A new tool has been released to assist hackers in using Google to find website vulnerabilities. The tool is called Goolag and it simplifies the task of using the search engine to identify common weaknesses, misconfigurations, and files containing valuable information associated with a website.
Nothing new in that: Foundstone’s free tool, SiteDigger, has been around for some time. The difference is that SiteDigger is a tool aimed at professionals looking to find weaknesses in products that they have some stake in. Goolag, in being produced by the hacker group, Cult of the Dead Cow, is squarely marketing itself at the hacker audience. And a good job it does too. The software takes a few seconds to download, install and execute. It has an easy to understand user interface, and is simple to configure and run.
The group, which refers to itself as the cDc, acknowledged that the Goolag Scanner tool could also be used by malicious attackers to look for vulnerable Web sites. “We’re not stupid,” a cDc member who goes by the name Oxblood Ruffin said. “We know some bored teenagers and criminals will try to exploit vulnerabilities [using the new tool].”
You can read the full article here.