View on ScienceDirect

Coding for Penetration Testers

Name: Coding for Penetration Testers
ISBN: 9781597497299

1st Edition

Building Better Tools

1 Review

Authors: Jason Andress Ryan Linn

Paperback ISBN: 9781597497299

eBook ISBN: 9781597497305

Imprint: Syngress

Published Date: 23rd September 2011

Page Count: 320

Select country/region:

Sales tax will be calculated at check-out

Bundle

50% Off

DRM-free (Mobi, PDF, EPub)

eBook format help

Institutional Subscription

Tax Exempt Orders

Support Center

Resources

Instructor Ancillary Support Materials

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.

Key Features

Discusses the use of various scripting languages in penetration testing
Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting

Readership

Penetration Testers, Information Security Practitioners, Network and System Administrators

Foreword

About the Authors

About the Technical Editor

Acknowledgments

Chapter 0. Introduction

Book Overview and Key Learning Points

Book Audience

How this Book is Organized

Conclusion

Chapter 1. Introduction to command shell scripting

Information in this Chapter

On Shell Scripting

UNIX, Linux, and OS X Shell Scripting

Bash Basics

Putting It All Together with Bash

Windows Scripting

PowerShell Basics

Putting it all together with PowerShell

Summary

ENDNOTES

Chapter 2. Introduction to Python

Information in this Chapter

What is Python?

Where is Python Useful?

Python Basics

File Manipulation

Network Communications

Summary

ENDNOTES

Chapter 3. Introduction to Perl

Information in this Chapter

Where Perl is Useful

Working with Perl

Perl Basics

Putting It All together

Summary

ENDNOTES

Chapter 4. Introduction to Ruby

Information in this Chapter

Where Ruby is Useful

Ruby Basics

Building Classes with Ruby

File Manipulation

Database Basics

Network Operations

Putting It All Together

Summary

ENDNOTES

Chapter 5. Introduction to Web scripting with PHP

Information in this Chapter

Where Web scripting is Useful

Getting Started with PHP

Handling Forms with PHP

File Handling and Command Execution

Putting It All Together

Summary

Chapter 6. Manipulating Windows with PowerShell

Information in this Chapter

Dealing with Execution Policies in PowerShell

Penetration Testing uses for PowerShell

PowerShell and Metasploit

Summary

ENDNOTES

Chapter 7. Scanner scripting

Information in this Chapter

Working with Scanning Tools

Netcat

Nmap

Nessus/OpenVAS

Summary

ENDNOTES

Chapter 8. Information gathering

Information in this Chapter

Information Gathering for Penetration Testing

Talking to Google

Web Automation with Perl

Working with Metadata

Putting It All Together

Summary

ENDNOTES

Chapter 9. Exploitation scripting

Information in this Chapter

Building Exploits with Python

Creating Metasploit Exploits

Exploiting PHP Scripts

Cross-Site Scripting

Summary

Chapter 10. Post-exploitation scripting

Information in this Chapter

Why Post-Exploitation Is Important

Windows Shell Commands

Gathering Network Information

Scripting Metasploit Meterpreter

Database Post-Exploitation

Summary

Appendix: Subnetting and CIDR addresses

Index

Details

No. of pages:: 320

Language:: English

Published:: 23rd September 2011

Imprint:: Syngress

Paperback ISBN:: 9781597497299

eBook ISBN:: 9781597497305

About the Authors

Jason Andress

Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Affiliations and Expertise

CISSP, ISSAP, CISM, GPEN

Ryan Linn

Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.

Affiliations and Expertise

OSCE, GPEN, CCNP Security, CISSP

Reviews

"This book is definitely not for rookie coders, but rather a good starting point for people with a medium level of programming experience. It is also not suited well as a reference to quickly look things up in. But if what you’re looking for is a very practical guide with tons of pointers to further (and recommended) reading material and exercises Coding for Penetration Testers delivers what it promises."--Computers and Security

"Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester's goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements."--HD Moore, Metasploit Founder and CSO of Rapid7

"Penetration testing requires that the tester understand the target as much as possible, and know how to perform various attacks while being as efficient as possible. Having the skill set to create and use a variety of scripts increases the penetration tester's efficiency and elevates him or her from the script kiddie to the professional realm. Ryan Linn and Jason Andress have created a guide that explores and introduces the techniques that are necessary to build the scripts used during a test. No matter the platform, this book provides the information required to learn scripting and become a world-class penetration tester. This is definitely a book that will remain close at hand for every test I perform!"--Kevin Johnson, Senior Consultant, Secure Ideas

"At 175 pages, the book does not kill many trees, but does give the reader an overview of all of the key principles around information security…For those looking to get their feet wet in the deep waters of information security, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice is a great place to start."--RSAConference.com

"Overall this is an excellent book, which offers some clear and effective tutorials on the different languages and on efficient and effective penetration testing. It’s highly recommended for any testers who want to broaden their skills and move to the next level."--BCS.org

Ratings and Reviews

1 Review

write a review

(1) (0) (0) (0) (0)

Show all reviews

write a review

WRITE A REVIEW

* Indicates a required field

* Score:

* Title:

* Review:

Review's title & body can't be empty Question's body can't be empty Please enter a star rating for this review Name field cannot be empty Invalid email Your review has already been submitted. Max length was exceeded Please fill out all of the mandatory (*) fields One or more of your answers does not meet the required criteria

Thank you for posting a review!

We value your input. Share your review so everyone else can enjoy it too.

Thank you for posting a review!

Your review was sent successfully and is now waiting for our team to publish it.

Reviews (1)

Updating Results

Brandon K.

19/02/18

Excellent Read!

I really loved this book! I keep it as a reference book. It is a great introduction to a number of programming languages from a Pen Testers vantage point. The examples are practical scripts that you can build on!

Institutional Subscription

Resources

Secure Checkout

Free Shipping

WRITE A REVIEW

Request Quote

Tax Exemption