Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Google Hacking for Penetration Testers, Volume 1 Paperback – Illustrated, February 20, 2005

ISBN-13: 978-1931836364 ISBN-10: 1931836361 Edition: 1st

10 New from $31.85 21 Used from $1.36 1 Collectible from $74.11
Amazon Price New from Used from
Kindle
"Please retry"
Paperback, Illustrated
"Please retry"
$31.85 $1.36

There is a newer edition of this item:

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

NO_CONTENT_IN_FEATURE
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 448 pages
  • Publisher: Syngress; 1 edition (February 20, 2005)
  • Language: English
  • ISBN-10: 1931836361
  • ISBN-13: 978-1931836364
  • Product Dimensions: 7.1 x 1.2 x 9.1 inches
  • Shipping Weight: 1.4 pounds
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (23 customer reviews)
  • Amazon Best Sellers Rank: #367,084 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Customer Reviews

All this being said, this will be a top shelf reference book in my professional library.
Christopher Byrne
This book opens up a whole world of information vulnerability from a tool we use in searching for information, the Google search engine.
Olivia Whiteman
Author Johnny Long details how penetration testers can harvest information that has been crawled by Google.
Ben Rothke

Most Helpful Customer Reviews

53 of 55 people found the following review helpful By Ben Rothke on March 29, 2005
Format: Paperback
While Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.

After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.

In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.

With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
23 of 23 people found the following review helpful By Eric Barna on April 11, 2005
Format: Paperback
An excellent book dedicated to a seemingly narrow topic. Googling is mainstream, I can't think of one person that has traveled the internet that hasn't stopped by Google.com at least once in their surfing career. Unfortunately, there are hackers that spend a lot of time on Google!

If you are responsible for securing your employer's network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.

Chapters 1-2 provide you with the basics of Googling. There isn't much more information than you can get from Google's website, but Johnny does a great job of explaining the basics of Google.

Chapters 3-10 are the meat of the book. While I've used Google extensively in performing penetration tests before reading this book I've learned many new techniques to dig deeper in less amount of time.

Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you'd rather not have the public see.

Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.

The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.

The author's writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master's level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
25 of 28 people found the following review helpful By Stuart Gardner VINE VOICE on April 2, 2005
Format: Paperback Verified Purchase
I am involved in penetration testing on an occasional basis (my principal role is audit management, my principal interest is systems auditing), per other reviews this is an excellent resource for anyone planning or executing tests.

I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings ...). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.

It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.

Authors writing style is very easy to read yet packed with valuable information.

This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
12 of 12 people found the following review helpful By Sean E. Connelly on February 25, 2006
Format: Paperback
Syngress's "Google Hacking for Penetration Testers" (GHPT) by Johnny Long demonstrates to average Joes the power of Google. The author is the authority on how to use Google to recon an intended target. Considering the narrow focus of the subject, the book is able to thoroughly dissect the various tools and weapons Google offers. Certainly, this book is not admitting anything not already known in the hacking world, but the books does provide a valuable asset as a one-stop-shop at using Google.

First and foremost, before scouting a target, you must cover your tracks. GHPT first focuses on anonymity (I was particularly impressed with using Google as a proxy server on page 95). After masking yourself, the book focuses on network mapping, and locating exploitable targets. The book then offers 10 searches to find oodles of information that website owners probably don't want you to have. One chapter is devoted to tips to hunt usernames and passwords. Chapter 12, on automating Google Searches, was particularly valuable to me as I'm an extreme novice at scripting.

The book is written in a very simple, plain-spoken (or, more correctly, plain-written) style. While this book should not be the first book on one's security shelf, the subject cannot be any better defined than this book.

I give this book 4 pings out of 5:

!!!.!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


What Other Items Do Customers Buy After Viewing This Item?