SUSTAINABLE DEVELOPMENT
Innovate. Sustain. Transform.
Save up to 30% on top Physical Sciences & Engineering titles!
Coding for Penetration Testers
Building Better Tools
- 1st Edition - September 23, 2011
- Authors: Jason Andress, Ryan Linn
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 7 2 9 - 9
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 7 3 0 - 5
Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customize… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteCoding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.
- Discusses the use of various scripting languages in penetration testing
- Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
- Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting
Penetration Testers, Information Security Practitioners, Network and System Administrators
Foreword
About the Authors
About the Technical Editor
Acknowledgments
Chapter 0. Introduction
Book Overview and Key Learning Points
Book Audience
How this Book is Organized
Conclusion
Chapter 1. Introduction to command shell scripting
Information in this Chapter
On Shell Scripting
UNIX, Linux, and OS X Shell Scripting
Bash Basics
Putting It All Together with Bash
Windows Scripting
PowerShell Basics
Putting it all together with PowerShell
Summary
ENDNOTES
Chapter 2. Introduction to Python
Information in this Chapter
What is Python?
Where is Python Useful?
Python Basics
File Manipulation
Network Communications
Summary
ENDNOTES
Chapter 3. Introduction to Perl
Information in this Chapter
Where Perl is Useful
Working with Perl
Perl Basics
Putting It All together
Summary
ENDNOTES
Chapter 4. Introduction to Ruby
Information in this Chapter
Where Ruby is Useful
Ruby Basics
Building Classes with Ruby
File Manipulation
Database Basics
Network Operations
Putting It All Together
Summary
ENDNOTES
Chapter 5. Introduction to Web scripting with PHP
Information in this Chapter
Where Web scripting is Useful
Getting Started with PHP
Handling Forms with PHP
File Handling and Command Execution
Putting It All Together
Summary
Chapter 6. Manipulating Windows with PowerShell
Information in this Chapter
Dealing with Execution Policies in PowerShell
Penetration Testing uses for PowerShell
PowerShell and Metasploit
Summary
ENDNOTES
Chapter 7. Scanner scripting
Information in this Chapter
Working with Scanning Tools
Netcat
Nmap
Nessus/OpenVAS
Summary
ENDNOTES
Chapter 8. Information gathering
Information in this Chapter
Information Gathering for Penetration Testing
Talking to Google
Web Automation with Perl
Working with Metadata
Putting It All Together
Summary
ENDNOTES
Chapter 9. Exploitation scripting
Information in this Chapter
Building Exploits with Python
Creating Metasploit Exploits
Exploiting PHP Scripts
Cross-Site Scripting
Summary
Chapter 10. Post-exploitation scripting
Information in this Chapter
Why Post-Exploitation Is Important
Windows Shell Commands
Gathering Network Information
Scripting Metasploit Meterpreter
Database Post-Exploitation
Summary
Appendix: Subnetting and CIDR addresses
Index
- No. of pages: 320
- Language: English
- Edition: 1
- Published: September 23, 2011
- Imprint: Syngress
- Paperback ISBN: 9781597497299
- eBook ISBN: 9781597497305
JA
Jason Andress
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Affiliations and expertise
CISSP, ISSAP, CISM, GPENRL
Ryan Linn
Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.
Affiliations and expertise
OSCE, GPEN, CCNP Security, CISSPRead Coding for Penetration Testers on ScienceDirect