Goolag Scans for Sites Vulnerabilities using Google

Goolag Scanner is a Web auditing tool released by the hacker group Cult of Dead Cows. The tool uses the prowess of the search engine to surface vulnerabilities on Web sites. It’s called “Google hacking” – a slick data-mining technique used by the Internet’s cops and crooks alike to unearth sensitive material mistakenly posted to public Web sites.

And for those who don’t know, “cDc” was formed in 1984. One of its famous back-door program “Back Orifice”, which threw light upon how easy it is to take complete remote control of a Windows PC.

Google hacking doesn’t mean anyone’s hacking Google’s Web site. Rather, it refers to a sophisticated searching technique used to uncover flaws in the way Web sites handle confidential details, such as public files containing password and credit card numbers and clues about the vulnerability of the site’s own servers.

It works by examining the hidden section of a Web site, areas that have been indexed by Google but don’t pop up in traditional searches. Sometimes Web sites accidentally post revealing information about themselves, either because employees mistakenly put confidential documents online, or the site wasn’t properly configured to obscure sensitive areas.

Goolag Scan” is actually a open source small .NET program that comes as a standalone application with GUI. It can discover Web applications, back doors, or documents that are involuntarily put on the Internet that contain sensitive information like tell-tale error messages, or Java applets for remote control of surveillance cameras. Excessive use of the tool will probably alert Google and make them block your IP address.

Security experts say Google hacking wouldn’t be an issue if Web sites had proper security safeguards in place.

Source: tech2.com , techtree.com