The hacking group Cult of the Dead Cow (CDC) this week released a tool that converts Google into a preset vulnerability scanner, combing websites for susceptible information such as passwords or server vulnerabilities.
CDC primarily achieved infamy ten years ago with its backdoor Back Orifice, which verified in a highly public way just how straightforward it was to take illicit control of a Windows PC.
The latest tool, called Goolag Scan, is similarly stimulating, making it effortless for inexpert users to track down vulnerabilities and sensitive information on specific websites or broad web domains.
This capacity should serve as a rousing call for system administrators to operate the tool on their own sites prior to attackers getting around to it, according to CDC.
CDC spokesperson Oxblood Ruffin, in a statement said “It’s no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large website, I’d be downloading this beast and aiming it at my site yesterday.”
The tool is a separate Windows .Net application, licensed under the open source GNU General Public License that provides about 1,500 tailored searches under categories such as “vulnerable servers,” sensitive online shopping information “and” files containing interesting information
The outcome is presented as a list of links that can be opened straightforwardly in a browser. Example results include revealing error messages and Java applets for the remote control of surveillance cameras, according to CDC.
Goolag Scan is based on “Google hacking,” the appliance of revealing vulnerabilities via Google, which CDC says has been forged by a hacker going by the handle “Johnny I Hack Stuff.”
Goolag Scan is, nonetheless, the first time such susceptibility searches have been built into a uncomplicated tool, according to CDC.