for Penetration Testers
by Johnny Long
Published by Syngress, 2005
~500 scary pages
First edition out of print,
Following the widely acclaimed Johnny.IHackStuff.com, “Johnny Long” has written a full manual on the ins -and-outs of using Google for hacking or penetration testing websites and web applications. There is lots of advice in here for other Googlies too. If you work your way methodically through this book, patiently trying out the Google queries as you go, you will learn a lot about Google’s search syntax plus the pros and cons of using Google.
After introducing Google’s syntax, the main part of the book follows the conventional sequence of a typical penetration test, starting with the initial identification and exploration of potential targets. Pretty soon, any webmaster reading this book is likely to begin checking out their own website as the power of Google starts to sink in. This is one terrifying book if you are a slightly paranoid information security professional at a major corporation. You’ll soon be turning the pages with a look of shock and fear on your face, gripped by the unfolding horror story. Google Hacking puts the spotlight firmly on those dark places that many security managers fear to tread: firewall, IDS and IPS configurations, security patching practices, web application security ... need I go on?
Most chapters include ‘interesting’ example searches. Queries that expose passwords, credit card numbers and exploitable vulnerabilities are dotted throughout the book. Information security security managers and IT auditors at large corporations are inevitably drawn to check how many of these queries will find sensitive information from their own organizations.
The penultimate chapter outlines some of the techniques to ensure that your organization does not reveal too much to Google, although if you have published sensitive stuff on the Web, the cat is already well and truly out of the bag even if you make the effort to pull it from Google. The final chapter discusses scripts and programs to automate the Google searches - handy if you are a professional penetration tester or busy hacker.
The book is a shining example of how to write a readable and accessible technical book. It uses humor and cynicism to brighten up otherwise potentially tedious information, and is a gripping read for those who appreciate the power (and the implicit threat) of Google.
|Home > Book reviews > Google Hacking >||
Copyright © 2013 IsecT Ltd.