Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
February
S M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#879 - 01/11/05 06:21 PM SiteDIgger v2.0 - making google hacking easy.
Joined: Sep 2002
Posts: 553
Digital Geek Offline
UGN Super Poster
Digital Geek Offline
UGN Super Poster

Joined: Sep 2002
Posts: 553
Cluj-Napoca, Romania
Foundstone, a division of McAfee, released SiteDigger v2.0 which is a free tool that searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.

What you need:

1. A copy of SiteDigger v2.0 .

2. You need the Microsoft .NET Framework Version 1.1

3. Your very own Google API Key which can be obtainted by going to http://www.google.com/apis . You can skip step one, and just create an account and after you validate it, you receive an e-mail with the key.

SiteDigger v2.0 comes with two databases. The Foundstone SignatureDatabase (175 signatures) that contains easy to understand signature descriptions and the signatures are broken into categories and the Google Hacking Database (784 signatures) which contains the latest signatures which are not categorized. You can also submit a new signature with your descriptions and comments.

Now, I know that a similar program can be written by anyone with some decent coding skills so this program it's not something amazing and neither is the concept of google hacking and I also know that this tool was designed with security in mind and that is designed to let one know if his website is secure or not and it's for personal use only and can't be used for illegal pourposes, and all that crap that comes in the disclaimer, BUT releasing a free tool that can test in a minute or two any website against almost 1000 possible vulnerabilities can be used to do a lot of damage if it falls in the hands of some lame ass scriptkiddie.

So if you have a website, you'd better get this tool, before they do !

Top
Sponsored Links
#880 - 01/12/05 06:22 AM Re: SiteDIgger v2.0 - making google hacking easy.
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
Sweet. I'm checking this tool out. Nice find DG.

Top
#881 - 01/12/05 07:43 AM Re: SiteDIgger v2.0 - making google hacking easy.
Joined: Sep 2002
Posts: 553
Digital Geek Offline
UGN Super Poster
Digital Geek Offline
UGN Super Poster

Joined: Sep 2002
Posts: 553
Cluj-Napoca, Romania
When you use it, if the scan suddenly stops you need to remove the signature that made it stop from the sig list since google is now blocking some of the queries.

Top
#882 - 01/12/05 07:47 AM Re: SiteDIgger v2.0 - making google hacking easy.
Joined: Mar 2002
Posts: 1,136
pergesu Offline
UGN Elite Poster
pergesu Offline
UGN Elite Poster

Joined: Mar 2002
Posts: 1,136
Pimpin the Colorizzle
It probably won't be long before most/all of those get blocked, or Google sets a maximum number of queries in a specified amount of time. They don't want tons of people taking advantage of this.

/me has never even heard of Google hacking

Top
#883 - 05/18/05 04:26 AM Re: SiteDIgger v2.0 - making google hacking easy.
Joined: Apr 2005
Posts: 1
Yaoiman1 Offline
Junior Member
Yaoiman1 Offline
Junior Member

Joined: Apr 2005
Posts: 1
Tonawanda
Hey! Thanks! I'm gonna have to check that out!

Top
#884 - 05/18/05 09:21 AM Re: SiteDIgger v2.0 - making google hacking easy.
Joined: Mar 2002
Posts: 384
Defcon Offline
Ass Clown
Defcon Offline
Ass Clown

Joined: Mar 2002
Posts: 384
508 or 207
Um, talk about bringing up old topics. I don't really see how that contributed to the overall conversation. All-in-all exceptionally bad form.

Since this is your first post, I'd let you slide with a warning.... but then I see that you've basically chosen a nice that screams "flamebait". For those readers not familiar with my brand of ranting, I'll give you a second to think about my point...
.
.
.
Quote:
The word Yaoi (pronounced /jaoi/, sound like "Yah-Oh-ee" rather than "Yow-ee" or "Ya-oy", all three vowels are pronounced) was originally used to refer to fan manga (such as doujinshi) that focused on homosexual relationships between male characters, especially two bishōnen - the manga equivalent of slash.
Compliments of Wikipedia.

Get a life man, jeez
Someone seal up this fucked up repugnant shit


"Remember how much fun you had shooting spitwads at the teacher in seventh grade? Imagine applying that kind of attitude to actually fucking with Mitsubishi!"
- Jello Biafra
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics43,932
Posts79,106
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 37,095
Gremelin 7,194
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 2 guests and 0 spiders.
Latest News