nothing in the Windows-based application to stop hackers using the tool, a feature it shares with other utilities and one which makes making value judgements of dual use hacking/auditing tools a tricky business.

Goolag Scan provides 1,500 pre-configured Google search queries in categories such as "vulnerable servers", "sensitive online shopping information" and "files containing juicy information", Heise Security reports. The tool presents its findings in the form of of list of URLs that can be opened directly in a browser.

Links to downloads and the cDc's description of the utility can be found here. ®

Related stories

• Firm threatens action against CCTV whistleblower (19 September 2008)
• Google red cards Privila for gaming search engine (11 March 2008)
• Google serves up surprise password cracking function (21 November 2007)
• Hacking Google for fun and profit (4 April 2005)
• The Hackers Who Broke Windows (25 July 2003)
• Sir Dystic steps up, clears air (24 July 2002)
• Defcon 08: cDc bores two thousand people at once (30 July 2000)
• Back Orifice 2000 shows its face (8 July 1999)