Google is the most popular search engine ever created, but Google’s search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web, including social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Third Edition, shows you how security professionals and system administratord manipulate Google to find this sensitive information and "self-police" their own organizations.
You will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with Facebook, LinkedIn, and more for passive reconnaissance.
This third editionincludes completely updated content throughout and all new hacks such as Google scripting and using Google hacking with other search engines and APIs. Noted author Johnny Long, founder of Hackers for Charity, gives you all the tools you need to conduct the ultimate open source reconnaissance and penetration testing.
- Third edition of the seminal work on Google hacking
- Google hacking continues to be a critical phase of reconnaissance in penetration testing and Open Source Intelligence (OSINT)
- Features cool new hacks such as finding reports generated by security scanners and back-up files, finding sensitive info in WordPress and SSH configuration, and all new chapters on scripting Google hacks for better searches as well as using Google hacking with other search engines and APIs
|Product dimensions:||7.40(w) x 9.10(h) x 0.50(d)|
About the Author
Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.Bill Gardner is an Assistant Professor at Marshall University, where he teaches information security and foundational technology courses in the Department of Integrated Science and Technology. He is also President and Principal Security Consultant at BlackRock Consulting. In addition, Bill is Vice President and Information Security Chair at the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement officers and information security practitioners in the private sector. Prior to joining the faculty at Marshall, Bill co-founded the Hack3rCon convention, and co-founded 304blogs, and he continues to serve as Vice President of 304Geeks. In addition, Bill is a founding member of the Security Awareness Training Framework, which will be a prime target audience for this book.Justin Brown (@spridel11) is an Information Assurance Analyst at a large financial institution. Previously, Justin worked for as a consultant specializing in Open Source Intelligence. Through Google Hacking and dorks Justin has uncovered numerous troves of information leaks regarding his clients. Justin can usually be found at conferences volunteering with Hackers for Charity.
Read an Excerpt
Google Hacking FOR PENETRATION TESTERS VOLUME 2
By Johnny Long
Syngress Publishing, Inc.Copyright © 2008 Elsevier, Inc.
All right reserved.
Chapter OneGoogle Searching Basics
Solutions in this chapter:
* Exploring Google's Web-based Interface * Building Google Queries * Working With Google URLs [
Google's Web interface is unmistakable. Its "look and feel" is copyright-protected, and for good reason. It is clean and simple. What most people fail to realize is that the interface is also extremely powerful. Throughout this book, we will see how you can use Google to uncover truly amazing things. However, as in most things in life, before you can run, you must learn to walk.
This chapter takes a look at the basics of Google searching. We begin by exploring the powerful Web-based interface that has made Google a household word. Even the most advanced Google users still rely on the Web-based interface for the majority of their day-today queries. Once we understand how to navigate and interpret the results from the various interfaces, we will explore basic search techniques.
Understanding basic search techniques will help us build a firm foundation on which to base more advanced queries. You will learn how to properly use the Boolean operators (AND, NOT, and OR) as well as exploring the power and flexibility of grouping searches. We will also learn Google's unique implementation of several different wildcard characters.
Finally, you will learn the syntax of Google's Uniform Resource Locator (URL) structure. Learning the ins and outs of the Google URL will give you access to greater speed and flexibility when submitting a series of related Google searches. We will see that the Google URL structure provides an excellent "shorthand" for exchanging interesting searches with friends and colleagues.
Exploring Google's Web-based Interface
Google's Web Search Page
The main Google Web page, shown in Figure 1.1, can be found at www.google.com. The interface is known for its clean lines, pleasingly uncluttered feel, and friendly interface. Although the interface might seem relatively featureless at first glance, we will see that many different search functions can be performed right from this first page.
As shown in Figure 1.1, there's only one place to type. This is the search field. In order to ask Google a question or query, you simply type what you're looking for and either press Enter (if your browser supports it) or click the Google Search button to be taken to the results page for your query.
The links at the top of the screen (Web, Images, Video, and so on) open the other search areas shown in Table 1.1. The basic search functionality of each section is the same: each search area of the Google Web interface has different capabilities and accepts different search operators, as we will see in Chapter 2. For example, the author operator works well in Google Groups, but may fail in other search areas. Table 1.1 outlines the functionality of each distinct area of the main Google Web page.
