New Brain and Whole Body Tissue Clearing|Register Now
»
Penetration Tester's Open Source Toolkit
 
 

Penetration Tester's Open Source Toolkit, 3rd Edition

 
Penetration Tester's Open Source Toolkit, 3rd Edition,Jeremy Faircloth,ISBN9781597496278
 
 
 

  

Syngress

9781597496278

9781597496285

464

235 X 191

Learn how to use the best open source tools available for your penetration test with this comprehensive toolkit!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 49.95

eBook
eBook Overview

ePUB format

PDF format

VST format

USD 49.95
Add to Cart
 
 

Key Features

  • Details current open source penetration testing tools
  • Presents core technologies for each type of testing and the best tools for the job
  • New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack

Description

Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. The book consists of 10 chapters that focus on a specific area of penetration testing: tools of the trade; reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; network devices; enterprise application testing; wireless penetrating testing; and building penetration test labs. Each chapter is organized to discuss objectives associated with the focus area, an approach to penetration testing of that area, core technologies for penetration testing, and open source tools that can be used to perform penetration testing. The chapters also include case studies where the tools that are discussed are applied. This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

Readership

Beginner to intermediate penetration testers as welll as security analysts/consultants and sys. admins

Jeremy Faircloth

Jeremy Faircloth (CISSP, Security+, CCNA, MCSE, MCP+I, A+) is an IT practitioner with a background in a wide variety of technologies as well as experience managing technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. Described as a “Renaissance man of IT” with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.

Affiliations and Expertise

Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I, A+) is a Senior Principal IT Technologist for Medtronic, Inc., where he and his team architect and maintain enterprise-wide client/server and Web-based technologies.

View additional works by Jeremy Faircloth

Penetration Tester's Open Source Toolkit, 3rd Edition

Acknowledgments Introduction About the Author About the Technical Editor Chapter 1 Tools of the Trade 1.1 Objectives 1.2 Approach 1.3 Core technologies 1.3.1 LiveCDs 1.3.2 ISO images 1.3.3 Bootable USB drives 1.3.4 Creating a persistent LiveCD 1.4 Open source tools 1.4.1 Tools for building LiveCDs 1.4.2 Penetration testing toolkits 1.4.3 Penetration testing targets 1.5 Case study: the tools in action 1.6 Hands-on challenge Summary Endnote Chapter 2 Reconnaissance 2.1 Objective 2.2 A methodology for reconnaissance 2.3 Intelligence gathering 2.3.1 Core technologies 2.3.2 Approach 2.3.3 Open source tools 2.3.4 Intelligence gathering summary 2.4 Footprinting 2.4.1 Core technologies 2.4.2 Approach 2.4.3 Open source tools 2.4.4 Footprinting summary 2.5 Human recon 2.5.1 Core technologies 2.5.2 Open source tools 2.5.3 Human recon summary 2.6 Verification 2.6.1 Core technologies 2.6.2 Approach 2.6.3 Open source tools 2.6.4 Verification summary 2.7 Case study: the tools in action 2.7.1 Intelligence gathering, footprinting, and verification of an Internet-connected network 2.7.2 Case study summary 2.8 Hands-on challenge Summary Endnotes Chapter 3 Scanning and Enumeration 3.1 Objectives 3.1.1 Before you start 3.1.2 Why do scanning and enumeration? 3.2 Scanning 3.2.1 Approach 3.2.2 Core technology 3.2.3 Open source tools 3.3 Enumeration 3.3.1 Approach 3.3.2 Core technology 3.3.3 Open source tools 3.4 Case studies: the tools in action 3.4.1 External 3.4.2 Internal 3.4.3 Stealthy 3.4.4 Noisy (IDS) testing 3.5 Hands-on challenge Summary Chapter 4 Client-Side Attacks and Human Weaknesses 4.1 Objective 4.2 Phishing 4.2.1 Approaches 4.2.2 Core technologies 4.2.3 Open source tools 4.3 Social network attacks 4.3.1 Approach 4.3.2 Core technologies 4.3.3 Open source tools 4.4 Custom malware 4.4.1 Approach 4.4.2 Core technologies 4.4.3 Open source tools 4.5 Case study: the tools in action 4.6 Hands-on challenge Summary Endnote Chapter 5 Hacking Database Services 5.1 Objective 5.2 Core technologies 5.2.1 Basic terminology 5.2.2 Database installation 5.2.3 Communication 5.2.4 Resources and auditing 5.3 Microsoft SQL Server 5.3.1 Microsoft SQL Server users 5.3.2 SQL Server roles and permissions 5.3.3 SQL Server stored procedures 5.3.4 Open source tools 5.4 Oracle database management system 5.4.1 Oracle users 5.4.2 Oracle roles and privileges 5.4.3 Oracle stored procedures 5.4.4 Open source tools 5.5 Case study: the tools in action 5.6 Hands-on challenge Summary Chapter 6 Web Server and Web Application Testing 6.1 Objective 6.1.1 Web server vulnerabilities: a short history 6.1.2 Web applications: the new challenge 6.2 Approach 6.2.1 Web server testing 6.2.2 CGI and default pages testing 6.2.3 Web application testing 6.3 Core technologies 6.3.1 Web server exploit basics 6.3.2 CGI and default page exploitation 6.3.3 Web application assessment 6.4 Open source tools 6.4.1 WAFW00F 6.4.2 Nikto 6.4.3 Grendel-Scan 6.4.4 fimap 6.4.5 SQLiX 6.4.6 sqlmap 6.4.7 DirBuster 6.5 Case study: the tools in action 6.6 Hands-on challenge Summary Endnote Chapter 7 Network Devices 7.1 Objectives 7.2 Approach 7.3 Core technologies 7.3.1 Switches 7.3.2 Routers 7.3.3 Firewalls 7.3.4 IPv6 7.4 Open source tools 7.4.1 Footprinting tools 7.4.2 Scanning tools 7.4.3 Enumeration tools 7.4.4 Exploitation tools 7.5 Case study: the tools in action 7.6 Hands-on challenge Summary Chapter 8 Enterprise Application Testing 8.1 Objective 8.2 Core technologies 8.2.1 What is an enterprise application? 8.2.2 Multi-tier architecture 8.2.3 Integrations 8.3 Approach 8.4 Open source tools 8.4.1 Nmap 8.4.2 Netstat 8.4.3 sapyto 8.4.4 soapUI 8.4.5 Metasploit 8.5 Case study: the tools in action 8.6 Hands-on challenge Summary Chapter 9 Wireless Penetration Testing 9.1 Objective 9.2 Approach 9.3 Core technologies 9.3.1 Understanding WLAN vulnerabilities 9.3.2 Evolution of WLAN vulnerabilities 9.3.3 Wireless penetration testing tools 9.4 Open source tools 9.4.1 Information-gathering tools 9.4.2 Footprinting tools 9.4.3 Enumeration tool 9.4.4 Vulnerability assessment tool 9.4.5 Exploitation tools 9.4.6 Bluetooth vulnerabilities 9.5 Case study: the tools in action 9.6 Hands-on challenge Summary Chapter 10 Building Penetration Test Labs 10.1 Objectives 10.2 Approach 10.2.1 Designing your lab 10.2.2 Building your lab 10.2.3 Running your lab 10.3 Core technologies 10.3.1 Defining virtualization 10.3.2 Virtualization and penetration testing 10.3.3 Virtualization architecture 10.4 Open source tools 10.4.1 Xen 10.4.2 VirtualBox 10.4.3 GNS3/Dynagen/Dynamips 10.4.4 Other tools 10.5 Case study: the tools in action 10.6 Hands-on challenge Summary Index

