Product Description

Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don’t realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker’s search.

Product Details

• Amazon Sales Rank: #298018 in Books
• Published on: 2004-12-01
• Released on: 2006-04-06
• Format: Download: PDF
• Binding: Digital
• 529 pages

About the Author
Johnny Long is a clean-living family guy who just so happens to like hacking stuff. Over the past two years, Johnnys most visible focus has been on this Google hacking thing which has served as yet another diversion to a serious (and bill-paying) job as a professional hacker and security researcher for Computer Sciences Corporation. In his spare time, Johnny enjoys making random pirate noises (Yarrrrr!), spending time with his wife and kids, convincing others that acting like a kid is part of his job as a parent, feigning artistic ability with programs like Bryce and Photoshop, pushing all the pretty shiny buttons on them new-fangled Mac computers, and making much-too-serious security types either look at him funny or start laughing uncontrollably. Johnny has written or contributed to several books, including Google Hacking for Penetration Testers from Syngress Publishing, which has secured rave reviews and has lots of pictures.

Customer Reviews

New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference.
This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.

The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.

Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.

I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.

The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.

The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.

Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.

The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.

The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.

I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.

To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.

At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.

Superb Book, great writing style and plenty of useful examples
While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your organization.

The opposite side of Google as a search engine is that a lot of networks and organizations out there have no idea what kind information (classified and potentially dangerous) is presented out on the internet and how data leakage is accomplished that way. This leakage give a significant amounts of password files, confidential information, and configuration data and so on that can be easily found with ingenius queries.

After you read Google Hacking, volume 2, the real power and potential danger of Google is clearly understood. Author Johnny Long does a superb job by presenting insight information on how -not so fiendly - people out there but also penetration testers can use this knowledge and easily harvest information that has been gathered by the Google engine. He's wirting is great and keeps me interested the whole book and besides that he gives away plenty of interesting examples on how to built your own query.

So really worth buying!

Rob Faber , CISSP, CEH, MCTS, MCSE
Sr. Information Security Consultant
The Netherlands

Superior Text
In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. I am an internal corporate web application pen tester for a financial institution and will certainly use the techniques described in this text in our next vulnerability assessment. I do have one complaint however in that the corresponding website for the text [...] does not have the code from the book. Overall a great book and a fun read. Highly recommended.