Nytro

[h=2]The Basics of Hacking and Penetration Testing[/h] [h=3]Book Description[/h] The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. No prior hacking experience is needed. You learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, Hacker Defender rootkit, and more. A simple and clean explanation of how to effectively utilize these tools as well as the introduction to a four-step methodology for conducting a penetration test or hack, will provide you with know-how required to jump start your career or gain a better understanding of offensive security. The book serves as an introduction to penetration testing and hacking and will provide you with a solid foundation of knowledge. After completing the book readers will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks through each of the steps and tools in a structured, orderly manner allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases relate. Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University Utilizes the Backtrack Linux distribution and focuses on the seminal tools required to complete a penetration test Review “Have you heard of penetration testing but have no idea what it entails? This is the perfect book to get you started, easy to read, does not assume prior knowledge, and is up-to-date. I strongly recommend Pat’s latest work.” -Jared DeMott, Principle Security Researcher, Crucial Security, Inc. [h=3]Book Details[/h] Paperback: 180 pages Publisher: Syngress (August 2011) Language: English ISBN-10: 1597496553 ISBN-13: 978-1597496551 File Size: 5.1 MiB [h=3]E-Book[/h] [FilePost] Syngress.The.Basics.of.Hacking.and.Penetration.Testing.Aug.2011.rar [FileJungle] Syngress.The.Basics.of.Hacking.and.Penetration.Testing.Aug.2011.rar [h=3]Paper Book[/h] [Amazon] The Basics of Hacking and Penetration Testing Sursa: The Basics of Hacking and Penetration Testing | Wow! eBook - Blog

[h=2]Mastering Xcode 4: Develop and Design[/h] [h=3]Book Description[/h] Xcode 4 has a brand new user interface, built upon proven technologies that Apple itself uses to build Mac OS X and iOS, and that have produced over a quarter million Mac OS X and iOS apps. This project-based book introduces readers to Apple’s development environment. The book is aimed at new Mac OS X and iOS developers and assumes the reader is familiar with programming and object-oriented concepts. The book starts at the basics–how to download, install, and start using Xcode–and moves to a detailed look at building and running applications. The last part of the book covers more advanced topics, such as testing, debugging, and source-code management. With the book’s approach, readers will be able to take the projects they build during the book and adapt them for use in their own projects. Table of Contents Part I: The Basics: Getting Started with Xcode 4 1. Discovering Xcode Tools 2. Starting a Project 3. Navigating a Project 4. Getting Help Part II: Working with COCOA Applications 5. Creating User Interfaces 6. Adding Files to a Project 7. Writing Code with the Source Editor 8. Searching and Replacing 9. Basic Debugging and Analysis 10. Using the Data Model Editor 11. Customizing the Application Icon 12. Deploying an Application Part III: Going Beyond the Basics 13. Advanced Editing 14. The Build System 15. Libraries, Frameworks, and Loadable Bundles 16. Workspaces 17. Debugging and Analysis in Depth 18. Unit Testing 19. Using Scripting and Preprocessing 20. Using Instruments 21. Source Code Management Appendixes Appendix A: Managing Your iOS Devices Appendix B: Gestures and Keyboard Shortcuts Appendix C: Documentation Updates Appendix D: Other Resources [h=3]Book Details[/h] Paperback: 400 pages Publisher: Peachpit Press (September 2011) Language: English ISBN-10: 0321767527 ISBN-13: 978-0321767523 File Size: 26.6 MiB [h=3]E-Book[/h] [FilePost] Peachpit.Mastering.Xcode.4.Develop.and.Design.Sep.2011.rar [FileJungle] Peachpit.Mastering.Xcode.4.Develop.and.Design.Sep.2011.rar [h=3]Paper Book[/h] [Amazon] Mastering Xcode 4: Develop and Design Sursa: Mastering Xcode 4: Develop and Design | Wow! eBook - Blog

