McAfee Releases Google Hacking Tool

Matt O'Conner
SANTA CLARA, Calif. – McAfee’s Foundstone division this week shipped SiteDigger 2.0, a tool that uses Google to automatically search websites for security flaws.

SiteDigger is a free, downloadable program that enables webmasters to be more proactive about keeping their sites safe by uncovering information leaks and vulnerabilities they otherwise might not be aware of.

Google has become a handy tool for many hackers who use the engine’s in-depth search capabilities to pinpoint sites that have easily exploitable security gaps and to find credit card numbers, passwords and other sensitive information companies are unknowingly making available through their sites. For example, the Santy worm recently used Google queries to find and infect vulnerable computers.

SiteDigger mimics techniques commonly used by hackers when sending specific queries to Google’s web database. Once a scan is complete, SiteDigger issues a report detailing potential problems so that webmasters can beat hackers to the punch by fixing them.

The software focuses on seven search categories: privacy, back-up files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities and technology profiles.

While there is a danger that SiteDigger could be used by hackers with malicious intent, Google is guarding against that likelihood by requiring users of the software to sign up with its web services development program.