Tuesday, October 25, 2011

Book review: Penetration Tester's Open Source Toolkit, Third Edition

This book is a rather ok book for people new to the penetration testing and average for the more experienced ones. The chapters of the book follow the same methodology: Objectives, approach/technologies/tools, case study, hands-on challenge and close with a summary and an end note. This leads to some boring/useless repetition in some chapters.

Chapter 1 is a general introduction to the use of tools, but 29 pages is a bit too much given that it has a lot of filler text (why discuss LiveCD/LiveUSB creation and modification in details ?)

Chapter 2 Reconnaissance is probably the best written chapter of the book. It discusses the theory and the tools used to gather information in a solid way and covers many small and often forgotten details.

Chapter 3 Scanning and enumeration is average. that mostly looked like an average Nmap manual with listings on many pages and man pages copy pasting but still couldn't cover NSE in more than half a page. Oh, and the chapter (and whole book) has no reference to Scapy at all ? that's shameful ;)

Chapter 4 Client-side attacks and human weaknesses is an ok chapter. As expected it introduced to phishing attacks and how to make them more effective. The main discussed tool is with no surprise the Social-Engineering Toolkit. Nothing exceptional.

Chapter 5 Hacking databases services includes some good theory on MS SQL and Oracle RDBMS. Beside Nmap, the discussed tools are mainly Metasploit auxiliary modules.

Chapter 6 Web Server and Web Application testing. This is the worse chapter by a large margin. For such a large topic and a short number of pages (~40), it discusses stack and heap based buffer overflows... Not only this, but rather than a good introduction to HTTP and manual testing with intercepting proxies like ZAP/Webscarab/W3af, it briefly discusses the common web application vulnerabilities in a paragraph or two each and then goes on talking about tools: WAF detection with WAF00F (who's the audience again ?) and automatic scans with Nikto, Grendel and fimap, SQLiX etc... there are also some filler Nmap scans screenshots again.

Chapter 7 Network Devices has some rather ok theory on different networking protocols and use of different tools. Again, there's some Nmap filler...

Chapter 8 Enterprise application testing has good information on enterprise applications, the architecture and technologies used. Beside the Nmap filler that adds nearly nothing new, it discusses the use of tools like sapyto and soapUI.

Chapter 9 Wireless penetration testing covers well both theory and use of tools for wifi technologies. It also discusses briefly the bluethooth technology. Finally, a chapter with no Nmap filler.

Chapter 10 Building penetration test labs should have been moved to the beginning of the book or be a pointed to annexe. it discusses building home labs with virtualization tools, safety, reporting and penetration testing frameworks.

Rating: 3/5


  1. Hi,

    Thank you for the feedback. As the author of this book, I actually do appreciate all of the constructive feedback I can get to help make future editions better.

    The focus of the book was around open source tools, so it's true that there wasn't a lot of background on web application testing. There are tons of books that specialize in that area but my goal was to cover open source tools associated with the topic. Hopefully that was accomplished. It's a difficult balance to include core technologies as well as in-depth tool information without making every chapter a full size book.

    Scapy is a very useful tool and would probably fit well in a couple of different areas. Good catch and if I do a 4th edition I'll be sure to include it. Unfortunately, quite a few excellent tools weren't mentioned due to page count restrictions.

    Again, your feedback is appreciated!

    Wishing you the best,

    Jeremy Faircloth

    1. Hi Jeremy,

      Thanks for the comment. I believe I had high expectations for 6th chapter as I am more interested in Web Security, and I was expecting some discussion about Open Source manual testing tools (Intercepting proxies such as OWASP ZAP or Firefox with some commonly used extensions).

      Good luck with the 4th edition.