See buying choices for this item to see if it's one of the millions that are eligible for Amazon Prime.

Google Hacking for Penetration Testers, Volume 2 and over 300,000 other books are available for Amazon Kindle � Amazon�s new wireless reading device. Learn more

20 used & new from $21.39

See All Buying Options

Have one to sell? Sell yours here

Share with Friends

Share your own customer images

Search inside this book

Start reading Google Hacking for Penetration Testers, Volume 2 on your Kindle in under a minute. Don�t have a Kindle? Get yours here.

Google Hacking for Penetration Testers, Volume 1 [ILLUSTRATED] (Paperback)

by Johnny Long (Author), Ed Skoudis (Author), Alrik van Eijkelenborg (Author)
Key Phrases: mix with other operators, google hacker, daterange operator, Web Results, Frequently Asked Questions, Solutions Fast Track (more...)

4.4 out of 5 stars See all reviews (25 customer reviews)

Available from these sellers.

8 new from $21.39 12 used from $21.49

Also Available in:	List Price:	Our Price:	Other Offers:
Kindle Edition (Kindle Book)		$29.67
Paperback (1)	$49.95	$32.97	44 used & new from $30.00
Digital (Download: PDF)	$44.95	$44.95

There is a newer edition of this item:

Google Hacking for Penetration Testers, Volume 2 4.4 out of 5 stars (25)
$32.97

In Stock.

What Do Customers Ultimately Buy After Viewing This Item?

	75% buy the item featured on this page: Google Hacking for Penetration Testers, Volume 1 4.4 out of 5 stars (25)
	9% buy Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning 4.9 out of 5 stars (14) $32.97
	6% buy Penetration Tester's Open Source Toolkit, Volume 2 4.5 out of 5 stars (2) $37.77
	5% buy Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition 3.6 out of 5 stars (7) $31.49

Explore similar items

Customers Who Bought This Item Also Bought

No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing

by Johnny Long

4.2 out of 5 stars (8) $32.97

Penetration Tester's Open Source Toolkit, Volume 2

by Chris Hurley

4.5 out of 5 stars (2) $37.77

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

by Dafydd Stuttard

4.9 out of 5 stars (14) $31.50

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

by Gordon Fyodor Lyon

4.9 out of 5 stars (14) $32.97

Hacking: The Art of Exploitation, 2nd Edition

by Jon Erickson

4.3 out of 5 stars (56) $32.97

› Explore similar items

Editorial Reviews

Book Description
Completely updated second edition of Google Hacking for Penetration Testers, which has sold 30,000 copies worldwide! --This text refers to the Paperback edition.

Product Description
"Understanding the adversary mindset is an important element in designing and developing effective protective strategies."—Amit Yoran, Former Director of the National Cyber Security Division, Department of Homeland Security

Explore the Dark Side of Googling

Morph Google from "Directory Assistance Please" into a Rig Mounted Pneumatic Rock Drill See How Bad Guys Use Portscans, CGI Scans, and Web Server Fingerprinting to Stroll in the Back Door of Your Enterprise

Slam the Door on Malicious Google Hacks That Expose Your Organization’s Information Caches, Firewalls, IDS Logs, and Password Databases

"...Google Hacking exposes those with their pants down, so the whole Internet can see their skivvies."—Adrian Lamo, Special Project Editor, The American River Current

Can you guard against Google Hacking? Google’s advanced search capabilities are being used on an increasing basis by some to harvest information from the Web. Sensitive documents, stolen credit card information, even servers behind corporate firewalls can be found using Google searches.

Are you the type of person who needs to know how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more – all without sending a single packet to the target! Then Google Hacking for Penetration Testers is for you. By reverse engineering the techniques of malicious "Google hackers," this book shows security practitioners how to properly protect their servers from this often overlooked and dangerous form of information leakage.

"You can use Google for something other than hacking? I only use Google for finding vulnerable servers."—Tim Mullen, CIO, AnchorIS.com

"This Book Rocks!"—Roelof Temmingh, Technical Director, SensePost (Creators of the Wikto Web Assessment Tool)

Are You Safe? Learn the Queries that Hackers Use:

filetype:lit lit (books|ebooks) Online unprotected e-books!

inurl:root.asp?acs=anon Outlook Web Access Public Folders and the Exchange Address Books!

intitle:"Live View / - AXIS" | inurl:view/view.sht Axis Netcams Live View!

inurl:"ViewerFrame?Mode=" Live Panasonic Network Cameras!

SNC-RZ30 HOME Live Sony NC RZ30 web cameras!

intitle:"toshiba network camera - User Login" Live Toshiba network cameras!

aboutprinter.shtml Xerox printers on the web!

index.of.dcim Digital Camera Photo Dumps!

and hundreds more!

See all Editorial Reviews

Product Details

Paperback: 448 pages
Publisher: Syngress; 1 edition (February 6, 2005)
Language: English
ISBN-10: 1931836361
ISBN-13: 978-1931836364
Product Dimensions: 8.9 x 7 x 1.7 inches
Shipping Weight: 1.5 pounds

Average Customer Review: 4.4 out of 5 stars See all reviews (25 customer reviews)

Amazon.com Sales Rank: #521,578 in Books (See Bestsellers in Books)
Popular in this category: (What's this?)
#72 in Books > Computers & Internet > Microsoft > Web Browsers

Would you like to update product info or give feedback on images?

Front Cover | Table of Contents | First Pages | Index | Surprise Me!

