— (minus) operator, 19—20 I | (pipe symbol), 20, 374 + (plus) operator, 19 ? (question mark), 25 " (quotation mark), 16,18 I # sign (crosshatch), 325 0day (zero-day) exploits, 182 10-word limit, 16—17 80/20 rule, 157—158
A
Access badges, 143 Access database, 475 Account, creating, 369—371 Active Server Page (ASP) dumps, 238—239 Actual security, 425—427 Address, masking, 167 Address books, 280 Addresses, e-mail, locating, 312—315 admin | administrator searches, 210—212
Advanced Groups Search link, 8 Advanced Search link, 4 Advertisements, pop-up, 12 Advisories, 186—187,190 AIM (AOL Instant Messenger) buddy
lists, 283 Alarm, 429
allintext operator, 43, 49—50, 77 allintitle operator, 43, 48—49L
allinurl operator, 43, 51—52, 78
Alt. group links, 8
AltaVista, operators in, 85—86
Amazon "wish lists," 142
AND operator, 18—19, 374
Anomaly, 426—427
Anonymity via caches, 88—95
AOL Instant Messenger (AIM) buddy lists, 283
Apache Web servers default settings, 330 default Web pages, 242—244 documentation, default, 247 error messages, 229—238 error-page titles, 236—237 securing, 360
server tag, disabling, 261—262 versions, 105—108 API. see Application Programming
Interface (API) Apple Gooscan, 333 Appliance, Google, 334 Application Programming Interface (API)
account, creating, 369—371 C implementation, 397—405 C# implementation, 393—397 filter parameter, 372 license keys, 128, 348, 369 limitations, 376—377 Perl implementation, 386—390, 406—411
Python implementation, 390—393 sample code, 377—383 search parameters, 371—372 search requests, 375—376 search responses, 376—377
using, 158—159 Application security. see Web
application security (Web app sec)
as_... variables, 28—29
ASP. see Active Server Page (ASP)
Assessments
external blind, 152
physical, 143
preassessment information-gathering techniques, 122
tools, 238 Asterisks (*), 15, 17 Athena tool
checking exposure, 361
configuration files, 345—348
description, 343—345
Web site, 359 Attack libraries, 384—386 Attacks, client-side, 459—462 Auditing organizations, government, 420
Authentication, 264, 428, 442
Authentication forms, 328
author operator, 66—69
Authors, searching, 66—69,164—166
Auto-googling black-hat, 368 C implementation, 397—405 C# implementation, 393—397 Perl implementation, 386—390, 406—411
Python implementation, 390—393
hite-hat, 375—377 Automated grinding, 312—315 Automated trolling for e-mail, 128—134
Automatic URL removal, 355—356
Automation libraries, 384—386 Axis StorPoint servers, locating, 172
B
Backup files, 111—114,119 Badges, access, 143 Bars, 145 Base searches, 22
Belkin Cable/DSL routers, locating, 172
Bi-directional link extractor (BiLE)
program, 161—164 "Big iron" targets, 159 BiLE (Bi-directional link extractor)
program, 161—164 Biz. group links, 8 Black-hat auto-googling, 368 BlackHat, 2003,154,160 Blind security assessment, 152 Blogs, 140
Boolean operators, 18, 43, 58
Bots. see Crawlers
bphonebook operator, 73
Buddy lists, AOL Instant Messenger
(AIM), 283 Built-in cameras, 145 Business phone numbers, searching
for, 72—73
C
C code file extension (.c), 182—183 C implementation of API, 397—405 C# implementation of API, 393—397 Cache anonymity via, 88—95
banners, 89
headers, 94—95
preventing, 325—327
viewing via cut and paste, 93—94 cache operator, 62—63 Cached sites, searching, 62—63 Cameras, built-in, 145 Case sensitivity, 14—15 CGI scanning, 197—199,201,
406—411 Characters
hexadecimal codes, 26
special, 26, 43 Chat log files, 280 Cisco products, locating, 172 Client-side attacks, 459—462 Code sample, 377—383 Code strings, common, 184—186 Coffee shops, 144 Colliding operators, 75 Colons ignored, 191 Combining advanced operators, 43, 75—76
Command injection, 301, 308,
