Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[TOOL] Google Hack Honeypot

from [SecuriTeam] Network Security [Permanent Link]
Subject: [TOOL] Google Hack Honeypot
Date: 15 Feb 2005 14:53:38 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Google Hack Honeypot
------------------------------------------------------------------------


SUMMARY



DETAILS

The Google Hack Honeypot (GHH) is a reaction to a new type of malicious 
web traffic: search engine hackers. GHH is designed to provide 
reconaissance against attackers that use search engines as a hacking tool 
against your resources. GHH implements honeypot theory to provide 
additional security to your web presence.  Coded in PHP and released under 
the GNU General Public License - GHH is Free Open Source Software.

Google has developed a powerful tool. The search engine that Google has 
implemented allows for searching on an immense amount of information. The 
Google index has swelled past 8 billion pages [February 2005] and 
continues to grow daily. Mirroring the growth of the Google index, the 
spread of web-based applications such as message boards and remote 
administrative tools has resulted in an increase in the number of 
misconfigured and vulnerable web apps available on the Internet.

These insecure tools, when combined with the power of a search engine and 
index which Google provides, results in a convenient attack vector for 
malicious users. It is in your best interest to be knowledgable of, and 
protect yourself from this threat.

The Google Hack phenomenon has caught the attention of a broad audience.  
While there are many practical uses for Google Hacks, there are also 
devious and possibly harmful uses of the same technology. An emerging 
community of malicous Google Hackers has formed up and a response has 
become necessary.  GHH allows administrators to track malicious hosts: 
observe who is perpetrating the attack and how it is being executed via 
log file. The data generated by this, or any other honeypot can be used to 
deny future access to attackers, notify service providers of attacks 
originating from their networks or act as an input for statistical 
analysis.


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:rmcgeeha@students.depaul.edu> Ryan McGeehan.
The original article can be found at:  
<http://ghh.sourceforge.net/news.htm> http://ghh.sourceforge.net/news.htm
To keep updated with the tool visit the project's homepage at:  
<http://ghh.sourceforge.net/> http://ghh.sourceforge.net/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [TOOL] Google Hack Honeypot, SecuriTeam <=
Previous by Date:  [NT] Microsoft Internet Explorer Multiple Vulnerabilities (Content-Disposition, codebase), SecuriTeam
Next by Date:  [TOOL] Cisco Torch - Mass Cisco Vulnerability Scanner, SecuriTeam
Previous by Thread:  [NT] Microsoft Internet Explorer Multiple Vulnerabilities (Content-Disposition, codebase), SecuriTeam
Next by Thread:  [TOOL] Cisco Torch - Mass Cisco Vulnerability Scanner, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]