Google Hacking for Penetration Testers, Volume 2 | Johnny Long

Google Hacking for Penetration Testers, Volume 2 | Johnny Long | Great starting Point for New or Intermediate- Reference for advanced

books:

Google Hacking for...

	Google Hacking for Penetration Testers, Volume 2 Johnny Long Syngress, 2007 - 448 pages average customer review:based on 25 reviews view larger image
	for more information click here

highly recommended

A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.
-Johnny Long

. Learn Google Searching Basics
Explore Google's Web-based Interface, build Google queries, and work with Google URLs.
. Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
. Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
. Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
. Understand Google's Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
. Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
. See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
. Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
. See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
. Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

for more information click here

Superb Book, great writing style and plenty of useful examples

While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your organization.

The opposite side of Google as a search engine is that a lot of networks and organizations out there have no idea what kind information (classified and potentially dangerous) is presented out on the internet and how data leakage is accomplished that way. This leakage give a significant amounts of password files, confidential information, and configuration data and so on that can be easily found with ingenius queries.

After you read Google Hacking, volume 2, the real power and potential danger of Google is clearly understood. Author Johnny Long does a superb job by presenting insight information on how -not so fiendly - people out there but also penetration testers can use this knowledge and easily harvest information that has been gathered by the Google engine. He's wirting is great and keeps me interested the whole book and besides that he gives away plenty of interesting examples on how to built your own query.

So really worth buying!

Rob Faber , CISSP, CEH, MCTS, MCSE
Sr. Information Security Consultant
The Netherlands

for more information click here

Great starting Point for New or Intermediate- Reference for advanced

You name it someone may have left it in the wrong place. This text is a good reference for everyone interested in information security and honing their research abilities to a razor's edge. As Obijan says "know your target- get inside of his mind." Experts might scoff, but a handy reference. I use it to nail airline miles, among other things...in all honesty I have found some wild things using the standard techniques- really you need a guide on unraveling people's stupidity or, if you are feeling rather viscious lay a trap and hook it with cheese that has unexpected side effects. Fun for the whole family!

for more information click here

Superior Text

In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. I am an internal corporate web application pen tester for a financial institution and will certainly use the techniques described in this text in our next vulnerability assessment. I do have one complaint however in that the corresponding website for the text [...] does not have the code from the book. Overall a great book and a fun read. Highly recommended.

New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference.

This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.

The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.

Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.

I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.

The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.

The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.

Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.

The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.

The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.

I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.

To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.

At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.

for more information click here

google, hack, hacking

Very informative book, I've been using some of the knowledge I got in the book to improve my searches as well as to test the security of some of my company's web pages.

reviews: page 1, 2, 3, 4, 5

products you might be interested in