Hacking web intelligence is a very interesting exploration of tools that exist on the Internet for gathering open-source intelligence (OSINT), information gathered using open-source tools from publicly available sources. But the book goes beyond this. In order to present how these tools are used, the authors go into security and privacy because sometimes data may need to be gathered anonymously. They also touch on tools used by penetration testers, people hired to hack websites to find weaknesses. Some of these tools can be useful in gathering data without actually penetrating a system. Think of this book as a primer on the Internet and ways to search it extensively for information about people and websites.
The book begins by briefly defining the basic components of the Internet that will be covered. It then defines OSINT and sources of data, such as advanced use of search engines, and news, corporate, academic, government, blog, and social media websites.
Three chapters are devoted to browsers and search engines. These discuss how browsers work; using browsers anonymously; custom browser implementations designed for anonymous use, for example, the Epic browser; and browser add-ons that facilitate OSINT retrieval. From here, a deep discussion of search techniques and advanced features of major search engines is presented. Such topics as people, business, social media website search, and more are covered.
Browsers provide in some sense a high-level search capability. To delve more deeply requires dedicated applications. OSINT tools are related to hacking tools in that they gather data about websites and people associated with websites, such as domains and subdomains, details about server software, Internet protocol (IP) addresses, and email addresses. Several prominent tools are discussed including Harvester, Shodan, Search Diggity, and Maltego. Some of these tools require a Python interpreter or can be extended using Python code. Hence, a later chapter provides a quick and dirty overview of the Python language.
Metadata, or data about data, provides another avenue for gathering OSINT. For example, modern digital cameras record information about pictures and videos they take, including date and time, and the geographical coordinates of the location. Other file types, such as office documents, may contain metadata possibly useful in gathering information about an individual. The authors discuss how to extract and analyze metadata, but also include ways to remove metadata for those interested in maintaining privacy.
Darkweb and deepweb are terms that refer, respectively, to websites accessible only through authentication protocols, that is, logging on, or via anonymizers, tools such as The Onion Router (TOR), which combines a custom browser and network infrastructure that masks connections between clients and servers. In preparing to discuss accessing such sites, the book provides a chapter on online anonymity. With a conventional browser, a server can trace back to the client, learning the client’s Internet service provider (ISP)-provided identifier and IP address. During a search for sensitive information, the investigator might prefer to be untraceable. Here, we learn methods of remaining anonymous when searching online, including going beyond just using a browser.
Once data is gathered, it must be organized into information. A chapter on data management and visualization tools provides an introduction to this. Various tools for note taking, organizing data, presenting data, flowcharting, and so on are discussed. Some of the applications noted are Excel spreadsheets, SQL databases, Maltego, and CaseFile.
The book concludes with several chapters on various topics. Particularly useful is the discussion of online security, which goes into many areas where Internet users are attacked or leave themselves vulnerable to attack. A chapter titled “Basics of Social Networks Analysis” contains a bit of graph theory and describes a couple of tools that can analyze graphs. The topics do not address specifics of social media sites as might be inferred from the chapter title. Next is a chapter on Python. A programming background is needed to make good use of it. Another chapter presents useful case studies showing actual instances where the authors applied the tools they discuss. The book concludes with “related topics of interest.” To me, they are rather tangential to the rest of the material.
The writing is reasonably clear and pleasantly informal, although it is apparent that English is not the writers’ primary language. The book is filled with usage errors, misused prepositions, and adverbs. I fault the publisher, Elsevier-Syngress, for inadequate editing. That said, the writers are consistent, thus one can become accustomed to their writing. This book should be of interest to people who work in the intelligence or security fields, as well as to people who have a need to gather information about others, such as marketers.
More reviews about this item: Amazon