Google Web Results Page
After it processes a search query, Google displays a results page. The results page, shown in Figure 1.2, lists the results of your search and provides links to the Web pages that contain your search text.
The top part of the search result page mimics the main Web search page. Notice the Images, Video, News, Maps, and Gmail links at the top of the page. By clicking these links from a search page, you automatically resubmit your search as another type of search, without having to retype your query.
The results line shows which results are displayed (1-10, in this case), the approximate total number of matches (here, over eight million), the search query itself (including links to dictionary lookups of individual words), and the amount of time the query took to execute. The speed of the query is often overlooked, but it is quite impressive. Even large queries resulting in millions of hits are returned within a fraction of a second!
For each entry on the results page, Google lists the name of the site, a summary of the site (usually the first few lines of content), the UR.L of the page that matched, the size and date the page was last crawled, a cached link that shows the page as it appeared when Google last crawled it, and a link to pages with similar content. If the result page is written in a language other than your native language and Google supports the translation from that language into yours (set in the preferences screen), a link titled Translate this page will appear, allowing you to read an approximation of that page in your own language (see Figure 1.3).
Due to the surge in popularity of Web-based discussion forums, blogs, mailing lists, and instant-messaging technologies, USENET newsgroups, the oldest of public discussion forums, have become an overlooked form of online public discussion. Thousands of users still post to USENET on a daily basis. A thorough discussion about what USENET encompasses can be found at www.faqs.org/faqs/usenet/what-is/partl/. DejaNews (www.deja.com) was once considered the authoritative collection point for all past and present newsgroup messages until Google acquired deja.com in February 2001 (see www.google.com/press/pressrel/pressrelease48.html). This acquisition gave users the ability to search the entire archive of USENET messages posted since 1995 via the simple, straightforward Google search interface. Google refers to USENET groups as Google Groups. Today, Internet users around the globe turn to Google Groups for general discussion and problem solving. It is very common for Information Technology (IT) practitioners to turn to Google's Groups section for answers to all sorts of technology-related issues. The old USENET community still thrives and flourishes behind the sleek interface of the Google Groups search engine.
The Google Groups search can be accessed by clicking the Groups tab of the main Google Web page or by surfing to http://groups.google.com.The search interface (shown in Figure 1.4) looks quite a bit different from other Google search pages, yet the search capabilities operate in much the same way. The major difference between the Groups search page and the Web search page lies in the newsgroup browsing links.
Entering a search term into the entry field and clicking the Search button whisks you away to the Groups search results page, which is very similar to the Web search results page.
Google Image Search
The Google Image search feature allows you to search (at the time of this writing) over a billion graphic files that match your search criteria. Google will attempt to locate your search terms in the image filename, in the image caption, in the text surrounding the image, and in other undisclosed locations, to return a somewhat "de-duplicated" list of images that match your search criteria. The Google Image search operates identically to the Web search, with the exception of a few of the advanced search terms, which we will discuss in the next chapter. The search results page is also slightly different, as you can see in Figure 1.5.
The page header looks familiar, but contains a few additions unique to the search results page. The Moderate SafeSearch link below the search field allows you to enable or disable images that may be sexually explicit. The Showing dropdown box (located in the Results line) allows you to narrow image results by size. Below the header, each matching image is shown in a thumbnail view with the original resolution and size followed by the name of the site that hosts the image.
You can access the Preferences page by clicking the Preferences link from any Google search page or by browsing to www.google.com/preferences. These options primarily pertain to language and locality settings, as shown in Figure 1.6.
The Interface Language option describes the language that Google will use when printing tips and informational messages. In addition, this setting controls the language of text printed on Google's navigation items, such as buttons and links. Google assumes that the language you select here is your native language and will "speak" to you in this language whenever possible. Setting this option is not the same as using the translation features of Google (discussed in the following section). Web pages written in French will still appear in French, regardless of what you select here.