442—443, 471—474, 484 Command-line browsers, 156—157 Comments, HTML, 447—448 Common code strings, 184—186 Comp. group links, 8 Company intranets, 124 Concern, 426 Confidentiality, 428 Configuration files
description, 291
finding, 292—295
httpd.conf, 231, 261—262, 325
search examples, 295—297
support files, 304
Connections, logging, 88—89 Constraints of search-engine hacking,
443—445 Contact, nonconfrontational, 143 Contact list files, 283 Continuity, 429
Conversion to HTML or text, 56—58 Cook, Norman, 326 Cookies, 4, 456, 458, 468—471 count parameter for Gooscan, 337 Crackers, password, 273 Crawlers
guarding against, 323
instructions for, 325
META line, 327—328
robots.txt files, 325—326, 360, 445—446
user-agent field, 325 Crawling, 155—156 Crawling, disabling, 119
Credit-card numbers, searching for,
276—278 Criteria for searches, 365—1305 Cross-site framing, 460 Cross-site scripting (XSS), 461—462,
466—468 Crosshatch (# sign), 325 CubeCart, 189
Cut-and-paste viewing of cache,
93—94 CuteNews, 190—193
D
Data networks channel, 423 Databases database files, 310—311
dumps, 309—310
enumerating, 471, 475—477
error messages, 306—308
information leaks, 319
login portals, 302—304
support files, 304—306 daterange operator, 64—65 Dates, Julian, 64 Dates within a range, searching,
64—65 Debugging scripts, 304 Default documentation, 246—248 Default programs, 249—250 Default settings, 330 Default Web pages
Apache Web servers, 242—244
Internet Information Server (IIS), 244—245
Netscape servers, 245
use of, 241 define operator, 72 Definitions of terms, 72 DejaNews. see Newsgroups DejaNews (deja.com), 6—7 Delis, 144—145
Demonstration pages, 187—189 Diners, 144—145 Directory listings
description, 99—100
disabling, 324—325
files, finding, 102—103
FTP log files, 446—447
"Index of," 100—102
locating, 100—102
missing index files, 324—325
preventing caching, 325—327
robots.txt files, 325—327, 360, 445—446
server tag, 223—225 Disabling directory listings, 324—325 Disclosure of information, 443 dns-mine.pl script, 158—159, 377—383 Document Object Model (DOM),
465—466 Documentation, default, 246—248 DOM ( JavaScript Document Object
Model), 465—466 Domains
determination, 154—155
finding, 155—156
name formation, 152
searching, 52—54 Dumps
Active Server Page (ASP), 239 databases, 309—310 see also tcpdump command Dumps of databases, 309—310
E
E-mail
addresses, locating, 137—138, 312—315
folders, personal, 135
lists, Web-based, 141
relationships, 139—140
trolling, automated, 128—134 eBay phishing, 278 employee.lD | "your username is"
searches, 209 Employment postings, 126 Enumerating databases, 471, 475—477 error | warning searches, 206—207 Error messages
Active Server Page (ASP), 238—239
Apache Web server, 229—238 applications', 238—241 databases, 306—308 finding, 225—229 Google, 44—45
Internet Information Server (IIS),
225—229 page titles, Apache, 236—237 page titles, IIS, 227—228 Web application security (Web app
sec), 448
Escaping from literal expressions,
463—468 Ethereal packet sniffer, 456—457 Ethical hacking methodology, 420 Eudora, 134 Excessive metadata, 319 Expanding (stemming ), 15, 23 Explicit sexual content, 11 Exploit code, locating
common code strings, 184—186
public sites, 182—183 Exploits
description, 182 Exposure, 426
Exposure, checking, 360—361 Extensions. see File extensions External blind security assessment, 152
—ext:html —ext:htm —ext:shtml —ext:asp —ext:php searches, 212—216
F
File extensions C code (.c), 182—183 erroneous, 449—451
financial programs, 280 list of, 54—55 scripts, 330 searching, 54—58
Structured Query Language (SQL), 310
top 20, 213
top 25, 55—56
walking, 111—114
Web source for, 318 File names
finding in directory listings, 102—103
searching for, 267
