Penetration Tester's Open Source Toolkit: 2 Paperback – 8 Dec. 2007

This book tends to describe what to do, without really explaining why it works. As such it does not educate the reader.It is rather annoying just how many times they manage to mention SensePost, which according to the biography just happens to employ a number of the authors.One to avoid. Just download the open source software yourself and read the man pages - just as good and will save you money.

It's slightly ironic that this book has "open source toolkit" in its title when quite a few of the footprinting tools that are mentioned in the book are scripts and tools from Sensepost - which crucially, appear not to be on an open source licence. The book mentions some of the pay-for tools that sensepost supply, e.g. BidiBlah (which isn't "free" nor open source)from sensepost's website:"The evaluation of BiDiBLAH is limited to a 60 minute run time, and saving of data has been disabled. The full version is licensed for 1 year, and costs $500"Apart from that, The book isn't that bad and has some good suggestions of how to proceed through the stages of a pen test and there are good work through examples with regard web applications. The wireless section is a bit lightweight for me but is a good overview. Forensics information relies heavily on the use of the accompanying Backtrack 2 CD, but none-the-less is OK, but is weak on the procedural/bureaucratic side of forensic investigation.Useful book to have on a shelf to help you prepare a pre-engagement plan if you find yourself in unfamiliar territory during a pen test - but is let down by the quasi or non open source tools referenced in the book.