Goolag - Automated Google hacking

Yes HT~ Foundstone have a number of tools:

http://www.foundstone.com/us/resources-free-tools.asp :)


I was wondering about the legality of the Google tool in the UK........ not very clear as it happens.............. but we all know how sloppy legislation can be when it comes to anything IT? :(

Article here:

http://www.heise-online.co.uk/securi...eatures/110089

EDIT:

HT~,

Quote:

---

With Goolag you are limited to a couple of queries because Google will then blacklist your IP (since Goolag doesn't use the API Key).

---

What exactly can Google "see" when you run the scan? if it is run against the websites of a particular organisation/group then their recourse would probably be to the ISP?

In fact, I would have thought that the ISP would be more interested than Google, who are only search engine providers in this instance?

In the UK it would seem that recourse would be via the law. Scanning for vulnerabilities without prior permission would seem to be illegal. The question would then be who should be detecting and reporting it?

Google will have difficulty blocking ISPs as a lot of people have dynamic addresses..............I could hardly see them blocking BT, Tiscali and the like, it would be cutting off their noses to spite their faces. Google rely on traffic, and it isn't their problem directly. After all, their tool is doing entirely what it was intended to and is performing totally legally. Hey, its a bit like blaming MS if someone uses Word to write a ransom note, or Ford for getaway cars:D

Then there is the issue of who actually ran the scan............ bots, insecure wifi and so on?

Interesting question though, as it would seem that the two parties who might have an interest, and whose co-operation would be required, don't have any real incentive to do anything about it.

Quote:

---

Originally Posted by nihil

What exactly can Google "see" when you run the scan? if it is run against the websites of a particular organisation/group then their recourse would probably be to the ISP?

In fact, I would have thought that the ISP would be more interested than Google, who are only search engine providers in this instance?

In the UK it would seem that recourse would be via the law. Scanning for vulnerabilities without prior permission would seem to be illegal. The question would then be who should be detecting and reporting it?

Google will have difficulty blocking ISPs as a lot of people have dynamic addresses..............I could hardly see them blocking BT, Tiscali and the like, it would be cutting off their noses to spite their faces. Google rely on traffic, and it isn't their problem directly. After all, their tool is doing entirely what it was intended to and is performing totally legally. Hey, its a bit like blaming MS if someone uses Word to write a ransom note, or Ford for getaway cars:D

Then there is the issue of who actually ran the scan............ bots, insecure wifi and so on?

Interesting question though, as it would seem that the two parties who might have an interest, and whose co-operation would be required, don't have any real incentive to do anything about it.

---

Generally when it involves blocking a service, there's no issue of who ran the scan.... that only comes into play in legal issues. Example... ISPs here regularly disable the accounts of people who are sending mail / running mail servers (whether it be a bot, or someone who accidentally installed sendmail while installing linux).

Anyways... I guess you have to fully understand how a Goolag scan works. Let's say you were using Goolag to check microsoft.com, all the tool does is run a number of queries (called Google Dorks) via google while specifying inurl:microsoft.com. The scans are fast and numerous (unless you only select one or two "dorks") and this triggers a protection in Google that defends against automated scanning... it brings up the Google Captcha. Microsoft will never even know you've selected them to test because no data is sent to Microsoft, all the interaction is between the user and Google.

Now if you've ever used Tor you'll be quite familiar with the Google Captcha as a number of end points frequently require the Google Captcha be solved as spammers and bots use Tor for automated scanning. If you've hit enough different Tor endpoints, you'll start seeing messages regarding the IP you are using being blacklisted. This comes form too many highly automated scans, followed by a solving of the google captcha and repeat.

This is pretty interesting... Seeing as how I recall these people trying to get this script off the ground like 3 years ago, but couldn't due to the breach of google's TOS...