cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.
Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.
If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.
Nevertheless, gS is different from other applications released to date for the following reasons:
- There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
- Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command-line options and no knowledge of Google hacking are required to test one’s host.
- Goolag Scanner comes with its own dorks-database, but it is not limited to such.
- gS uses a very simple xml-document, which is readable and part of the distribution.
This software requires Microsoft .NET Framework Version 2.0.
You can download Goolag here:
Goolag (1.0.0.40)
Or read more here http://goolag.org/specifications.html.
Shill says
Too bad there’s to be developed for win32
James C says
Nice tool. Its good fun dorking for camera’s, its amazing what you can find :) Once I found a camera monitoring a control panel in a water or sewerage plant (hard to tell the difference from the control panel)
zupakomputer says
Pardon me ignorance squire but – what the hell is that exactly? I haven’t heard of ‘dorks’ in this context, and the cDc page is more about political thought against China and Google allowing their search engine to be used there, but censoring it –
how does it fit in with the scanner function, and finding cameras?
At any rate – Google is censored here too; first the .com site turned up nothing but spam links, hence only the .co.uk search works at all now (in fact, if I type in the .com thesedays it entirely redirects to the .co.uk and is no longer accessible from the UK at all – this trend has been the case with a number of other major sites that have UK & US (and other) versions – it becomes impossible to get onto the site for a country other than your own (eg – another one that does that is Game Spot)).
Frequently I find that Google will leave out searches that it previously returned on page1 (fom the same uplink and machine) ; in each case thus far when that happens I’ve been able to find the link again, on page1 on a different search engine.
Also, as worryingly, I happen to have net access from two very disctinct links, that are very close in physical location – the same search on Google on the same day yields very different results from the ultra-fast comms line than it doth from the phone line.
Darknet says
Google Dorks are search engine queries that return either a) Off limit resources (web cams etc) or b) Exploitable resources (Software vulnerable to SQL injection for example) or c) Private info like passwords and juicy info
Google has many advanced operators which can be used to narrow down this search, if you read Full Disclosure or Bugtraq you’ll often find the vulnerabilities for web apps are accompanied by Google Dorks to help you find the vulnerable apps on the public web.
I suggest you follow the I Hack Stuff link and check out the site.
Pantagruel says
Nice one.
Used to search for dorks but became somewhat boring after seeing webcam number X with either a dumb ass view or non working. You’d be amazed what turns up looking for office related files.
Johnny Crow says
I have used google since the day it came out and have always looked at ways to search beyond normal operators. I remember when Ihackstuff came out because I had written a white paper on google “hacking” in order to get a job. I found that they tended to know more than I did, but then again I didn’t spend much time on it. I always wondered if someone would create an app that could take an input and have it do the search strings, much easier than doing it by hand. I wrote a small macro that helped out with certain ones, but mostly it was just a pain to do it all by hand.
I am very fond of goolag and am proud that the cDc came out with another tool for those who need it to use.
-J