Google Hacking for Penetration Testers 142
| Google Hacking for Penetration Testers | |
| author | Johnny Long |
| pages | 502 |
| publisher | Syngress |
| rating | 6/10 |
| reviewer | Jose Nazario |
| ISBN | 1931836361 |
| summary | Use the data stored in Google's database to study your adversary |
Google Hacking for Penetration Testers (Google Hacking for short) is Johnny Long and company's tome on the subject of using what is widely considered to be the web's only worthwhile search engine and the myriad of ways that you can get very specific information out of it. Not just for web pages, you can find Excel spreadsheets, Word documents, and all sorts of information that the owners thought was hidden. This is what makes Google hacking, as an activity, so interesting.
The Google Hacking book starts with Google search basics, which is usually way more than most people do in a given week of using Google. With nary a pause, Chapter 2 covers advanced Google search operators, such as exclusions, file types, and restrictions like "inurl:" and "phonebook:". By this point, you should be sufficiently armed to do some serious Google hacking. Together with the skills and the imagination to phrase what it is you're looking for, you can mine the web.
Chapter 3 provides a simple, fast-paced introduction to using Google to do more than find porn and stalk potential mates. You can dig around in sites to find, for example, backup scripts (which may expose database parameters, useful for SQL injections later on) and eve use Google to hide your tracks as a proxy server (note this only partially works).
The next few chapters focus on the Penetration Testers portion of the title. Chapter 4 starts with the preassessment of the target (of your pen-test), including digging around for information left by employees (ie mails that reveal employee lists), information about the company leaked in job postings (which may include technologies used), and all the kind of stuff you want to know before you start knocking around. Chapter 5 shows you how to use Google and a few other sites to map the target. After all, Google's indexed their site, why not use the data they gathered. Chapter 6 has some real meat in it, including how to find vulnerable CGI programs via Google queries (ie looking for formmail.cgi scripts).
Chapter 7, which is described as "Ten Simple Security Searches That Work", is surprisingly succinct and effective. It basically helps you map the restrictions you learned earlier into queries and data to help you penetrate a target's security without ever leaving Google. Chapters 8 and 9 help you understand how to use Google to enumerate what you can about resources and authentication credentials, and Chapter 10 describes how to pull up documents for your perusal, some of which may be real gems.
Chapter 11 is another interesting chapter, where you learn how to use these same techniques on your own site to determine what kinds of exposures you have. This can include private communications, confidential memos, and even internal configuration information. What doesn't get stressed too clearly at all is that some sites don't respect "robots.txt", for example, and will archive pages indefinitely even if they weren't supposed to. As such, even if you are protected from Google you may not be entirely protected. Now is a good time to learn how to use other major search engines.
I liked where Chapter 12 is headed with automated Google searches via the API and page scraping, but I think more could have been done here to show better, more useful code. As it stands, you'll have to expend some more elbow grease to translate a lot of what you learned earlier into a useful tool for yourself (if you want to write your own). The two appendices on "Professional Security Testing" and "An Introduction to Web Application Security" seem out of place, though, and could have been bridged into the whole book much more cleanly.
Overall I'm not as thrilled with this book as I would have liked to have been for a few key reasons. First, I found the presentation of the book, specifically organization, language and screenshot displays, to be only average. The organization of the book itself seems to jump around sometimes, going from recon work to attacks and then back to basic outside recon work. This becomes a burden when you want to refer back to the book to find a useful portion or to understand the progression of an idea.
Secondly, I found the writing to be heavy with all kinds of 'Leet Hacker' types of references, which get old pretty quickly and only drown out useful information. At over 500 pages, you'd think this book was truly bursting at the seams with information, but a lot of it is redundant or hidden under excess fluff.
Finally, a number of the screenshots are full screens when they could have been only pieces of a screen or a window to achieve an improved effect. This matters because the halftone printing process leaves the images blurry, and a large window or screen is blurry at the book's printing resolution. This is something I've found in common between a bunch of Syngress books, and I hope they'll address it shortly by reviewing their screenshot design.
In conclusion, there's nothing too significantly special about Google hacking. With a bit of elbow grease, some example code for the Google API, reading Google's own docs, and some experimentation you can find yourself at the same level you'd be at with the book, and about $40 heavier, too. However, Long and co-authors have assembled a good number of Google methods together, and if you're the kind of person who prefers to get right to productive work with a book, it's probably the best book I've seen on using Google for more than simple searches.
