Foundstone, a division of McAfee, released SiteDigger v2.0 which is a free tool that searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.
What you need:
1. A copy of SiteDigger v2.0
2. You need the Microsoft .NET Framework Version 1.1
3. Your very own Google API Key which can be obtainted by going to http://www.google.com/apis
. You can skip step one, and just create an account and after you validate it, you receive an e-mail with the key.
SiteDigger v2.0 comes with two databases. The Foundstone SignatureDatabase (175 signatures) that contains easy to understand signature descriptions and the signatures are broken into categories and the Google Hacking Database (784 signatures) which contains the latest signatures which are not categorized. You can also submit a new signature with your descriptions and comments.
Now, I know that a similar program can be written by anyone with some decent coding skills so this program it's not something amazing and neither is the concept of google hacking and I also know that this tool was designed with security in mind and that is designed to let one know if his website is secure or not and it's for personal use only and can't be used for illegal pourposes, and all that crap that comes in the disclaimer, BUT
releasing a free tool that can test in a minute or two any website against almost 1000 possible vulnerabilities can be used to do a lot of damage if it falls in the hands of some lame ass scriptkiddie.
So if you have a website, you'd better get this tool, before they do !