Quotes and reviews

"This book is relevant for a community of hackers (in the positive sense hopefully) or technical auditors. The author, Jeremy Faircloth, is a Sr. Manager/Solutions Architect for Best Buy where, with his team, he architects and maintains enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals. He is an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. The author is also co-author to several technical books covering a variety of topics. The author presents in this book a kind of toolbox that can help to test systems’ resiliency to penetration actions and thus revealing any exploitable vulnerabilities. The elements presented in this book should enable the design of a penetration tests laboratory."--Computers and Security

"Readers would find a rich collection of tools here.… Those with a background in this area would find the collection of tool usage and reviews helpful and would benefit from this as a resource."--BCS.org

"Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester's Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. This is just the kind of writing we should be expecting from our front runners in IT to be doing to support our Enterprise."--Tim Hoffman, President, Alida Connection

"All in all Penetration Tester’s Open Source Toolkit is a good read. Clear, concise and made me want to put to work the knowledge I had learnt at the end of each chapter so that I could say, yes I do understand how that works and how to use it in future tests."--review on Hakin9.org

"Intended for new and experienced penetration testers as well as database administrators, system architects, and others involved in security design, this guide to open source tools provides detailed practical information on freely available applications for security testing. Beginning with an overview of general tools, the work covers reconnaissance and scanning, client side attacks, database hacking, web and web application vulnerabilities, wireless penetration and building customized testing and penetration ‘labs.’ The volume includes numerous screenshots, illustrations, and code examples as well as information on where to collect the open source applications discussed in the work."--SciTech Book News

"My first impression about this book was that it was loaded with information! The book is well organized and systematically walks you through the art/science of penetration testing. The language used is easy to understand and if you look at each chapter, the book is organized in a certain fashion. Each chapter starts with an objectives section and the approach taken, followed by a concise discussion on the core technologies and various helpful Open Source tools. The last section before the summary is dedicated to a case study, which helps tie together all the information from that chapter. One element of the book that really stood out for me was the Hands-on challenge section. It really lifts the book from a passive reading source to a more practical guide and prompts the reader to experiment with a few things."--PenTest Magazine

"As mentioned earlier, this book is a treasure of open source tools, but what I would have loved to see is a "cheatsheet" of all the tools mentioned. One of the biggest takeaways for me from the book is the importance of getting comfortable with open source tools, such as Backtrack suite and Metasploit. Knowledge of python can be an added advantage, especially if you intend to modify the existing script."--PenTest Online

 
 

Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us