BKNTSCTL.RVW 20051204 "Network Security Tools", Nitesh Dhanjani/Justin Clarke, 2005, 0-596-00794-9, U$34.95/C$48.95 %A Nitesh Dhanjani %A Justin Clarke %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2005 %G 0-596-00794-9 %I O'Reilly & Associates, Inc. %O U$34.95/C$48.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596007949/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596007949/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596007949/robsladesin03-20 %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 324 p. %T "Network Security Tools" The preface states that the audience for the book is comprised of anyone who wants to program their own vulnerability scanners, or extend those already available. It assumes familiarity with six of the major tools in that class, as well as Perl. Chapter one deals with writing plug-ins for Nessus. It covers the installation and quick use of the program, and then outlines the Nessus Attack Scripting Language, including a few sample scripts. The Ettercap network analyzer and its plug-ins (in the C language) are in chapter two. (An overview of authentication for the ftp protocol is provided in order to discuss looking for ftp passwords.) The Hydra password sniffer (and SMTP authentication) is described in chapter three, as well as the Nmap port scanner. Chapter four looks at plug-ins (in Perl) for the Nikto Web scanner. The Metasploit Framework generic exploit development platform is examined in chapter five, which also has a brief explanation of stack overflows. Chapter six discusses analysis of (mostly source) code for Web applications in a search for vulnerabilities, reviewing the PMD Java analysis tool, and reprinting pages of Java source code. Part two turns to writing network security tools. Chapter seven is primarily a tutorial on Linux kernel modules. Using Perl to write a Web application scanner is in chapter eight. SQL injection, and testing for error message responses, is examined in chapter nine. Chapter ten covers the use of the libpcap library for producing network sniffing utilities. Packet injection, using the libnet library and AirJack device driver, is in chapter eleven. While a lot of sample code is given in this text, ultimately it is about using a bunch of tools. The examples and exploits are interesting, and do provide an indication of limited types of testing utilities that could be developed. copyright Robert M. Slade, 2005 BKNTSCTL.RVW 20051204