| | |  | Computer Security | Home » » Google Hacking for Penetration Testers | | | | | | | Product Promotions: | | | | | Description: | | A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.
-Johnny Long
. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more. | | | Product Details: | | | Author:
| Johnny Long | | Paperback:
| 560 pages | | Publisher:
| Syngress | | Publication Date:
| November 02, 2007 | | Language:
| English | | ISBN:
| 1597491764 | | Product Length:
| 9.3 inches | | Product Width:
| 7.56 inches | | Product Height:
| 1.33 inches | | Product Weight:
| 2.45 pounds | | Package Length:
| 9.2 inches | | Package Width:
| 7.5 inches | | Package Height:
| 1.4 inches | | Package Weight:
| 2.45 pounds | | Average Customer Rating:
|  based on 7 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 7 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
8 of 8 found the following review helpful:
New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference.Nov 01, 2008
By Raul Siles
"www.raulsiles.com"
This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.
The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.
Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.
I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.
The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.
The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.
Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.
The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.
The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.
I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.
To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.
At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.
4 of 4 found the following review helpful:
 Time has not been good for this bookFeb 27, 2012
By Anomalophobe
In the (four) years since its publication, this book has suffered "technological attrition" - Google's search engine has changed significantly enough to make the material unusable, and most of the referenced links are either no longer valid or have ceased further development shortly after 2008.
2 of 2 found the following review helpful:
 Superb Book, great writing style and plenty of useful examplesFeb 08, 2008
By RP Faber
"Rob Faber [CISSP, CEH, MCTS, MCSE]"
While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your organization.
The opposite side of Google as a search engine is that a lot of networks and organizations out there have no idea what kind information (classified and potentially dangerous) is presented out on the internet and how data leakage is accomplished that way. This leakage give a significant amounts of password files, confidential information, and configuration data and so on that can be easily found with ingenius queries.
After you read Google Hacking, volume 2, the real power and potential danger of Google is clearly understood. Author Johnny Long does a superb job by presenting insight information on how -not so fiendly - people out there but also penetration testers can use this knowledge and easily harvest information that has been gathered by the Google engine. He's wirting is great and keeps me interested the whole book and besides that he gives away plenty of interesting examples on how to built your own query.
So really worth buying!
Rob Faber , CISSP, CEH, MCTS, MCSE
Sr. Information Security Consultant
The Netherlands
1 of 1 found the following review helpful:
Superior TextFeb 06, 2008
By Garot M. Conklin
In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. I am an internal corporate web application pen tester for a financial institution and will certainly use the techniques described in this text in our next vulnerability assessment. I do have one complaint however in that the corresponding website for the text [...] does not have the code from the book. Overall a great book and a fun read. Highly recommended.
Good readDec 20, 2011
By Cr4$h0v3r1d3
I read the e edition of this book on my android. Its a very interesting read it kind of shows how dark Google can be when used the right way it can get you into areas your not suppose to be. Even though Google looks very straight forward and simple its really not you will just have to read the book to learn the dark secrets of Google search functions. Very interesting I would recommend this to a friend if any were as geeky as me lol.
See all 7 customer reviews on Amazon.com
| | |
|
