Hacker group releases automated 'Google hacking' tool
Cult of the Dead Cow says scanning software can find Web site holes via Google searches
Computerworld - The Cult of the Dead Cow hacker group has released an open-source tool designed to enable IT workers to quickly scan their Web sites for security vulnerabilities and at-risk sensitive data, using a collection of specially crafted Google search terms.
The group, which refers to itself as the cDc, acknowledged that the Goolag Scanner tool could also be used by malicious attackers to look for vulnerable Web sites. "We're not stupid," a cDc member who goes by the name "Oxblood Ruffin" said. "We know some bored teenagers and criminals will try to exploit vulnerabilities [using the new tool]."
But such uses are "not something that we or anyone can control," Ruffin added. "What we're trying to do is two things: 1) to provide a very easy and legitimate tool for security professionals to test their own Web sites for vulnerabilities, and 2) to raise awareness about Web security in and of itself."
Goolag Scanner is a Windows-based auditing tool that was built around the concept of "Google hacking," a form of vulnerability research created by a hacker who uses the name "Johnny I Hack Stuff." Google hacking involves the use of certain types of search queries to look for Web site vulnerabilities. More than 1,500 such queries -- or Googledorks, as they and the people who leave their Web sites exposed to them are sometimes known -- have been compiled into a database by Johnny I Hack Stuff over the past few years.
Although the queries are ostensibly supposed to be used by Web administrators to test their sites for data leaks and vulnerabilities, they're also widely used by malicious hackers who are looking for ways to break into sites.
With Goolag Scanner, users can use Googledork queries to run automated vulnerability scans on Web sites, instead of having to copy and paste each search term into a Google search field. According to Ruffin, the tool stores all of the known Googledorks in one file and enables users to add new search terms as they find them.
"Essentially, what we have done with the scanner is created an automated form of Google hacking," he said. "It's like Google hacking on steroids. It operates in a very quick manner."
The new tool also is "very easy to use for everybody, not just security professionals," Ruffin said. "It's probably something that your mother could use without a whole lof of instructions."
Johnny I Hack Stuff previously released a similar tool called Gooscan that also automates the query process, but it runs only on Linux.
Ruffin said that as part of its testing of Goolag Scanner, the cDc ran the tool against commercial, government and military Web sites in North America, Europe and the Middle East, discovering significant security holes in many of them. Most of the scans done in North America were run against government sites "because they are really starting to migrate to the Web," he said.
Information about roughly a dozen "pretty scary holes" that were discovered as part of those scans has been turned over to the proper authorities, Ruffin added.
Goolag Scanner won't find any new kinds of security threats on Web sites, but it does give IT administrators a handier way to look for flaws and leaks that could be exposed via Google searches, said Amichai Shulman, chief technology officer at Imperva Inc., a vendor of firewall and database security software in Foster City, Calif.
The tool's user interface is easy to use, Shulman said, adding that Goolag Scanner could be an eye-opener for company officials and other Web site owners who still need to be convinced about the extent of their exposure to security risks.
And despite the concerns about malicious uses of the tool, Shulman said that he thinks the automated querying offered by Goolag Scanner is unlikely to be of much help to would-be attackers. Over the past few years, Google Inc. has increasingly improved the ability of its software to detect and stop large-scale automated searches, according to Shulman. People who frequently try to run such searches via Goolag Scanner could find their IP addresses being blocked by Google, he said.
Even companies that want to use the tool might need Google's enterprise search software in order to successfully run the scanner against their Web sites without problems, Shulman said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts