Google Hacking for Penetration Testers

 
 
Syngress (Verlag)
  • 3. Auflage
  • |
  • erschienen am 12. November 2015
  • |
  • 234 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
E-Book | PDF mit Adobe DRM | Systemvoraussetzungen
978-0-12-802982-4 (ISBN)
 

Google is the most popular search engine ever created, but Google's search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web, including social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Third Edition, shows you how security professionals and system administratord manipulate Google to find this sensitive information and 'self-police' their own organizations.

You will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can 'mash up' Google with Facebook, LinkedIn, and more for passive reconnaissance.

This third edition?includes completely updated content throughout and all new hacks such as Google scripting and using Google hacking with other search engines and APIs. Noted author Johnny Long, founder of Hackers for Charity, gives you all the tools you need to conduct the ultimate open source reconnaissance and penetration testing.

  • Third edition of the seminal work on Google hacking
  • Google hacking continues to be a critical phase of reconnaissance in penetration testing and Open Source Intelligence (OSINT)
  • Features cool new hacks such as finding reports generated by security scanners and back-up files, finding sensitive info in WordPress and SSH configuration, and all new chapters on scripting Google hacks for better searches as well as using Google hacking with other search engines and APIs


Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.
  • Englisch
  • USA
Elsevier Science
  • 38,98 MB
978-0-12-802982-4 (9780128029824)
012802982X (012802982X)
weitere Ausgaben werden ermittelt
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Chapter 1 - Google Search Basics
  • Introduction
  • Exploring Google's web-based interface
  • Google's Web Search Page
  • Google Web Results Page
  • Google Groups
  • Google Image Search
  • Google Preferences
  • Language Tools
  • Building Google Queries
  • The Golden Rules of Google Searching
  • Google Queries are not Case Sensitive
  • Google Wildcards
  • Google Reserves the Right to Ignore You
  • 32-Word Limit
  • Basic Searching
  • Using Boolean Operators and Special Characters
  • Search Reduction
  • Working With Google URLs
  • URL Syntax
  • Special Characters
  • Putting the Pieces Together
  • Summary
  • Fast track solutions
  • Exploring Google's Web-Based Interface
  • Building Google Queries
  • Working With Google URLs
  • Links to Sites
  • Platform Tool Location
  • Frequently Asked Questions
  • Chapter 2 - Advanced Operators
  • Introduction
  • Operator syntax
  • Troubleshooting your syntax
  • Introducing Google's advanced operators
  • "Intitle" and "allintitle": search within the title of a page
  • Allintext: locate a string within the text of a page
  • Inurl and allinurl: finding text in a URL
  • Site: narrow search to specific sites
  • Filetype: search for files of a specific type
  • Link: search for links to a page
  • Inanchor: locate text within link text
  • Cache: show the cached version of a page
  • Numrange: search for a number
  • Daterange: search for pages published within a certain date range
  • Info: show Google's summary information
  • Related: show related sites
  • Stocks: search for stock information
  • Define: show the definition of a term
  • Colliding operators and bad search-fu
  • Summary
  • Fast track solutions
  • Links to sites
  • Chapter 3 - Google Hacking Basics
  • Introduction
  • Anonymity with caches
  • Directory listings
  • Locating directory listings
  • Finding specific directories
  • Finding specific files
  • Server versioning
  • Going out on a limb: traversal techniques
  • Directory Traversal
  • Incremental Substitutions
  • Extension Walking
  • Summary
  • Fast track solutions
  • Anonymity With Caches
  • Locating Directory Listings
  • Locating Specific Directories in a Listing
  • Locating Specific Files in a Directory Listing
  • Server Versioning With Directory Listings
  • Directory Traversal
