0
Coding for Penetration Testers
1st Edition
Building Better Tools
Table of Contents
Foreword
About the Authors
About the Technical Editor
Acknowledgments
Chapter 0. Introduction
Book Overview and Key Learning Points
Book Audience
How this Book is Organized
Conclusion
Chapter 1. Introduction to command shell scripting
Information in this Chapter
On Shell Scripting
UNIX, Linux, and OS X Shell Scripting
Bash Basics
Putting It All Together with Bash
Windows Scripting
PowerShell Basics
Putting it all together with PowerShell
Summary
ENDNOTES
Chapter 2. Introduction to Python
Information in this Chapter
What is Python?
Where is Python Useful?
Python Basics
File Manipulation
Network Communications
Summary
ENDNOTES
Chapter 3. Introduction to Perl
Information in this Chapter
Where Perl is Useful
Working with Perl
Perl Basics
Putting It All together
Summary
ENDNOTES
Chapter 4. Introduction to Ruby
Information in this Chapter
Where Ruby is Useful
Ruby Basics
Building Classes with Ruby
File Manipulation
Database Basics
Network Operations
Putting It All Together
Summary
ENDNOTES
Chapter 5. Introduction to Web scripting with PHP
Information in this Chapter
Where Web scripting is Useful
Getting Started with PHP
Handling Forms with PHP
File Handling and Command Execution
Putting It All Together
Summary
Chapter 6. Manipulating Windows with PowerShell
Information in this Chapter
Dealing with Execution Policies in PowerShell
Penetration Testing uses for PowerShell
PowerShell and Metasploit
Summary
ENDNOTES
Chapter 7. Scanner scripting
Information in this Chapt
Details
- No. of pages:
- 320
- Language:
- English
- Copyright:
- © 2012
- Published:
- 23rd September 2011
- Imprint:
- Syngress
- eBook ISBN:
- 9781597497305
- Print ISBN:
- 9781597497299
About the authors
Jason Andress
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Affiliations and Expertise
CISSP, ISSAP, CISM, GPEN
Ryan Linn
Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.
Affiliations and Expertise
OSCE, GPEN, CCNP Security, CISSP
Reviews
"This book is definitely not for rookie coders, but rather a good starting point for people with a medium level of programming experience. It is also not suited well as a reference to quickly look things up in. But if what you’re looking for is a very practical guide with tons of pointers to further (and recommended) reading material and exercises Coding for Penetration Testers delivers what it promises."--Computers and Security
"Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester's goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements."--HD Moore, Metasploit Founder and CSO of Rapid7
"Penetration testing requires that the tester understand the target as much as possible, and know how to perform various attacks while being as efficient as possible. Having the skill set to create and use a variety of scripts increases the penetration tester's efficiency and elevates him or her from the script kiddie to the professional realm. Ryan Linn and Jason Andress have created a guide that explores and introduces the techniques that are necessary to build the scripts used during a test. No matter the platform, this book provides the information required to learn scripting and become a world-class penetration tester. This is definitely a book that will remain close at hand for every test I perform!"--Kevin Johnson, Senior Consultant, Secure Ideas