variations of, 119 File types. see File extensions filetype arguments, ORing, 295 filetype operator, 54—58,111 filetype search type for Gooscan, 336 filetype.gs file for Gooscan, 337—338 FILExt database, 56 Filling stations, 145 Filter parameter for API, 372 filter variable, 28
Finance programs, personal, 279—280 Financial data, personal, 279—284 Footer text, finding, 191—192 Forgotten password recovery
mechanisms, 275 Forms, user authentication, 328 Forum, Search Engine Hacking, 262 Foundstone, 383 FQDN (fully qualified domain
names), 152
Framing, cross-site, 460 FTP log files, 446—447 Fully qualified domain names (FQDN), 152
G
Gas stations, 145
gdork.gs file for Gooscan, 337
Geographic regions, 33—34
GHDB (Google Hacking Database),
174—175,194,262,359 GNU Zebra, 21
Google, getting help from, 354—357 Google API. see Application
Programming Interface (API) Google appliance, 334 Google Desktop Search, 316, 318 Google Groups. see Newsgroups Google Groups Advanced Search
feature, 127 Google Hacking Database (GHDB),
174—175, 194, 262, 359 Google Image search feature, 8—9 Google Local, 143—145 Googlebot, 325 Googleturds, 54 Gooscan tool
data files, 335—338
description, 199, 332—333
installation, 333
options, 334—335
use of, 338—342 Government auditing organizations, 420
grep command, 235 Grinding, automated, 312—315 group operator, 69 Groups. see Newsgroups
H
Hackers, 59, 63—64, 78 Hacking, constraints of, 443—445
Hardware, Web-enabled, 171—172,
178—179, 255—258 H.E.A.T. tool, 223 Help-desk references, 124 Help from Google, 354—357 "Helper" programs, 14 Hexadecimal codes, 26 Hidden form fields, 453 Hidden JavaScript, 453 Highlighting, 49, 95
hl (home language) codes, 6, 28,
30—32 host command, 90 "How-to" guides, 124—125 HP Insight Management Agents,
locating, 172 .htaccess files, 324, 329—330 HTML comments, 447—448 HTML or text, conversion to, 56—58 HTTP requests and responses,
453—456
httpd.conf configuration files, 231,
261—262, 325 Human-friendly queries, 23 Human Resources departments, 123
I
Ideahamsters, 421 Identified weaknesses, 427 IDS (intrustion detection systems), 484
ie (input encoding) codes, 28 Ignored words, 15—16 Ihackstuff, 415
IIS. see Internet Information Server (IIS)
I'm Feeling Lucky button, 4 Image search feature, 8—9 image tags, 463, 465—467 inanchor operator, 62, 78 inauthor operator, 3 .INC files, 320 Include files
C code, 184
protecting, 320
server-side, 113 Incremental substitution, 110—111 Indemnification, 428 "Index of" directory listings, 100—102 Index Server, 248—249 Indexes, Apache. see Directory listings indexof search type for Gooscan, 336 indexof.gs file for Gooscan, 338 info operator, 65 Information disclosure, 443 Information leaks, 319, 354 Instant messaging, 140—141 Instant Messenger (AIM) buddy lists, 283
Institute for Security and Open
Methodologies (ISECOM), 421 insubject operator, 69—70 Integrity, 428—429 Interface
language tools, 12—14
newsgroups, 5—8
preferences, 9—12
Web results page, 5—6
Web search page, 2—4
Internet Information Server (IIS) bad file extensions, 449—451 default documentation, 247 default Web pages, 244—245 error messages, customized, 261 error messages, finding, 225—229 error-page titles, 227—228 locking down, 330 securing, 360 Security Checklist, 330
Internet Protocol (IP) addresses, 152—153
intitle operator description, 46—48 examples, 43—44,101—109
intitle search type for Gooscan, 336
intitle:index.of searches, 206
intranet | help.desk searches, 216—217
Intranets, 124
Intrustion detection systems (IDS), 484
inurl operator, 50—51, 77, 92 inurl search type for Gooscan, 336 inurl.gs file for Gooscan, 338 inurl:temp | inurl:tmp | inurl:backup |
inurl:bak searches, 216 IP (Internet Protocol) addresses,
152—153
ISECOM (Institute for Security and
