13 March 2008 | 37,962 views

Goolag – GUI Tool for Google Hacking

Check For Vulnerabilities with Acunetix

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.



Recent in Hacking Tools:
- dirs3arch – HTTP File & Directory Brute Forcing Tool
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

Related Posts:
- Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
- GooDork – Command Line Google Dorking/Hacking Tool
- Gooscan – Automated Google Hacking Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,857,179 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,042,584 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 618,788 views

Low-cost VPS Hosting

6 Responses to “Goolag – GUI Tool for Google Hacking”

  1. Shill 13 March 2008 at 2:09 pm Permalink

    Too bad there’s to be developed for win32

  2. James C 13 March 2008 at 3:41 pm Permalink

    Nice tool. Its good fun dorking for camera’s, its amazing what you can find :) Once I found a camera monitoring a control panel in a water or sewerage plant (hard to tell the difference from the control panel)

  3. zupakomputer 13 March 2008 at 4:01 pm Permalink

    Pardon me ignorance squire but – what the hell is that exactly? I haven’t heard of ‘dorks’ in this context, and the cDc page is more about political thought against China and Google allowing their search engine to be used there, but censoring it -

    how does it fit in with the scanner function, and finding cameras?

    At any rate – Google is censored here too; first the .com site turned up nothing but spam links, hence only the .co.uk search works at all now (in fact, if I type in the .com thesedays it entirely redirects to the .co.uk and is no longer accessible from the UK at all – this trend has been the case with a number of other major sites that have UK & US (and other) versions – it becomes impossible to get onto the site for a country other than your own (eg – another one that does that is Game Spot)).

    Frequently I find that Google will leave out searches that it previously returned on page1 (fom the same uplink and machine) ; in each case thus far when that happens I’ve been able to find the link again, on page1 on a different search engine.
    Also, as worryingly, I happen to have net access from two very disctinct links, that are very close in physical location – the same search on Google on the same day yields very different results from the ultra-fast comms line than it doth from the phone line.

  4. Darknet 13 March 2008 at 5:20 pm Permalink

    Google Dorks are search engine queries that return either a) Off limit resources (web cams etc) or b) Exploitable resources (Software vulnerable to SQL injection for example) or c) Private info like passwords and juicy info

    Google has many advanced operators which can be used to narrow down this search, if you read Full Disclosure or Bugtraq you’ll often find the vulnerabilities for web apps are accompanied by Google Dorks to help you find the vulnerable apps on the public web.

    I suggest you follow the I Hack Stuff link and check out the site.

  5. Pantagruel 13 March 2008 at 10:07 pm Permalink

    Nice one.
    Used to search for dorks but became somewhat boring after seeing webcam number X with either a dumb ass view or non working. You’d be amazed what turns up looking for office related files.

  6. Johnny Crow 14 March 2008 at 6:44 pm Permalink

    I have used google since the day it came out and have always looked at ways to search beyond normal operators. I remember when Ihackstuff came out because I had written a white paper on google “hacking” in order to get a job. I found that they tended to know more than I did, but then again I didn’t spend much time on it. I always wondered if someone would create an app that could take an input and have it do the search strings, much easier than doing it by hand. I wrote a small macro that helped out with certain ones, but mostly it was just a pain to do it all by hand.

    I am very fond of goolag and am proud that the cDc came out with another tool for those who need it to use.

    -J