O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Coding for Penetration Testers, 2nd Edition

Book Description

Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used.

While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage.

  • Discusses the use of various scripting languages in penetration testing
  • Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
  • Provides a primer on scripting, including, but not limited to, web scripting, scanner scripting, and exploitation scripting
  • Includes all-new coverage of Powershell

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. About the Authors
  7. Chapter 0. Introduction
    1. Book Overview and Key Learning Points
    2. Book Audience
    3. How This Book is Organized
    4. Conclusion
  8. Chapter 1. Introduction to command shell scripting
    1. Abstract
    2. On Shell Scripting
    3. UNIX, Linux, and OS X Shell Scripting
    4. Bash Basics
    5. Putting It All Together With Bash
    6. Windows Scripting
    7. PowerShell Basics
    8. Putting It All Together With PowerShell
    9. Summary
    10. References
  9. Chapter 2. Introduction to Python
    1. Abstract
    2. What Is Python?
    3. Where Is Python Useful?
    4. Python Basics
    5. File Manipulation
    6. Network Communications
    7. Summary
    8. References
  10. Chapter 3. Introduction to Perl
    1. Abstract
    2. Introduction
    3. Where Perl Is Useful
    4. Working With Perl
    5. Perl Basics
    6. Putting It All Together
    7. Summary
    8. References
  11. Chapter 4. Introduction to Ruby
    1. Abstract
    2. Introduction
    3. Where Ruby Is Useful
    4. Ruby Basics
    5. Building Classes With Ruby
    6. File Manipulation
    7. Database Basics
    8. Network Operations
    9. Putting It All Together
    10. Summary
    11. References
  12. Chapter 5. Introduction to web scripting with PHP
    1. Abstract
    2. Introduction
    3. Where Web scripting Is Useful
    4. Getting Started With PHP
    5. PHP Basics
    6. Handling Forms With PHP
    7. File Handling and Command Execution
    8. Putting It All Together
    9. Summary
  13. Chapter 6. Manipulating Windows with PowerShell
    1. Abstract
    2. Dealing With Execution Policies in PowerShell
    3. Execution Policies
    4. Getting In
    5. Penetration Testing Uses for PowerShell
    6. PowerShell and Metasploit
    7. Summary
    8. References
  14. Chapter 7. Scanner scripting
    1. Abstract
    2. Introduction
    3. Working With Scanning Tools
    4. Netcat
    5. Nmap
    6. Nessus/OpenVAS
    7. Summary
    8. References
  15. Chapter 8. Information gathering
    1. Abstract
    2. Introduction
    3. Information Gathering for Penetration Testing
    4. Talking to Google
    5. Web Automation With Perl
    6. Working With Metadata
    7. Putting It All Together
    8. Summary
    9. References
  16. Chapter 9. Exploitation scripting
    1. Abstract
    2. Introduction
    3. Building Exploits With Python
    4. Creating Metasploit Exploits
    5. Exploiting PHP Scripts
    6. Summary
  17. Chapter 10. Postexploitation scripting
    1. Abstract
    2. Introduction
    3. Why Postexploitation Is Important?
    4. Windows Shell Commands
    5. Gathering Network Information
    6. Scripting Metasploit Meterpreter
    7. Database Postexploitation
    8. Summary
  18. Index