Google Hacking

Google, and other Web search engines, have robots and other automated systems that scour the Internet to catalog every possible piece of data accessible from the Web. Often, the information revealed may provide sensitive or confidential information or provide access to data that should be private. This book will show you how to use Google to perform security penetration tests and find those security holes before the bad guys.

The first couple of chapters are similar to information you would find in O'Reilly's Google: The Missing Manual or Google Hacks. They cover the basic use and syntax for performing searches on Google. Those who have never used Google beyond the basic functionality will get a feel for just how much information can be extracted if you just know the right operators and format for the request.

Beginning in Chapter 3, Long begins to reveal some of the basic Google hacking techniques to uncover information that might be useful in an attack or that can be used to compromise a network.

Long goes on to demonstrate how to perform network mapping using Google and how to hunt for targets and locate exploits to attack them with. There is a chapter on finding web servers and login portals and another for uncovering sensitive information like usernames and passwords.

After providing details for locating database servers and sifting through databases using Google, the book wraps up with some advice to help you fix the holes that you find in your own sites and networks and help to guide you to secure yourself from being Google hacked.

If you are at the book store trying to decide if the book is worth spending $44.95, just flip open to Chapter 7: Ten Simple Security Searches That Work. This chapter alone is probably worth the price of the book.

There are some aspects of security that are core fundamentals that remain true throughout time. Then, there are some aspects of security that are created by new technology. A few years ago, securing wireless networks was unheard of. Now it is at the forefront of many security administrator's concerns. Google is the latest hot technology to create its own security field.

There are other search engines, but Google is the one that has become synonymous with the act of Web searching itself. Google is an excellent tool. But, like many excellent tools, it is also somewhat of a double-edged sword. The same aspects that make it excel at what it does also make it gather sensitive and private information which may be used to compromise systems or gain unauthorized access.

This book is a must-read in my opinion. Network and security administrators should be required to read this book and follow the advice at the end to ensure that Google hackers don't compromise your network.