Google Hacking for Penetration Testers 3rd Ed
Article Index
Google Hacking for Penetration Testers 3rd Ed
Chapters 8 - 12, Conclusion

Author: Johnny Long, Bill Gardner & Justin Brown 
Publisher: Syngress
Pages: 234
ISBN: 978-0128029640
Print: 0128029641
Kindle: B019K7CN2G
Audience: hackers, defenders, curious people
Rating: 4.7
Reviewer: Ian Stirk

With regular breaching of websites/data in the news (e.g. eBay, Three, VTech), this book should be of interest to many.


This book aims to show you what information can be found via Google search queries, much of it never intended for a public audience (e.g. credit card numbers, passwords). The book is targeted at those wanting to protect their sites/data, those wanting to get more out of Google search queries, hackers, and the curious.

Some of the tools are introduced with little discussion, so some degree of IT-awareness is required. Also a few areas require scripting knowledge (typically using perl).

Below is a chapter-by-chapter exploration of the topics covered.

Chapter 1 Google Search Basics

The chapter opens with a look at Google’s deceptively simple interface, being void of clutter and having a single place to enter search criteria. Various related screens are examined, including image search, groups, preferences, language tools, and the results page.

The chapter continues with a look at rules for Google searching, including the use of wildcard characters, and the 32-word search limit. The use of quote marks for exact phrase searching, and Boolean operators for joining/omitting results is discussed with examples. Getting more targeted search results by search reduction is examined.

The chapter ends with a look at the format of the Google URL for submitted queries, where search parameters and their values are separated by an ampersand. Looking at the advanced search page, and submitting a query from it, identifies the names of these search parameters. These can be used subsequently to build your own advanced queries (programmatically).

This chapter provides a useful introduction to the basic functionality available via the Google web page.

The Google groups menu hasn’t appeared on the Google main menu for a while, suggesting the book hasn’t been updated as thoroughly as it might have been. Some of the tools are introduced too abruptly, without sufficient background information for the total beginner.

Useful, well-written discussions, tips, screenshots, practical search examples, inter-chapter links, and website links are given throughout the chapter. A useful summary and a ‘fast track solutions’ section concludes the chapter. These traits apply to the whole of the book.

Chapter 2 Advanced Operators

The chapter opens with a look at the various advanced operators which perform more complex queries.  Combining these operators can help identify the required pages more quickly.

The operators discussed, with helpful examples, include: 

  • intitle and allintitle - search within the title of a page

  • allintext - locate a string within the text of a page

  • inurl and allinurl - finding text in a URL

  • site - narrow search to specific sites

  • filetype - search for files of a specific type

  • define - show the definition of a term

  • daterange - search for pages published within a date range 

Many of these operators can be discovered by submitting a query on the advanced search page, and observing the URL. The chapter continues with a look at advanced operators that do not work well together (typically the various ‘all’ advanced operators).

This chapter provides a helpful introduction to the more advanced operators. These operators, particularly working in combination, can help you quickly identify pages of interest.

Chapter 3 Google Hacking Basics 

This chapter opens with a look at the Google cache, containing older versions of pages, which often reveal useful content not present in the current pages. Google caches the page’s text, if you require images, it gets these from the underlying website. Caches can provide anonymity, if you only need a text version of the page (using &strip=1 in URL), you can inspect a website without any detail being passed to the underlying site. A proxy server can provide additional cover.

The chapter next looks at directory listings, these often appear as boring pages of files and directories. However, with relevant searching, these can reveal useful detail. Identifying these directories, finding specific files and directories, are discussed with examples. Navigating these directories with incremental substitution and extensions (intelligently guessing names of other files) are illustrated. This latter section reminded me of some code I’d once written to do such things programmatically, including identifying hidden website directories – and it was possible to reuse this code later to open any password-protected Word or Excel file (curiosity is a wonderful thing).

This chapter shows how to obtain useful information, much of it not meant for publication, while going undetected. Useful example searches, together with hints for other queries are given.




Chapter 4 Document Grinding and Database Digging 

The chapter opens with a look at configuration files, which can contain interesting information.

Many of these files have known extensions, so can be relatively easy to find. If you know the typical content of a given type of config file, you can target your searching using this text. Similarly, log files can be searched for using a common filetype, and file content. Log files also often contain useful information (IP addresses, userid etc).

The chapter continues in a similar manner, always with useful discussions and examples, looking at Office documents, login portals, error messages, and database files. The chapter ends with a look at programmatically processing the results of your searches, and a sample perl script is discussed.

This chapter provides useful detail on how to garner information from various known files types which can be searched for expected text (e.g.  log files having login details).

Chapter 5 Google's Part in an Information Collection Framework 

The chapter starts with a look at why people hack. Often it seems to be due to an inquisitive nature, or a desire to know something most don’t know. Many groups have a hacking mindset, including policemen and salesmen.

The chapter continues with a discussion on the use of simple scripts to automate the processing of search results (i.e. data mining). An example is provided showing how searching for a given email address might be approached.  As in much of the book, suggestions and inferences are made, so you can follow up with similar approaches. A similar exercise is undertaken for telephone number and people searches. Various page-scraping methods are shown.

Tools briefly discussed include: Telnet, Netcat, and Squid. Additionally, a perl script is provided to extract useful data from the pages returned from Google searches.

This chapter provides a useful overview of automated processes for extracting useful information from Google searches. The examples illustrate how some obtuse thinking can help this creative process. Some interesting tools are introduced, however, more attention should have been spent explaining how the tools (e.g. Netcat) could be used.

Chapter 6 Locating Exploits and Finding Targets 

This chapter starts with a look at zero day exploits, these are vulnerabilities in a software product that have existed since the day it was released. Limiting awareness of these exploits, means they can continues to be exploited, so they are often guarded.

Websites exist that detail various exploits (including day zero ones), and scripts and approaches are provided to identify these (e.g. filetype:c exploit). Page-scraping methods can be applied to this data to extract these site names. Exploits can also be identified by searching for common code strings (e.g. “#include <stdio.h>” usage exploit).

Having identified exploit code, these need to be applied to vulnerable targets. It is often possible to find these targets via public vulnerability pronouncements, by matching the vulnerable product with the “Powered by” search string. Examples can be found in the Google Hacking Database.

This chapter provides a helpful overview on how to use Google to identify exploits, and some methods of identifying vulnerable sites to which that could be targeted.

Chapter 7 Ten Simple Security Searches That Work   

The chapter provides details of 10 common simple Google searches that typically return useful information that can be exploited.

The simple searches, with plenty of useful examples, are: 

  • site

  • intitle:index.of

  • error | warning

  • login | logon

  • username | userid | employee.ID \ "your username is"

  • password | passcode | "your password is"

  • admin | administrator

  • -ext:html -ext:htm -ext:shtml -ext:asp -ext:php

  • inurl:temp | inurl:tmp | inurl:backup | inurl.bak

  • intranet | help.desk 

Running these queries can return information that their owners would prefer you didn’t see. In each example, brief information is provided on how to proceed with the output.

Perhaps this chapter should have been nearer the start of the book, since the query results would give encouragement to potential searchers and hackers. Hacking really can be this simple.


Last Updated ( Tuesday, 05 January 2016 )