
Google Hacking for Penetration Testers
Description
Key Features
Explore Google’s Web-based Interface, build Google queries, and work with Google URLs.
• Use Advanced Operators to Perform Advanced Queries
Combine advanced operators and learn about colliding operators and bad search-fu.
• Learn the Ways of the Google Hacker
See how to use caches for anonymity and review directory listings and traversal techniques.
• Review Document Grinding and Database Digging
See the ways to use Google to locate documents and then search within the documents to locate information.
• Understand Google’s Part in an Information Collection Framework
Learn the principles of automating searches and the applications of data mining.
• Locate Exploits and Finding Targets
Locate exploit code and then vulnerable targets.
• See Ten Simple Security Searches
Learn a few searches that give good results just about every time and are good for a security assessment.
• Track Down Web Servers
Locate and profile web servers, login portals, network hardware and utilities.
• See How Bad Guys Troll for Data
Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.
• Hack Google Services
Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.
Readership
Table of Contents
Instructions for online access
Acknowledgments
Lead Author
Contributing Authors
Chapter 1: Google Searching Basics
Introduction
Exploring Google’s Web-based Interface
Language Tools
Building Google Queries
Working With Google URLs
URL Syntax
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 2: Advanced Operators
Introduction
Operator Syntax
Troubleshooting Your Syntax
Introducing Google’s Advanced Operators
Allintext: Locate a String Within the Text of a Page
Inurl and Allinurl: Finding Text in a URL
Site: Narrow Search to Specific Sites
Filetype: Search for Files of a Specific Type
Link: Search for Links to a Page
Inanchor: Locate Text Within Link Text
Cache: Show the Cached Version of a Page
Numrange: Search for a Number
Daterange: Search for Pages Published Within a Certain Date Range
Info: Show Google’s Summary Information
Related: Show Related Sites
Author: Search Groups for an Author of a Newsgroup Post
Group: Search Group Titles
Insubject: Search Google Groups Subject Lines
Msgid: Locate a Group Post by Message ID
Stocks: Search for Stock Information
Define: Show the Definition of a Term
Phonebook: Search Phone Listings
Colliding Operators and Bad Search-Fu
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 3: Google Hacking Basics
Introduction
Anonymity with Caches
Directory Listings
Locating Directory Listings
Finding Specific Directories
Finding Specific Files
Server Versioning
Going Out on a Limb: Traversal Techniques
Incremental Substitution
Extension Walking
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 4: Document Grinding and Database Digging
Introduction
Configuration Files
Log Files
Office Documents
Database Digging
Login Portals
Support Files
Error Messages
Database Dumps
Actual Database Files
Automated Grinding
Google Desktop Search
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Chapter 5: Google's Part in an Information Collection Framework
Introduction
The Principles of Automating Searches
The Original Search Term
Expanding Search Terms
Getting the Data From the Source
Parsing the Data
Post Processing
Applications of Data Mining
Most Interesting
Collecting Search Terms
On the Web
Spying on Your Own
Honey Words
Referrals
Summary
Chapter 6: Locating Exploits and Finding Targets
Introduction
Locating Exploit Code
Locating Public Exploit Sites
Locating Exploits Via Common Code Strings
Locating Code with Google Code Search
Locating Malware and Executables
Locating Vulnerable Targets
Locating Targets Via Demonstration Pages
Locating Targets Via Source Code
Locating Targets Via CGI Scanning
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7: Ten Simple Security Searches That Work
Introduction
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8: Tracking Down Web Servers, Login Portals, and Network Hardware
Introduction
Locating and Profiling Web Servers
Default Pages
Default Documentation
Sample Programs
Locating Login Portals
Using and Locating Various Web Utilities
Targeting Web-Enabled Network Devices
Locating Various Network Reports
Locating Network Hardware
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9: Usernames, Passwords, and Secret Stuff, Oh My!
Introduction
Searching for Usernames
Searching for Passwords
Searching for Credit Card Numbers, Social Security Numbers, and More
Social Security Numbers
Personal Financial Data
Searching for Other Juicy Info
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10: Hacking Google Services
AJAX Search API
Calendar
Blogger and Google’s Blog Search
Signaling Alerts
Google Co-op
Google Code
Chapter 11: Google Hacking Showcase
Introduction
Geek Stuff
Cameras
Telco Gear
Power
Sensitive Info
Social Security Numbers
Beyond Google
Summary
Chapter 12: Protecting Yourself from Google Hackers
Introduction
A Good, Solid Security Policy
Web Server Safeguards
Hacking Your Own Site
Getting Help from Google
Summary
Solutions Fast Track
Links to Sites
Frequently Asked Questions
Index
Product details
- No. of pages: 560
- Language: English
- Copyright: © Syngress 2007
- Published: November 7, 2007
- Imprint: Syngress
- eBook ISBN: 9780080484266
About the Authors
Johnny Long
Affiliations and Expertise
Bill Gardner
Affiliations and Expertise
Justin Brown
Affiliations and Expertise
Ratings and Reviews
There are currently no reviews for "Google Hacking for Penetration Testers"