You can purchase Google Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Wait for it... (Score:5, Funny)
Re:Wait for it... (Score:5, Funny)
Bend Over... spell "run" (Score:1)
Johnny 'Long?' Penetration testing? (Score:1, Funny)
Re:Wait for it... (Score:1)
Re:Wait for it... (Score:1)
Re:Wait for it... (Score:2)
Editors: Wan Hung Low, and Sum Yung Boy.
Publisher: Man Hang Low
Re:Wait for it... (Score:2, Funny)
Is it just me... (Score:3, Funny)
It's not just you... (Score:1, Troll)
Re:It's not just you... (Score:1)
Re:It's not just you... (Score:1)
Re:It's not just you... (Score:1)
Re:It's not just you... (Score:2)
(I'm so sorry.. really..)
Re:It's not just you... (Score:1)
Re:It's not just you... (Score:2)
Yup - and do I like Kim Polese - member of the team that created and namer of Java, founder of Marimba, and presently CEO of SpikeSource.
And have you ever seen Dr. Fiorella Terenzi, the astrophysicist? Makes music from radio telescope data.
Or Dr. Clio Cresswell, the Australian mathematician who wrote a book on "Mathematics and Sex"?
Re:It's not just you... (Score:1)
Wow (Score:4, Insightful)
Yeah I know! (Score:1)
Real google hacks involve running at least 1
That is real mens hacking. Or at least using google in leet language mode.
Does anyone think the use of real dictionary terms makes the whole automated human test a bit wea
But he's using "hacking" in the "correct" sense (Score:2)
Re:Penetration testing eh.... (Score:1)
Re:Penetration testing eh.... (Score:2)
Ah, I see you've been to a number of San Francisco sex clubs.
(I personally have not except one evening at the PowerExchange where I got no benefit at all from anyone. Note that the PowerExchange has three floors and a dungeon - the bottom two are hetero, the middle couples only, the top for gay men. Check it out next time you're in town. Pick your floor.)
Re:Penetration testing eh.... (Score:2)
Here [bbc.co.uk] is the test device.
No secret (Score:5, Insightful)
I think the moral here is, if you don't want people looking at it, don't hang it out unprotected.... Unprotected penetration can lead to unexpected dialation... Oh wait, thats health class
Re:No secret (Score:2)
Re:No secret (Score:1)
Man..... (Score:4, Funny)
Re:Man..... (Score:1, Funny)
Re:Man..... (Score:2)
Google hidden features (Score:5, Informative)
This is also interesting (Score:1, Insightful)
John Scmidt
johnschmidt.dk
paperless (Score:3, Funny)
Just wait (Score:2)
I do not understand this (Score:2, Troll)
Or did somebody lie on their market penetration percentage test?
Anyway, being pretty googlable myself, I know it also takes a lot of determination to get to all the data. So technique is one, sheer determination stays necessary (google speeds up the proces a lot though)
Re:I do not understand this (Score:3, Insightful)
The book, Google Hacking, exists because there's a such thing as "Google Hacking", and google is an accepted English word meaning "to search". If you want to think about it, Google Hacking means exactly the same thing as Search Hacking, which really isn't that different from Search Engine Hacking, especially if you're talking about the internet.
Semantics aside, Google is a dataheap wai
Re:I do not understand this (Score:3)
Or did somebody lie on their market penetration percentage test?"
What are you, under contract from the MSN Search team? The books is Goggle Hacking because in the world of online search there are only two choices that the vast majority of web surfers care about:
1. Google
2. Who cares?
Re:I do not understand this (Score:2)
And how would somebody from MSN get through the rigourous background checks before you can aquire a
Re:I do not understand this (Score:2)
Re:I do not understand this (Score:2)
Too bad they immediately jacked up the price by 400% and left all the security holes in...
Updated stats (Score:2)
"Google's ability to beat MSN in unveiling maps, new search and e-mail functions has helped boost its market share. Google now has 55 percent of the market for search queries, up from 47 percent a year ago, according to Internet researcher ComScore Networks Inc. "
So I would say Google is becoming ever more dominant.
dupe (Score:5, Informative)
Oh, and I found the previous slashdot story by searching "slashdot google hacking for penetration testers" on Google. It's the first hit. Some people may find that ironic.
Re:dupe (Score:1, Offtopic)
Re:dupe (Score:1)
Don't 'cha think?
Re:dupe (Score:2)
Re:dupe (Score:2)
Re:dupe (Score:1)
Re:dupe (Score:2)
Re:dupe (Score:1)
Well, who woulda thought...it figures.