[h=2]HTML5 Mastery: Semantics, Standards, and Styling[/h] [h=3]Book Description[/h] Markup is synonymous with the development of the web, but most people only scratch the surface of its capabilities. Why settle for average HTML, when you can become an HTML5 master? That’s where this unique book comes in. It’s aimed at web designers and developers who want to take their markup even further in the exciting new directions the web has taken in multimedia, interactivity and improved semantics. HTML5 isn’t for just any web site, but for a web site that will contribute to tomorrow’s “web of data.” HTML5 Mastery will introduce the new markup elements of HTML5—including less commonly used ones—and show you where and how to use them. It also provides clever styling and scripting techniques that you can employ on your web site. It is completely standards-compliant, and up-to-date with modern web design techniques. What you’ll learn How to make the most of the new features of HTML5 How to use the new semantic tags to improve your markup How to introduce multimedia and interactivity into your pages without the need for plugins How to create fabulous forms using new HTML5 elements and client-side validation How to explore the power of associated APIs How to become a web developer skilled in the contemporary direction of web standards Who this book is for Web developers and designers who want to utilize new features of HTML5 to improve their existing skillsets. Table of Contents Getting Started: Transitioning to HTML5 Using the Right Tag for the Right Job Recognizing Semantics Form Mastery Video and Audio User Interaction CSS3 Looking Ahead [h=3]Book Details[/h] Paperback: 316 pages Publisher: friendsofED (November 2011) Language: English ISBN-10: 1430238615 ISBN-13: 978-1430238614 File Size: 9.2 MiB [h=3]E-Book[/h] [FilePost] FriendsofED.HTML5.Mastery.Nov.2011.rar [FileJungle] FriendsofED.HTML5.Mastery.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] HTML5 Mastery: Semantics, Standards, and Styling Sursa: HTML5 Mastery: Semantics, Standards, and Styling | Wow! eBook - Blog