Open Methodologies), 421 ITFAQnet.com, 85
J
Java, 371
JavaScript Document Object Model
(DOM), 465—466 Job postings, 126
John the Ripper password cracker, 273
Julian dates, 64
K
Keys. see License keys for API
L
langpair parameter, 96 Language, translation of, 5—6,12—13 Language rescrict (lr) codes, 28—31 Language settings for proxy servers, 11
Language tools, 4,12—14 Language use codes. see Home
language (hl) codes Languages for API, 373 Lantronix web-managers, locating,
172
Laptops with built-in cameras, 145 Leaks of information, 319, 354 Libraries, automation, 384—386 Libwhisker Perl library, 110 License keys for API, 128, 327, 348 Limit of 10 words, 16—17 Limitations, security, 425—427 link operator, 59—62, 79,160 Links
from and to targets, 160—161 mapping, 159—164 pages without, 118 removing, 356
to specified URLs, searching, 59—62 Literal expressions, escaping from, 463—468
Local proxies, 457—458
Lockouts, 368
Log files, 296, 298—299
Logging Web connections, 88—89
login | logon searches, 208—209
Login portals, 250—255, 302—304
Login prompts, 191
Long, Johnny, 332
Looking Glass servers, locating, 173
Lord, Steve, 343
Loss controls, 427
lr (language restrict) codes, 28—31
Lucky button, 4
lynx command-line browser, 156—157
M
Macintosh Gooscan, 333 Mail. see E-mail Mapping
domain determination, 154—155
link mapping, 159—164
methodology, 152—153
page scraping, 156—158
scripting, 158—159
site crawling, 155—156 Masking query host address, 167 maxResults variable, 28 Message identifiers, searching for, 70—71
Messages, error. see Error messages
Messaging, instant, 140—141
META tags, 327—328
Metadata, excessive, 319
Microsoft. see Access database; Index Server; Internet Information Server (IIS); .NET framework;
Outlook; Outlook Web Access;
SQL Server; Web Data
Administrator software package Microsoft C#, 371 Microsoft Money, 279—280 Minus (—) operator, 19—20 Mixing advanced operators, 43,
75—76
Money, Microsoft, 279—280 msgid operator, 70—71 MSN Messenger contact list files, 283 Multilingual password searches, 275—276
Multiple-query mode for Gooscan, 340
mysql_connect function, 305
N
Name formation for domains, 152
Narrowing searches, 14
Native language, 9
Negative queries, 156
Nessus security scanner, 284
Nessus tool, 223
Netcraft, 171
Netscape servers, 245
Network devices, Web-enabled,
171—172, 178—179, 255—258 Network printers, 257 Network Query Tool (NQT),
166—171
Network reports, locating, 173—175 Network vulnerability reports, 280 Newsgroups authors, searching, 66—69 Google Groups Advanced Search feature, 127
interface, 5—8
post titles, searching, 46—49, 66—69
posts, removing, 357
tracing, 164—166
USENET, 6—7 Nightclubs, 145 NIKTO security database, 406 Nikto tool, 110, 201, 332 Nmap tool, 223 NNTP-Posting-Host, 165 No-cache pragma, 360 NOARCHIVE in META tag, 327 Nomad, Simple, 438 Non-Google Web utilities, 166—171 Non-repudiation, 428 Nonconfrontational contact, 143 NOSNIPPET in META tag,
327—328 NOT operator, 374 Novell Management Portal, 252 NQT (Network Query Tool),
166—171 nslookup command, 90 ntop programs, 173 Number of Results setting, 12 Numbers within a range, searching, 63
numrange operator, 63
O
OASIS WAS Vulnerability Types and Vulnerability Ranking Model, 442
oe (output encoding) codes, 28 Office documents, 299—301
Open Source Security Testing
Methodology Manual
(OSSTMM) improving, 436 methodology chart, 430 origins, 420—421
other security methodologies, 435 security presence, 422—423, 431—433
standardized methodology, 424—429 Opera Web browser
disabling Google crawling, 119
finding pages without links, 118 Operating systems of servers, 108 Operational security, 424—425 Operators
advanced, combining, 43, 75—76
in AltaVista, 85—86
Boolean, 18, 43, 58
colliding, 75
description, 46
