Goolag – GUI Tool for Google Hacking

Use Netsparker


cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

, ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


6 Responses to Goolag – GUI Tool for Google Hacking

  1. Shill March 13, 2008 at 2:09 pm #

    Too bad there’s to be developed for win32

  2. James C March 13, 2008 at 3:41 pm #

    Nice tool. Its good fun dorking for camera’s, its amazing what you can find :) Once I found a camera monitoring a control panel in a water or sewerage plant (hard to tell the difference from the control panel)

  3. zupakomputer March 13, 2008 at 4:01 pm #

    Pardon me ignorance squire but – what the hell is that exactly? I haven’t heard of ‘dorks’ in this context, and the cDc page is more about political thought against China and Google allowing their search engine to be used there, but censoring it –

    how does it fit in with the scanner function, and finding cameras?

    At any rate – Google is censored here too; first the .com site turned up nothing but spam links, hence only the .co.uk search works at all now (in fact, if I type in the .com thesedays it entirely redirects to the .co.uk and is no longer accessible from the UK at all – this trend has been the case with a number of other major sites that have UK & US (and other) versions – it becomes impossible to get onto the site for a country other than your own (eg – another one that does that is Game Spot)).

    Frequently I find that Google will leave out searches that it previously returned on page1 (fom the same uplink and machine) ; in each case thus far when that happens I’ve been able to find the link again, on page1 on a different search engine.
    Also, as worryingly, I happen to have net access from two very disctinct links, that are very close in physical location – the same search on Google on the same day yields very different results from the ultra-fast comms line than it doth from the phone line.

  4. Darknet March 13, 2008 at 5:20 pm #

    Google Dorks are search engine queries that return either a) Off limit resources (web cams etc) or b) Exploitable resources (Software vulnerable to SQL injection for example) or c) Private info like passwords and juicy info

    Google has many advanced operators which can be used to narrow down this search, if you read Full Disclosure or Bugtraq you’ll often find the vulnerabilities for web apps are accompanied by Google Dorks to help you find the vulnerable apps on the public web.

    I suggest you follow the I Hack Stuff link and check out the site.

  5. Pantagruel March 13, 2008 at 10:07 pm #

    Nice one.
    Used to search for dorks but became somewhat boring after seeing webcam number X with either a dumb ass view or non working. You’d be amazed what turns up looking for office related files.

  6. Johnny Crow March 14, 2008 at 6:44 pm #

    I have used google since the day it came out and have always looked at ways to search beyond normal operators. I remember when Ihackstuff came out because I had written a white paper on google “hacking” in order to get a job. I found that they tended to know more than I did, but then again I didn’t spend much time on it. I always wondered if someone would create an app that could take an input and have it do the search strings, much easier than doing it by hand. I wrote a small macro that helped out with certain ones, but mostly it was just a pain to do it all by hand.

    I am very fond of goolag and am proud that the cDc came out with another tool for those who need it to use.

    -J