, CdC's new web data auditing tool, launches

Oxblood Ruffin shares word that Cult of the Dead Cow just launched a large-scale scanner project,

SECURITY ADVISORY: The following program may screw a large Internet search engine and make the Web a safer place.

LUBBOCK, TX, February 20th – Today CULT OF THE DEAD COW (cDc), the world’s most attractive hacker group, announced the release of Goolag Scanner, a Web auditing tool. Goolag Scanner enables everyone to audit his or her own Web site via Google. The scanner technology is based on “Google hacking”, a form of vulnerability research developed by Johnny I Hack Stuff. He’s a lovely fellow. Go buy him a drink.

“It’s no big secret that the Web is the platform”, said cDc spokesmodel, Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a big Web site, I’d be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious.”

Goolag Scanner will be released open source under the GNU Affero General Public license. It is dedicated to the memory of Wau Holland, founder of the Chaos Computer Club, and a true champion of privacy rights and social justice.


GoolagScan is a standalone windows GUI based application.

* Configuration. gS uses one xml-based configuration file for its settings.

* Data-House-holding. All dorks coming with the distribution of gS are kept inside one file.


  1. Thanks for this Xeni. I’ll pass it on.

    I’m more impressed with Johnny I Hack Stuff all the time. I’ve read some of his writing about social hacking from his new book and been impressed. Even more impressive is the work that he and his wife have been doing in Uganda. Proceeds from his new book go to Africa. You want hackers? Check out his co-author!!!

    No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing by Johnny Long and Kevin D. Mitnick (Paperback – Feb 21, 2008)

  2. Be careful where you point this thing. I’ve already gotten in trouble with a university and two of the places I worked for testing the security of the machines I was using on their networks.. Apparently it is a punishable crime to aggressively poke and prod the various interfaces of a network address… who knew?

Comments are closed.