Penetration testing is often considered an art as much as it is a science, but even an
artist needs the right brushes to do the job well. Many commercial and open source
tools exist for performing penetration testing, but it’s often hard to ensure that you
know what tools are available and which ones to use for a certain task. Through the
next 10 chapters, we’ll be exploring the plethora of open source tools that are
available to you as a penetration tester, how to use them, and in which situations they
apply.
Open source tools are pieces of software which are available with the source code
so that the software can be modified and improved by other interested contributors.
In most cases, this software comes with a license allowing for distribution of the
modified software version with the requirement that the source code continue to be
included with the distribution. In many cases, open source software becomes
a community effort where dozens if not hundreds of people are actively contributing
code and improvements to the software project. This type of project tends to result in
a stronger and more valuable piece of software than what would often be developed
by a single individual or small company.
While commercial tools certainly exist in the penetration testing space, they’re
often expensive and, in some cases, too automated to be useful for all penetration
testing scenarios. There are many common situations where the open source tools
that we will be talking about fill a need better and (obviously) more cost effectively
than any commercial tool. The tools that we will be discussing throughout this book
are all open source and available for you to use in your work as a penetration tester.