Coding for Penetration Testers: Building Better Tools [Kindle Edition]

Jason Andress (Author), Ryan Linn (Author)

Book Description

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.

• Discusses the use of various scripting languages in penetration testing
• Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
• Provides a primer on scripting including, but not limited to, Web scripting, scanner scripting, and exploitation scripting

Editorial Reviews

Review

"This book is definitely not for rookie coders, but rather a good starting point for people with a medium level of programming experience. It is also not suited well as a reference to quickly look things up in. But if what you're looking for is a very practical guide with tons of pointers to further (and recommended) reading material and exercises Coding for Penetration Testers delivers what it promises."--Computers and Security

"Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester's goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements."--HD Moore, Metasploit Founder and CSO of Rapid7

"Penetration testing requires that the tester understand the target as much as possible, and know how to perform various attacks while being as efficient as possible. Having the skill set to create and use a variety of scripts increases the penetration tester's efficiency and elevates him or her from the script kiddie to the professional realm. Ryan Linn and Jason Andress have created a guide that explores and introduces the techniques that are necessary to build the scripts used during a test. No matter the platform, this book provides the information required to learn scripting and become a world-class penetration tester. This is definitely a book that will remain close at hand for every test I perform!"--Kevin Johnson, Senior Consultant, Secure Ideas

"At 175 pages, the book does not kill many trees, but does give the reader an overview of all of the key principles around information security.For those looking to get their feet wet in the deep waters of information security, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice is a great place to start."--RSAConference.com

"Overall this is an excellent book, which offers some clear and effective tutorials on the different languages and on efficient and effective penetration testing. It's highly recommended for any testers who want to broaden their skills and move to the next level."--BCS.org

From the Back Cover

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester's toolkit.

See all Editorial Reviews

Product Details

• File Size: 4203 KB
• Print Length: 321 pages
• Page Numbers Source ISBN: 1597497290
• Publisher: Syngress; 1 edition (November 4, 2011)
• Sold by: Amazon Digital Services, Inc.
• Language: English
• ASIN: B005NZ5K7U
• Text-to-Speech: Enabled
• X-Ray: Not Enabled
• Lending: Not Enabled
• Amazon Best Sellers Rank: #334,123 Paid in Kindle Store (See Top 100 Paid in Kindle Store)

Most Helpful Customer Reviews

20 of 20 people found the following review helpful

2.0 out of 5 stars Huge disappointment December 1, 2011

By Jirka Vejrazka

Format:Paperback

I have to say this has been the biggest disappointment of all security-related books that I ever purchased (there were dozens). It should be named "A quick glance at a few scripting languages".

To give an example, Python is mentioned on 33 pages (that includes a few pages for scapy) where you'll be shown how to (hold your breath) send an ICMP packet. (I will not talk about PEP8 here).

To drill a bit further, the chapter about Python lists is about (wait for it) - bitwise operations. Lists are only mentioned as a way of storing data for the given example which shows how you can use Python to calculate net & broadcast address from a CIDR notation (why would you want to use lists for that?). There is no meaningful mention of list indexing or slicing.

The chapter about Python exceptions is just appaling.

There is no explanation of "why" anywhere, just "what" and a little bit of "how". Also, no hint on where to look for further information.

Real beginners might find this book interesting for getting a basic idea of how are scripting languages used (bash, Python, Perl, Ruby and PowerShell all get a really quick intro). But then they would get really confused towards the end of the book when they suddenly find authors throwing shellcode at vulnerable FTP server and using some terms that are mentioned very briefly: "EIP is called the Instruction pointer", "ESP points to stack area where you can see the stack", "as you can see, the EIP is now overwritten with 41414141 so the server is vulnerable". Is any beginner expected to understand this?

I'm really struggling to see who is the intended audience. It does not give any explanation to beginners and is way too shallow for any penetration tester.

5.0 out of 5 stars Great book! October 22, 2012

By LexLuthor

Format:Paperback

This has been a really helpful book to me in learning to make some use of new scripting tools in more useful directions. I have a bit of python right now, but having examples of how these languages can be used across several different languages is really useful. Some of the book is still a bit over my head, but I sure feel like I'm starting to get there. Great read and some good excercises to make the examples even better. I'm hoping they'll do a second book and keep going with other languages.

4.0 out of 5 stars Great book for beginners January 4, 2012

By Laurent D

Format:Paperback

This book means to solve a common problem in pentesting. Many entry-level pentesters dont code at all and they end up doing repetitive task or don't know how to automate. "Coding for penetration testers" provides clear examples and a great introduction to bash, powershell, python, perl and ruby. The book also provides guidance when to select what language.

I strongly recommend the book to all my students. Keep in mind this is an introduction to coding and not a full "Learning Python" or "Learning C" type of book.