The Cult of the Death Cow team is back with a new toy called Goolag.
One more time, the Google search engine power is diverted to help webmasters to find security breaches in their web site(s). Of course, as a good boy, you will always use Goolag against your own site! Isn’t it? :-] [1]
Goolag is a frontend (today, only available for Windows – via a mirror in Belgium) and uses the well known Google Hacking Database. The source code is also available.
Notice that the tool handle properly the Google scan protections! It allows you to open a browser, enter the captcha and resume the scan!
Let’s make some tests…
[1] If you combine Goolag with Tor, your anonymity will be preserved…