Coding for Penetration Testers
View on ScienceDirect

Coding for Penetration Testers

Building Better Tools

1st Edition - September 23, 2011

Write a review

  • Authors: Jason Andress, Ryan Linn
  • Paperback ISBN: 9781597497299
  • eBook ISBN: 9781597497305

Purchase options

Purchase options
Available
DRM-free (PDF, EPub, Mobi)
eBook Format Help
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds

Resources

Textbook Support for Instructors
Free Global Shipping
No minimum order

Description

Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.

Key Features

  • Discusses the use of various scripting languages in penetration testing
  • Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
  • Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting

Readership

Penetration Testers, Information Security Practitioners, Network and System Administrators

Table of Contents

  • Foreword

    About the Authors

    About the Technical Editor

    Acknowledgments

    Chapter 0. Introduction

    Book Overview and Key Learning Points

    Book Audience

    How this Book is Organized

    Conclusion

    Chapter 1. Introduction to command shell scripting

    Information in this Chapter

    On Shell Scripting

    UNIX, Linux, and OS X Shell Scripting

    Bash Basics

    Putting It All Together with Bash

    Windows Scripting

    PowerShell Basics

    Putting it all together with PowerShell

    Summary

    ENDNOTES

    Chapter 2. Introduction to Python

    Information in this Chapter

    What is Python?

    Where is Python Useful?

    Python Basics

    File Manipulation

    Network Communications

    Summary

    ENDNOTES

    Chapter 3. Introduction to Perl

    Information in this Chapter

    Where Perl is Useful

    Working with Perl

    Perl Basics

    Putting It All together

    Summary

    ENDNOTES

    Chapter 4. Introduction to Ruby

    Information in this Chapter

    Where Ruby is Useful

    Ruby Basics

    Building Classes with Ruby

    File Manipulation

    Database Basics

    Network Operations

    Putting It All Together

    Summary

    ENDNOTES

    Chapter 5. Introduction to Web scripting with PHP

    Information in this Chapter

    Where Web scripting is Useful

    Getting Started with PHP

    Handling Forms with PHP

    File Handling and Command Execution

    Putting It All Together

    Summary

    Chapter 6. Manipulating Windows with PowerShell

    Information in this Chapter

    Dealing with Execution Policies in PowerShell

    Penetration Testing uses for PowerShell

    PowerShell and Metasploit

    Summary

    ENDNOTES

    Chapter 7. Scanner scripting

    Information in this Chapter

    Working with Scanning Tools

    Netcat

    Nmap

    Nessus/OpenVAS

    Summary

    ENDNOTES

    Chapter 8. Information gathering

    Information in this Chapter

    Information Gathering for Penetration Testing

    Talking to Google

    Web Automation with Perl

    Working with Metadata

    Putting It All Together

    Summary

    ENDNOTES

    Chapter 9. Exploitation scripting

    Information in this Chapter

    Building Exploits with Python

    Creating Metasploit Exploits

    Exploiting PHP Scripts

    Cross-Site Scripting

    Summary

    Chapter 10. Post-exploitation scripting

    Information in this Chapter

    Why Post-Exploitation Is Important

    Windows Shell Commands

    Gathering Network Information

    Scripting Metasploit Meterpreter

    Database Post-Exploitation

    Summary

    Appendix: Subnetting and CIDR addresses

    Index

Product details

  • No. of pages: 320
  • Language: English
  • Copyright: © Syngress 2011
  • Published: September 23, 2011
  • Imprint: Syngress
  • Paperback ISBN: 9781597497299
  • eBook ISBN: 9781597497305

About the Authors

Jason Andress

Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Affiliations and Expertise

CISSP, ISSAP, CISM, GPEN

Ryan Linn

Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.

Affiliations and Expertise

OSCE, GPEN, CCNP Security, CISSP

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

  • Brandon K. Mon Feb 19 2018

    Excellent Read!

    I really loved this book! I keep it as a reference book. It is a great introduction to a number of programming languages from a Pen Testers vantage point. The examples are practical scripts that you can build on!