[h=2]Beginning Java 7[/h] [h=3]Book Description[/h] Beginning Java 7 guides you through this language and a huge assortment of platform APIs according to the following table of contents: Chapter 1: Getting Started with Java Chapter 2: Discovering Classes and Objects Chapter 3: Exploring Advanced Language Features Chapter 4: Touring Language APIs Chapter 5: Collecting Objects Chapter 6: Touring Additional Utility APIs Chapter 7: Creating and Enriching Graphical User Interfaces Chapter 8: Interacting with Filesystems Chapter 9: Interacting with Networks and Databases Chapter 10: Parsing, Creating, and Transforming XML Documents Chapter 11: Working with Web Services Chapter 12: Java 7 Meets Android Appendix A: Solutions to Exercises Appendix B: Scripting API and Dynamically Typed Language Support Appendix C: Odds and Ends Appendix D: Applications Gallery Chapter 1 introduces you to Java and begins to cover the Java language by focusing on fundamental concepts such as comments, identifiers, variables, expressions, and statements. Chapter 2 continues to explore this language by presenting all of its features for working with classes and objects. You learn about features related to class declaration and object creation, encapsulation, information hiding, inheritance, polymorphism, interfaces, and garbage collection. Chapter 3 focuses on the more advanced language features related to nested classes, packages, static imports, exceptions, assertions, annotations, generics, and enums. Additional chapters will introduce you to the few features not covered in Chapters 1 through 3. Chapter 4 largely moves away from covering language features (although it does introduce class literals and strictfp) while focusing on language-oriented APIs. You learn about Math, StrictMath, Package, Primitive Type Wrapper Classes, Reference, Reflection, String, StringBuffer and StringBuilder, Threading, BigDecimal, and BigInteger in this chapter. Chapter 5 begins to explore Java’s utility APIs by focusing largely on the Collections Framework. However, it also discusses legacy collection-oriented APIs and how to create your own collections. Chapter 6 continues to focus on utility APIs by presenting the concurrency utilities along with the Objects and Random classes. Chapter 7 moves you away from the command-line user interfaces that appear in previous chapters and toward graphical user interfaces. You first learn about the Abstract Window Toolkit foundation, and then explore the Java Foundation Classes in terms of Swing and Java 2D. Appendix C explores Accessibility and Drag and Drop. Chapter 8 explores filesystem-oriented I/O in terms of the File, RandomAccessFile, stream, and writer/reader classes. New I/O is covered in Appendix C. Chapter 9 introduces you to Java’s network APIs, such as sockets. It also introduces you to the JDBC API for interacting with databases. Chapter 10 dives into Java’s XML support by first presenting an introduction to XML (including DTDs and schemas). It next explores the SAX, DOM, StAX, XPath, and XSLT APIs. It even briefly touches on the Validation API. While exploring XPath, you encounter namespace contexts, extension functions and function resolvers, and variables and variable resolvers. Chapter 11 introduces you to Java’s support for SOAP-based and RESTful web services. In addition to providing you with the basics of these web service categories, Chapter 11 presents some advanced topics, such as working with the SAAJ API to communicate with a SOAP-based web service without having to rely on JAX-WS. You will appreciate having learned about XML in Chapter 10 before diving into this chapter. Chapter 12 helps you put to use some of the knowledge you’ve gathered in previous chapters by showing you how to use Java to write an Android app’s source code. This chapter introduces you to Android, discusses its architecture, shows you how to install necessary tools, and develops a simple app. Appendix A presents the solutions to the programming exercises that appear near the end of Chapters 1 through 12. Appendix B introduces you to Java’s Scripting API along with Java 7?s support for dynamically typed languages. Appendix C introduces you to additional APIs and architecture topics: Accessibility, ByteArrayOutputStream and ByteArrayInputStream, classloaders, Console, Desktop, Drag and Drop, Dynamic Layout, Extension Mechanism and ServiceLoader, File Partition-Space, File Permissions, Formatter, Image I/O, Internationalization, Java Native Interface, NetworkInterface and InterfaceAddress, New I/O (including NIO.2), PipedOutputStream and PipedInputStream, Preferences, Scanner, Security, Smart Card, Splash Screen, Stream Tokenizer, StringTokenizer, SwingWorker, System Tray, Timer and TimerTask, Tools and the Compiler API, Translucent and Shaped Window, and XML Digital Signature. Appendix D presents a gallery of significant applications that demonstrate various aspects of Java. Unfortunately, there are limits to how much knowledge can be crammed into a print book. For this reason, Appendixes A, B, C, and D are not included in this book’s pages. Instead, these appendixes are freely distributed as PDF files. Appendixes A and B are bundled with the book’s associated code file at the Apress website (Apress). Appendixes C and D are bundled with their respective code files on my TutorTutor.ca website at TutorTutor -- /books/bj7. Appendixes C and D are “living documents” in that I’ll occasionally add new material to them. For example, I plan to expand Appendix C by also covering Java Naming and Directory Interface, Java Sound, Remote Method Invocation and Corba, Robot, Runtime and Process, Swing Timer, and many other APIs/architecture topics (including a complete tour of Swing components). Of course, it will take time to write about these topics so don’t expect all of them to appear at once — they will slowly emerge in coming months (although smaller topics such as Robot will emerge much faster). What you’ll learn The entire Java language, including Java 7-specific features such as switch on string, try-with-resources, final rethrow, multicatch, and SafeVarargs A huge assortment of Java 7 APIs, beginning with those APIs oriented toward the language itself, and including Java 7-specific APIs such as the Fork/Join Framework, Objects, JLayer, and NIO.2 Various Java 7 tools, starting with the javac compiler and java application launcher How to create user interfaces, working with web services, and a whole lot more The basics of getting started with Android app development Who this book is for This book targets the following groups of developers: Newcomers, skilled (to some degree) in other programming languages but with no previous exposure to Java Intermediate Java developers, skilled in the fundamentals of Java prior to Java 7 and looking to increase their understanding of Java 7 language/API changes All developers looking beyond standard Java, who want to leverage Java 7 to create mobile apps via Android Even advanced Java developers may find a few items of interest [h=3]Book Details[/h] Paperback: 920 pages Publisher: Apress (November 2011) Language: English ISBN-10: 1430239093 ISBN-13: 978-1430239093 File Size: 20.7 MiB [h=3]E-Book[/h] [FilePost] Apress.Beginning.Java.7.Nov.2011.rar [FileJungle] Apress.Beginning.Java.7.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] Beginning Java 7 Sursa: Beginning Java 7 | Wow! eBook - Blog

