Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New DIY Google Dorks Based Hacking Tool Released

Using Google dorks has become a staple on the list of tactics by attackers to find vulnerable websites and servers. But a new do-it-yourself tool is seeking to make website hacking via Google dorks even easier.

Using Google dorks has become a staple on the list of tactics by attackers to find vulnerable websites and servers. But a new do-it-yourself tool is seeking to make website hacking via Google dorks even easier.

According to security researcher Dancho Danchev, a new version of a popular website hacking tool has been released that offers users the ability to build “hit lists” of vulnerable sites. The tool relies on Google Dorks for reconnaissance and features built-in SQL injection options as well as the ability to add custom exploits. It also includes a proxy aggregation function so that no CAPTCHA challenge is ever displayed to the attacker.

The tool’s licensing comes in a hardware-based ID form. One license costs $10 in Liberty Reserve currency, or $11 in Western Union transfer. The unlimited license doesn’t have a hardware-based ID restriction and costs $20 in Liberty Reserve or $20 in Western Union transfer.

“The tool works both on the desktop as a stand-alone application, but can also be integrated within popular browsers in an attempt to fool the search engines into thinking that it is legitimate traffic,” Danchev wrote on Webroot’s Threat blog. “It can also automatically detect remotely exploitable websites and exploit them entirely based on the preferences set by the malicious attacker using it.”

Search engines such as Google have been leveraged by attackers for years to find both sensitive data and vulnerable targets on the Web. In 2011, researchers at Imperva observed a botnet attack on a popular search engine conducting queries at a rate of up to 81,000 a day in the name of reconnaissance.

“Efficiently abusing hundreds of thousands of websites through search engines reconnaissance is nothing new,” Danchev blogged. “In fact, it’s been an everyday reality since the day market leading search engines started offering advanced search operators to be used.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.