ISACA Journal
Volume 4, 2,014 

Book Reviews 

Penetration Tester’s Open Source Toolkit, 3rd Edition 

Jeremy Faircloth | Reviewed by Joyce Chua, CISA, CISM, CITPM, ITIL, PMP 

Penetration Tester’s Open Source ToolkitPenetration Tester’s Open Source Toolkit, 3rd Edition is a learning guide relevant to IT security professionals, ethical hackers and IT auditors who are required to perform and understand penetration testing with open-source tools.

This third edition contains up-to-date content, including information on enterprise application testing, client-side attacks, and updates on Metasploit and Backtrack. Commercial penetration testing tools have questionable accuracy, can be very expensive and are sometimes hard to use. This book helps to solve these problems by offering current open-source, no-cost penetration testing tools that can be modified by the user for different situations. To help the reader, this book expands on existing available instructional tools to provide the reader with the most accurate and in-depth test results.

The book is broken down into 10 chapters: Tools of the Trade, Reconnaissance, Scanning and Enumeration, Client-side Attacks and Human Weaknesses, Hacking Database Services, Web Server and Web Application Testing, Network Devices, Enterprise Application Testing, Wireless Penetration Testing, and Building Penetration Test Labs.

Each chapter begins with an objectives section and the approach taken, followed by a concise discussion of the core technologies and various helpful open-source tools available. The last section of each chapter offers a case study that helps tie together all the information from that chapter. Then, the hands-on challenge section brings the book from passive reading to a practical guide, prompting the reader to proactively take up experimental challenges.

Because this book is loaded with information and is systematically organized, readers do not need to read from beginning to end as they can just start from any chapter. This book also offers many screenshots, illustrations and code examples. It serves as an excellent starting point for readers who are required to understand and assess if penetration testing should be added to an organization’s services or are required to execute penetration testing with minimal cost.

This book is really a treasure trove of open-source penetration testing tools. It supplements existing research and compresses a variety of content from other publications.

Editor’s Note

Penetration Tester’s Open Source Toolkit, 3rd Edition is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit, email or telephone +1.847.660.5650.

Reviewed by Joyce Chua, CISA, CISM, CITPM, ITIL, PMP, who is a Global IT Compliance manager for GLOBALFOUNDRIES, one of the world’s top dedicated semiconductor foundries. Chua is a member of the ISACA Publications Subcommittee.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.