SiteDIgger v2.0 - making google hacking easy.

Posted by: Digital Geek

SiteDIgger v2.0 - making google hacking easy. - 01/11/05 01:21 PM

Foundstone, a division of McAfee, released SiteDigger v2.0 which is a free tool that searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.

What you need:

1. A copy of SiteDigger v2.0 .

2. You need the Microsoft .NET Framework Version 1.1

3. Your very own Google API Key which can be obtainted by going to http://www.google.com/apis . You can skip step one, and just create an account and after you validate it, you receive an e-mail with the key.

SiteDigger v2.0 comes with two databases. The Foundstone SignatureDatabase (175 signatures) that contains easy to understand signature descriptions and the signatures are broken into categories and the Google Hacking Database (784 signatures) which contains the latest signatures which are not categorized. You can also submit a new signature with your descriptions and comments.

Now, I know that a similar program can be written by anyone with some decent coding skills so this program it's not something amazing and neither is the concept of google hacking and I also know that this tool was designed with security in mind and that is designed to let one know if his website is secure or not and it's for personal use only and can't be used for illegal pourposes, and all that crap that comes in the disclaimer, BUT releasing a free tool that can test in a minute or two any website against almost 1000 possible vulnerabilities can be used to do a lot of damage if it falls in the hands of some lame ass scriptkiddie.

So if you have a website, you'd better get this tool, before they do !
Posted by: Ghost

Re: SiteDIgger v2.0 - making google hacking easy. - 01/12/05 01:22 AM

Sweet. I'm checking this tool out. Nice find DG.
Posted by: Digital Geek

Re: SiteDIgger v2.0 - making google hacking easy. - 01/12/05 02:43 AM

When you use it, if the scan suddenly stops you need to remove the signature that made it stop from the sig list since google is now blocking some of the queries.
Posted by: pergesu

Re: SiteDIgger v2.0 - making google hacking easy. - 01/12/05 02:47 AM

It probably won't be long before most/all of those get blocked, or Google sets a maximum number of queries in a specified amount of time. They don't want tons of people taking advantage of this.

/me has never even heard of Google hacking
Posted by: Yaoiman1

Re: SiteDIgger v2.0 - making google hacking easy. - 05/18/05 12:26 AM

Hey! Thanks! I'm gonna have to check that out!
Posted by: Defcon

Re: SiteDIgger v2.0 - making google hacking easy. - 05/18/05 05:21 AM

Um, talk about bringing up old topics. I don't really see how that contributed to the overall conversation. All-in-all exceptionally bad form.

Since this is your first post, I'd let you slide with a warning.... but then I see that you've basically chosen a nice that screams "flamebait". For those readers not familiar with my brand of ranting, I'll give you a second to think about my point...
.
.
.
Quote:
The word Yaoi (pronounced /jaoi/, sound like "Yah-Oh-ee" rather than "Yow-ee" or "Ya-oy", all three vowels are pronounced) was originally used to refer to fan manga (such as doujinshi) that focused on homosexual relationships between male characters, especially two bishōnen - the manga equivalent of slash.
Compliments of Wikipedia.

Get a life man, jeez
Someone seal up this fucked up repugnant shit