cDc, an old-school hacking crew famous for its anti-censorship stance,
has shipped a new tool that turns the Google search engine into an
easy-to-use vulnerability scanner.
Taking its cue from Johnny Long's Google Dorks—search queries that reveal sensitive information—cDc's new Goolag Scan pushes the envelope even more, offering a stand-alone Windows GUI-based application to power the searchers.
The open-source program comes with about 1,500 custom Google search
queries embedded by default to run searches for vulnerable Web
applications, misconfigured Web servers with open backdoors, sensitive
user names and passwords, and other documents accidentally exposed on
“It's no big secret that the Web is the platform,” said Oxblood Ruffin,
a spokesperson for the hacker think tank. “This platform pretty much
sucks from a security perspective. Goolag Scanner provides one more
tool for Web site owners to patch up their online properties.
“We've seen some pretty scary holes through random tests with the
scanner in North America, Europe and the Middle East. If I were a
government, a large corporation, or anyone with a large Web site, I'd
be downloading this beast and aiming it at my site yesterday. The
vulnerabilities are that serious,” Ruffin said.
The utility ships as a .Net program that can be manually configured to
power Google queries for specific servers or for an entire set of
For example, a business can ask Goolag Scan to search for vulnerable
servers or “files containing juicy information” on all its Web sites,
turning the scanner into a useful auditing tool.