BKPTOSTK.RVW 20061031 "Penetration Tester's Open Source Toolkit", Johnny Long et al, 2006, 978-1-59749-021-0, U$59.95/C$83.95 %A Johnny Long et al johnny.ihackstuff.com %C 800 Hingham Street, Rockland, MA 02370 %D 2006 %G 978-1-59749-021-0 %I Syngress Media, Inc. %O U$59.95/C$83.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O www.amazon.com/exec/obidos/ASIN/9781597490210/robsladesinterne %O www.amazon.co.uk/exec/obidos/ASIN/9781597490210/robsladesinte-21 %O www.amazon.ca/exec/obidos/ASIN/9781597490210/robsladesin03-20 %O Audience s Tech 2 Writing 1 (see revfaq.htm for explanation) %P 704 p. + CD-ROM %T "Penetration Tester's Open Source Toolkit" There is no preface or explanation for the book, so you have to infer, from jacket references and other mentions, that the work is based (possibly very loosely) on Max Moser's Auditor Security Collection of (open source) penetration testing tools, available at www.remote- exploit.org. It is difficult to say how close the relationship between the text and the CD is, since there isn't even a listing of the contents of the Auditor Security Collection, although the collection is included on the CD-ROM that is packaged with the primer. Chapter one addresses the reconnaissance phase of a penetration. There is a general introduction to the task and a listing of some available tools, both in software and utility Websites. Some of the concepts of port scanning are outlined in chapter two, although the explanations are sometimes careless. (It is possible to obtain information related to scanning through passive means, but the implication that port scanning itself is a passive activity is misleading at best.) A few tools for examining Oracle and Microsoft SQL Server databases are listed in chapter three. Chapter four turns to Web servers (and applications). Various tools are described, mostly with extensive (and not always illustrative) screenshots. There is also a brief but wide-ranging overview of general penetration testing ideas (such as methods for trying to find the ever-present buffer overflows). Wireless networks are described in detail in chapter five, particularly in terms of the weaknesses of the various forms of encryption technologies used. Chapter six describes a number of standard network utilities, plus some of the more recent mapping and enumeration tools. Chapter seven is supposed to introduce readers to the joys of writing security utilities for the open source community, but screenshots of development environments and lists of keywords are not going to teach anyone to code, let alone design elegant tools. There is a meager description of the Nessus vulnerability scanner in chapter eight, although it is complimented by a detailed outline of the Auditor startup script and options. Chapter nine covers the Nessus Attack Scripting Language (NASL) so you can script your own attacks. Nessus libraries and references are discussed in chapter ten. The calls for Nessus SMB (Server Message Block) programming, in chapter eleven, allow attacks to be scripted for Microsoft Windows systems. Chapter twelve is an introduction to the interfaces and options of the Metasploit Framework (MSF) exploit and vulnerability coding utility. Chapter thirteen purports to be about writing your own exploits for and in Metasploit, but instead walks through the examination of a buffer overflow situation. Metasploit tools are used, but poorly explained, and the exegesis of writing modules for Metasploit is similarly inadequate. The chapters of the book are written by different authors, so the quality of both writing and material varies tremendously. The lack of direction in terms of the intent of the work does not help in assessing either the overall value or specific groups who might benefit from the text. Much of the space is taken up with screenshots and illustrations of dubious merit, and the text, while often informative, is sparsely structured and generally aimed at a level which is either too simplistic or too advanced to be used as an introduction to the tools or techniques being discussed. There are nuggets of information throughout the work, but you have to plow through a lot of stuff to find them. copyright Robert M. Slade, 2006 BKPTOSTK.RVW 20061031