[h=2]PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide, 4th Edition[/h] [h=3]Book Description[/h] It hasn’t taken Web developers long to discover that when it comes to creating dynamic, database-driven Web sites, MySQL and PHP provide a winning open-source combination. Add this book to the mix, and there’s no limit to the powerful, interactive Web sites that developers can create. With step-by-step instructions, complete scripts, and expert tips to guide readers, veteran author and database designer Larry Ullman gets right down to business: After grounding readers with separate discussions of first the scripting language (PHP) and then the database program (MySQL), he goes on to cover security, sessions and cookies, and using additional Web tools, with several sections devoted to creating sample applications. This guide is indispensable for beginning to intermediate level Web designers who want to replace their static sites with something dynamic. In this edition, the bulk of the new material covers the latest features and techniques with PHP and MySQL. Also new to this edition are chapters introducing jQuery and object-oriented programming techniques. Table of Contents Introduction Chapter 1. Introduction to PHP Chapter 2. Programming with PHP Chapter 3. Creating Dynamic Web Sites Chapter 4. Introduction to MySQL Chapter 5. Introduction to SQL Chapter 6. Database Design Chapter 7. Advanced SQL and MySQL Chapter 8. Error Handling and Debugging Chapter 9. Using PHP with MySQL Chapter 10. Common Programming Techniques Chapter 11. Web Application Development Chapter 12. Cookies and Sessions Chapter 13. Security Methods Chapter 14. Perl-Compatible Regular Expressions Chapter 15. Introducing jQuery Chapter 16. An OOP Primer Chapter 17. Example—Message Board Chapter 18. Example—User Registration Chapter 19. Example—E-Commerce Appendix A. Installation [h=3]Book Details[/h] Paperback: 696 pages Publisher: Peachpit Press; 4th Edition (September 2011) Language: English ISBN-10: 0321784073 ISBN-13: 978-0321784070 File Size: 56.7 MiB [h=3]E-Book[/h] [FilePost] Peachpit.PHP.and.MySQL.for.Dynamic.Web.Sites.Visual.QuickPro.Guide.4th.Edition.Sep.2011.rar [FileJungle] Peachpit.PHP.and.MySQL.for.Dynamic.Web.Sites.Visual.QuickPro.Guide.4th.Edition.Sep.2011.rar [h=3]Paper Book[/h] [Amazon] PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide, 4th Edition Sursa: PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide, 4th Edition | Wow! eBook - Blog

[h=2]Programming HTML5 Applications[/h] [h=3]Book Description[/h] HTML5 is not just a replacement for plugins. It also makes the Web a first-class development environment by giving JavaScript programmers a solid foundation for building industrial-strength applications. This practical guide takes you beyond simple site creation and shows you how to build self-contained HTML5 applications that can run on mobile devices and compete with desktop apps. You’ll learn powerful JavaScript tools for exploiting HTML5 elements, and discover new methods for working with data, such as offline storage and multithreaded processing. Complete with code samples, this book is ideal for experienced JavaScript and mobile developers alike. Store session data in the browser with local storage objects Save trips to the server: store larger amounts of data with IndexedDB Give browsers limited access to a user’s system to read and upload files Take your app offline—and speed up page loading when it’s online Use Web Workers to create multithreaded applications Transfer data between browser and server more efficiently with Web Sockets Learn about HTML5 tags for forms, multimedia, graphics, and geolocation “HTML5 is all the rage these days, but it’s more than just a buzzword. Programming HTML5 Applications provides the knowledge to guide you through all the new technologies needed to make modern web applications.” –Ralph Whitbeck, cohost of The Official jQuery Podcast Table of Contents Chapter 1. The Web As Application Platform Chapter 2. The Power of JavaScript Chapter 3. Testing JavaScript Applications Chapter 4. Local Storage Chapter 5. IndexedDB Chapter 6. Files Chapter 7. Taking It Offline Chapter 8. Splitting Up Work Through Web Workers Chapter 9. Web Sockets Chapter 10. New Tags Appendix. JavaScript Tools You Should Know [h=3]Book Details[/h] Paperback: 142 pages Publisher: O’Reilly Media (November 2011) Language: English ISBN-10: 1449399088 ISBN-13: 978-1449399085 File Size: 8.4 MiB [h=3]E-Book[/h] [FilePost] Oreilly.Programming.HTML5.Applications.Nov.2011.rar [FileJungle] Oreilly.Programming.HTML5.Applications.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] Programming HTML5 Applications Sursa: Programming HTML5 Applications | Wow! eBook - Blog

