Penetration Tester's Open Source Toolkit

Penetration Tester's Open Source Toolkit

3.0 2
by Jeremy Faircloth, Haroon Meer, Roelof Temmingh, Charl van der Walt
     
 

ISBN-10: 1597490210

ISBN-13: 9781597490214

Pub. Date: 08/15/2005

Publisher: Elsevier Science

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the

…  See more details below

Overview

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader “inside their heads” to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.

* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers

* The book is authored by many of the tool developers themselves

* This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Read More

Product Details

ISBN-13:
9781597490214
Publisher:
Elsevier Science
Publication date:
08/15/2005
Edition description:
1st Edition
Pages:
750
Product dimensions:
7.02(w) x 9.34(h) x 1.94(d)

Related Subjects

Table of Contents

Chapter 1. Know Your Target. Verify that the IP range or domain belongs to the correct target, perform basic reconnaissance and identify possible target user accounts. Chapter 2. Host Detection Chapter 3. Service Detection Chapter 4. Use port scan tool to enumerate open ports Chapter 5. Using "nmap" to perform a portscan Chapter 6. Using "scanrand" to perform a portscan Chapter 7. Results: List of open ports Chapter 8. Application Fingerprinting Chapter 9. Password Attacks Chapter 10. Exploiting Identified Vulnerabilities Chapter 11. Use exploit toolkits Chapter 12. Using "metasploit framework" to verify and exploit vulnerabilities. Chapter 13. "CGE" to exploit vulnerabilities in Cisco devices

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Penetration Tester's Open Source Toolkit 3 out of 5 based on 0 ratings. 2 reviews.
Anonymous More than 1 year ago
Guest More than 1 year ago
Are you a computer security penetration tester? If you are, then this book is for you! Authors Max Moser, Johnny Long, Chris Hurley, James C Foster, Mike Petruzzi, Noam Rathaus, SensePost, and Mark Wolfgang, have done an outstanding job of writing a book that describes the knowledge of penetration testers in relation to the other great open source security testing tools that are available. Moser, Long, Hurley, Foster, Petruzzi, Rathaus, SensePost, and Wolfgang, begin by showing you the need for enumeration and scanning activities at the start of your penetration test, and how best to perform these activities with toolkits like Auditor. Then, the authors discuss the basic database technologies and the tools and methods used to assess database security. Next, they explain how a penetration tester would most likely be able to identify your specific WLAN target and determine what security measures are being used. Then, the authors demonstrate and discuss the most common vulnerabilities and configuration errors on routers and switches, which open-source tools the penetration tester should use to exploit them, and how this activity fits into the big picture of penetration testing. Next, they look at writing open source security tools, which is much easier than you might think. The authors continue by showing you how to write and code proper NASL scripts that can be shared with other Nessus users. Then, the authors cover Nesus¿, by including files implementation of the SMB protocol, followed by Nessus¿, which includes files implementation of Windows-related hotfix and service pack verification. Next, they discuss how to use the MSF as an exploitation platform. Finally, they comprehensively cover the usage and benefits of the Metasploit Framework as an exploitation platform. In this most excellent book, the authors use examples and explanations to lead the reader through the different phases of a security penetration test. More importantly, this book provides all of the information you need to start working in a great and challenging area of computer security.