Dead Cow Cult Releases Google Hacking Kit to the Wild

The Cult of the Dead Cow (cDc) hacker group -- which claims to be the world's most attractive hacker group -- has released Goolag Scanner, an open source tool that uses Google's (Nasdaq: GOOG) search engines to look for vulnerabilities in Web sites.

Goolag Scanner is either a Web auditing tool that can be used by security professionals to help make their Web sites stronger -- or a hacking tool that provides wicked-easy access to a wealth of information "keys" unwittingly left lying around on Web site servers.

Hacks Galore

Goolag Scanner is based on a technique known as "Google hacking." It's a form of vulnerability research developed by a hacker who goes by the name "Johnny I Hack Stuff" and who's published a database of vulnerabilities and how to scan for them using specially crafted advanced Google searches.

Using individual searches to find flaws works -- it just takes a lot of time. Goolag Scanner is basically an application that rapidly runs lots of flaw-finding searches and quickly returns results more friendly to novices, friend or foe.

"It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," noted Oxblood Ruffin, who described himself as a cDc "spokesmodel."

"Goolag Scanner provides one more tool for Web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious," he added.

Common Vulnerabilities

"It's difficult to refer to vulnerabilities as common other than from a structural perspective," Ruffin told LinuxInsider. "But having said that, most vulnerabilities that we've seen on the .gov/mil side have involved programming sloppiness. If you're asking how could a black hat exploit a Web site using Goolag Scanner, then I'd say that it would be on the 'point of entry' vector. You find a scab, you pick at it, and sooner or later you'll get blood," Ruffin explained.

Google hacking techniques aren't particularly new, and as cDc's online fact sheet notes, Goolag Scanner has been "bouncing around cDc internally for the past three years." It raises the question: Why release it to the public now?

"In our view, the public is ready to start thinking about Web security now. All kinds of services and conveniences are dragging people out of their homes/offices and onto the Web," Ruffin said.

"Who needs a hard drive when you can store data for free 'out there'? That's how people are beginning to think," Ruffin explained. "So we're just trying to create a moment of pause. Is it really such a good idea?"

Goolag Scanner will be released open source under the GNU Affero General Public license. It is a standalone windows GUI-based (graphical user interface) application that uses one XML-based (extensible markup language) configuration file for its settings.