Network Security Tools: Writing, Hacking, and Modifying Security Tools

In recent years the proliferation of open source network security tools has been a boon to all aspects of the IT industry. This era was given more significance with the release of the tool SATAN, which easily enabled administrators to scan their networks for vulnerabilities. Since then, many of the most favored tools in the infosec industry are open source. This means that users can extend them as they see fit, but often this is a difficult task. Dhanjani and Clarke's book Network Security Tools is there to assist you in modifying existing tools and even writing your own. The book is divided into two main sections, modifying several popular tools like Nessus and Metasploit, and writing new tools for the Linux kernel and the network using libpcap and libnet. Written for the intermediate-level user, NST gets right to it in Chapter 1, diving right into writing plug-ins for Nessus. Because vulnerabilities appear every day and may differ on the network you're examining, you may have to write your own plug-in that someone else hasn't. Or you may want the fame and notoriety of writing these plug-ins quickly and accurately. Whatever your motivation, you'll learn how to use NASL to write your extension. While the license has recently changed for Nessus, the version that this book targets, 2.x, will always be GPL and available for you to use. The existing tools covered in the book - Nessus, Ethereal, Ettercap, Metasploit, Nikto, Hydra. and PMD - are designed to be extended. They have a framework and often a rich API (or, in the case of Nessus, their own language) to allow you to write those extensions. Each of the chapters on these frameworks covers some of the same basic format, namely an overview of the tools, the framework, and then an example plug-in or extension. The quality of the chapters varies, presumably due to the natural differences in the authors' experiences. However, you'll learn something in each of them. The second half of the book covers writing your own tools against four or five different landscapes. These are Linux kernel modules and kernel-level rootkits, web assessment tools (in Perl), an automated exploit tool, and sniffers and packet injection tools (using libpcap and libnet). The authors wisely show how to take a small tool, a recon scanner from Chapter 8, and extend it in Chapter 9 to make it an automated exploit tool. Pretty cool, and you wind up with a neat web-testing tool out of it. With some more work, you can make it a framework for any sort of web-based attack methodology. The authors use clear examples and a decent presentation style to deliver a quality set of chapters. The same can be said for the two chapters on network tools, the sniffer and the packet injector. You'll build a simple ARP sniffer with pcap and libnet, and then move on to a simple SYN scanner and then a tool called 'Airjack', which i designed for a Linux environment. Again, clear code, and the authors do an effective tour of the process by which the

Under the covers of one book, the authors present a coherent view of the various network security packages freely available. The bias is in favour of open source tools, if only because these are free. The book goes deeper than just explaining how to run Nessus or Ettercap or... [etc] Most chapters involve the writing of plug-ins or extensions to those tools. Actually, another criterion for a tool to be covered in this book seems to be if it has precisely this ability to be extended by any competent person (like you). Thus, the book is directed slightly more towards the network programmer than the network sysadmin. Though this is by no means a sharp demarcation, I hasten to add. In fact, you might be a sysadmin dissatisfied with running your current Intrusion Detection System package simply just out of the box. If so, try actively programming plug-ins using this book, to adapt the IDS to your actual network situation.