Back in July 2004, I mentioned a whitepaper, "Demystifying Google Hacks," by Debasis Mohanty. The paper outlines several ways in which someone can use a particular search syntax in Google to query for sites that might have known vulnerabilities. The paper is at the first URL below. The Security UPDATE in which I wrote about it is at the second URL below.
http://www.infosecwriters.com/texts.php?op=display&id=191
http://www.windowsitpro.com/Article/ArticleID/43376/43376.html
For example, Google supports query syntax that uses the commands intitle:, inurl:, allinurl:, filetype:, intext:, and more. Google isn't the only search engine that supports this sort of query syntax. MSN Search, AlltheWeb, Yahoo! Search, and others support a similar syntax to varying degrees.
As you know, the Santy worm, which takes advantage of search engine queries to find vulnerable sites, was released around the Christmas holidays. Recently, someone posted a message to a popular techno-gadget-related blog site stating that he'd found a search query that can locate vulnerable Webcams.
If worm writers and other people are using search engines to find vulnerabilities, you might want to try the same techniques to check your own Web sites for vulnerabilities. Instead of typing or pasting query after query into search engines, you can use scripts to store queries and automate the actual querying and result-gathering process. Another solution is to use a tool specifically designed for the task. Foundstone (now a division of McAfee) recently released a new version of its SiteDigger tool (2.0) that automates the process of using Google to scan for vulnerabilities in a given site.
http://www.foundstone.com/resources/proddesc/sitedigger.htm
SiteDigger 2.0 has several added capabilities. Foundstone boasts that it now provides "10 times more results." The tool also has an improved user interface, an expanded Help file, an improved results page, and improvements for signature updates. The company also said that SiteDigger 2.0 produces less false positives, which means it's less prone to alert you to problems that don't really exist. The new tool can also perform raw searches, and as you might expect, it can detect some of the latest vulnerabilities, such as overly exposed Webcams.
SiteDigger requires the Microsoft .NET Framework and also relies on the Google API, so you'll need to obtain the API license key, which is a simple process. More information about how to get the license key can be found at Foundstone's SiteDigger Web page.
I wonder why Foundstone limits SiteDigger to Google queries. I think the tool would be even more useful if the company added support for other major search engines. Nevertheless, it's a useful tool as it stands. Get yourself a copy and check it out.
