You are previewing Penetration Tester's Open Source Toolkit.
O'Reilly logo
Penetration Tester's Open Source Toolkit

Book Description

Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the user for each situation. Many tools, even ones that cost thousands of dollars, do not come with any type of instruction on how and in which situations the penetration tester can best use them. Penetration Tester's Open Source Toolkit, Third Edition, expands upon existing instructions so that a professional can get the most accurate and in-depth test results possible. Real-life scenarios are a major focus so that the reader knows which tool to use and how to use it for a variety of situations.



  • Details current open source penetration testing tools
  • Presents core technologies for each type of testing and the best tools for the job
  • New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack

Table of Contents

  1. Front Cover
  2. Penetration Tester's Open Source Toolkit
  3. Copyright
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
    1. Book overview and key learning points
    2. Book audience
    3. How this book is organized
    4. Conclusion
  8. About the Author
  9. About the Technical Editor
  10. Chapter 1 -Tools of the trade
    1. 1.1 -Objectives
    2. 1.2 -Approach
    3. 1.3 -Core technologies
    4. 1.4 -Open source tools
    5. 1.5 -Case study: the tools in action
    6. 1.6 -Hands-on challenge
    7. Summary
    8. Endnote
  11. Chapter 2 -Reconnaissance
    1. 2.1 -Objective
    2. 2.2 -A methodology for reconnaissance
    3. 2.3 -Intelligence gathering
    4. 2.4 -Footprinting
    5. 2.5 -Human recon
    6. 2.6 -Verification
    7. 2.7 -Case study: the tools in action
    8. 2.8 -Hands-on challenge
    9. Summary
    10. Endnotes
  12. Chapter 3 -Scanning and enumeration
    1. 3.1 -Objectives
    2. 3.2 -Scanning
    3. 3.3 -Enumeration
    4. 3.4 -Case studies: the tools in action
    5. 3.5 -Hands-on challenge
    6. Summary
  13. Chapter 4 -Client-side attacks and human weaknesses
    1. 4.1 -Objective
    2. 4.2 -Phishing
    3. 4.3 -Social network attacks
    4. 4.4 -Custom malware
    5. 4.5 -Case study: the tools in action
    6. 4.6 -Hands-on challenge
    7. Summary
    8. Endnote
  14. Chapter 5 -Hacking database services
    1. 5.1 -Objective
    2. 5.2 -Core technologies
    3. 5.3 -Microsoft SQL Server
    4. 5.4 -Oracle database management system
    5. 5.5 -Case study: the tools in action
    6. 5.6 -Hands-on challenge
    7. Summary
  15. Chapter 6 -Web server and web application testing
    1. 6.1 -Objective
    2. 6.2 -Approach
    3. 6.3 -Core technologies
    4. 6.4 -Open source tools
    5. 6.5 -Case study: the tools in action
    6. 6.6 -Hands-on challenge
    7. Summary
    8. Endnote
  16. Chapter 7 -Network devices
    1. 7.1 -Objectives
    2. 7.2 -Approach
    3. 7.3 -Core technologies
    4. 7.4 -Open source tools
    5. 7.5 -Case study: the tools in action
    6. 7.6 -Hands-on challenge
    7. Summary
  17. Chapter 8 -Enterprise application testing
    1. 8.1 -Objective
    2. 8.2 -Core technologies
    3. 8.3 -Approach
    4. 8.4 -Open source tools
    5. 8.5 -Case study: the tools in action
    6. 8.6 -Hands-on challenge
    7. Summary
  18. Chapter 9 -Wireless penetration testing
    1. 9.1 -Objective
    2. 9.2 -Approach
    3. 9.3 -Core technologies
    4. 9.4 -Open source tools
    5. 9.5 -Case study: the tools in action
    6. 9.6 -Hands-on challenge
    7. Summary
  19. Chapter 10 -Building penetration test labs
    1. 10.1 -Objectives
    2. 10.2 -Approach
    3. 10.3 -Core technologies
    4. 10.4 -Open source tools
    5. 10.5 -Case study: the tools in action
    6. 10.6 -Hands-on challenge
    7. Summary
  20. Index