Penetration Tester's Open Source Toolkit / Edition 3

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $23.00
Usually ships in 1-2 business days
(Save 53%)
Other sellers (Paperback)
  • All (11) from $23.00   
  • New (8) from $24.63   
  • Used (3) from $23.00   


Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply.
The book consists of 10 chapters that focus on a specific area of penetration testing: tools of the trade; reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; network devices; enterprise application testing; wireless penetrating testing; and building penetration test labs. Each chapter is organized to discuss objectives associated with the focus area, an approach to penetration testing of that area, core technologies for penetration testing, and open source tools that can be used to perform penetration testing. The chapters also include case studies where the tools that are discussed are applied.
This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

  • Details current open source penetration testing tools
  • Presents core technologies for each type of testing and the best tools for the job
  • New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack
Read More Show Less

Editorial Reviews

From the Publisher
"Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester's Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. This is just the kind of writing we should be expecting from our front runners in IT to be doing to support our Enterprise."—Tim Hoffman, President, Alida Connection
Read More Show Less

Product Details

  • ISBN-13: 9781597496278
  • Publisher: Elsevier Science
  • Publication date: 8/1/2011
  • Edition number: 3
  • Pages: 464
  • Sales rank: 1,435,968
  • Product dimensions: 7.50 (w) x 9.20 (h) x 1.20 (d)

Meet the Author

Jeremy Faircloth (CISSP, Security+, CCNA, MCSE, MCP+I, A+) is an IT practitioner with a background in a wide variety of technologies as well as experience managing technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. Described as a “Renaissance man of IT” with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.

Read More Show Less

Read an Excerpt

Penetration Tester's Open Source Toolkit

By Jeremy Faircloth


Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-628-5

Chapter One

Tools of the trade


• Objectives

• Approach

• Core Technologies

• Open Source Tools

• Case Study: The Tools in Action

• Hands-On Challenge

The quality of the tools that we use as penetration testers is part of what determines the quality of work that we perform. Other parts are, of course, skill, experience, and imagination. By building an excellent toolkit, we can better perform our penetration testing work and do a better, faster, and higher quality job. While the rest of this book will be focusing on individual tools and how to use them, in this chapter we will be talking about toolkits which contain a number of the tools we'll be discussing later and more.

We will also be talking about some of the technologies used to make carrying around your toolkit easier and safer. A good set of tools should always be stored in a good toolbox. In addition, we'll touch on some of the tools that you can use to build target systems for penetration testing. In Chapter 10, we'll talk about building a test lab, but here we'll talk about some of the kits that you can use within that lab.

This chapter may not be quite as interesting as the remaining chapters in this book since we will not be doing any actual penetration testing examples here. However, it is very important to have a solid foundation in the general tools available to you as a penetration tester prior to learning how to use those tools in real-world scenarios. You'll find that it saves you a lot of time later when we demonstrate using a tool if you already have a toolkit which contains it.


Our objectives for this chapter are to learn which toolkits exist in the open source world for penetration testing, learn how those toolkits are built and how to modify them, and discuss some of the kits which exist to build target systems. To meet these objectives, we'll go over the general approach of how and why these kits are made, then move into the core technologies of how they work. We'll then go over some open source toolkits, which exist today, and talk about how each applies to your work in penetration testing. Lastly, we'll do a case study using one of the available toolkits and give you a chance to show what you've learned in a hands-on challenge.

Many open source penetration testing toolkits exist today and are built to reduce your work. In the past, performing a penetration test meant that every penetration tester built up a set of tools that they prefer using, kept them updated manually, maintained master copies in case of corruption, and had to manually research how to integrate new tools as they became available. This was where a great deal of the penetration tester's time was spent versus getting into the "real" work of testing a client's security. This was generally not considered billable time and was a real challenge.


The general approach to building penetration testing toolkits is to minimize the amount of work spent maintaining tools and maximize the amount of time spent performing penetration testing. To do this, you generally start with a list of tools that are commonly used for either the specific type(s) of penetration testing that you are performing or a list of tools that can be used for a wide variety of purposes. This is akin to either selecting a knife custom designed for a specific purpose (e.g., a thin bladed knife for filleting) or grabbing a Swiss Army knife to cover a variety of situations.

Generally if you're building your own penetration testing toolkit from scratch, you'll take the approach of selecting your favorite or most commonly used tools. If you are building a toolkit for public use, it's usually best to include a wider variety of tools so that more general penetration testing needs can be met. This is the approach used by most of the people who put together these kits today.

