Interesting, literally for "hackers" in the bad sense of the term. I cannot see how this is useful in a normal day to day fashion other than to find computers/routers that are compromisable. Maybe there is another utility for this? The only one I can imagine right now is to see trends on what is out there in terms of webservers and the versions on them for research papers and the like.
The point comes up a lot that this tool could be misused by script kiddies, so I thought I'd address some of those concerns:
- Search results are limited to 50 hosts (if you're logged in, 10 hosts if you're not). This makes it impractical to use for building a botnet or any kind of large-scale operation.
- I take steps to limit anonymous access (ex. Tor not allowed)
- 'net' and 'country' filter require you to be logged in; makes anonymous systematic scraping much harder
- Users detected of scraping get banned (zero tolerance)
The bottom line: this is a tool for penetration testing and market research, not for script kiddies.
As a network security engineer, it allows me to look at my public-facing IP addresses, and it also gives me an at-a-glance overview for IP address ranges that seem to be attacking me, without the need to fire up nmap, nessus and nikto for a "retaliatory" or "recon" scan.
Just like Johnny Long's GHDB, a list of search operators for Google that reveal sensitive and/or vulnerable services or data, there are both creative/beneficial and malevolent uses for these tools.
