Blackhat Arsenal 2012 Releases: Tenacious Diggity – New Google Hacking Diggity Suite Tools
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. This project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems.
New tools released at Arsenal:
- AlertDiggityDB – For several years, we’ve collected vulnerability details and sensitive information disclosures from thousands of real-time RSS feeds setup to monitor Google, Bing, SHODAN, and various other search engines. We consolidated this information into a single database, the AlertDiggityDB, forming the largest consolidated repository of live vulnerabilities on the Internet. Now it’s available to you.
- Diggity Dashboard – An executive dashboard of all of our vulnerability data collected from search engines. Customize charts and graphs to create tailored views of the data, giving you the insight necessary to secure your own systems. This web portal provides users with direct access to the most current version of the AlertDiggityDB.
- Bing Hacking Database (BHDB) 2.0 – Exploiting recent API changes and undocumented features within Bing, we’ve been able to completely overcome the previous Bing hacking limitations to create an entirely new BHDB that will make Bing hacking just as effective as Google hacking (if not more so) for uncovering vulnerabilities and data leaks on the web. This also will include an entirely new SharePoint Bing Hacking database, containing attack strings targeting Microsoft SharePoint deployments via Bing.
- NotInMyBackYardDiggity – Don’t be the last to know if LulzSec or Anonymous post data dumps of your company’s passwords on PasteBin.com, or if a reckless employee shares an Excel spreadsheet with all of your customer data on a public website. This tool leverages both Google and Bing, and comes with pre-built queries that make it easy for users to find sensitive data leaks related to their organizations that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for organizations that have sensitive data leaks on domains they don’t control or operate.
- PortScanDiggity – How would you like to get Google to do your port scanning for you? Using undocumented functionality within Google, we’ve been able to turn Google into an extremely effective network port scanning tool. You can provide domains, hostnames, and even IP address ranges to scan in order to identify open ports ranging across all 65,535 TCP ports. An additional benefit is that this port scanning is completely passive – no need to directly communicate with target networks since Google has already performed the scanning for you.
- Combine Google/Bing hacking and data loss prevention (DLP) scanning on a massive scale, made possible via the power of cloud computing. Chuck Norris approved.
- CodeSearchDiggity-Cloud Edition – Google recently shut down Code Search in favor of focusing on Google+, putting “more wood behind fewer arrows”. I suppose we could have let the matter go, and let CodeSearchDiggity die, but that would be the mature thing to do. Instead, we are harnessing the power of the cloud to keep the dream alive – i.e. performing source code security analysis of nearly every single open source code project in existence, simultaneously.
- BingBinaryMalwareSearch (BBMS) – According to the Verizon 2012 DBIR, malware was used to compromise a staggering 95% of all records breached for 2011. BBMS allows users to proactively track down and block sites distributing malware executables on the web. The tool leverages Bing, which indexes executable files, to find malware based on executable file signatures (e.g. “Time Stamp Date:”, “Size of Code:”, and “Entry Point:”).
- Diggity IDS – Redesigned intrusion detection system (IDS) for search engine hacking. Will still leverage the wealth of information provided by the various Diggity Alert RSS feeds, but will also make more granular data slicing and dicing possible through new and improved client tools. Also includes the frequently requested SMS/email alerting capabilities, making it easier than ever for users to keep tabs on their vulnerability exposure via search engines.
Next ToolsTube with GoogleDiggity Crew