To get an idea of how Google's Web pages would be altered by a change in the interface language, take a look at Figure 1.7 to see Google's main page rendered in "hacker speak." In addition to changing this setting on the preferences screen, you can access all the language-specific Google interfaces directly from the Language Tools screen at www.google.com/ language_tools.
Even though the main Google Web page is now rendered in "hacker speak," Google is still searching for Web pages written in any language. If you are interested in locating Web pages that are written in a particular language, modify the Search Language setting on the Google preferences page. By default, Google will always try to locate Web pages written in any language.
The preferences screen also allows you to modify other search parameters, as shown in Figure 1.8.
SafeSearch Filtering blocks explicit sexual content from appearing in Web searches. Although this is a welcome option for day-to-day Web searching, this option should be disabled when you're performing searches as part of a vulnerability assessment. If sexually explicit content exists on a Web site whose primary content is not sexual in nature, the existence of this material may be of interest to the site owner.
The Number of Results setting describes how many results are displayed on each search result page. This option is highly subjective, based on your tastes and Internet connection speed. However, you may quickly discover that the default setting of 10 hits per page is simply not enough. If you're on a relatively fast connection, you should consider setting this to 100, the maximum number of results per page.
When checked, the Results Window setting opens search results in a new browser window. This setting is subjective based on your personal tastes. Checking or unchecking this option should have no ill effects unless your browser (or other software) detects the new window as a pop-up advertisement and blocks it. If you notice that your Google results pages are not displaying after you click the Search button, you might want to uncheck this setting in your Google preferences.
As noted at the bottom of this page, these changes won't stick unless you have enabled cookies in your browser.
The Language Tools screen, accessed from the main Google page, offers several different utilities for locating and translating Web pages written in different languages. If you rarely search for Web pages written in other languages, it can become cumbersome to modify your preferences before performing this type of search. The first portion of the Language Tools screen (shown in Figure 1.9) allows you to perform a quick search for documents written in other languages as well as documents located in other countries.
The Language Tools screen also includes a utility that performs basic translation services. The translation form (shown in Figure 1.10) allows you to paste a block of text from the clipboard or supply a Web address to a page that Google will translate into a variety of languages.
In addition to the translation options available from this screen, Google integrates translation options into the search results page, as we will see in more detail. The translation options available from the search results page are based on the language options that are set from the Preferences screen shown in Figure 1.6. In other words, if your interface language is set to English and a Web page listed in a search result is French, Google will give you the option to translate that page into your native language, English. The list of available language translations is shown in Figure 1.11.
Building Google Queries
Google query building is a process. There's really no such thing as an incorrect search. It's entirely possible to create an ineffective search, but with the explosive growth of the Internet and the size of Google's cache, a query that's inefficient today may just provide good results tomorrow—or next month or next year. The idea behind effective Google searching is to get a firm grasp on the basic syntax and then to get a good grasp of effective narrowing techniques. Learning the Google query syntax is the easy part. Learning to effectively narrow searches can take quite a bit of time and requires a bit of practice. Eventually, you'll get a feel for it, and it will become second nature to find the needle in the haystack.
Excerpted from Google Hacking FOR PENETRATION TESTERS VOLUME 2 by Johnny Long Copyright © 2008 by Elsevier, Inc.. Excerpted by permission of Syngress Publishing, Inc.. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
Chapter 1 Google Searching Basics Chapter 2 Advanced Operators Chapter 3 Google Hacking Basics – The new location of the GHDB Chapter 4 Document Grinding and Database Digging – Finding Reports Generated By Security Scanners and Back-Up Files Chapter 5 Google’s Part in an Information Collection Framework Chapter 6 Locating Exploits and Finding Targets Chapter 7 Ten Simple Security Searches That Work Chapter 8 Tracking Down Web Servers, Login Portals, and Network Hardware - Finding Sensitive WordPress and SSH Configuration Chapter 9 Usernames, Passwords, and Secret Stuff, Oh My! – Finding GitHub, SQL, Gmail, Facebook, and other Passwords Chapter 10 Hacking Google Services Chapter 11 Google Hacking Showcase Chapter 12 Protecting Yourself from Google Hackers Chapter 13 Scripting Google Hacking For Better Searching Chapter 14 Using Google Hacking with Other Web Search Engines and APIs