Mcafee Inc.s Foundstone professional services group this week will unveil a sophisticated tool designed to help enterprises use Google to discover any sensitive information about the company that might have leaked onto the Internet.
The tool, called SiteDigger 2.0, is an upgrade to a utility program written by Foundstone consultants before McAfee acquired the company last year. SiteDigger takes advantage of the massive amounts of data that Google Inc. has indexed and categorized and lets users uncover any confidential or potentially damaging information thats on the Internet.
SiteDigger contains hundreds of signatures that it uses to identify information-exposure vulnerabilities in several categories. After downloading the free tool, users specify their domain or subdomain and then select a search category: privacy, backup files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities or technology profile. The results can then be exported and viewed in a tabular format.
The tool is a distant cousin of other techniques used by crackers, known as “Google hacking.” These techniques generally include using the public Google site to search for things such as Web-server log-in pages that are exposed to the Internet, public-facing applications with default configurations and other common vulnerabilities. It has become common practice among crackers to use Google as the first step in finding vulnerable target servers.
Google hacking has been used for some time, but the technique began gaining attention last July, following hacker Johnny Longs presentation at the Black Hat conference in Las Vegas. Long showed various techniques for using Google to identify vulnerable servers and to find passwords, user names and other sensitive information. Long, the co-author of a book on Google hacking, maintains a database containing hundreds of entries showing results of various Google searches. The results can be astounding, as in the entries showing servers that return error messages containing users passwords. SiteDigger uses Longs Google Hacking Database as the basis for its searches.
But SiteDigger is aimed squarely at the enterprise market and even has the blessing of Google itself, which granted McAfee a special license to access the sites Web services API for deeper and more accurate searches.
“The Google engineers thought this was an elegant approach,” said Marc Curphey, director of consulting for the Foundstone professional services unit of McAfee, based in Santa Clara, Calif. “Companies are amazed at what we can find with this. It really opens up some eyes when they see the results they get back.”
SiteDigger is built on Microsoft Corp.s .Net Framework using C# and SOAP (Simple Object Access Protocol), and the new version has an updated user interface. Users can download the tool for free from McAfees Web site.
SiteDigger 2.0 features
- Finds sensitive data on Google in seven categories
- Offers more than 900 signatures
- Includes improved GUI