Penetration Tester's Open Source Toolkit
- 3rd Edition - July 18, 2011
- Imprint: Syngress
- Author: Jeremy Faircloth
- Language: English
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 6 2 8 - 5
Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which the… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quotePenetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation.
This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack.
This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.
- Details current open source penetration testing tools
- Presents core technologies for each type of testing and the best tools for the job
- New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack
Beginner to intermediate penetration testers as welll as security analysts/consultants and sys. admins
Acknowledgments
Introduction
About the Author
About the Technical Editor
Chapter 1 Tools of the Trade
1.1 Objectives
1.2 Approach
1.3 Core technologies
1.3.1 LiveCDs
1.3.2 ISO images
1.3.3 Bootable USB drives
1.3.4 Creating a persistent LiveCD
1.4 Open source tools
1.4.1 Tools for building LiveCDs
1.4.2 Penetration testing toolkits
1.4.3 Penetration testing targets
1.5 Case study: the tools in action
1.6 Hands-on challenge
Summary
Endnote
Chapter 2 Reconnaissance
2.1 Objective
2.2 A methodology for reconnaissance
2.3 Intelligence gathering
2.3.1 Core technologies
2.3.2 Approach
2.3.3 Open source tools
2.3.4 Intelligence gathering summary
2.4 Footprinting
2.4.1 Core technologies
2.4.2 Approach
2.4.3 Open source tools
2.4.4 Footprinting summary
2.5 Human recon
2.5.1 Core technologies
2.5.2 Open source tools
2.5.3 Human recon summary
2.6 Verification
2.6.1 Core technologies
2.6.2 Approach
2.6.3 Open source tools
2.6.4 Verification summary
2.7 Case study: the tools in action
2.7.1 Intelligence gathering, footprinting, and verification of an Internet-connected network
2.7.2 Case study summary
2.8 Hands-on challenge
Summary
Endnotes
Chapter 3 Scanning and Enumeration
3.1 Objectives
3.1.1 Before you start
3.1.2 Why do scanning and enumeration?
3.2 Scanning
3.2.1 Approach
3.2.2 Core technology
3.2.3 Open source tools
3.3 Enumeration
3.3.1 Approach
3.3.2 Core technology
3.3.3 Open source tools
3.4 Case studies: the tools in action
3.4.1 External
3.4.2 Internal
3.4.3 Stealthy
3.4.4 Noisy (IDS) testing
3.5 Hands-on challenge
Summary
Chapter 4 Client-Side Attacks and Human Weaknesses
4.1 Objective
4.2 Phishing
4.2.1 Approaches
4.2.2 Core technologies
4.2.3 Open source tools
4.3 Social network attacks
4.3.1 Approach
4.3.2 Core technologies
4.3.3 Open source tools
4.4 Custom malware
4.4.1 Approach
4.4.2 Core technologies
4.4.3 Open source tools
4.5 Case study: the tools in action
4.6 Hands-on challenge
Summary
Endnote
Chapter 5 Hacking Database Services
5.1 Objective
5.2 Core technologies
5.2.1 Basic terminology
5.2.2 Database installation
5.2.3 Communication
5.2.4 Resources and auditing
5.3 Microsoft SQL Server
5.3.1 Microsoft SQL Server users
5.3.2 SQL Server roles and permissions
5.3.3 SQL Server stored procedures
5.3.4 Open source tools
5.4 Oracle database management system
5.4.1 Oracle users
5.4.2 Oracle roles and privileges
5.4.3 Oracle stored procedures
5.4.4 Open source tools
5.5 Case study: the tools in action
5.6 Hands-on challenge
Summary
Chapter 6 Web Server and Web Application Testing
6.1 Objective
6.1.1 Web server vulnerabilities: a short history
6.1.2 Web applications: the new challenge
6.2 Approach
6.2.1 Web server testing
6.2.2 CGI and default pages testing
6.2.3 Web application testing
6.3 Core technologies
6.3.1 Web server exploit basics
6.3.2 CGI and default page exploitation
6.3.3 Web application assessment
6.4 Open source tools
6.4.1 WAFW00F
6.4.2 Nikto
6.4.3 Grendel-Scan
6.4.4 fimap
6.4.5 SQLiX
6.4.6 sqlmap
6.4.7 DirBuster
6.5 Case study: the tools in action
6.6 Hands-on challenge
Summary
Endnote
Chapter 7 Network Devices
7.1 Objectives
7.2 Approach
7.3 Core technologies
7.3.1 Switches
7.3.2 Routers
7.3.3 Firewalls
7.3.4 IPv6
7.4 Open source tools
7.4.1 Footprinting tools
7.4.2 Scanning tools
7.4.3 Enumeration tools
7.4.4 Exploitation tools
7.5 Case study: the tools in action
7.6 Hands-on challenge
Summary
Chapter 8 Enterprise Application Testing
8.1 Objective
8.2 Core technologies
8.2.1 What is an enterprise application?
8.2.2 Multi-tier architecture
8.2.3 Integrations
8.3 Approach
8.4 Open source tools
8.4.1 Nmap
8.4.2 Netstat
8.4.3 sapyto
8.4.4 soapUI
8.4.5 Metasploit
8.5 Case study: the tools in action
8.6 Hands-on challenge
Summary
Chapter 9 Wireless Penetration Testing
9.1 Objective
9.2 Approach
9.3 Core technologies
9.3.1 Understanding WLAN vulnerabilities
9.3.2 Evolution of WLAN vulnerabilities
9.3.3 Wireless penetration testing tools
9.4 Open source tools
9.4.1 Information-gathering tools
9.4.2 Footprinting tools
9.4.3 Enumeration tool
9.4.4 Vulnerability assessment tool
9.4.5 Exploitation tools
9.4.6 Bluetooth vulnerabilities
9.5 Case study: the tools in action
9.6 Hands-on challenge
Summary
Chapter 10 Building Penetration Test Labs
10.1 Objectives
10.2 Approach
10.2.1 Designing your lab
10.2.2 Building your lab
10.2.3 Running your lab
10.3 Core technologies
10.3.1 Defining virtualization
10.3.2 Virtualization and penetration testing
10.3.3 Virtualization architecture
10.4 Open source tools
10.4.1 Xen
10.4.2 VirtualBox
10.4.3 GNS3/Dynagen/Dynamips
10.4.4 Other tools
10.5 Case study: the tools in action
10.6 Hands-on challenge
Summary
Index
- Edition: 3
- Published: July 18, 2011
- Imprint: Syngress
- Language: English
- eBook ISBN: 9781597496285
JF
Jeremy Faircloth
Jeremy Faircloth (CISSP, Security+, CCNA, MCSE, MCP+I, A+) is an IT practitioner with a background in a wide variety of technologies as well as experience managing technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. Described as a “Renaissance man of IT” with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.
Affiliations and expertise
(Security+, CCNA, MCSE, MCP+I, A+), Senior Principal IT Technologist, Medtronic, Inc.Read Penetration Tester's Open Source Toolkit on ScienceDirect