Network Security Tools
Table of Contents
Copyright
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We'd Like to Hear from You
Safari Enabled
Acknowledgments
Part I: Modifying and Hacking
Security Tools
Chapter 1. Writing Plug-ins for
Nessus
Section 1.1. The Nessus
Architecture
Section 1.2. Installing Nessus
Section 1.3. Using Nessus
Section 1.4. The NASL
Interpreter
Section 1.5. Hello World
Section 1.6. Datatypes and
Variables
Section 1.7. Operators
Section 1.8. if else
Section 1.9. Loops
Section 1.10. Functions
Section 1.11. Predefined

Global Variables
Section 1.12. Important NASL
Functions
Section 1.13. Nessus Plug-ins
Chapter 2. Developing
Dissectors and Plug-ins for the
Ettercap Network Sniffer
Section 2.1. Installing and
Using Ettercap
Section 2.2. Writing an
Ettercap Dissector
Section 2.3. Writing an
Ettercap Plug-in
Chapter 3. Extending Hydra
and Nmap
Section 3.1. Extending Hydra
Section 3.2. Adding Service
Signatures to Nmap
Chapter 4. Writing Plug-ins for
the Nikto Vulnerability Scanner
Section 4.1. Installing Nikto
Section 4.2. Using Nikto
Section 4.3. Nikto Under the
Hood
Section 4.4. Existing Nikto
Plug-ins
Section 4.5. Adding Custom
Entries to the Plug-in Databases
Section 4.6. Using LibWhisker
Section 4.7. Writing an NTLM

Plug-in for Brute-Force Testing
Section 4.8. Writing a
Standalone Plug-in to Attack
Lotus Domino
Chapter 5. Writing Modules for
the Metasploit Framework
Section 5.1. Introduction to
MSF
Section 5.2. Overview of Stack
Buffer Overflows
Section 5.3. Writing Exploits
for MSF
Section 5.4. Writing a Module
for the MnoGoSearch Overflow
Section 5.5. Writing an
Operating System
Fingerprinting Module for MSF
Chapter 6. Extending Code
Analysis to the Webroot
Section 6.1. Attacking Web
Applications at the Source
Section 6.2. Toolkit 101
Section 6.3. PMD
Section 6.4. Extending PMD
Part II: Modifying and Hacking
Security Tools
Chapter 7. Fun with Linux
Kernel Modules
Section 7.1. Hello World
Section 7.2. Intercepting

System Calls
Section 7.3. Hiding Processes
Section 7.4. Hiding from
netstat
Chapter 8. Developing Web
Assessment Tools and Scripts
Section 8.1. Web Application
Environment
Section 8.2. Designing the
Scanner
Section 8.3. Building the Log
Parser
Section 8.4. Building the
Scanner
Section 8.5. Using the Scanner
Section 8.6. Complete Source
Code
Chapter 9. Automated Exploit
Tools
Section 9.1. SQL Injection
Exploits
Section 9.2. The Exploit
Scanner
Section 9.3. Using the Scanner
Chapter 10. Writing Network
Sniffers
Section 10.1. Introduction to
libpcap
Section 10.2. Getting Started
with libpcap

Section 10.3. libpcap and
802.11 Wireless Networks
Section 10.4. libpcap and Perl
Section 10.5. libpcap Library
Reference
Chapter 11. Writing Packet-
Injection Tools
Section 11.1. Introduction to
libnet
Section 11.2. Getting Started
with libnet
Section 11.3. Advanced libnet
Functions
Section 11.4. Combining libnet
and libpcap
Section 11.5. Introducing
AirJack
Colophon
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J

K
L
M
N
O
P
R
S
T
U
V
W
X
Network Security Tools
By Justin Clarke, Nitesh Dhanjani

Publisher: O'Reilly
Pub Date: April 2005
ISBN: 0-596-00794-9
Pages: 352
Table of Contents | Index | Examples | Errata
This concise, high-end guide shows experienced
administrators how to customize and extend popular
open source security tools such as Nikto, Ettercap, and
Nessus. It also addresses port scanners, packet
injectors, network sniffers, and web assessment tools.
Network Security Tools is the one resource you want at
your side when locking down your network.
Network Security Tools

By Justin Clarke, Nitesh Dhanjani

Publisher: O'Reilly
Pub Date: April 2005
ISBN: 0-596-00794-9
Pages: 352
Table of Contents | Index | Examples | Errata
Copyright
Preface
Audience
Assumptions This Book Makes
Contents of This Book
Conventions Used in This Book
Using Code Examples
We'd Like to Hear from You
Safari Enabled
Acknowledgments
Part I: Modifying and Hacking Security Tools
Chapter 1. Writing Plug-ins for Nessus
Section 1.1. The Nessus Architecture
Section 1.2. Installing Nessus
Section 1.3. Using Nessus
Section 1.4. The NASL Interpreter
Section 1.5. Hello World
Section 1.6. Datatypes and Variables
Section 1.7. Operators
Section 1.8. if else
Section 1.9. Loops
Section 1.10. Functions
Section 1.11. Predefined Global Variables

