Notorious hacking group Cult of the Dead Cow (cDc) has created a tool which makes use of Google to find vulnerabilities in websites.

"It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," said Cult of the Dead Cow spokesperson Oxblood Ruffin, in a statement on the site.

"We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large website, I'd be downloading this beast and aiming it at my site yesterday."

The Soviet-themed tool, Goolag, has its own website at www.goolag.org. The Goolag scanner was tested by the group on random targets and unveiled worrying results. The Goolag Scanner was coded by a hacker whose alias is Johnny I Hack Stuff.

Oxblood Ruffin has allegedly provided InformationWeek with a list of 11 high-profile U.S. government agency and lab Web sites that had been scanned and found to have what appear to be significant security holes, the publication reports.

The Goolag Scanner is a stand-alone Windows .Net application, licensed under the open source GNU General Public License. The tool provides about 1,500 customized Google searches under categories such as "vulnerable servers," "sensitive online shopping information," and "files containing juicy information."

In early 2006, the cDc launched the "Goolag," a protest campaign in response to the search leader's decision to comply with China's Internet censorship policy and censor search results in the Chinese version of its search engine. The same year, the group described Microsoft, Yahoo!, Google and Cisco as the "Gang of Four" due to their respective policies of compliance with the Chinese government's Internet policies.