The next decision that you have is the type of operating system that you'd like to use. There are a number of penetration testing tools which are built to run under Windows, but there are typically more tools available under the Linux platform. The challenge there is to determine which Linux distribution to use since there are such a wide variety to choose from. Some examples of popular Linux distributions are:

• Ubuntu

• Fedora

• openSUSE

• Debian GNU/Linux

• Mandriva Linux

• Slackware Linux

• Gentoo Linux

Many of these have served as the foundation for penetration testing toolkits over the years and your choice will often be driven by personal preference as much as any technical reasoning. Each distribution has their own unique release schedule and goals, which may play a part in your decision as well.

With the list of tools and the operating system choice out of the way, now it's time to determine how your penetration test toolkit will execute. Do you want to install the operating system and all tools on a desktop/laptop/etc. permanently or within a virtual machine? Would you prefer to boot off of an optical disk (CD/ DVD)? Or maybe booting and running off of a flash drive or SD card is your preference. Whichever of these options works best for your needs is obviously the direction that you should go. Each has its own pros and cons.

For example, if you choose to do an on-disk installation, you should be aware that any corruption from a bad tool install or an erroneous command could mean reinstalling everything from scratch or restoring from a backup. On the other hand, you can make changes to your toolkit easily and know that those changes will be available for you the next time that you go to use the system. This tends to be a less portable solution, but takes advantage of the speed of the disk and makes saving changes easy.

Booting off of a CD or DVD works great for some toolkits, however, not all operating systems support running in this manner. In addition, you need to be sure that the machine you'll be using has a compatible drive and ensure that your disk doesn't get scratched or otherwise damaged. The risk of corruption is lower since changes are wiped out after the machine using the CD/DVD is powered off, but that also limits your ability to save changes that you actually want to keep such as tool updates.

Using a USB drive or SD card is another option similar to using a CD/DVD, but there are some additional advantages and disadvantages here. Not all systems support booting off of a USB drive and even fewer support booting off of an SD card so compatibility can be a problem. However, with correct partitioning, you can build a USB/SD penetration testing toolkit which supports persistent changes, meaning that all modifications that you make to the booted OS are saved to a special partition and reapplied the next time the toolkit is booted up. This is considered a "persistent Live USB" build and has the advantage of being able to be returned to a baseline state by removing the persistence partition. Alternately, you can build an operating system on the USB drive that is read/write like a normal hard disk.

Whether you're installing on a drive or building a bootable image, your next step is to install your tools. Many of the open source tools available share dependencies and in some cases conflict on the version of those dependencies that they support. While you may want to use the latest version of a specific driver, for example, there may be something new in that version that your chosen tools don't support. Always keep this in mind when doing your tool installations. The process of resolving incompatibilities and ensuring that the correct dependencies are there is very time consuming and requires a lot of effort.


There are a few core technologies that you need to be aware of when building your penetration testing toolkit. In this section, we'll talk about LiveCDs and how they work as well as some basics on how to build or modify a LiveCD. We'll talk about International Organization for Standardization (ISO) images and how to use those as well. Next, we'll go over how to make a bootable USB drive and then finish up by talking about how to make a persistent LiveCD environment.

1.3.1 LiveCDs

A LiveCD is basically a CD or DVD that is written with a bootable version of an operating system modified so that there is no need to write files to the disk the system is booted from. This allows you to use read-only media to boot a system into a fully functional operating system, leaving no data written to the hard disks of the system that you're using. It isn't even required for the system to have a hard disk since everything it needs will be coming off of the optical media.

LiveCDs started becoming popular in the early to mid 1990s and it's now common to find LiveCDs that support a majority of the common operating systems or distributions. Since most operating systems do need a place for temporary files, LiveCDs are built to create this temporary file area in memory or (less commonly) use an existing location on the system's hard disk. Files created while using the LiveCD that the user wants to keep can usually be written to a USB drive or a hard disk partition as well. Creating a LiveCD

Depending on the operating system that you're using, a number of options exist on how to create your LiveCD. For Windows, one of the most popular methods of creating a LiveCD is to use Bart's Preinstalled Environment (BartPE) Builder to create a Windows-based bootable CD or DVD. This is free software and is available at Using BartPE in combination with an original licensed Microsoft Windows DVD allows you to generate a bootable image very quickly and easily. We'll demonstrate the use of this tool in the Open source tools section of this chapter.

