Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Hacking for Penetration Testers

Posted by timothy on from the don't-be-naughty dept.

nazarijo (Jose Nazario) writes "A couple of years ago, Johnny Long made a large splash in the press with his Google Hacking. He showed the world at large how easy it is to use Google to sift through mountains of information to discover facts about your adversary they didn't know were public (and would rather were private). Now he's written a book with a few other authors and shows you the kinds of techniques and queries you can do to mine Google for all sorts of information." Read on for the rest of Nazario's review. Google Hacking for Penetration Testers author Johnny Long pages 502 publisher Syngress rating 6/10 reviewer Jose Nazario ISBN 1931836361 summary Use the data stored in Google's database to study your adversary

Google Hacking for Penetration Testers (Google Hacking for short) is Johnny Long and company's tome on the subject of using what is widely considered to be the web's only worthwhile search engine and the myriad of ways that you can get very specific information out of it. Not just for web pages, you can find Excel spreadsheets, Word documents, and all sorts of information that the owners thought was hidden. This is what makes Google hacking, as an activity, so interesting.

The Google Hacking book starts with Google search basics, which is usually way more than most people do in a given week of using Google. With nary a pause, Chapter 2 covers advanced Google search operators, such as exclusions, file types, and restrictions like "inurl:" and "phonebook:". By this point, you should be sufficiently armed to do some serious Google hacking. Together with the skills and the imagination to phrase what it is you're looking for, you can mine the web.

Chapter 3 provides a simple, fast-paced introduction to using Google to do more than find porn and stalk potential mates. You can dig around in sites to find, for example, backup scripts (which may expose database parameters, useful for SQL injections later on) and eve use Google to hide your tracks as a proxy server (note this only partially works).

The next few chapters focus on the Penetration Testers portion of the title. Chapter 4 starts with the preassessment of the target (of your pen-test), including digging around for information left by employees (ie mails that reveal employee lists), information about the company leaked in job postings (which may include technologies used), and all the kind of stuff you want to know before you start knocking around. Chapter 5 shows you how to use Google and a few other sites to map the target. After all, Google's indexed their site, why not use the data they gathered. Chapter 6 has some real meat in it, including how to find vulnerable CGI programs via Google queries (ie looking for formmail.cgi scripts).

Chapter 7, which is described as "Ten Simple Security Searches That Work", is surprisingly succinct and effective. It basically helps you map the restrictions you learned earlier into queries and data to help you penetrate a target's security without ever leaving Google. Chapters 8 and 9 help you understand how to use Google to enumerate what you can about resources and authentication credentials, and Chapter 10 describes how to pull up documents for your perusal, some of which may be real gems.

Chapter 11 is another interesting chapter, where you learn how to use these same techniques on your own site to determine what kinds of exposures you have. This can include private communications, confidential memos, and even internal configuration information. What doesn't get stressed too clearly at all is that some sites don't respect "robots.txt", for example, and will archive pages indefinitely even if they weren't supposed to. As such, even if you are protected from Google you may not be entirely protected. Now is a good time to learn how to use other major search engines.

I liked where Chapter 12 is headed with automated Google searches via the API and page scraping, but I think more could have been done here to show better, more useful code. As it stands, you'll have to expend some more elbow grease to translate a lot of what you learned earlier into a useful tool for yourself (if you want to write your own). The two appendices on "Professional Security Testing" and "An Introduction to Web Application Security" seem out of place, though, and could have been bridged into the whole book much more cleanly.

Overall I'm not as thrilled with this book as I would have liked to have been for a few key reasons. First, I found the presentation of the book, specifically organization, language and screenshot displays, to be only average. The organization of the book itself seems to jump around sometimes, going from recon work to attacks and then back to basic outside recon work. This becomes a burden when you want to refer back to the book to find a useful portion or to understand the progression of an idea.

Secondly, I found the writing to be heavy with all kinds of 'Leet Hacker' types of references, which get old pretty quickly and only drown out useful information. At over 500 pages, you'd think this book was truly bursting at the seams with information, but a lot of it is redundant or hidden under excess fluff.

