Foundstone SiteDigger 2.0: Identifying Information Leakage Using Search Engines

Overview

Recently, growing attention of hacking with Google, known as "Google hacking" has emerged and lists of signatures continue to appear on security sites in an intriguing game of cunning. People are developing new ways to use the limited functionality of search engines and their vast banks of seemingly unlimited data to unveil security flaws that can have a significant impact to businesses. So exactly how do you use search engines to find security vulnerabilities in web sites? This paper explains some of the techniques and shows some examples using Google. It also introduces SiteDigger 2.0, a free Windows tool that automates Google security queries to the Google web service API.