Goolag – GUI Tool for Google Hacking


cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command-line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here http://goolag.org/specifications.html.

Posted in: Hacking Tools, Privacy, Web Hacking

, ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


6 Responses to Goolag – GUI Tool for Google Hacking

  1. Shill March 13, 2008 at 2:09 pm #

    Too bad there’s to be developed for win32

  2. James C March 13, 2008 at 3:41 pm #

    Nice tool. Its good fun dorking for camera’s, its amazing what you can find :) Once I found a camera monitoring a control panel in a water or sewerage plant (hard to tell the difference from the control panel)

  3. zupakomputer March 13, 2008 at 4:01 pm #

    Pardon me ignorance squire but – what the hell is that exactly? I haven’t heard of ‘dorks’ in this context, and the cDc page is more about political thought against China and Google allowing their search engine to be used there, but censoring it –

    how does it fit in with the scanner function, and finding cameras?

    At any rate – Google is censored here too; first the .com site turned up nothing but spam links, hence only the .co.uk search works at all now (in fact, if I type in the .com thesedays it entirely redirects to the .co.uk and is no longer accessible from the UK at all – this trend has been the case with a number of other major sites that have UK & US (and other) versions – it becomes impossible to get onto the site for a country other than your own (eg – another one that does that is Game Spot)).

    Frequently I find that Google will leave out searches that it previously returned on page1 (fom the same uplink and machine) ; in each case thus far when that happens I’ve been able to find the link again, on page1 on a different search engine.
    Also, as worryingly, I happen to have net access from two very disctinct links, that are very close in physical location – the same search on Google on the same day yields very different results from the ultra-fast comms line than it doth from the phone line.

  4. Darknet March 13, 2008 at 5:20 pm #

    Google Dorks are search engine queries that return either a) Off limit resources (web cams etc) or b) Exploitable resources (Software vulnerable to SQL injection for example) or c) Private info like passwords and juicy info

    Google has many advanced operators which can be used to narrow down this search, if you read Full Disclosure or Bugtraq you’ll often find the vulnerabilities for web apps are accompanied by Google Dorks to help you find the vulnerable apps on the public web.

    I suggest you follow the I Hack Stuff link and check out the site.

  5. Pantagruel March 13, 2008 at 10:07 pm #

    Nice one.
    Used to search for dorks but became somewhat boring after seeing webcam number X with either a dumb ass view or non working. You’d be amazed what turns up looking for office related files.

  6. Johnny Crow March 14, 2008 at 6:44 pm #

    I have used google since the day it came out and have always looked at ways to search beyond normal operators. I remember when Ihackstuff came out because I had written a white paper on google “hacking” in order to get a job. I found that they tended to know more than I did, but then again I didn’t spend much time on it. I always wondered if someone would create an app that could take an input and have it do the search strings, much easier than doing it by hand. I wrote a small macro that helped out with certain ones, but mostly it was just a pain to do it all by hand.

    I am very fond of goolag and am proud that the cDc came out with another tool for those who need it to use.

    -J