Coding for Penetration Testers discusses the use of various scripting languages in penetration testing. The book presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages. It also provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting. It guides the student through specific examples of custom tool development that can be incorporated into a tester's toolkit as well as real-world scenarios where such tools might be used. This book is divided into 10 chapters that explores topics such as command shell scripting; Python, Perl, and Ruby; Web scripting with PHP; manipulating Windows with PowerShell; scanner scripting; information gathering; exploitation scripting; and post-exploitation scripting. This book will appeal to penetration testers, information security practitioners, and network and system administrators.
- Discusses the use of various scripting languages in penetration testing
- Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
- Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting
Chapter 0: Introduction
Chapter 1: Introduction to Command Shell Scripting
Chapter 2: Introduction to Python
Chapter 3: Introduction to Perl
Chapter 4: Introduction to Ruby
Chapter 5: Introduction to Web Scripting with PHP
Chapter 6: Manipulating Windows with PowerShell
Chapter 7: Scanner Scripting
Chapter 8: Information Gathering
Chapter 9: Exploitation Scripting
Chapter 10: Post-Exploitation Scripting
Appendix: Subnetting and CIDR Addresses
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Ryan Linn (OSCE, GPEN, GWAPT) is a penetration tester, an author, a developer, and an educator. He comes from a systems administation and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit, The Browser Exploitation Framework, and the Dradis Framework. He has spoken at numerous security conferences and events, including ISSA, DEF CON, SecTor, and CarolinaCon.