Comments

sehlat March 4, 2008 1:18 PM

Downloaded the installer and scanned it before running. ZoneAlarm reports it’s got a virus.

coquimbo March 4, 2008 1:22 PM

Yeah, seems a little suspicious that they want all the big websites to download the app and install it. Can anybody confirm that it’s malware?

tom March 4, 2008 1:47 PM

So it probably won’t be long until KZ-hacker is being released? Who gives his software such a stupid name? Or is it there intention to turn the internet into a gulag (pronounced goolag)?

Guillaume Theoret March 4, 2008 1:52 PM

I don’t understand what’s supposed to be showing up in the search on that page.. I searched for config, apache and some others but nothing interesting ever came up.

Surely you don’t have to download their “windows only” app to get proper results.

I know I don’t plan on infecting my box with whatever trojan it might contain.

Josh March 4, 2008 2:01 PM

They need the option of entering a google license key like SiteDigger and Wikto does (although this new tool looks nicer and is more recently maintained) so you can submit mass queries without being blocked. Having to stop after every 5-10 queries is annoying when going through thousands.

Clive Robinson March 4, 2008 2:25 PM

@Bruce,

Assuming it has not been released a month early and is not a trojan.

Do you no what’s under the bonnet?

AndyB March 4, 2008 4:43 PM

It is open source, so as soon as someone cares enough to read the source code we’ll find out.

cDc are crazy talented hackers, but they don’t distribute viruses. Some AV products may call Goolag malware, but the product itself won’t harm your PC – it is just a “hack tool”.

Roberto Scaccia March 4, 2008 5:25 PM

I ran this tool, but the Google block techinque is very noising! I hope in the next release CDC will insert a randomization of the time interval to minimize Google confirmation web page requests.

Anonymous March 4, 2008 6:31 PM

@Roberto Scaccia

yeah i found that too – and wondered if cdc are using it to capture capcha’s 😉 but am too lazy to read code

But I am finding it really handy to throw in a domain then go down the list manually running one at a time which seem interesting and (possibly) relevant to the domain. It builds the syntax, sends the query and at that speed doesn’t offend google

Mark in CA March 4, 2008 7:20 PM

My Sana Security Primary Response didn’t have any issues with the software.

Krass Katt March 4, 2008 9:11 PM

Glad you bitches like my app.

Guillaume: click the “download” link on goolag.org to, well, download, genius.

big bud good March 5, 2008 2:54 AM

cDc should try and do something useful for society, like help legalize marijuana

Ronald van den Heetkamp March 5, 2008 6:34 AM

It’s been done before of course, only not publicly distributed.

I made one myself 2 years ago, It’s very easy, just a matter of loading the Google dorks -the attack vectors- into a database, route through a proxy list or Tor and you’re done.

Alex Lauerman March 5, 2008 12:00 PM

It has been done before, and it has been publicly available and it had the same problems of getting blocked by google, which makes it fairly worthless for doing a good amount of scanning, unless you evade their detection. Is there any known way to evade detection logic? Obviously there are probably a lot of complex ways to solve the problem, ut from what I’ve read it’s pretty intelligent.

I’ve used a few tools that did this and I was always blocked by google after 50 or 100 queries. Some supported using a google API key, but I ran into a wall there too (I can’t remember why — I think google stopped supporting them).

Anyway, there is a chapter on google automation in the book called “Google Hacking for Penetration Testers”, by Johnny Long. Page 361 talks about automation tools:

http://books.google.com/books?id=fKsc9NwsNpMC&pg=PA361&lpg=PA361&dq=google+hacking+automation&source=web&ots=faGMFyrDMt&sig=XoKGZHoZrw89w5UrWQF9bjaKDMg&hl=en

Same answer in a Q/A session:
http://safari.oreilly.com/1931836361/syn1931836361-CHP-11-SECT-9

chris l March 5, 2008 12:32 PM

@Alex

Google stopped issuing the APIs around the middle of last year, which is why Wikto now bundles Spud for the same functionality.

Eponymous March 5, 2008 7:03 PM

Wikto with Aura/Spud.

Any GHDB scanner without either an API key or a local proxy to simulate it will earn you some CAPTCHAS real fast…unless you scan extremely slowly, which is functionally useless.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.