About This Book
- Write your own custom information security tools using Perl and object-oriented Perl modules
- Apply powerful Perl Regular Expression syntax to finely tune intelligence gathering techniques
- Develop a clear understanding of how common attacking tools can function during a penetration test
Who This Book Is For
If you are an expert Perl programmer interested in penetration testing or information security, this guide is designed for you. However, it will also be helpful for you even if you have little or no Linux shell experience.
What You Will Learn
- Develop your knowledge on the methodology, legality, and ethics involved in penetration testing
- Utilize Linux OS, shell, and networking utilities using Perl
- Manipulate and capture LAN network traffic in modern switched environments
- Apply Perl to the Aircrack-ng suite
- Combine external, internal, and Internet footprinting, and open source intelligence gathering
- Perform web penetration testing and automation, including Local and Remote File Inclusion, SQL injection, cross-site scripting, and CMS vulnerability analysis
- Stabilize your tests by using patterns such as Action Wrapper and Black Hole Proxy
This guide will teach you the fundamentals of penetration testing with Perl, providing an understanding of the mindset of a hacker. In the first few chapters, you will study how to utilize Perl with Linux and the regular expression syntax. After that, you will learn how to use Perl for WAN target analysis, and Internet and external footprinting. You will learn to use Perl for automated web application and site penetration testing. We also cover intelligence gathering techniques from data obtained from footprinting and simple file forensics with file metadata.
By the end of this book, you will bring all of your code together into a simple graphical user interface penetration testing framework. Through this guide, you will have acquired the knowledge to apply Perl programming to any penetration testing phase and learn the importance of applying our technique in the methodology and context of the Penetration Testing Execution Standard.