Creating a LiveCD with Linux is a little more complex and can vary depending on distribution. For Ubuntu, this involves creating a number of directories and installing some packages on an existing Linux system, creating a copy of the operating system, modifying it to work properly, building out the appropriate directory structures, then finally burning the CD or DVD. All of the steps and a detailed tutorial on this process can be found at

Using Fedora, the process is a little more streamlined. There is a LiveCD-tools package available which includes a tool called LiveCD-creator. This tool effectively goes through the following steps:

• Sets up a file for the ext3 file system that will contain all the data comprising the LiveCD

• Loopback mounts that file into the file system so there is an installation root

• Bind mounts certain kernel file systems (/dev, /dev/pts, /proc, /sys, /selinux) inside the installation root

• Uses a configuration file to define the requested packages and default configuration options. The format of this file is the same as is used for installing a system via kickstart.

• Installs, using yum, the requested packages into the installation using the given repositories in the kickstart file

• Optionally runs scripts as specified by the LiveCD configuration file

• Relabels the entire installation root (for SELinux)

• Creates a LiveCD-specific initramfs that matches the installed kernel

• Unmounts the kernel file systems mounted inside the installation root

• Unmounts the installation root

• Creates asquashfs file system containing only the defaultext3/4file (compression)

• Configures the boot loader

• Creates an iso9660 bootable CD/DVD

This greatly simplifies the LiveCD creation process if Fedora is the distribution that you are using. Full documentation on this process is available at http:// Modifying LiveCDs

Modifying LiveCDs is very similar to creating a LiveCD from scratch except that you have an easier foundation to work from. Basically, the contents of the LiveCD are extracted into a working area and modified as needed. This can include the addition of new files, modification of existing files, or deletion of files as required. Where this becomes complex is when you need to perform installations of packages and then build a new LiveCD using the updated versions.

To do this, there are a couple of methods that you can use. First, you can perform an install of the operating system to a machine, update all of the files or packages necessary, and then rebundle that modified version as a new LiveCD. Alternately, you can take the compressed images created when building some types of LiveCDs, mount those images, update them, and then use the updated images to create a new LiveCD. This is generally the method used with Knoppix as an example. An example of a similar method for Ubuntu can be found at https://help


Excerpted from Penetration Tester's Open Source Toolkit by Jeremy Faircloth Copyright © 2011 by Elsevier Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Introduction Chapter 1. Tools of the Trad Chapter 2. Reconnaissance Chapter 3. Scanning and Enumeration Chapter 4. Client-side Attacks and Human Weaknesses Chapter 5. Hacking Database Services Chapter 6. Web Server and Web Application Testing Chapter 7. Network Devices Chapter 8. Enterprise Application Testing Chapter 9. Wireless Penetration Testing Chapter 10. Building Penetration Test Labs

Read More Show Less

Customer Reviews

Average Rating 3
( 5 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 5 Customer Reviews
  • Anonymous

    Posted June 6, 2014



    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted September 28, 2006


    Are you a computer security penetration tester? If you are, then this book is for you! Authors Max Moser, Johnny Long, Chris Hurley, James C Foster, Mike Petruzzi, Noam Rathaus, SensePost, and Mark Wolfgang, have done an outstanding job of writing a book that describes the knowledge of penetration testers in relation to the other great open source security testing tools that are available. Moser, Long, Hurley, Foster, Petruzzi, Rathaus, SensePost, and Wolfgang, begin by showing you the need for enumeration and scanning activities at the start of your penetration test, and how best to perform these activities with toolkits like Auditor. Then, the authors discuss the basic database technologies and the tools and methods used to assess database security. Next, they explain how a penetration tester would most likely be able to identify your specific WLAN target and determine what security measures are being used. Then, the authors demonstrate and discuss the most common vulnerabilities and configuration errors on routers and switches, which open-source tools the penetration tester should use to exploit them, and how this activity fits into the big picture of penetration testing. Next, they look at writing open source security tools, which is much easier than you might think. The authors continue by showing you how to write and code proper NASL scripts that can be shared with other Nessus users. Then, the authors cover Nesus¿, by including files implementation of the SMB protocol, followed by Nessus¿, which includes files implementation of Windows-related hotfix and service pack verification. Next, they discuss how to use the MSF as an exploitation platform. Finally, they comprehensively cover the usage and benefits of the Metasploit Framework as an exploitation platform. In this most excellent book, the authors use examples and explanations to lead the reader through the different phases of a security penetration test. More importantly, this book provides all of the information you need to start working in a great and challenging area of computer security.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 19, 2012

    No text was provided for this review.

  • Anonymous

    Posted September 30, 2011

    No text was provided for this review.

  • Anonymous

    Posted April 20, 2015

    No text was provided for this review.

Sort by: Showing all of 5 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)