examples, 43—44
list of, 42, 75—76, 80—84
mixing, 43, 75—76
OR, 374
other search engines, 85—86 syntax, 43 Web site, 86 in Yahoo, 85
see also Operators, specific Operators, specific — (minus), 19—20 + (plus), 19 allintext, 43, 49—50, 77 allintitle, 43, 48—49 allinurl, 43, 51—52, 78
AND, 18—19 author, 66—69 bphonebook, 73 cache operator, 62—63 daterange operator, 64—65 define, 72
filetype, 54—58,111 group, 69 inanchor, 62, 78 inauthor, 3 info, 65
insubject, 69—70
intitle, 43—44, 46—48,101—109
inurl, 50—51, 77, 92
link, 59—62, 79
msgid, 70—71
NOT, 374
numrange, 63
OR, 374
phonebook, 72—75
related, 66
rphonebook, 73
site, 52—54, 77—79, 204—205, 332 stocks, 71—72 see also Operators OR operator, 374 Oracle database, 475 ORing filetype arguments, 295 OSSTMM. see Open Source Security Testing Methodology Manual (OSSTMM) Outdated links, removing, 356 Outlook, 134—135 Outlook Web Access portal, 251, 268—269
P
Packet sniffer, Ethereal, 456—457 Packets, 453—459 Page scraping, 156—158, 414 Page text, searching, 49—50 Page titles
Apache error messages, 236—237
IIS error messages, 227—228
searching, 46—49 Palookaville, 326 Parameters for searches, 27—28 Parentheses
ignored, 20
use of, 375 password | passcode | "yourpassword is" searches, 210
Password crackers, 273 Password file, system, 110 Password prompts, 191 Password-protection mechanisms,
328—330 Passwords
authentication, 329
clear text, 274
encrypted or encoded, 273—274
encryption, 288
forgotten password recovery mechanisms, 275
searching for, 270—275
shared, 287—288 Patches, security, 331 Penetration testers, 92, 222, 420 Perl
CPAN modules, 162 implementation of API, 386—390,
406—411 scripting, 158—159, 312—315
Personal e-mail folders, 135 Personal finance programs, 279—280 Personal financial data, 279—284 Personal information, 142 Personal Web pages and blogs, 140 Personnel channel, 423 Personnel departments, 123 Phishing
to catch scammers, 278—279
cross-site framing, 460
scams, 277—279, 287 Phone numbers
removing from Google list, 74
searching for, 72—75 phonebook operator, 72—75 PHP files, 113 Phrack, 164 Phrase searches, 18 Physical assessment, 143 Physical channel, 423 Pipe symbol ( | ), 20, 374 Plus (+) operator, 19 Policies, security, 322—323 Polling, public, 126 Pop-up advertisements, 12 Portals, login, 250—255, 302—304 Ports, multiple, 178 Portscans, 223
Post titles, searching, 46—49, 66—69 Posts, removing, 357 "Powered by" tags, 188, 192—193 Pragma, no-cache, 360 Preassessment checklist, 146
information-gathering techniques, 122
Preferences, 4, 9—12 Printers, network, 257
Privacy, 428
Process of searching, 17—20 Professional security testing, 419—420 Profiling servers, 223—225 The Programmer's Ultimate Security
Desk Reference, 482 Proxies, local, 457—458 Proxy checkers, 99, 117 Proxy servers
anonymity, 91—92
Google translation as, 95—99
language settings, 11
locating, 92
translation service, 6 Pseudoanonymity, 67 Pseudocoding, 385 Putting the Tea Back into
CyberTerrorism, 131 Python implementation of API, 390—393
Q
q variable, 28 Queries automated, 157
locating Apache versions, 105—107 locating database error messages,
306—308 locating database files, 311 locating database interfaces, 303 locating database support files,
304—305
locating default Apache installations, 243—244
locating default documentation, 248 locating default programs, 250 locating e-mail addresses, 137—138
locating login portals, 253—255 locating more esoteric servers, 246 locating Netscape servers, 245 locating passwords, 270—273 locating potentially sensitive office
documents, 301 locating specific and esoteric server
versions, 107—108 locating specific IIS server versions,
244
locating SQL database dumps, 310 locating user names, 265—266 locating various network devices, 258
