Coding for Penetration Testers

Coding for Penetration Testers

by Jason Andress, Ryan Linn
Released November 2011
Publisher(s): Syngress
ISBN: 9781597497305

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.

  • Discusses the use of various scripting languages in penetration testing
  • Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
  • Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Foreword
  6. About the Authors
  7. About the Technical Editor
  8. Acknowledgments
  9. Chapter 0. Introduction
    1. Book Overview and Key Learning Points
    2. Book Audience
    3. How this Book is Organized
    4. Conclusion
  10. Chapter 1. Introduction to command shell scripting
    1. Information in this Chapter
    2. On Shell Scripting
    3. UNIX, Linux, and OS X Shell Scripting
    4. Bash Basics
    5. Putting It All Together with Bash
    6. Windows Scripting
    7. PowerShell Basics
    8. Putting it all together with PowerShell
    9. Summary
    10. ENDNOTES
  11. Chapter 2. Introduction to Python
    1. Information in this Chapter
    2. What is Python?
    3. Where is Python Useful?
    4. Python Basics
    5. File Manipulation
    6. Network Communications
    7. Summary
    8. ENDNOTES
  12. Chapter 3. Introduction to Perl
    1. Information in this Chapter
    2. Where Perl is Useful
    3. Working with Perl
    4. Perl Basics
    5. Putting It All together
    6. Summary
    7. ENDNOTES
  13. Chapter 4. Introduction to Ruby
    1. Information in this Chapter
    2. Where Ruby is Useful
    3. Ruby Basics
    4. Building Classes with Ruby
    5. File Manipulation
    6. Database Basics
    7. Network Operations
    8. Putting It All Together
    9. Summary
    10. ENDNOTES
  14. Chapter 5. Introduction to Web scripting with PHP
    1. Information in this Chapter
    2. Where Web scripting is Useful
    3. Getting Started with PHP
    4. Handling Forms with PHP
    5. File Handling and Command Execution
    6. Putting It All Together
    7. Summary
  15. Chapter 6. Manipulating Windows with PowerShell
    1. Information in this Chapter
    2. Dealing with Execution Policies in PowerShell
    3. Penetration Testing uses for PowerShell
    4. PowerShell and Metasploit
    5. Summary
    6. ENDNOTES
  16. Chapter 7. Scanner scripting
    1. Information in this Chapter
    2. Working with Scanning Tools
    3. Netcat
    4. Nmap
    5. Nessus/OpenVAS
    6. Summary
    7. ENDNOTES
  17. Chapter 8. Information gathering
    1. Information in this Chapter
    2. Information Gathering for Penetration Testing
    3. Talking to Google
    4. Web Automation with Perl
    5. Working with Metadata
    6. Putting It All Together
    7. Summary
    8. ENDNOTES
  18. Chapter 9. Exploitation scripting
    1. Information in this Chapter
    2. Building Exploits with Python
    3. Creating Metasploit Exploits
    4. Exploiting PHP Scripts
    5. Cross-Site Scripting
    6. Summary
  19. Chapter 10. Post-exploitation scripting
    1. Information in this Chapter
    2. Why Post-Exploitation Is Important
    3. Windows Shell Commands
    4. Gathering Network Information
    5. Scripting Metasploit Meterpreter
    6. Database Post-Exploitation
    7. Summary
  20. Appendix: Subnetting and CIDR addresses
    1. Netmask Basics
  21. Index

Product information

  • Title: Coding for Penetration Testers
  • Author(s): Jason Andress, Ryan Linn
  • Release date: November 2011
  • Publisher(s): Syngress
  • ISBN: 9781597497305