With Google hacks being used to find everything from customer credit card information to security logs detailing problems in corporate infrastructure, companies need to find these holes themselves and close them before the bad guys find them.
Luckily for those who arent adept at Google hacking, Foundstone has made available a free tool, SiteDigger 1.0, that makes it possible for companies to quickly find out if there are any resources or data that have been exposed through the Google search engine.
Google hacks work because this popular, capable search engine indexes everything it finds. Often, this is information that a company didnt realize was exposed, including default administration interfaces, terminal access, security analysis logs and even private customer data. Hackers have been able to use common strings and signatures to search for this information through Google.
To use SiteDigger, which runs on Windows XP, I signed up for a Google account and requested a Google API license, which made it possible for SiteDigger to use Google directly as a Web service. From there, I simply entered my site domain and chose the problem signatures I wanted to test against.
SiteDigger returned results listing the problems it found, although, currently, it will show only the first problem it discovers for each signature.
New Google attacks are found all the time, and SiteDigger signatures can be easily updated.
For more information, go to www.foundstone.com/resources/s3i_tools.htm.