locating various sensitive information, 281—283
negative, 156 Querystrings, 456 Question mark (?), 25 Quicken, 279—280 Quotation marks ("), 16, 18
R
Rain Forest Puppy (RFP), 110 Range of dates, searching, 64—65 Range of numbers, searching, 63 Ranta, Don, 313
raw search type for Gooscan, 337 Recovery mechanisms, password, 275 Reduction (narrowing) of searches, 21—24
Regions, geographic, 33—34 Registration screens, 328 Registry files, Windows, 136, 268 related operator, 66 Related sites, searching, 66 Reloading, shift-, 90
Remote scripts, 465 Rendered view, 290 Reports, locating, 173—175 Residential phone numbers, searching
for, 72—73 Responses, API, 376—377 restrict codes, 32—36 restrict variable, 28, 32—33 Restriction rules, 373—374 Results, number of, 12 Results page, 5 Resumes, 142 Retina tool, 223 Robots. see Crawlers Robots.txt files, 325—327, 360,
445—446 Rotator programs, 167—170 rphonebook operator, 73
S
safe variable, 29 SafeSearch Filtering, 11 Safety, 429
Sample API code, 377—383 Sample files, 449 Sample programs, 248—250 SANS Top 20 list, 220 Scanner, Nessus, 284 Scanner programs, 198 Scanning, CGI, 197—199, 201 Scraping pages, 156—158, 414 Scripts
automated grinding, 312—315 cross-site scripting (XSS), 461—462,
466—468 for debugging, 304
dns-mine.pl, 158—159, 377—383
file extensions, 330
remote, 465 Search Engine Hacking forum, 262 Search fields, 3 Search rules
case sensitivity, 14—15
ignored words, 15—16
limit of 10 words, 16—17
stemming (expanding), 15, 23
wildcards, 15—16 Search string for Gooscan, 337 Search-term input field, 4 Searches
admin | administrator, 210—212
Advanced Search link, 4
authors, 66—69, 164—166
automating, 331
base searches, 22
cache, Google, 62—63
criteria, 365—1305
dates within a range, 64—65
definitions of terms, 72
error | warning, 206—207
—ext:html —ext:htm —ext:shtml —ext:asp —ext:php, 212—216
Google Desktop Search, 316
intitle:index.of 206
intranet | help.desk, 216—217
inurl:temp | inurl:tmp | inurl:backup I inurl:bak, 216
links to specified URLs, 59—62
login | logon, 208—209
message identifiers, 70—71
in newgroup post titles, 46—49
newsgroup authors, 66—69
newsgroup post titles, 66—69
numbers within a range, 63
in page text, 49—50 in page titles, 46—49 parameters, 27—28 parameters for API, 371—372 password | passcode | "your password
is," 210 phrases, 18 process, 17—20
reduction (narrowing), 21—24
requests, API, 375—376
responses, API, 376—377
results page, 5
site summaries, 65
sites related to a site, 66
space between elements, 43
specific file types, 52—54
specific servers or domains, 52—54
stock symbols, 71—72
telephone numbers, 72—75
username | userid | employee.lD | "your username is," 209
see also Search rules Secure Sockets Layer (SSL), 482 Security
access, 425
actual, 425—427
alarm, 429
anomaly, 426—427
assessment, blind, 152
authentication, 428
concern, 426
confidentiality, 428
continuity, 429
data networks channel, 423
ethical hacking methodology, 420
exposure, 426
government auditing organizations, 420
ideahamsters, 421
indemnification, 428
Institute for Security and Open
Methodologies (ISECOM), 421 integrity, 428—429 limitations, 425—427 loss controls, 427 non-repudiation, 428 operational, 424—425 patches, 331
penetration testers, 92, 222, 420 personnel channel, 423 physical channel, 423 policies, 322—323 privacy, 428 safety, 429
scanner, Nessus, 284 standardized methodology, 423 telecommunications channel, 423 testing, professional, 419—420 trust, 425 usability, 429 visibility, 424—425 vulnerability, 426, 444 weakness, 426—427 wireless communications channel, 423
see also Open Source Security Testing Methodology Manual (OSSTMM); Web application security (Web app sec)
