Cult of the Dead Cow (CDC) this week released a tool that turns Google into an automated vulnerability scanner
http://www.goolag.org/ |
Few weeks back a member of ClubHack created a similar & better website by the name http://exploitsearch.com
Later that was added in "Five must-have security resources" by TechRepublic
http://blogs.techrepublic.com.com/security/?p=403 |
More info on the Google Vulnerability Scanner: http://www.crn.com/security/206801430 |
[Moved from "Goolag Scanner released" – Tony]
From the announcement: "Today CULT OF THE DEAD COW (cDc), the world's most attractive hacker group, announced the release of Goolag Scanner, a web auditing tool. Goolag Scanner enables everyone to audit his or her own web site via Google. The scanner technology is based on "Google hacking," a form of vulnerability research developed by Johnny I Hack Stuff." ....
Link: http://www.cultdeadcow.com/cms/main.php3
The page describes that tchnically "Goolag Scanner is a standalone windows GUI based application. It uses one XML-based configuration file for its settings." http://www.goolag.org/ |
Use it with care, you might end up blocking your IP address at Google & resulting in http://sorry.google.com/sorry/ |
This vulnerability scanner is absolutely great. there is no doubt about it. I'm sure it's just a matter of time till google stops helping it stay alive, but this is not my problem. I think that you can't rely on open source projects like that when talking about vulnerabilities detection. I think that a commercial business needs a commercial service. here is an example of a vulnerability scanner: beyondsecurity.com/vulnerability-scanner.html There is a real company behind it and there is someone you can call to ask question. Who can I call when there is a vulnerability on goolag that was not detected?
[Unlinked URL.] |