SiteDigger Hunts for Google Hacks

By Jim Rapoza  |  Posted 2004-08-16 Print this article Print

The free SiteDigger 1.0 tool allows companies to quickly find out if there are any resources or data that have been exposed through the Google search engine.

With Google hacks being used to find everything from customer credit card information to security logs detailing problems in corporate infrastructure, companies need to find these holes themselves and close them before the bad guys find them.

Luckily for those who arent adept at Google hacking, Foundstone has made available a free tool, SiteDigger 1.0, that makes it possible for companies to quickly find out if there are any resources or data that have been exposed through the Google search engine.

Google hacks work because this popular, capable search engine indexes everything it finds. Often, this is information that a company didnt realize was exposed, including default administration interfaces, terminal access, security analysis logs and even private customer data. Hackers have been able to use common strings and signatures to search for this information through Google.

Click here to read more about Google hacks. To use SiteDigger, which runs on Windows XP, I signed up for a Google account and requested a Google API license, which made it possible for SiteDigger to use Google directly as a Web service. From there, I simply entered my site domain and chose the problem signatures I wanted to test against.

SiteDigger returned results listing the problems it found, although, currently, it will show only the first problem it discovers for each signature.

New Google attacks are found all the time, and SiteDigger signatures can be easily updated.

For more information, go to

Check out eWEEK.coms Security Center at for the latest security news, reviews and analysis.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel