Sorry, this item is not available in
Image not available for
Image not available

To view this video download Flash Player

Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Penetration Tester's Open Source Toolkit [Illustrated] [Paperback]

by Jeremy Faircloth, Jay Beale, Roelof Temmingh, Haroon Meer, Charl van der Walt, HD Moore
4.3 out of 5 stars  See all reviews (13 customer reviews)

Available from these sellers.

Free Two-Day Shipping for College Students with Amazon Student

Sell Us Your Books
Get up to 80% back when you sell us your books, even if you didn't buy them at Amazon. Learn more
There is a newer edition of this item:
Penetration Tester's Open Source Toolkit, Third Edition Penetration Tester's Open Source Toolkit, Third Edition 5.0 out of 5 stars (4)
In Stock.

Book Description

June 1, 2005 1597490210 978-1597490214 1
Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader "inside their heads” to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.

* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers

* The book is authored by many of the tool developers themselves

* This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Editorial Reviews

About the Author

Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I, A+) is a Senior Principal IT Technologist for Medtronic, Inc., where he and his team architect and maintain enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. As a systems engineer with over 19 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. Jeremy is also a contributing author to over a dozen technical books covering a variety of topics.

Product Details

  • Paperback: 750 pages
  • Publisher: Syngress; 1 edition (June 1, 2005)
  • Language: English
  • ISBN-10: 1597490210
  • ISBN-13: 978-1597490214
  • Product Dimensions: 9 x 7.1 x 2 inches
  • Shipping Weight: 2.2 pounds
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Best Sellers Rank: #1,818,390 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
28 of 30 people found the following review helpful
I am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. If you have no other security assessment books, you may find PTOST helpful. Otherwise, I don't believe this book offers enough value to justify purchasing it. Other books -- some published by Syngress -- cover some of the same ideas, and 5 of PTOST's chapters are published in other books anyway.

I was somewhat confused by PTOST's approach. The book features the logo of the Auditor live CD, along with a foreword by Auditor developer Max Moser. A version of Auditor is included with the book. However, PTOST isn't exactly a guide to Auditor. In fact, only on the back cover do we see a listing of the "CD contents." This list is odd since it does not distinguish between categories of tools (e.g., "Forensics") and the tools themselves (e.g., "Autopsy"). At the very least the book should have included an appendix listing the Auditor tools and a summary of their purpose.

PTOST does not feature enough original content to warrant buying the book. I think Osborne's Hacking Exposed, 5th Ed (HE5E) (or even the 4th Ed) addresses the phases of compromise in a more coherent and valuable manner. This is especially true for Ch 1 (Reconnaissance) and Ch 2 (Enumeration and Scanning); is there really anything original left to say on those subjects? I admit that coverage of certain SensePost tools was helpful, and SpiderFoot was cool.

Those looking to learn about database assessment (Ch 3) or Web hacking (Ch 4) would be better served by Syngress' own Special Ops: Host and Network Security for Microsoft, Unix, and Oracle. HE5E has a good chapter on Web hacking, and there's even a Hacking Exposed: Web Applications (HEWA) book.
Read more ›
Comment | 
Was this review helpful to you?
6 of 7 people found the following review helpful
4.0 out of 5 stars Good introduction to tools you might not have used before February 22, 2006
Format:Paperback|Verified Purchase
The Penetration Tester's Open Source Toolkit is a new offering from Syngress that primarily focuses on using the Auditor live CD. The 200605-02-ipw2100 version comes included with the book; if you have an IPW2200 wireless interface in your laptop, though, the 802.11x tools won't work as it doesn't include the proper driver.

The book walks through using a number of Open Source or free tools for overall reconnaissance, enumeration, and scanning (most of which everyone's seen before), but then it delves into database, web application, and wireless testing as well as network devices. There's a chapter on "Writing Open Source Security Tools", but it's a little misleading as it's a quick guide to writing security tools without any real discussion of open source development or what it means other than an appendix that briefly includes and talks about the GPL and why it's good.

There are four chapters on Nessus, most of which focus on using NASL and other ways of extending the venerable vulnerability scanner. The final two chapters discuss the Metasploit Project; the first of these is also misleading as it's not so much about "Extending Metasploit" as it is an (admittedly good) introduction to the Framework. The second does a decent walkthrough of developing an exploit with Metasploit, including other offerings from the project like the Opcode Database and such.