Finally, a number of the screenshots are full screens when they could have been only pieces of a screen or a window to achieve an improved effect. This matters because the halftone printing process leaves the images blurry, and a large window or screen is blurry at the book's printing resolution. This is something I've found in common between a bunch of Syngress books, and I hope they'll address it shortly by reviewing their screenshot design.

In conclusion, there's nothing too significantly special about Google hacking. With a bit of elbow grease, some example code for the Google API, reading Google's own docs, and some experimentation you can find yourself at the same level you'd be at with the book, and about $40 heavier, too. However, Long and co-authors have assembled a good number of Google methods together, and if you're the kind of person who prefers to get right to productive work with a book, it's probably the best book I've seen on using Google for more than simple searches.

You can purchase Google Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

21 of 142 comments (clear)

  1. Wait for it... by ravenspear · · Score: 5, Funny

    Begin the penetration jokes now.

    1. Re:Wait for it... by TrippTDF · · Score: 4, Funny

      Not with Moderate SafeSearch on...

    2. Re:Wait for it... by KwisatzHaderach · · Score: 2, Funny

      Don't you mean Insert penetration joke here?

  2. Is it just me... by neenbeenbaby · · Score: 3, Funny

    Or did something bad come to mind when the words "Penetration Testers" came on the screen? I was thinking, oh wow, google sure is powerful now. There's a hack for everything!

  3. Wow by Radres · · Score: 4, Insightful

    A review of a book about hacking, without a lengthy diatribe about the misuse of the word "hacking" to precede it. It's as if the reviewer realizes that his target audience has already attained a certain level of proficiency in the technological lexicon.

  4. No secret by Alex+P+Keaton+in+da · · Score: 4, Insightful

    This is no secret- One of the best sources for salespeople to prospect is google. If you type in a company name and title, a lot of times you will find out the name- but not from the company site, from an alumni newsletter or the like. A lot of times you can find password protected lists of professional society rosters too....
    I think the moral here is, if you don't want people looking at it, don't hang it out unprotected.... Unprotected penetration can lead to unexpected dialation... Oh wait, thats health class

    --
    And All I Ask is a Tall Ship And a Star to Steer Her By
  5. Man..... by LordPhantom · · Score: 4, Funny

    .... when I first read this I thought Google was hiring "penetration testers".... they weren't very amused when I called them to apply :`(

  6. Google hidden features by savagedome · · Score: 4, Informative

    http://ask.slashdot.org/article.pl?sid=04/02/20/18 23206&mode=thread&tid=126&tid=133&tid=186&tid=95

    --


    Free XBox, PS2
  7. paperless by 3CRanch · · Score: 3, Funny

    since its a book...what will be the best way to search through it? paperback describing a paperless environment; kinda ironic, wouldnt you think?

  8. dupe by kebes · · Score: 5, Informative

    Okay, let's get the "this is a dupe" comments out of the way. This book (ISBN 1931836361) was already reviewed on slashdot. It seems like it's the same editor (timothy) in both cases. Then again, the two reviews are different, so I suppose it's not an exact duplication?

    Oh, and I found the previous slashdot story by searching "slashdot google hacking for penetration testers" on Google. It's the first hit. Some people may find that ironic.

    1. Re:dupe by MyDixieWrecked · · Score: 2, Interesting

      I bought the book after the first review and it's pretty good, aside from the author's slightly amateur writing skills.

      also, the book is full of hints on social engineering and getting behind closed doors by using google as a tool. It's got examples of how to find people who might be friends based on simple google searches. Pretty interesting stuff, though.

      I dunno how white-hat owning this book would make you, though.

      --



      ...spike
      Ewwwwww, coconut...
  9. hmmm by gelwood · · Score: 3, Informative

    ????

  10. Google Loves This Attention by ZOverLord · · Score: 3, Interesting

    By allowing some of their internals to be more public than other search engines they gain an edge by in most cases having the webmasters who already run Google Ads on their site try and climb there way to the top. If they can't get you to pay for your web site advertising, they can at least make sure you have a way to have their Ads on more top pages of keywords. Hey, what more could you ask for?

    --
    Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com
  11. Google Hacking? by Aminion · · Score: 5, Interesting

    "Google Hacking" isn't a book, it's a web site.