Section 1.12. Important NASL Functions
Section 1.13. Nessus Plug-ins

Chapter 2. Developing Dissectors and
Plug-ins for the Ettercap Network Sniffer
Section 2.1. Installing and Using Ettercap

Section 2.2. Writing an Ettercap
Dissector
Section 2.3. Writing an Ettercap Plug-in
Chapter 3. Extending Hydra and Nmap
Section 3.1. Extending Hydra

Section 3.2. Adding Service Signatures to
Nmap

Chapter 4. Writing Plug-ins for the Nikto
Vulnerability Scanner
Section 4.1. Installing Nikto
Section 4.2. Using Nikto
Section 4.3. Nikto Under the Hood
Section 4.4. Existing Nikto Plug-ins

Section 4.5. Adding Custom Entries to the
Plug-in Databases
Section 4.6. Using LibWhisker

Section 4.7. Writing an NTLM Plug-in for
Brute-Force Testing


Section 4.8. Writing a Standalone Plug-in
to Attack Lotus Domino

Chapter 5. Writing Modules for the
Metasploit Framework
Section 5.1. Introduction to MSF

Section 5.2. Overview of Stack Buffer
Overflows
Section 5.3. Writing Exploits for MSF

Section 5.4. Writing a Module for the
MnoGoSearch Overflow

Section 5.5. Writing an Operating System
Fingerprinting Module for MSF

Chapter 6. Extending Code Analysis to
the Webroot

Section 6.1. Attacking Web Applications
at the Source
Section 6.2. Toolkit 101
Section 6.3. PMD
Section 6.4. Extending PMD
Part II: Modifying and Hacking Security Tools

Chapter 7. Fun with Linux Kernel
Modules
Section 7.1. Hello World

Section 7.2. Intercepting System Calls
Section 7.3. Hiding Processes
Section 7.4. Hiding from netstat

Chapter 8. Developing Web Assessment
Tools and Scripts

Section 8.1. Web Application
Environment
Section 8.2. Designing the Scanner
Section 8.3. Building the Log Parser
Section 8.4. Building the Scanner
Section 8.5. Using the Scanner
Section 8.6. Complete Source Code
Chapter 9. Automated Exploit Tools
Section 9.1. SQL Injection Exploits
Section 9.2. The Exploit Scanner
Section 9.3. Using the Scanner
Chapter 10. Writing Network Sniffers
Section 10.1. Introduction to libpcap
Section 10.2. Getting Started with libpcap

Section 10.3. libpcap and 802.11 Wireless
Networks
Section 10.4. libpcap and Perl
Section 10.5. libpcap Library Reference

Chapter 11. Writing Packet-Injection
Tools
Section 11.1. Introduction to libnet

Section 11.2. Getting Started with libnet
Section 11.3. Advanced libnet Functions
Section 11.4. Combining libnet and libpcap
Section 11.5. Introducing AirJack
Colophon
Index
Copyright © 2005 O'Reilly Media, Inc.
All rights reserved.
Printed in the United States of America.
Published by O'Reilly Media, Inc., 1005
Gravenstein Highway North, Sebastopol,
CA 95472.
O'Reilly books may be purchased for
educational, business, or sales
promotional use. Online editions are also
available for most titles
(). For more
information, contact our
corporate/institutional sales department:
(800) 998-9938 or

Nutshell Handbook, the Nutshell
Handbook logo, and the O'Reilly logo are
registered trademarks of O'Reilly Media,
Inc. Network Security Tools, the image of
the trapeze artist, and related trade dress
are trademarks of O'Reilly Media, Inc.
Many of the designations used by
manufacturers and sellers to distinguish
their products are claimed as trademarks.

Where those designations appear in this
book, and O'Reilly Media, Inc. was aware
of a trademark claim, the designations
have been printed in caps or initial caps.
While every precaution has been taken in
the preparation of this book, the publisher
and authors assume no responsibility for
errors or omissions, or for damages
resulting from the use of the information
contained herein.
Preface
These days, software vulnerabilities are
announced to the public before vendors
have a chance to provide a patch to
customers. Therefore, it has become
important, if not absolutely necessary, for
an organization to routinely assess its
network to measure its security posture.
But how does one go about performing a
thorough network assessment? Network
security books today typically teach you
only how to use the out-of-the-box
functionality provided by existing network
security tools, which is often limited.
Malicious attackers, however, are
sophisticated enough to understand that the