Network Security Tools/Preface
These days, software vulnerabilities are announced to the public before vendors have a chance to provide a patch to customers. Therefore, it has become important, if not absolutely necessary, for an organization to routinely assess its network to measure its security posture.
But how does one go about performing a thorough network assessment? Network security books today typically teach you only how to use the out-of-the-box functionality provided by existing network security tools, which is often limited. Malicious attackers, however, are sophisticated enough to understand that the real power of the most popular network security tools does not lie in their out-of-the-box functionality, but in the framework that allows you to extend and tweak their functionality. These sophisticated attackers also know how to quickly write their own tools to break into remote networks. The aim of this book is to teach you how to tweak existing and powerful open source assessment tools and how to write your own tools to protect your networks and data from the most experienced attackers.
This book is for anyone interested in extending existing open source network assessment tools and in writing their own assessment tools. Hundreds of other network assessment books are available today, but they simply teach readers how to use existing tools, while neglecting to teach them how to modify existing security tools to suit their needs. If you are a network security assessment professional or hobbyist, and if you have always wanted to learn how to tweak and write your own security tools, this book is for you.
Assumptions This Book Makes
This book assumes you are familiar with programming languages such as C and Perl. It also assumes you are familiar with the use of the assessment tools covered in this book: Ettercap, Hydra, Metasploit, Nessus, Nikto, and Nmap.
Contents of This Book
This book is divided into two parts. Part I covers several commonly used open source security tools and shows you how to leverage existing well-known and reliable network security tools to solve your network security problems. Here's a summary of what we cover:
- Chapter 1, Writing Plug-ins for Nessus
- Nessus is the most popular vulnerability scanner available today. It is also open source and free. This chapter demonstrates not only how to use Nessus, but also how to write plug-ins to enable it to scan for new vulnerabilities.
- Chapter 2, Developing Dissectors and Plug-ins for the Ettercap Network Sniffer
- Ettercap is a popular network sniffer that also is free and open source. Its plug-in functionality is one of the most robust available. In fact, quite a few plug-ins for this sniffer are available that perform a variety of useful tasks, such as detecting other sniffers on the network and collecting data such as passwords that are being passed around the network. This chapter explains how to write plug-ins for this most powerful scanner to look for specific data on the network, as well as other useful tricks.
- Chapter 3, Extending Hydra and Nmap
- Many security tools do not use a plug-in architecture, and therefore cannot be trivially extended. This chapter discusses how to extend the commonly used nonplug-in tool, Hydra, a tool for performing brute force testing against passwords, to support an additional protocol. It also discusses how to create binary signatures for Nmap that use a signature database for expansion.
- Chapter 4, Writing Plug-ins for the Nikto Vulnerability Scanner
- Nikto is a free, open source, and popular web vulnerability scanner that uses the well-known libwhisker library to operate. This chapter teaches you how to extend Nikto to find new vulnerabilities that might exist with external web applications and servers, or even within a company's custom-built web application.
- Chapter 5, Writing Modules for the Metasploit Framework
- The Metasploit Framework is a freely available framework for writing and testing network security exploits. This chapter explores how to develop exploits for the framework, as well as how to use the framework for more general security purposes.
- Chapter 6, Extending Code Analysis to the Webroot
- Source code analysis tools exist for languages such as Java. However, such tools for web applications are lacking. This chapter demonstrates how to implement web application-specific rules for the review of J2EE applications using the PMD tool.
Part II describes approaches to writing custom Linux kernel modules, web application vulnerability identification and exploitation tools, packet sniffers, and packet injectors. All of these can be useful features in network security tools, and in each case an approach or toolset is introduced to guide readers in integrating these capabilities into their own custom security tools.
- Chapter 7, Fun with Linux Kernel Modules
- Linux security starts at the kernel level. This chapter discusses how to write Linux kernel modules and explains to readers what they can achieve at the kernel level, as well as how kernel-level rootkits achieve some of the things they do.
- Chapter 8, Developing Web Assessment Tools and Scripts
- Effective tools for hacking web applications must be able to adequately adapt to the custom applications they can be run against. This chapter discusses how to develop scripts in Perl that can be used to dynamically detect and identify vulnerabilities within custom web applications.
