Pentesting with Perl
|// july 27|
USA 2010 One-day Training Session //July 27
The object of the course is to cover many of the tasks that need to be performed during a penetration assessment as well as to improve existing tools and build new tools as needed.
This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that cannot be tested through the use of automated tools!
- Perl and CPAN modules
- Union and intersection of two files
- Base64 encode/decode
- IP/Hostnames reverse, resolve and extract information
- Convert CIDRs to Ranges and Ranges to CIDRs
- Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
- Extracting links and email addresses from a website
- Building a basic Port-scanner
- Building a useful Port-scanning
- Building a sniffer to parse PDML (synergy decrypter)
- Phishing attacks on steroids!
- Improving Metasploit with Perl (psexec)
- Web login bruteforcer (GET and POST)
- Web directory bruteforcer
- BurpSuite Automation with Perl
- Building and Improving custom Nikto checks
Lecture, hands-on labs and code review.
Who should attend:
Anyone with an interest in automating mundane tasks during a penetration test.
Understanding of at least a single programming language (Perl, Python, Ruby, PHP, Java, C#, C, C++), and familiarity with Nmap, Metasploit and other penetration testing tools
What to bring:
Laptop (installed with Ubuntu or Windows XP and VMware Player)
Modules, Examples and Slides
Joshua “Jabra” Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. In the past, he has spoken at BlackHat, DefCon, ShmooCon, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ.