Review: Penetration Tester's Open Source Toolkit.
The Penetration Testers Open Source Toolkit is a new offering from Syngress that primarily focuses on using the Auditor live CD. The 200605-02-ipw2100 version comes included with the book; if you have an IPW2200 wireless interface in your laptop, though, the 802.11x tools wont work as it doesnt include the proper driver.
The book walks through using a number of Open Source or free tools for overall reconnaissance, enumeration, and scanning (most of which everyones seen before), but then it delves into database, web application, and wireless testing as well as network devices. Theres a chapter on Writing Open Source Security Tools, but its a little misleading as its a quick guide to writing security tools without any real discussion of open source development or what it means other than an appendix that briefly includes and talks about the GPL and why its good.
There are four chapters on Nessus, most of which focus on using NASL and other ways of extending the venerable vulnerability scanner. The final two chapters discuss the Metasploit Project; the first of these is also misleading as its not so much about Extending Metasploit as it is an (admittedly good) introduction to the Framework. The second does a decent walkthrough of developing an exploit with Metasploit, including other offerings from the project like the Opcode Database and such.
Its a very useful book; much of it youll already know, but theres a lot of discussion about tools that I hadnt seen before. A few of the tools are mostly out-dated, and not all of them are on the Auditor CD, but this goes beyond simple discussions of nmap and whois; even some Google tools from Sensepost are examined. The database chapter features a lot of great information about Oracle but is cursory in its discussion of SQL Server (though Ill be reviewing another book focusing on database testing in the near future). The other topic areas receive decent coverage, if somewhat fast-paced from time to time.
Im not an expert in NASL, so all I can say about the Nessus chapters is that they appear fairly in-depth and should be useful to me in the future; if you dont know much about scripting for Nessus, at a minimum theyll be a good introduction. The Metasploit Framework was something Id never used before, but with the help of this book and a few other resources on the Net, its immediately become a staple in my toolbox along with venerable testing resources like nmap and Nessus the software is that good, and the text here is clear enough that you should be able to get started with it right away.
Overall, Im pretty pleased with this book, but its not as in-depth as I had expected when it arrived. Even though the book is 678 pages long, not including the GPL or the index, the type face is fairly large and there are a lot of examples and sidebars. Id like a little wider margins and a little smaller point size so that I could make better notes. There are a number of typos, few of which have any technical signifance (those that do are mostly incorrect acronym explications). The technical level feels just right to me for a mid-level security consultant: this is deeper than Hacking Exposed but its not quite as technical as Hacking: The Art of Exploitation. It wont hold your hand, but you dont need to understand assembly and the intricacies of buffer overflows for all but a few portions of the book (it would be a good idea for you to learn them, though!) Also note that the book focuses on vulnerability assessment; further exploitation of a compromised system is not really discussed. That is, tools and techniques to demonstrate vulnerabilities are shown, but once youre in, youre on your own.
Id recommend this to anyone involved in vulnerability assessment or penetration testing, whether as a consultant, system administrator, security engineer, etc., if for no other reason than it may introduce you to some tools you havent seen before.
[Caffeinated Security]