Coding for Penetration Testers

Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.

Autorentext

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a security professional with a depth of experience in both the academic and business worlds. Ryan Linn (CISSP, CSSLP, GPEN, GWAPT, OSCP, OSCE, CCSP) is an Information Security Engineer with SAS Institute, with responsibilities ranging from security policy to penetration testing.

Klappentext

Tools used for penetration testing are often purchased off-the-shelf. Each tool is based on a programming language like Perl, JavaScript, Python, etcetera. This title provides the reader an understanding of the scripting languages that are in common use when developing tools for penetration testing.

Inhalt

Foreword by Ed Skoudis

Chapter 0: Introduction

Chapter 1: Introduction to Command Shell Scripting

Chapter 2: Introduction to Python

Chapter 3: Introduction to Perl

Chapter 4: Introduction to Ruby

Chapter 5: Introduction to Web Scripting with PHP

Chapter 6: Manipulating Windows with PowerShell

Chapter 7: Scanner Scripting

Chapter 8: Information Gathering

Chapter 9: Exploitation Scripting

Chapter 10: Post-Exploitation Scripting

Appendix: Subnetting and CIDR Addresses