Inside This Book (learn more)

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
mix with other operators, google hacker, daterange operator, login portals, cache banner, professional security testing, hacking forums, filetype operator, internet account manager, google hacking, security tester, cached text, union select name, browsing machine, page scraping, web application security, google api, questions about this chapter, attack libraries, cached link, google server, advanced operators, database dumps, application vulnerabilities, cached page

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Web Results, Frequently Asked Questions, Solutions Fast Track, Google Web, Query Description, Network Query Tool, Ask the Author, Microsoft Access, Name Last, Social Security, Google Hacking Database, Google Local, Lotus Domino, Size Description, Microsoft Word, Sun Cobalt, Internet Explorer, Internet Information Services, Novell Groupwise, Microsoft Excel, Microsoft Outlook Web Access, Red Hat, Xerox Phaser, Business Solutions, Coogle Search

New!
Books on Related Topics | Concordance | Text Stats

Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Surprise Me!

Citations (learn more)

2 books cite this book:

Web Hacker Boot Camp by Gerald Quakenbush on page 57
Hacking Exposed 5th Edition: Network Security Secrets And Solutions by Stuart McClure on page 15

Books on Related Topics (learn more)

Hacking Exposed 5th Edition by Stuart McClure

Discusses:

Google by Sarah Milstein

Discusses:

Professional Web APIs with PHP by Paul Reinheimer

Discusses:

Snort 2.1 Intrusion Detection, Second Edition by Jay Beale

Discusses:

Tags Customers Associate with This Product

(What's this?)

Click on a tag to find related items, discussions, and people.

hacking(3)

google(2)

hack(2)

encryption(1)

hacks(1)

penetration testing(1)

porter(1)

rootkit(1)

See all 15 tags...

Help others find this product — tag it for Amazon search

No one has tagged this product for Amazon search yet. Why not be the first to suggest a search for which it should appear?

Customer Reviews

25 Reviews

5 star:		(15)
4 star:		(8)
3 star:		(0)
2 star:		(1)
1 star:		(1)

Average Customer Review

4.4 out of 5 stars (25 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

47 of 49 people found the following review helpful:

5.0 out of 5 stars Indispensable reference for the dark side of Google searches, March 29, 2005

By	Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews (TOP 500 REVIEWER) (REAL NAME)

While Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.

After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.

In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.

With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.

The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.

Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.

Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.

Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.

A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

21 of 21 people found the following review helpful:

5.0 out of 5 stars The reference to the good, bad and ugly of Googling, April 11, 2005

By	Eric Barna "www.ericbarna.org" (Murphy, TX) - See all my reviews (REAL NAME)

An excellent book dedicated to a seemingly narrow topic. Googling is mainstream, I can't think of one person that has traveled the internet that hasn't stopped by Google.com at least once in their surfing career. Unfortunately, there are hackers that spend a lot of time on Google!

If you are responsible for securing your employer's network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.

Chapters 1-2 provide you with the basics of Googling. There isn't much more information than you can get from Google's website, but Johnny does a great job of explaining the basics of Google.

Chapters 3-10 are the meat of the book. While I've used Google extensively in performing penetration tests before reading this book I've learned many new techniques to dig deeper in less amount of time.

Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you'd rather not have the public see.

Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.

The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.

The author's writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master's level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

24 of 27 people found the following review helpful:

5.0 out of 5 stars Great for stimulating ideas ........., April 2, 2005

By	Stuart Gardner "www.sdgardner.com" (Fair Lawn, NJ) - See all my reviews

I am involved in penetration testing on an occasional basis (my principal role is audit management, my principal interest is systems auditing), per other reviews this is an excellent resource for anyone planning or executing tests.

I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings ...). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.

It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.

Authors writing style is very easy to read yet packed with valuable information.

This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

Share your thoughts with other customers: Create your own review

› See all 25 customer reviews...

Most Recent Customer Reviews

4.0 out of 5 stars New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference.
This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and... Read more

Published 8 months ago by Raul Siles

5.0 out of 5 stars Superb Book, great writing style and plenty of useful examples
While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your... Read more

Published 17 months ago by RP Faber

4.0 out of 5 stars Superior Text
In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. Read more

Published 17 months ago by Garot M. Conklin

4.0 out of 5 stars google, hack, hacking
Very informative book, I've been using some of the knowledge I got in the book to improve my searches as well as to test the security of some of my company's web pages.

Published on January 19, 2007 by Kerrigon Isaacs

4.0 out of 5 stars Great starting Point for New or Intermediate- Reference for advanced
You name it someone may have left it in the wrong place. This text is a good reference for everyone interested in information security and honing their research abilities to a... Read more

Published on November 8, 2006 by Book In Hand

4.0 out of 5 stars got the warm-fuzzy i was looking for...
I work for a Forture 500 company that is upgrading intranet Search capability using Google Appliance. Read more

Published on August 21, 2006 by W. Skowronski

4.0 out of 5 stars Best-of-class book at using the power of Google!
Syngress's "Google Hacking for Penetration Testers" (GHPT) by Johnny Long demonstrates to average Joes the power of Google. Read more

Published on February 25, 2006 by Sean E. Connelly

5.0 out of 5 stars That is a lot of info!!!
It has everything you NEED to learn how to hack w/ using something as simple as Google. i never in my life would have thought you could get that much server info and vuln. Read more

Published on February 20, 2006 by J. Samudio

2.0 out of 5 stars Nothing great about it!
Reconnaissance, reconnaissance, and some more reconnaissance! That is exactly what this book is all about. Read more

Published on February 8, 2006 by A. Chopra

1.0 out of 5 stars Not Impressed
At first glance Google Hacking for Penetration Testers
seems to be full of the kind of information a person new to penetrating testing needs - but soon one will find out... Read more

Published on May 16, 2005 by Cybermark

› See all 25 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jsOnDisplayBlock { display: none; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; }