Review: Google Hacking for Penetration Testers, Third Edition
Authors: Johnny Long, Bill Gardner, Justin Brown.
The Internet can be a great source of information, and Google Search can help you find what you’re looking for. Knowing how to “hack” Google Search and the company’s services to unearth helpful information for executing cyber attacks and intrusions is a great skill for both hackers and penetration testers to have.
About the authors
Johnny Long is the founder of Hackers For Charity, an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.
Bill Gardner is an Assistant Professor at Marshall University, where he teaches information security and foundational technology courses in the Department of Integrated Science and Technology. He is also President and Principal Security Consultant at BlackRock Consulting.
Justin Brown is an Information Assurance Analyst at a large financial institution. Previously, he worked for as a consultant specializing in Open Source Intelligence.
Inside the book
The book consists of 12 chapters. The first one introduces Google Search basics, the second advanced operators that are used to perform more advanced queries, and the third teaches you Google hacking basics.
The following ones show techniques for automating searches, finding documents, searching databases, locating exploits and targets, web servers, login portals, usernames and passwords, credit card and Social Security numbers, online apps, cameras, power systems, etc.
A chapter is dedicated to hacking Google services, and another to hacking Google Showcase. Finally, the last chapter will help you protect yourself and your assets from Google hackers.
This is the third edition of the book. I didn’t read the previous ones, but this one is extremely helpful – I must assume the previous ones were, too, as the book got a third edition.
There is the occasional joke that made me guffaw, but in general, the book is very straightforward and the authors go through the subjects relentlessly. Granted, there is a lot – a lot! – to take in.
Luckily, the authors have a knack for explaining things simply and well, with concrete examples, and that is what sells this book to me.
Some of the chapters end with “fast track solutions” – one-sentence “summaries” of the most important things in the chapter – which great for reviewing and keeping things in mind. Links to sites and FAQ sections are also provided.
I usually go through the summaries first, to decide what interests me the most so that I could go through that first. If you’re wondering if this book is for you, you might do the same.
This book should be a required read for system administrators and infosec pros in general, as it gives a sobering overview of what type of information that should not be publicly available can be found online – if you know how to look for it.
As the authors noted, learning to use Google search effectively boils down to learning the basic Google query synax, and then learning effective narrowing techniques. The former is relatively easy to do, but the latter requires more time and more practice.
Those users who want to harness Google’s capabilities to perform searches that are, effectively, considerably out of and more complex than the norm will have to do a lot of learning – and this book is a good place to start.