Synopses & Reviews
provides the reader an understanding of the scripting languages that are in common use when developing tools for penetration testing. The book also guides the reader through specific examples of custom tool development and the situations in which such tools might be used. Most books currently available that discuss penetration testing tool creation cover the topic as an aside to a general programming discussion or talk about it from a very specific focus, such as one particular language.
- The penetration testing market is maturing to the point that custom tools are needed for tests
- This book gives penetration testers an excellent primer on many of the common scripting languages necessary to manipulate and build tools
- Authors Jason Andress and Ryan Linn are at the top of their field, teach courses, and speak at industry conferences on this topic
Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.
Discusses the use of various scripting languages in penetration testingPresents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languagesProvides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting
About the Author
Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. He is presently employed by a major software company, providing global information security oversight, and performing penetration testing, risk assessment, and compliance functions to ensure that the company's assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a Doctorate in Computer Science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.Ryan Linn (CISSP, CSSLP, GPEN, GWAPT, OSCP, OSCE, CCSP) is an Information Security Engineer with SAS Institute with responsibilities ranging from security policy to penetration testing. In addition to his day job he contributes to a open source projects such as Metasploit and the Browser Exploitation Framework (BeEF) and has spoken at national and regional security conferences such as Defcon and SecTor to help make security topics accessible. Ryan is a columnist for The Ethical Hacker Network where he contributes regularly on topics including course and book reviews, tutorials, and demos of new tools.
blications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Table of Contents
Chapter 0: Introduction
Chapter 1: Introduction to Command Shell Scripting
Chapter 2: Introduction to Python
Chapter 3: Introduction to Perl
Chapter 4: Introduction to Ruby
Chapter 5: Introduction to Web Scripting with PHP
Chapter 6: Manipulating Windows with PowerShell
Chapter 7: Scanner Scripting
Chapter 8: Information Gathering
Chapter 9: Exploitation Scripting
Chapter 10: Post-Exploitation Scripting
Appendix: Subnetting and CIDR Addresses