Network Security Tools: Writing, Hacking, and Modifying Security Tools
344
Network Security Tools: Writing, Hacking, and Modifying Security Tools
344eBook
Related collections and offers
Overview
If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle.Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus.This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function.Some of the topics covered include:
- Writing your own network sniffers and packet injection tools
- Writing plugins for Nessus, Ettercap, and Nikto
- Developing exploits for Metasploit
- Code analysis for web applications
- Writing kernel modules for security applications, and understanding rootkits
Product Details
| ISBN-13: | 9781491947418 |
|---|---|
| Publisher: | O'Reilly Media, Incorporated |
| Publication date: | 04/04/2005 |
| Sold by: | Barnes & Noble |
| Format: | eBook |
| Pages: | 344 |
| File size: | 2 MB |
About the Author
Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.
Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team.
Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.
Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science.
Dhanjani's personal blog is located at dhanjani.com.
Justin Clarke is a Director with Gotham Digital Science, based in the United Kingdom. He has many years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.
Justin is the co-author of Network Security Tools: Writing, Hacking, and Modifying Security Tools, a contributing author to Network Security Assessment: Know Your Network, 2nd Edition, and the lead author of SQL Injection Attacks and Defenses (Syngress) as well as having been invited to speak at a number of conferences on security topics, including Black Hat, EuSecWest, OSCON and RSA.
Justin is active in developing security tools for penetrating web applications, servers, and wireless networks and as a compulsive tinkerer he can't leave anything alone without at least trying to see how it works.
Table of Contents
| Preface | ix | |
| Part I | Modifying and Hacking Security Tools | |
| 1 | Writing Plug-ins for Nessus | 3 |
| The Nessus Architecture | 3 | |
| Installing Nessus | 4 | |
| Using Nessus | 4 | |
| The NASL Interpreter | 10 | |
| Hello World | 11 | |
| Datatypes and Variables | 11 | |
| Operators | 13 | |
| if...else | 15 | |
| Loops | 16 | |
| Functions | 17 | |
| Predefined Global Variables | 18 | |
| Important NASL Functions | 20 | |
| Nessus Plug-ins | 26 | |
| 2 | Developing Dissectors and Plug-ins for the Ettercap Network Sniffer | 42 |
| Installing and Using Ettercap | 42 | |
| Writing an Ettercap Dissector | 43 | |
| Writing an Ettercap Plug-in | 50 | |
| 3 | Extending Hydra and Nmap | 56 |
| Extending Hydra | 56 | |
| Adding Service Signatures to Nmap | 70 | |
| 4 | Writing Plug-ins for the Nikto Vulnerability Scanner | 75 |
| Installing Nikto | 75 | |
| Using Nikto | 76 | |
| Nikto Under the Hood | 78 | |
| Existing Nikto Plug-ins | 79 | |
| Adding Custom Entries to the Plug-in Databases | 81 | |
| Using LibWhisker | 84 | |
| Writing an NTLM Plug-in for Brute-Force Testing | 86 | |
| Writing a Standalone Plug-in to Attack Lotus Domino | 89 | |
| 5 | Writing Modules for the Metasploit Framework | 92 |
| Introduction to MSF | 92 | |
| Overview of Stack Buffer Overflows | 94 | |
| Writing Exploits for MSF | 102 | |
| Writing a Module for the MnoGoSearch Overflow | 106 | |
| Writing an Operating System Fingerprinting Module for MSF | 113 | |
| 6 | Extending Code Analysis to the Webroot | 121 |
| Attacking Web Applications at the Source | 121 | |
| Toolkit 101 | 126 | |
| PMD | 128 | |
| Extending PMD | 131 | |
| Part II | Writing Network Security Tools | |
| 7 | Fun with Linux Kernel Modules | 159 |
| Hello World | 159 | |
| Intercepting System Calls | 161 | |
| Hiding Processes | 170 | |
| Hiding from netstat | 175 | |
| 8 | Developing Web Assessment Tools and Scripts | 178 |
| Web Application Environment | 179 | |
| Designing the Scanner | 183 | |
| Building the Log Parser | 189 | |
| Building the Scanner | 191 | |
| Using the Scanner | 206 | |
| Complete Source Code | 207 | |
| 9 | Automated Exploit Tools | 214 |
| SQL Injection Exploits | 215 | |
| The Exploit Scanner | 216 | |
| Using the Scanner | 242 | |
| 10 | Writing Network Sniffers | 244 |
| Introduction to libpcap | 244 | |
| Getting Started with libpcap | 246 | |
| libpcap and 802.11 Wireless Networks | 261 | |
| libpcap and Perl | 271 | |
| libpcap Library Reference | 272 | |
| 11 | Writing Packet-Injection Tools | 282 |
| Introduction to libnet | 282 | |
| Getting Started with libnet | 283 | |
| Advanced libnet Functions | 292 | |
| Combining libnet and libpcap | 293 | |
| Introducing AirJack | 301 | |
| Index | 309 |