//Topic
Best Pentesting books
12 books in our catalog cover Pentesting, ranked by rating. Each entry is an opinionated review with who the book is for and who should skip it.
// Reading guide
Read the full editorial pick: the best Pentesting books in 2026, ranked and reviewed.→
01 · 2025
Linux Basics for Hackers
Getting Started with Networking, Scripting, and Security in Kali
OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.
Beginner4/5OccupyTheWeb02 · 2025
Metasploit
The Penetration Tester's Guide
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate4/5David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham03 · 2022
Gray Hat Hacking
The Ethical Hacker's Handbook
A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.
Advanced4/5Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Daniel Fernandez, Huascar Tejeda, Moses Frost04 · 2022
Practical Social Engineering
A Primer for the Ethical Hacker
Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.
Intermediate4/5Joe Gray05 · 2022
Sécurité informatique - Ethical Hacking
Apprendre l'attaque pour mieux se défendre
The French-language reference for offensive security: a thick, lab-heavy tour of the attacker's toolkit, maintained across editions by the ACISSI collective under the motto “learn the attack to better defend.”
Intermediate4/5ACISSI06 · 2018
The Hacker Playbook 3
Practical Guide to Penetration Testing — Red Team Edition
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
Intermediate4/5Peter Kim07 · 2014
Penetration Testing
A Hands-On Introduction to Hacking
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
Beginner4/5Georgia Weidman08 · 2005
The Art of Intrusion
The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Mitnick and Simon's follow-up to The Art of Deception: third-party stories from working hackers — casino slot exploits, prison-network breaches, post-9/11 intelligence ops — reconstructed and annotated by Mitnick.
Beginner4/5Kevin Mitnick, William L. Simon09 · 2018
Pentesting Azure Applications
The Definitive Guide to Testing and Securing Deployments
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
Intermediate3/5Matt Burrough10 · 2017
Advanced Penetration Testing
Hacking the World's Most Secure Networks
A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.
Advanced3/5Wil Allsopp11 · 2015
The Mobile Application Hacker's Handbook
Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.
Intermediate3/5Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse12 · 2013
Hacking
Un labo virtuel pour auditer et mettre en place des contre-mesures
A hands-on French guide to building a virtual lab (Proxmox) and using it to audit application, web and system flaws — then implement countermeasures.
Intermediate3/5Franck Ebel, Jérôme Hennecart