Security presence channels, 422—423, 431—433
SensePost, 154, 158, 278, 351
Server-side includes, 113
server tag in directory listings, 223—225, 261
Server versions
Apache, 105—108 finding, 103 operating systems, 108 uses of, 104 Servers, Web error messages, Apache, 229—238 error messages, applications',
238—241 error messages, MS-IIS, 225—229 esoteric, 246
locating and profiling, 223—225
public, 323
safeguards, 323
searching, 52—54
see also Server versions Session hijacking, 468—471 Session management, 442 Settings, default, 330 Sexual content, 11 Shift-reloading, 90 Simple Nomad, 438 Single-query mode for Gooscan,
338—339 Site crawling, 155—156 site operator, 52—54, 77—79, 204—205, 332
Site summaries, searching, 65
SiteDigger tool, 346, 348—351, 359, 383
Snippets, 327—328 SOAP::Lite, 128
Social Security numbers (SSNs),279 Socket-class functionality, 414 Socket initialization, 386 Software default settings, 330 Sony VAIO laptops, 145 Source code, uses for, 112—113, 189—197
Space between search elements, 43 Spam, 439
Special characters, 26, 43
Specific file types, searching, 52—54
Specific servers or domains,
searching, 52—54 SPI Dynamic, 238
SQL. see Structured Query Language (SQL)
SQL Server database, 475
SSL (Secure Sockets Layer), 482
SSNs (Social Security numbers)
searching for, 279 Standardized methodology, 423 start variable, 28 Stock quotations, 71—72 stocks operator, 71—72 Stop words, 15
Structured Query Language (SQL)
dumps, 309—310
file extension, 310
injection attacks, 301, 308, 442—443, 471—474, 484
mysql_connect function, 305 Student IDs, 279 Subdomains, 153 Submit Search button, 4 Substitution, incremental, 110—111 sullo, 332
Support files of databases, 304—306 Symbols, stock ticker, 71—72 Syntax search terms, 43
universal resource locators (URLs),
25—26 wrongness ignored, 20 System password file, 110
T
Tabs, 4
Targets, vulnerable. see Vulnerable
targets, locating tcpdump command, 89—90, 97 output, 90, 92—93, 97—98 Tea, Putting Back into CyberTerrorism, 131
Telecommunications channel, 423 Telephone numbers
removing from Google list, 74
searching for, 72—75 Temmingh, Roelof, 128,154,158, 351
10-word limit, 16—17 Term input field, 4 Terms, getting definitions of, 72 Terms of Service Athena, 343
automated queries, 157, 314 Gooscan, 331—332, 334, 340 Web sites for, 368—369
Testers, penetration, 92, 222
Text of pages, searching, 49—50
Text or HTML, conversion to, 56—58
Ticker symbols, 71—72
Titles of pages , searching, 46—49
TLD (top-level domain), 154
Toolbars, 3, 14, 39
Top-level domain (TLD), 154
Topic restriction rules, 373—374
Tracing groups, 164—166
Traffic reports, 447
Translation, 5—6, 12—13
Translation proxies, 5
Translation service, 95—98
Traversal, 108—110 Trojans, 438—439 Troubleshooting, 44—45 Trust, 425
Types of files, searching, 52—54
U
Unified Modeling Language (UML)
diagram, 385 Universal resource locators (URLs)
construction, 27—36
description, 24—25
links to specified URLs, searching for, 59—62
removal, automatic, 355—356
searching in, 50—52
special characters, 26
structure, 50
syntax, 25—26 Usability, 429
USENET newsgroups, 6—7 User authentication forms, 328 User names
creation process, 265
searching for, 264—270
sources for, 265—266 username | userid | employee.ID |
"your username is" searches, 209 Utilities, non-Google, 166—171
V
VAIO laptops, 145
Versions of servers. see Server versions view source, 113
Viruses, 438—439
Visibility, 424—425
Vulnerability, 426, 444
Vulnerability reports, 283
Vulnerable targets, locating in advisories, 186, 190 applications, vulnerable, 194—197 via CGI scanning, 197—199, 201 via demonstration pages, 187—189 via source code, 189—197 techniques, 202
W
Watts, Blake, 397 Weakness, 426—427 Web Application Security
