Goolag, should I use my powers for good, or evil?
Goolag Scanner is a tool that lets you audit your website’s security through special Google searches. Launched in February 2008 by a group of hackers called Cult of the Dead Cow (cDc – known better for their Back Orifice hacking program), the open source Goolag Scanner uses Google as a vulnerability scanner tool. While the stated purpose of Goolag is to allow webmasters to do an audit for their websites and patch what needs to be patched, this tool could also be used by novice Google hackers to gain control over vulnerable websites.
Goolag Scanner is available at Goolag.org, but be sure to read their disclaimer before you install it, as they warn you:
This software was developed by the cDc. It’s issued under the terms of the GPL. If the software does something bad to your computer or network or provides information that you have no legal right to see, then that’s your problem. In some countries this software might be illegal. Don’t be stupid, and don’t come whining to us if you get into trouble. You’ve been warned.
The principle it works after is that of taking advantage of special Google hacking searches (called “dorks”), searches that look for specific bits of data (php/apache configuration files, databases, files that contain protected information, credit card information, mp3 files, IP configuration data, etc.). Right now the program has loaded about 1418 so-called dorks, that let you really put your website to the test. You simply select from the left hand side a type of test to perform (press the circle in front of the listing to select several at once), add a website in the Host field and press Scan. However, there’s a downside to this as Google doesn’t like automated queries so selecting multiple tests to run at once might get you into trouble.