Penetration Tester's Open Source Toolkit
by Long, Johnny et al.
ISBN 1-59749-021-0. $59.95 ($35.97 at www.syngress.com), bootable CDRom with many tools, index, 704 pages.
Reviewed by Robert Bruen March 14, 2006
Books with useful penetration testing information are still few and far between. Although there are several good ones available, some are four years old now. I am always happy to see good books come out in areas which need more. This book is an all-inclusive tutorial for almost everything you need to know about "pen testing." The chapters really show you step-by-step instructions for making things work. If you are new to pen testing, then this is a valuable resource. If you are experienced you should still find some new tidbits.
The chapters breakdown into several groups. The first few explain what the business is all about and what you do, starting with the basics: reconnaissance, enumeration and scanning. The standard Unix commands are demonstrated, such as "whois", "host" and "dig", as well standard tools like "NMap" and "Sam Spade." In addition, the free BiLE (Bi-Directional Link Extractor) Software Suite from Sense Post is given a lot of attention. It is a set of Perl scripts that can be used to gain information from web sites. Unfortunately, at the time of this writing, Sense Post no longer provides the suite.
On the other hand, http://www-remote-exploit.org still does offer the Auditor CD iso image. Auditor is the collection of open source tools that forms the basis of the book. The latest collection is large, close to 200 titles, none of which is the BiLE suite. The value of a collection comes in saving you the time and effort of collecting them all yourself. Sometimes even good tools are not well known so you miss them in your search. The other value is a book with good instructions for using the tools.
The next chapter group is about the specific targets, databases, web servers and wireless. The wireless set has really grown from the early days of the Netstumbler tool to software which will grab latitude and longitude of a wireless signal which can then be fed into a digital map with an overlay of the signal range.
The last part is the group of chapters that cover tools in depth. There is also a chapter on writing code for your own tools. I thank the authors for including a chapter to encourage people to write code and I was happy to see the Java IDE Eclipse highlighted. Eclipse is a big piece of software with its own book, but the brief introduction here is helpful
Nessus and Metasploit get the most coverage for individual tools. The Nessus version in the book is an older version, but for the beginner it is still worthwhile and it can be run from the CD. The explanation and instructions are good enough to get it installed and working.
Metasploit deserves whatever publicity it can get, so my apologies to HDM [Ed. try Google]. The last two chapters are a good introduction to Metasploit, although not to the latest version.
This book generally does a very good job of detailing the usage of the tools, especially if you are just starting out or need to expand your knowledge. In spite of a few problems, I recommend purchasing the book for the broad coverage, free tools and detailed instructions.