Goolag – GUI Tool for Google Hacking

Use Netsparker


cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

, ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


6 Responses to Goolag – GUI Tool for Google Hacking

  1. Shill March 13, 2008 at 2:09 pm #

    Too bad there’s to be developed for win32

  2. James C March 13, 2008 at 3:41 pm #

    Nice tool. Its good fun dorking for camera’s, its amazing what you can find :) Once I found a camera monitoring a control panel in a water or sewerage plant (hard to tell the difference from the control panel)

  3. zupakomputer March 13, 2008 at 4:01 pm #

    Pardon me ignorance squire but – what the hell is that exactly? I haven’t heard of ‘dorks’ in this context, and the cDc page is more about political thought against China and Google allowing their search engine to be used there, but censoring it –

    how does it fit in with the scanner function, and finding cameras?

    At any rate – Google is censored here too; first the .com site turned up nothing but spam links, hence only the .co.uk search works at all now (in fact, if I type in the .com thesedays it entirely redirects to the .co.uk and is no longer accessible from the UK at all – this trend has been the case with a number of other major sites that have UK & US (and other) versions – it becomes impossible to get onto the site for a country other than your own (eg – another one that does that is Game Spot)).

    Frequently I find that Google will leave out searches that it previously returned on page1 (fom the same uplink and machine) ; in each case thus far when that happens I’ve been able to find the link again, on page1 on a different search engine.
    Also, as worryingly, I happen to have net access from two very disctinct links, that are very close in physical location – the same search on Google on the same day yields very different results from the ultra-fast comms line than it doth from the phone line.

  4. Darknet March 13, 2008 at 5:20 pm #

    Google Dorks are search engine queries that return either a) Off limit resources (web cams etc) or b) Exploitable resources (Software vulnerable to SQL injection for example) or c) Private info like passwords and juicy info

    Google has many advanced operators which can be used to narrow down this search, if you read Full Disclosure or Bugtraq you’ll often find the vulnerabilities for web apps are accompanied by Google Dorks to help you find the vulnerable apps on the public web.

    I suggest you follow the I Hack Stuff link and check out the site.

  5. Pantagruel March 13, 2008 at 10:07 pm #

    Nice one.
    Used to search for dorks but became somewhat boring after seeing webcam number X with either a dumb ass view or non working. You’d be amazed what turns up looking for office related files.

  6. Johnny Crow March 14, 2008 at 6:44 pm #

    I have used google since the day it came out and have always looked at ways to search beyond normal operators. I remember when Ihackstuff came out because I had written a white paper on google “hacking” in order to get a job. I found that they tended to know more than I did, but then again I didn’t spend much time on it. I always wondered if someone would create an app that could take an input and have it do the search strings, much easier than doing it by hand. I wrote a small macro that helped out with certain ones, but mostly it was just a pain to do it all by hand.

    I am very fond of goolag and am proud that the cDc came out with another tool for those who need it to use.

    -J