Schneier on Security

http://www.goolag.org/ seems to be a Dead Cow... ;-]

J.

Downloaded the installer and scanned it before running. ZoneAlarm reports it's got a virus.

hmmm I just by accident found this article:

"google scanning-- is it legal in the UK"

http://www.heise-online.co.uk/security/...

Yeah, seems a little suspicious that they want all the big websites to download the app and install it. Can anybody confirm that it's malware?

So it probably won't be long until KZ-hacker is being released? Who gives his software such a stupid name? Or is it there intention to turn the internet into a gulag (pronounced goolag)?

I don't understand what's supposed to be showing up in the search on that page.. I searched for config, apache and some others but nothing interesting ever came up.

Surely you don't have to download their "windows only" app to get proper results.

I know I don't plan on infecting my box with whatever trojan it might contain.

Seems a little "'phishy" to me, too. No thanks!

They need the option of entering a google license key like SiteDigger and Wikto does (although this new tool looks nicer and is more recently maintained) so you can submit mass queries without being blocked. Having to stop after every 5-10 queries is annoying when going through thousands.

@Bruce,

Assuming it has not been released a month early and is not a trojan.

Do you no what's under the bonnet?

@Clive

if it's out on GPL then one presumes it can be and has been checked.

We posted about this last week... http://securitymusings.com/article/238/... It seems like a handy toolkit -- best handled with care :)

FWIW, McAfee VirusScan, updated this morning, shows no virus.

It is open source, so as soon as someone cares enough to read the source code we'll find out.

cDc are crazy talented hackers, but they don't distribute viruses. Some AV products may call Goolag malware, but the product itself won't harm your PC - it is just a "hack tool".

I ran this tool, but the Google block techinque is very noising! I hope in the next release CDC will insert a randomization of the time interval to minimize Google confirmation web page requests.

@Roberto Scaccia

yeah i found that too - and wondered if cdc are using it to capture capcha's ;-) but am too lazy to read code

But I am finding it really handy to throw in a domain then go down the list manually running one at a time which seem interesting and (possibly) relevant to the domain. It builds the syntax, sends the query and at that speed doesn't offend google

My Sana Security Primary Response didn't have any issues with the software.

Glad you bitches like my app.

Guillaume: click the "download" link on goolag.org to, well, download, genius.

A word of Caution:
One might end up blocking his/her IP on Google due to high number of automated search queries. It will result in something like this http://sorry.google.com/sorry

The geek shall inherit the truth.
Relevant site:
http://johnny.ihackstuff.com/index.php?...
"Gooscan" for Linux looks interesting:
http://johnny.ihackstuff.com/downloads/...

And the web based GHDB by Gnucitizen is a very useful tool, too (and always up-to-date):

http://www.gnucitizen.org/ghdb/

cDc should try and do something useful for society, like help legalize marijuana

"WHY CULT OF THE DEAD COW WILL PUBLISH CHINESE GOVERNMENT DATA We couldn't care less about these assholes. Any country that props up dictators and practices genocide doesn't catch a break from us."

Bloody hypocrites:

http://en.wikipedia.org/wiki/...

@AndyB:
"cDc are crazy talented hackers, but they don't distribute viruses. "

Not true. Previous cDc distributions have ontained viruses, see e.g.:
http://news.zdnet.com/2100-9595_22-515160.html

It's been done before of course, only not publicly distributed.

I made one myself 2 years ago, It's very easy, just a matter of loading the Google dorks -the attack vectors- into a database, route through a proxy list or Tor and you're done.

It has been done before, and it has been publicly available and it had the same problems of getting blocked by google, which makes it fairly worthless for doing a good amount of scanning, unless you evade their detection. Is there any known way to evade detection logic? Obviously there are probably a lot of complex ways to solve the problem, ut from what I've read it's pretty intelligent.

I've used a few tools that did this and I was always blocked by google after 50 or 100 queries. Some supported using a google API key, but I ran into a wall there too (I can't remember why -- I think google stopped supporting them).

Anyway, there is a chapter on google automation in the book called "Google Hacking for Penetration Testers", by Johnny Long. Page 361 talks about automation tools:

http://books.google.com/books?...

Same answer in a Q/A session:
http://safari.oreilly.com/1931836361/...

@Alex

Google stopped issuing the APIs around the middle of last year, which is why Wikto now bundles Spud for the same functionality.

Wikto with Aura/Spud.

Any GHDB scanner without either an API key or a local proxy to simulate it will earn you some CAPTCHAS real fast...unless you scan extremely slowly, which is functionally useless.

Hm. My ISP's nameserver doesn't know goolag.org anymore, while all others do.