It's a very useful book; much of it you'll already know, but there's a lot of discussion about tools that I hadn't seen before. A few of the tools are mostly out-dated, and not all of them are on the Auditor CD, but this goes beyond simple discussions of nmap and whois; even some Google tools from Sensepost are examined.
Read more ›
Comment | 
Was this review helpful to you?
16 of 23 people found the following review helpful
1.0 out of 5 stars Save your money and wait for an improved edition. January 5, 2006
What a disappointment.

Although this book tries to be a comprehensive source of information on pen-testing, it's so riddled with technical errors as to be useless on its own.

Experienced x86 Assembly programmers will surely enjoy the discussion of buffer overflows, where the author reveals that a POP instruction is actually an acronym for 'Point of Presence' (among other gems).

Overall, I'd say that 10% of the info is usable, and the remainder is suspect.

Definitely wasn't worth the wait or the $$. Future editions might end up being worthwhile if they do some severe editing, otherwise there are many other far more useful books available on this topic.
Comment | 
Was this review helpful to you?
3 of 4 people found the following review helpful
I found this book to be a great way to learn how to use many of the tools used in vulnerability assements/pen-testing as well as some methodology. In particular i found the chapters 1 and 2 on recon/scanning to be preatty through (150 pages to the topic). Alot of the ideas covered in these tow chapters can be read elsewhere but not to this level of complete throughness. The book goes preatty deep into not just using Nessus but how to use NASL. It also covers at an "intro-level" on testing databases (MSSQL, Oracle), Web apps, and starting to code in Perl and C#. Outside of that the rest of the book is mainly devoted to using tools with lots of screenshots which i found helpful.

My personal favorite chapter was 13. It is a very well done discussion of how buffer overflows are exploited and how to build exploits and payloads using the Metaspolit framework. The topic can be very complex yet the author managed to make it very readable. I was so impressed i decided that i will read another book by the author (James Foster) on the topic.

Overall i found this book is great for folks who already have an idea in mind what they want to accomplish. This book just tells you how to use the right tool for the job.
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars Pentesting
Love this book; however, we are now on Backtrack 4 Final, so I guess this would be nice to just add to the collection, usually typing man somecommand or using Google or the... Read more
Published on June 14, 2010 by Munya
4.0 out of 5 stars Good encyclopedic reference on Backtrack
I found the book to be quite useful. It's easily understood and can be easily digested by a beginner.
If you are looking for a tutorial on pen-testing, this is not it. Read more
Published on June 8, 2010 by A. Yampolskiy
5.0 out of 5 stars Great book
Great starter book into Pen Testing. Big book with lots of information. Great book to read to prepare to start your CEH or CISSP studies.
Published on August 23, 2007 by Steve Erdman
5.0 out of 5 stars good introduction
If you live and breathe IT security, this books is for you. I would like to somewhat disagree with some of the earlier reviewers. Read more
Published on February 21, 2007 by G. Tairov
4.0 out of 5 stars Solid Penetration Testing Book
At around 700 pages in size, the 'Penetration Tester's Open Source Toolkit' by Johnny Long is a solid reference material which is a nice pickup for anyone that is concerned with... Read more
Published on February 6, 2007 by Dan McKinnon
5.0 out of 5 stars Excellent reference.
If you are going to do any work in the Information Assurance world you will want to add this book to your shelf and keep it handy. Read more
Published on January 21, 2007 by J. Cornell
5.0 out of 5 stars Good review of currently available software
Title: Penetration Tester's Open Source Toolkit

Author: Johnny Long, Aaron Bayles, James Foster, Chris Hurley, Mike Petruzzi Noam Rathaus, Mark Wolfgang... Read more
Published on September 24, 2006 by Harold McFarland
5.0 out of 5 stars Excellent kickstart
Excellent kickstart for the budding pentester (such as myself) Covers as far as i can see most areas, and creating an apetite for more.
Published on March 21, 2006 by B. Jörgen
5.0 out of 5 stars A Good Place to Start
Penetration testors have worked for many years developing a wide series of tools to test the resistance of systems to intrusion. Read more
Published on March 3, 2006 by John Matlock
Search Customer Reviews
Only search this product's reviews

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category