    Those who haven't checked out the site, will find the Google Hacking Database (GHDB) very interesting and somewhat scary. The things people put online and the security of certain systems is mind-boggling.

    1. Re:Google Hacking? by Quirk · · Score: 2, Informative

      Johnny Long did a mini guide to hacking google.

      --
      "Academicians are more likely to share each other's toothbrush than each other's nomenclature."
      Cohen
  12. Re:I do not understand this by ciroknight · · Score: 2, Insightful

    Because, honestly, nobody knows how ubiquitous Google is except for Google. Your number is complete and total rubbish.

    The book, Google Hacking, exists because there's a such thing as "Google Hacking", and google is an accepted English word meaning "to search". If you want to think about it, Google Hacking means exactly the same thing as Search Hacking, which really isn't that different from Search Engine Hacking, especially if you're talking about the internet.

    Semantics aside, Google is a dataheap waiting to be mined. Just about anything you want to know about human patterns dealing with the Internet can be figured out through Google in some way or another, and a lot of patterns that are offline can be assessed as well (Maps? Local? News?).

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  13. Google's REAL source of revenue by Stevix · · Score: 5, Insightful

    When you consider the kind of information this independent group has shown can be found using Google, consider what the engineers at Google who designed the various search systems and web-bots can garner from it, for all we know, the data that can be gleaned from this book may only be a glimpse of the restricted information Google could potentially gather, kept from the web-surfing masses.
    We hear about blackmail cases involving compromised data occuring all the time, and coupled with corperate espionage, a group like google could stand to see far greater profits then mere 'advertising'

    for those preparing to mod me down, consider this:

    Knowledge is Power, and as far as everyone is Conserned, Google is probably at this moment, the source of more human knowlege then has ever been compiled before, all cached on their wonderful servers, and through their extensive knowledge of where any data they may need to see in the future resides.
    Absolute Power corrupts absolutely: in a case where such secret information is availiable, no person or group is every above the incentive to gain from this power, including Google, or if not that, inticed individual employees

    people really need to start analizing the Power Google has over information and take its immense position seriously. at least books like this can only open more light on this growing problem

    1. Re:Google's REAL source of revenue by mwoodman · · Score: 2

      You, sir, are a slight idiot. Please learn to spell, it's distracts the read from your point, which is just another conspiracy theory. Knowledge is only power if you have some way to use it. Yes, google servers have alot of information, but I doubt the 36,000 thousand pages of electricity equations or the 80,000 pages of lists of hotel workers will ever put an innocent man to death. "For all we know," Google simply amasses data. I'd rather support an innovative company and give it the benefit of the doubt because that is an attitude will benefit everyone. No entity like Google will ever have absolute power, and and corruption exists far apart from it's data centers. You are more likely to learn about a businessman by using a little 'social engineering' on the right people than you are at a keyboard. That you assume Google has become sinister shows that, even if someone proved Google was all-pure, you would still be suspicious. This isn't ... logical. And if you're worried about THEM finding your 'dirty big/little secrets' maybe that's an indication you shouldn't have them. To those that would flame me for flaming Stevix, I would ask you to consider what single-mindness does for everyone. I understand the need for public review of private entities. I know corruption exists, but it tends to cause it's own end. I'm only suggestion moderation is the recipe for healthy speculation.

    2. Re:Google's REAL source of revenue by budgenator · · Score: 3, Interesting

      Data, Information and Knowledge are far different things. Data has to be analysed to become Information and information needs to be understood to become Knowedlge. Google is able to and has gathered vast amounts of data, has indexed it, and presents it to us. using google levels the playing field between joe average and the information elites of this world. the data that google has isn't secret, but a lot it would have been with other companies. We may not like what google has collected about us, but what it has was freely available.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
  14. Re:I do not understand this by FunWithHeadlines · · Score: 2
    "Why is there a book google hacking, if they only comprise 36% of the market, and not a book search engine hacking.

    Or did somebody lie on their market penetration percentage test?"

    What are you, under contract from the MSN Search team? The books is Goggle Hacking because in the world of online search there are only two choices that the vast majority of web surfers care about:

    1. Google
    2. Who cares?

  15. Quite a combo by r00k123 · · Score: 4, Funny

    "Hi I'm Johnny Long. Penetration tester."