- Chapter 9, Automated Exploit Tools
- Tools for exploiting web application issues must leverage access to application databases and operating systems. This chapter demonstrates techniques for creating tools that show what can be done with web application vulnerabilities.
- Chapter 10, Writing Network Sniffers
- Observing network traffic is an important capability of many security tools. The most common toolset used for network sniffing is libpcap. This chapter discusses how libpcap works, and demonstrates how you can use it in your own tools where intercepting network traffic is needed. We also discuss network sniffing in both wired and wireless situations.
- Chapter 11, Writing Packet-Injection Tools
- Packet injectors are required in scenarios where the ability to generate custom or malformed network traffic is needed to test network services. Several tools exist to perform such testing. In this chapter we discuss and demonstrate use of the libnet library and airjack driver for packet creation. We also discuss packet injection in both wired and wireless situations.
Conventions Used in This Book
The following typographical conventions are used in this book.
- Plain text
- Indicates menu titles, menu options, menu buttons, and keyboard accelerators (such as Alt and Ctrl).
- Indicates new terms, URLs, email addresses, filenames, file extensions, pathnames, directories, and Unix utilities.
- Constant width
- Indicates commands, options, switches, variables, attributes, keys, functions, types, classes, namespaces, methods, modules, properties, parameters, values, objects, events, event handlers, XML tags, HTML tags, macros, the contents of files, or the output from commands.
- Constant width bold
- Shows commands or other text that should be typed literally by the user.
- Constant width italic
- Shows text that should be replaced with user-supplied values.
This icon signifies a tip, suggestion, or general note.
This icon indicates a warning or caution.
Using Code Examples
This book is here to help you get your job done. In general, you can use the code in this book in your programs and documentation. You do not need to contact us for permission unless you're reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O'Reilly books does require permission. Similarly, answering a question by citing this book and quoting example code does not require permission. However, incorporating a significant amount of example code from this book into your product's documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: "Network Security Tools by Nitesh Dhanjani and Justin Clarke. Copyright 2005 O'Reilly Media, Inc., 0-596-00794-9." If you feel your use of code examples falls outside fair use or the permission given here, feel free to contact us at firstname.lastname@example.org.
We'd Like to Hear from You
Please address comments and questions concerning this book to the publisher:
O'Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the United States or Canada)
(707) 829-0515 (international or local)
(707) 829-0104 (fax)
We have a web page for this book where we list errata, examples, and any additional information. You can access this page at:
To comment or ask technical questions about this book, send email to:
For more information about our books, conferences, Resource Centers, and the O'Reilly Network, see our web site at:
[[Image:Network Security Tools_I__tt3.png|]]When you see a Safari® Enabled icon on the cover of your favorite technology book, that means the book is available online through the O'Reilly Network Safari Bookshelf.
Safari offers a solution that's better than e-books. It's a virtual library that let's you easily search thousands of top tech books, cut and paste code samples, download chapters, and find quick answers when you nee the most accurate, current information. Try it for free at http://safari.oreilly.com.
Thanks to our contributing authors—Erik Cabetas, Joe Hemler, and Brian Holyfield—without whom this book would be a lot smaller and a lot less interesting. Also, big thanks go to our O'Reilly team—Tatiana Diaz, Allison Randal, Nathan Torkington, and Jamie Peppard—for ensuring that this book at least makes some sense to our readers.
We want to give credit to all who helped in the technical review of the material for this book. Our main technical reviewers were Akshay Aggarwal, chromatic, Lurene A. Grenier, and SK Chong. Also, big thanks go to those who reviewed material about their tools: Van Hauser (Hydra), Alberto Ornaghi (Ettercap), and Tom Copeland (PMD).
Additional thanks go out to HD Moore and Spoonm for Metasploit, and to chris sullo for middle-of-the-night IMs to discuss Nikto.
Justin would also like to thank his wife Mara for her patience during the writing of this book.
Nitesh, Justin, Erik, Joe, and Brian would like to thank José Granado for his mentorship and never-ending enthusiasm.