Consortium, 442 Web application security (Web app
sec)
authentication, 442 bad file extensions, 449—451 client-side attacks, 459—462 command injection, 442—443,
471—474 cookies, 456, 458, 468—471 description, 438—439 error messages, 448 FTP log files, 446—447 hidden form fields and JavaScript,
453
HTML comments, 447—448 information disclosure, 443 sample files, 449 session management, 442 system documentation, 452 uniqueness, 439—440
vulnerabilities, 440—443
vulnerability, 444
Web traffic reports, 447 Web assessment tools, 238 Web-based mailing lists, 141 Web connections, logging, 88—89
Web Data Administrator software
package, 302 Web-enabled network devices,
171—172,178—179, 255—258 Web filtering, 439 Web pages, personal, 140 Web results page, 5—6 Web search page, 2—4 Web servers. see Servers, Web Web sites
advanced operators, 86
Athena, 359
Athena configuration files, 348 basic searching, 38 default pages, 241—246 excessive metadata, 319 file extensions, 318 FILExt database, 56 frequently asked questions (FAQ), 85
Google Desktop Search, 318
Google details, 86
Google Groups Advanced Search
feature, 127 Google Hacking Database
(GHDB), 359 Google Local, 143—145 Gooscan tool, 199, 333 .htaccess files, 330
John the Ripper password cracker, 273
language-specific interfaces, 10
Libwhisker Perl library, 110 lockouts, 368 Netcraft, 171
NIKTO security database, 406 phishing, 287 proxy checkers, 99, 117 robots.txt files, 325, 360, 445—446 SANS Top 20 list, 220 SiteDigger tool, 348, 359 Terms of Service, 368—369 USENET, 6
Web Application Security
Consortium, 442 WebInspect tool, 119 Wikto tool, 199
XCode package for Macintosh, 333
Web traffic reports, 447
Web utilities, non-Google, 166—171
Webalizer program, 267
Webcams, 256
Weblnspect tool, 119, 238
Weighting, 161—163
Whisker tool, 110
Wikto tool, 199, 351—354
Wildcards, 15—16
Windows registry files, 136, 268
Windows tools Athena, description of, 343—345 Athena configuration files, 345—348 Google API license keys, 348 .NET framework, 342
requirements, 342
SiteDigger, 346, 348—351
Wikto, 199, 351—354 Windows Update, 342 Wireless communications channel, 423
"Wish lists," Amazon, 142 Word order, 86 Words in searches
ignored, 15—16
limit of 10, 16—17 Worms, 164 WS_FTP program, 291
X
XCode package for Macintosh, 333 XSS (cross-site scripting), 461—462, 466—468
Y
"Your password is" searches, 210 "Your username is" searches, 209
Z
Zebra, 21
Zero day exploits, 182
Inside the SPAM Cartel
For most people, the term "SPAM" conjures up the image of hundreds of annoying, and at times offensive, e-mails flooding your inbox every week. But for a few, SPAM is a way of life that delivers an adrenaline rush fueled by cash, danger, retribution, porn and the avoidance of local, federal, and international law enforcement agencies. Inside the SPAM Cartel offer readers a never-before view inside this dark sub-economy. You'll meet the characters that control the flow of money as well as the hackers and programmers committed to keeping the enterprise up and running. ISBN: 1-932266-86-0 Price: $49.95 U.S. $72.95 CAN
Last year, Stealing the Network: How to Own the Box became a blockbuster bestseller and garnered universal acclaim as a techno-thriller firmly rooted in reality and technical accuracy. Now, the sequel is available and it's even more controversial than the original. Stealing the Network: How to Own a Continent does for cyber-terrorism buffs what "Hunt for Red October" did for cold-war era military buffs, it develops a chillingly realistic plot that taps into our sense of dread and fascination with the terrible possibilities of man's inventions run amuck.
ISBN: 1-931836-05-1 Price: $49.95 U.S. $69.95 CAN
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment