The following tip is one of a series on why and how to perform security scans against your public-facing servers using Google. Return to the main page for the complete list of tips.
There is a variety of tools available to automate and enhance your Google hacking tests. They include:
- Johnny Long's Google Hacking Database (GHDB) provides tons of query samples that you can tweak and use on your own sites and domains.
- Foundstone Inc.'s SiteDigger utilizes Foundstone's own customized Google queries as well as Johnny Long's GHDB to perform automated searches.
Note: Google only allows 1,000 queries per day. This seems like a lot, but it can add up quickly using tools like these.
- Johnny Long's Gooscan for Linux can be used to perform automated command-line Google queries.
- Google Toolbar for Internet Explorer simplifies the querying process by allowing you to enter queries directly without first going to www.google.com. If you're a conscientious objector and prefer using Netscape or Mozilla Firefox, check out the open source Googlebar.
- GooDelete can be used to clear cached Google Toolbar queries that may contain sensitive information that you don't want lying around.
Also, if you're really enthusiastic about Google hacking, your bookshelf shouldn't be without Johnny Long's highly regarded book on this subject Google Hacking for Penetration Testers.
Click for the next tip in this series, Google queries for manual hacking tests, or return to the main page.
About the author: Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic, LLC, where he specializes in information security assessments for those who take security seriously and incident response for those who don't. He is author of the book Hacking For Dummies and co-author of the upcoming book Hacking Wireless For Dummies, both by Wiley Publishing. Send your ethical hacking questions to Kevin today.
This was first published in May 2005