Re:dupe (Score:3, Interesting)
also, the book is full of hints on social engineering and getting behind closed doors by using google as a tool. It's got examples of how to find people who might be friends based on simple google searches. Pretty interesting stuff, though.
I dunno how white-hat owning this book would make you, though.
hmmm (Score:3, Informative)
Only on slashdot... (Score:2, Redundant)
A headline with the word "penetration" is just bound to be the "butt" of jokes.
No no no, it's not "bound", it's "begging" to be the butt of jokes!
Re:Only on slashdot... (Score:2)
Google Loves This Attention (Score:3, Interesting)
Google Hacking? (Score:5, Interesting)
Those who haven't checked out the site, will find the Google Hacking Database (GHDB) [ihackstuff.com] very interesting and somewhat scary. The things people put online and the security of certain systems is mind-boggling.
Re:Google Hacking? (Score:1)
Actually, it's both.
The Book [amazon.com]
The website [ihackstuff.com]
Like it said in the review, they called the book "Google Hacking" for short.
Re:Google Hacking? (Score:1, Funny)
----------------------
Hi.
Normally, my site is here, but we're getting pounded with traffic so the site has curled up into the fetal position until things cool down.
Please check back later!
Thanks,
j0hnny
Re:Google Hacking? (Score:1, Funny)
Re:Google Hacking? (Score:3, Informative)
Re:Google Hacking? (Score:2)
Re:Google Hacking? (Score:2)
Eh...
Not so scary, really.
I figure the man already has my street address and phone number and stuff. What's the big deal?
People are always telling me: "You are putting your info online! You are gunna be in big trouble, Mister!"
I chalk it up to Vanity Fear. [usemod.com] "I'm so important/beautiful, my powerful enemies/obsessive stalkers can't have my (street address, phone number, email address.)"
Philip Greenspun [greenspun.com] has had his cell p [greenspun.com]
Re:Google Hacking? (Score:1)
You mean there's more than porn online? (Score:1, Funny)
But that means I have to take time out of my porn-finding!
Google's REAL source of revenue (Score:5, Insightful)
We hear about blackmail cases involving compromised data occuring all the time, and coupled with corperate espionage, a group like google could stand to see far greater profits then mere 'advertising'
for those preparing to mod me down, consider this:
Knowledge is Power, and as far as everyone is Conserned, Google is probably at this moment, the source of more human knowlege then has ever been compiled before, all cached on their wonderful servers, and through their extensive knowledge of where any data they may need to see in the future resides.
Absolute Power corrupts absolutely: in a case where such secret information is availiable, no person or group is every above the incentive to gain from this power, including Google, or if not that, inticed individual employees
people really need to start analizing the Power Google has over information and take its immense position seriously. at least books like this can only open more light on this growing problem
Re:Google's REAL source of revenue (Score:2)
Re:Google's REAL source of revenue (Score:1)
Re:Google's REAL source of revenue (Score:1)
Re:Google's REAL source of revenue (Score:4, Interesting)
Mod Up (Score:1)
I believe Joseph S. Nye put down the 3 different types of information in the information age:
1. flows of data such as news or statistics
2. information used for advantage in competitive situations. That is analysed information or intelligence and;
so what i'm seeing.... (Score:1)
"How hard is this to do"? (Score:1, Informative)
So I wanted to find credit card numbers
Here's hoping this book will wake up a few dim bulbs thinking their credit card numbers are safe - or merchants thinking that t
readable as a URL? (Score:1)
Anyone else find it interesting... (Score:1, Redundant)
Coincidence... I think not.
Re:Moby Dick was a Sperm Whale (Score:1)
Compulsory Slashdot Dupe Reference (Score:1)
Dupe Post - Sorry! (Score:1)
So how long... (Score:1)
Re:So how long... (Score:1)
Quite a combo (Score:4, Funny)
Defcon (Score:2)
Johnny Long will be giving a talk about it at Defcon in Las Vegas this weekend. Go!
Google Hacking For Penetration Testers [defcon.org]
Another review (Score:1)
NSFW (Score:2)
Re:fp (Score:1)
Re:fp (Score:1)
Technical Manuals (Score:2)
And is their stock overpriced and highly bubblized and have they lost track of their original focus to the point where I might expect
Re:Close the italics tag. (Score:1)
Re:Save Money (Score:2)
Here's a cruft-free link that won't make you wonder if you're being used. And yes, the price is the same:
http://www.amazon.com/exec/obidos/tg/detail/-/1931 836361/ [amazon.com]