• List Price: CDN$ 45.32
  • You Save: CDN$ 10.09 (22%)
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Network Security Tools: W... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Condition: Used: Good
Comment: Moderate wear on cover and edges. Minimal highlighting and/or other markings can be present. May be ex-library copy and may not include CD, Accessories and/or Dust Cover. Good readable copy.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Network Security Tools: Writing, Hacking, and Modifying Security Tools Paperback – Apr 14 2005

See all 3 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 35.23
CDN$ 26.39 CDN$ 10.75

Harry Potter and the Cursed Child
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 344 pages
  • Publisher: O'Reilly Media; 1 edition (April 14 2005)
  • Language: English
  • ISBN-10: 0596007949
  • ISBN-13: 978-0596007942
  • Product Dimensions: 17.8 x 2.3 x 23.3 cm
  • Shipping Weight: 544 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #2,296,728 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description


"There are a number of books available from various sources discussing some of these issues and as usual it is an advantage to have several sources available when entering into a particular information security subfield. However, in terms of direct usability this is an excellent work that I don't hesitate to recommend." Information Security Bulletin, November 2005

About the Author

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.

Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team.

Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.

Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science.

Dhanjani's personal blog is located at dhanjani.com.

Justin Clarke is a Director with Gotham Digital Science, based in the United Kingdom. He has many years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.

Justin is the co-author of Network Security Tools: Writing, Hacking, and Modifying Security Tools, a contributing author to Network Security Assessment: Know Your Network, 2nd Edition, and the lead author of SQL Injection Attacks and Defenses (Syngress) as well as having been invited to speak at a number of conferences on security topics, including Black Hat, EuSecWest, OSCON and RSA.

Justin is active in developing security tools for penetrating web applications, servers, and wireless networks and as a compulsive tinkerer he can't leave anything alone without at least trying to see how it works.

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0xa41235d0) out of 5 stars 3 reviews
7 of 7 people found the following review helpful
HASH(0xa4167948) out of 5 stars for active programming April 28 2005
By W Boudville - Published on Amazon.com
Format: Paperback
Under the covers of one book, the authors present a coherent view of the various network security packages freely available. The bias is in favour of open source tools, if only because these are free. The book goes deeper than just explaining how to run Nessus or Ettercap or... [etc] Most chapters involve the writing of plug-ins or extensions to those tools. Actually, another criterion for a tool to be covered in this book seems to be if it has precisely this ability to be extended by any competent person (like you).

Thus, the book is directed slightly more towards the network programmer than the network sysadmin. Though this is by no means a sharp demarcation, I hasten to add. In fact, you might be a sysadmin dissatisfied with running your current Intrusion Detection System package simply just out of the box. If so, try actively programming plug-ins using this book, to adapt the IDS to your actual network situation.
3 of 3 people found the following review helpful
HASH(0xa4167c78) out of 5 stars Learn the internals and how to customize popular tools Nov. 27 2005
By jose_monkey_org - Published on Amazon.com
Format: Paperback
In recent years the proliferation of open source network security tools has been a boon to all aspects of the IT industry. This era was given more significance with the release of the tool SATAN, which easily enabled administrators to scan their networks for vulnerabilities. Since then, many of the most favored tools in the infosec industry are open source. This means that users can extend them as they see fit, but often this is a difficult task. Dhanjani and Clarke's book Network Security Tools is there to assist you in modifying existing tools and even writing your own.

The book is divided into two main sections, modifying several popular tools like Nessus and Metasploit, and writing new tools for the Linux kernel and the network using libpcap and libnet. Written for the intermediate-level user, NST gets right to it in Chapter 1, diving right into writing plug-ins for Nessus. Because vulnerabilities appear every day and may differ on the network you're examining, you may have to write your own plug-in that someone else hasn't. Or you may want the fame and notoriety of writing these plug-ins quickly and accurately. Whatever your motivation, you'll learn how to use NASL to write your extension. While the license has recently changed for Nessus, the version that this book targets, 2.x, will always be GPL and available for you to use.

The existing tools covered in the book - Nessus, Ethereal, Ettercap, Metasploit, Nikto, Hydra. and PMD - are designed to be extended. They have a framework and often a rich API (or, in the case of Nessus, their own language) to allow you to write those extensions. Each of the chapters on these frameworks covers some of the same basic format, namely an overview of the tools, the framework, and then an example plug-in or extension. The quality of the chapters varies, presumably due to the natural differences in the authors' experiences. However, you'll learn something in each of them.

The second half of the book covers writing your own tools against four or five different landscapes. These are Linux kernel modules and kernel-level rootkits, web assessment tools (in Perl), an automated exploit tool, and sniffers and packet injection tools (using libpcap and libnet). The authors wisely show how to take a small tool, a recon scanner from Chapter 8, and extend it in Chapter 9 to make it an automated exploit tool. Pretty cool, and you wind up with a neat web-testing tool out of it. With some more work, you can make it a framework for any sort of web-based attack methodology. The authors use clear examples and a decent presentation style to deliver a quality set of chapters.

The same can be said for the two chapters on network tools, the sniffer and the packet injector. You'll build a simple ARP sniffer with pcap and libnet, and then move on to a simple SYN scanner and then a tool called 'Airjack', which i designed for a Linux environment. Again, clear code, and the authors do an effective tour of the process by which they build some simple, but representative, tools.

Overall I'm quite pleased with NST, I think the authors have delivered a concise, practical and valuable book on the subject. While there are several frameworks available for security tools, this the first single book on the subject of writing plug-ins and extensions for most of the main tools out there. While the authors are a bit skimpish at times on the material, due to space constraints or matters of expertise, they do a good job of showing clear examples that anyone can use. If you've been curious about extending existing security tools with your own code, this is probably the best single place to start.
HASH(0xa416b8f4) out of 5 stars Read the man June 6 2009
By Danny Fullerton - Published on Amazon.com
Format: Paperback
Mostly everything in this book has been already covered by widely available and quality papers out there. In most case simply reading the man would be a better source then this book. This is for beginner-to-intermediate skilled security staff.