Google Hacking for Penetration Testers

Front Cover
Syngress, Dec 17, 2004 - Computers - 448 pages
10 Reviews
Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don’t realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker’s search.

Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.

*First book about Google targeting IT professionals and security leaks through web browsing.

*Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black
Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic.

*Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.
 

What people are saying - Write a review

User ratings

5 stars
5
4 stars
3
3 stars
1
2 stars
0
1 star
1

User Review - Flag as inappropriate

PROYECTO GENOCIDIO.
NARCOTRAFICO DE PRESIDENTES.
DENUNCIA EN EL PARLAMENTO VENEZOLANO.
MODELO BANCARIO PERFECTIBLE.
CHAVEZ PAY TO INTELIGENCY AGEN. DICIP CEBIN DIM TO KILL PEOPLE AN RADIATE PEOPLE.
CHAVEZ PAGA A AGENCIAS DE INTELIGENCIA PARA LE PRODUZACAN CANCER A VENEZOLANOS WWW.docs.google.com/open?id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
Kevin M. Sullivan
CHAVEZ PAY TO INTELIGENCY AGEN. DICIP CEBIN DIM TO KILL PEOPLE AN RADIATE PEOPLE.
CHAVEZ PAGA A AGENCIAS DE INTELIGENCIA PARA LE PRODUZACAN CANCER A VENEZOLANOS
WWW.docs.google.com/open?id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
Sintesis de Derecho Canonico: Metodo Sistematico Repertorio de Canones ...
http://books.google.co.ve/books?id=7VCBZ9H9H7MC&printsec=frontcover&dq=DERECHO+CANONICO&hl=es&sa=X&ei=pZLDUKL-LqnF0AHb0YBw#
CHAVEZ PAY TO INTELIGENCY AGEN. DICIP CEBIN DIM TO KILL PEOPLE AN RADIATE PEOPLE. PERFECTIBLE BANCK.
CHAVEZ PAGA A AGENCIAS DE INTELIGENCIA ESPAŅOLAS PARA QUE PRODUZACAN CANCER, VIOLACIONES Y ASESINATOS A VENEZOLANOS. BANCO PERFECTIBLE.
WWW.docs.google.com/open?id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
ROBOS CANONICO DEL REY ESPAŅA, ITALIA, ESPAŅA, SUIZA, INGLATERRA, ALEMANIA, CHINA JAPON Y COREA DEL NORTE.
WWW.docs.google.com/open?id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
CANONIC ROBS SPAINIAN KINGS, ITALY, SPAIN, SUISERLAND, ENGLAND, GERMANY, JAPAN, CINA, NORTH COREA .
CHAVEZ PAY TO RELIGIOUS INTELIGENCY AGEN. DICIP CEBIN DIM TO KILL PEOPLE AN RADIATE PEOPLE. PERFECTIBLE BANCK.CHAVEZ PAGA A AGENCIAS DE INTELIGENCIA ESPAŅOLAS PARA QUE PRODUZACAN CANCER, VIOLACIONES Y ASESINATOS A VENEZOLANOS. BANCO PERFECTIBLE.
CHAVEZ PAGA A AGENCIAS DE INTELIGENCIA ESPAŅOLAS PARA QUE PRODUZACAN CANCER, VIOLACIONES Y ASESINATOS A VENEZOLANOS. BANCO PERFECTIBLE.
Political theorist, and author of a best-selling cookbook, began life as a mercenary soldier and ended it as the head of the Vatican Library.
A papal official under the humanist Pope Pius II, he was a member of the humanist academies of Cardinal Bessarion and Pomponio Leto,
and was twice imprisoned for conspiring against Pope Paul II. Returning to favor under Pope Sixtus IV, he composed his most famous work,
a biographical compendium of the Roman popes from St. Peter down to his own time.
WWW.docs.google.com/open?id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
Robos Canonico DEL REY DE ESPAŅA.
Kanonischen ROBS SPAINIAN KINGS.
Chavez INTELIGENCY AGEN ZAHLEN. DICIP Cebin DIM TO KILL Menschen eine RADIATE PEOPLE. Perfectible BANCK.CHAVEZ PAGA A Agencias DE Inteligencia espaņolas PARA QUE PRODUZACAN KREBS, ASESINATOS VIOLACIONES Y A Venezolanos. BANCO perfectible.
WWW.docs.google.com/open?Id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
Robos Canonico DEL REY DE ESPAŅA.
Kanonieke beroof SPAINIAN KINGS.
CHAVEZ aan INTELIGENCY AGEN. TO KILL DICIP CEBIN DIM mense 'n straal MENSE. PERFECTIBLE BANCK.CHAVEZ paga A agencias DE inteligencia espaņolas PARA QUE PRODUZACAN kanker, VIOLACIONES Y ASESINATOS A VENEZOLANOS. BANCO PERFECTIBLE.
WWW.docs.google.com/open?Id=0B7rdd1w6dkcSamZTX1ZNWWZmVkk
This is the most comprehensive, and most comprehensively chilling, study of modern torture yet written. Darius Rejali, one of the world's leading experts on torture, takes the reader from the late nineteenth century to the aftermath of Abu Ghraib, from slavery and the electric chair to electrotorture in American inner cities, and from French and British colonial prison cells and the Spanish-American War to the fields of Vietnam, the wars of the Middle East, and the new democracies of Latin America and Europe. As Rejali traces the development and application of one torture technique after another in these settings, he reaches startling conclusions. As the twentieth century progressed, he argues, democracies not only tortured, but set the international pace for torture. Dictatorships may have tortured more, and more
 

User Review - Flag as inappropriate

Nice

All 5 reviews »

Contents

Advanced Operators
41
Google Hacking Basics
87
PreAssessment
121
Network Mapping
151
Locating Exploits and Finding Targets
181
Ten Simple Security Searches That Work
203
Tracking Down Web Servers Login Portals and Network Hardware
221
Usernames Passwords and Secret Stuff Oh My
263
Document Grinding and Database Digging
289
Protecting Yourself from Google Hackers
321
Automating Google Searches
363
Professional Security Testing
417
An Introduction to Web Application Security
437
Index
485
Related Titles
504
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page i - Through this site, we've been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only solutions@syngress.com program. Once you have registered, you will enjoy several benefits, including: • Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format.
Page 9 - If you do not find your native language in the pulldown above, you can help Google create it through our Google in Your...
Page ix - Foster holds degrees and certifications in Business, Software Engineering, Management of Information Systems, and numerous computer-related or programming-related concentrations and has attended or conducted research at the Yale School of Business, Harvard University, Capitol College, and the University of Maryland.
Page 27 - Search with all of the words with the exact phrase with at least one of the words | without the words...

References to this book

About the author (2004)

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Bibliographic information