  • Incremental Substitution
  • Extension Walking
  • Chapter 4 - Document Grinding and Database Digging
  • Introduction
  • Configuration files
  • Locating files
  • Log files
  • Office documents
  • Database digging
  • Login portals
  • Support files
  • Error messages
  • Database dumps
  • Actual database files
  • Automated grinding
  • Summary
  • Fast track solutions
  • Configuration Files
  • Log Files
  • Office Documents
  • Database Digging
  • Links to Sites
  • Frequently Asked Questions
  • Chapter 5 - Google's Part in an Information Collection Framework
  • Introduction
  • The principles of automating searches
  • The original search term
  • Expanding search terms
  • Email Addresses
  • Verifying an Email Address
  • Telephone Numbers
  • People
  • Getting Lots of Results
  • More Combinations
  • Using "special" operators
  • Getting the data from the source
  • Scraping it yourself: requesting and receiving responses
  • Scraping it yourself: the butcher shop
  • Using other search engines
  • Parsing the data
  • Parsing Email Addresses
  • Domains and subdomains
  • Telephone numbers
  • Postprocessing
  • Sorting Results by Relevance
  • Beyond Snippets
  • Presenting Results
  • Collecting search terms
  • Spying on Your Own
  • How to Spot a Transparent Proxy
  • Referrals
  • Summary
  • Chapter 6 - Locating Exploits and Finding Targets
  • Introduction
  • Locating exploit code
  • Locating Public Exploit Sites
  • Locating exploits via common code strings
  • Locating vulnerable targets
  • Locating Targets via Vulnerability Disclosures
  • Locating targets via source code
  • Summary
  • Chapter 7 - Ten Simple Security Searches That Work
  • Introduction
  • site
  • iintitle:index.of
  • error | warning
  • login | logon
  • username | userid | employee.ID \ "your username is"
  • password | passcode | "your password is"
  • admin | administrator
  • -ext:html -ext:htm -ext:shtml -ext:asp -ext:php
  • inurl:temp | inurl:tmp | inurl:backup | inurl.bak
  • intranet | help.desk
  • Summary
  • Chapter 8 - Tracking Down Web Servers, Login Portals, and Network Hardware
  • Introduction
  • Locating and profiling Web servers
  • Directory Listings
  • Web Server Software Error Messages
  • Microsoft IIS
  • Apache Web Server
  • Application Software Error Messages
  • Default Pages
  • Default Documentation
  • Locating login portals
  • Using and locating various Web utilities
  • Targeting Web-enabled network devices
  • Locating network reports
  • Locating network hardware
  • Summary
  • Chapter 9 - Usernames, Passwords, and Secret Stuff, Oh My!
  • Introduction
  • Searching for usernames
  • Searching for passwords
  • Searching for credit card numbers, social security numbers, and more
  • Social security numbers
  • Personal financial data
  • Searching for other juicy info
  • Summary
  • Chapter 10 - Hacking Google Services
  • Calendar
  • Signaling alerts
  • Google Co-op
  • Google's Custom Search Engine
  • Chapter 11 - Hacking Google Showcase
  • Introduction
  • Geek stuff
  • Utilities
  • Open network devices
  • Open applications
  • Cameras
  • Telco gear
  • Power
  • Sensitive info
  • Summary
  • Chapter 12 - Protecting Yourself from Google Hackers
  • Introduction
  • A Good Solid Security Policy
  • Web Server Safeguards
  • Directory Listings and Missing Index Files
  • Robots.txt: Preventing Caching
  • NOARCHIVE: The Cache "Killer"
  • NOSNIPPET: Getting Rid of Snippets
  • Password-Protected Mechanisms
  • Software default settings and programs
  • Hacking your own site
  • Site Yourself
  • Wikto
  • Advance dork
  • Getting help from Google
  • Summary
  • Fast Track Solutions
  • A Good, Solid Security Policy
  • Web Server Safeguards
  • Hacking Your Own Site
  • Getting Help from Google
  • Links to sites
  • Subject Index
  • Back Cover

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

51,11 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
PDF mit Adobe DRM
siehe Systemvoraussetzungen
Hinweis: Die Auswahl des von Ihnen gewünschten Dateiformats und des Kopierschutzes erfolgt erst im System des E-Book Anbieters
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok