Google Hacking for Penetration Testers

By

  • Johnny Long, A Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author who lurks at his website (http://johnny.ihackstuff.com) and is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need them
  • Bill Gardner, Bill Gardner OSCP, i-Net+, Security+, Asst. Prof. at Marshall University
  • Justin Brown, Information Security Professional at One Worlds Lab

This book helps people find sensitive information on the Web.Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Google’s search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers Volume 2 shows the art of manipulating Google used by security professionals and system administrators to find this sensitive information and “self-police” their own organizations.Readers will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with MySpace, LinkedIn, and more for passive reconaissance.
View full description

Audience

Security professionals, system administrators, and power users using Google’s powerful, and at times complex, search features to find sensitive information that should *NOT* be publicly available on the Web.

 

Book information

  • Published: April 2011
  • Imprint: SYNGRESS
  • ISBN: 978-0-08-048426-6


Table of Contents

Why Bother w/Google for an Assessment
Advanced Operators
Google Hacking Basics
Pre-Assessment
Mapping the Target Network
Locating Exploits and Finding Targets
10 Simple searches
Tracking Down Web Servers, Login Portals and Network Hardware
Usernames, Passwords and Other Secret Stuff
Document Grinding and Database Digging
Protecting Yourself From Google Hackers
Programming Google Searches