Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New DIY Google Dorks Based Hacking Tool Released

Using Google dorks has become a staple on the list of tactics by attackers to find vulnerable websites and servers. But a new do-it-yourself tool is seeking to make website hacking via Google dorks even easier.

Using Google dorks has become a staple on the list of tactics by attackers to find vulnerable websites and servers. But a new do-it-yourself tool is seeking to make website hacking via Google dorks even easier.

According to security researcher Dancho Danchev, a new version of a popular website hacking tool has been released that offers users the ability to build “hit lists” of vulnerable sites. The tool relies on Google Dorks for reconnaissance and features built-in SQL injection options as well as the ability to add custom exploits. It also includes a proxy aggregation function so that no CAPTCHA challenge is ever displayed to the attacker.

The tool’s licensing comes in a hardware-based ID form. One license costs $10 in Liberty Reserve currency, or $11 in Western Union transfer. The unlimited license doesn’t have a hardware-based ID restriction and costs $20 in Liberty Reserve or $20 in Western Union transfer.

“The tool works both on the desktop as a stand-alone application, but can also be integrated within popular browsers in an attempt to fool the search engines into thinking that it is legitimate traffic,” Danchev wrote on Webroot’s Threat blog. “It can also automatically detect remotely exploitable websites and exploit them entirely based on the preferences set by the malicious attacker using it.”

Search engines such as Google have been leveraged by attackers for years to find both sensitive data and vulnerable targets on the Web. In 2011, researchers at Imperva observed a botnet attack on a popular search engine conducting queries at a rate of up to 81,000 a day in the name of reconnaissance.

“Efficiently abusing hundreds of thousands of websites through search engines reconnaissance is nothing new,” Danchev blogged. “In fact, it’s been an everyday reality since the day market leading search engines started offering advanced search operators to be used.”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.