Pentesting with Perl

June 29, 2009

I’m currently working on a new training course I’m planning to give in the near future. By the title of the blog posting, I’m sure you have guessed the title… That’s right, Pentesting with Perl

The object of the course is to cover many of the tasks that need to be performed during a penetration assessment.

  • IP/Hostnames reverse, resolve and extract information
  • Convert CIDRs to Ranges and Ranges to CIDRs
  • Extracting information from: Nmap, Nikto, Sslscan, Dirbuster, and Fierce
  • Extracting links and email addresses from a website
  • Building a Port-scanner in 10 minutes or less
  • Union and intersection of two files
  • Building a sniffer to parse PDML (synergy decrypter)
  • Performing Phishing attacks with Metasploit (updated)
  • Modifying the shellcode of your favorite browser exploit (updated)

This course will help to streamline much of the tedious aspects of pentesting. We will use Perl to get the job done quickly and effectively. The goal of the course is to help everyone to automate many of the tasks they are performing manually, so that they can focus on more complex issues. The ability to automate tasks is critical to being a successful penetration tester. We need to be spending time on the most complex issues that can not be tested through the use of automated tools!

Please let me know what you think. I look forward to your comments and suggestions.

Recommended Reading:

  • Programming Perl (ISBN-10: 0596000278, ISBN-13: 978-0596000271)

The requirements for the course are:

  • A basic understanding of Perl including scalars, arrays and hashes
  • A basic understanding of XML and Object Oriented programming
  • A good understanding of TCP/IP and other networking concepts
  • Familiarity with Nmap and other penetration testing tools

I’m structuring the course to be roughly 3 hours and to be available at Infosec World 2010.