[h=2]PHP & MySQL: The Missing Manual[/h] [h=3]Book Description[/h] If you can build websites with CSS and JavaScript, this book takes you to the next level—creating dynamic, database-driven websites with PHP and MySQL. Learn how to build a database, manage your content, and interact with users through queries and web forms. With step-by-step tutorials, real-world examples, and jargon-free explanations, you’ll soon discover the power of server-side programming. The important stuff you need to know: Get a running start. Write PHP scripts and create a web form right away. Learn the language. Get up to speed on PHP and SQL syntax quickly. Build a database. Use MySQL to store user information and other data. Make it dynamic. Create pages that change with each new viewing. Be ready for mistakes. Plan error messages to help direct users. Manage your content. Use the file system to access user data, including images and other binary files. Control operations. Create an administrative interface to oversee your site. Table of Contents Part I: PHP and MySQL Basics Chapter 1. PHP: What, Why, and Where? Chapter 2. PHP Syntax: Weird and Wonderful Chapter 3. MySQL and SQL: Database and Language Part II: Dynamic Web Pages Chapter 4. Connecting PHP to MySQL Chapter 5. Better Searching with Regular Expressions Chapter 6. Generating Dynamic Web Pages Part III: From Web Pages to Web Applications Chapter 7. When Things Go Wrong (and They Will) Chapter 8. Handling Images and Complexity Chapter 9. Binary Objects and Image Loading Chapter 10. Listing, Iterating, and Administrating Part IV: Security and the Real World Chapter 11. Authentication and Authorization Chapter 12. Cookies, Sign-ins, and Ditching Crummy Pop-ups Chapter 13. Authorization and Sessions [h=3]Book Details[/h] Paperback: 498 pages Publisher: O’Reilly Media / Pogue Press (November 2011) Language: English ISBN-10: 0596515863 ISBN-13: 978-0596515867 File Size: 40.8 MiB [h=3]E-Book[/h] [FilePost] Oreilly.PHP.and.MySQL.The.Missing.Manual.Nov.2011.rar [FileJungle] Oreilly.PHP.and.MySQL.The.Missing.Manual.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] PHP & MySQL: The Missing Manual Sursa: PHP & MySQL: The Missing Manual | Wow! eBook - Blog

[h=2]PHP Master: Write Cutting Edge Code[/h] [h=3]Book Description[/h] PHP Master is tailor-made for the PHP developer who’s serious about taking their server-side applications to the next level and who wants to really keep ahead of the game by adhering to best practice, employing the most effective object-oriented programming techniques, wrapping projects in layers of security and ensuring their code is doing its job perfectly. Create professional, dynamic applications according to an object-oriented programming blueprint Learn advanced performance evaluation techniques for maximum site efficiency Brush up on the best testing methods to refine your code and keep your applications watertight Protect your site against attacks and vulnerabilities with the latest security systems Plug in to some serious functionality with PHP’s APIs and libraries About the Author Davey Shafik is a full time PHP Developer with many year of experience in PHP and related technologies. An avid magazine writer and book author, Davey keeps his mind sharp by trying to tackle problems from a unique perspective. Lorna Mitchell is a freelance web development consultant and developer based in Leeds, UK. Lorna is a lead on the Joind.In open source project, an organizer of the PHPNW conference, and a prolific blogger. Matthew Turland has been working with PHP since 2002. He has been a technical editor for php|architect Magazine, spoken at multiple conferences, served as an instructor for php|architect training courses, and contributed to Zend Framework. He currently works for Synacor. [h=3]Book Details[/h] Paperback: 400 pages Publisher: SitePoint (October 2011) Language: English ISBN-10: 0987090879 ISBN-13: 978-0987090874 File Size: 16.4 MiB [h=3]E-Book[/h] [FilePost] Sitepoint.PHP.Master.Write.Cutting-Edge.Code.Oct.2011.rar [FileJungle] Sitepoint.PHP.Master.Write.Cutting-Edge.Code.Oct.2011.rar [h=3]Paper Book[/h] [Amazon] PHP Master: Write Cutting Edge Code Sursa: PHP Master: Write Cutting Edge Code | Wow! eBook - Blog

[h=2]Real World .NET, C#, and Silverlight[/h] [h=3]Book Description[/h] A team of MVP authors guides you through the .NET 4 Framework Written by a group of experienced MVPs, this unparalleled book delves into the intricate—and often daunting—world of .NET 4. Each author draws from a particular area of expertise to provide invaluable information on using the various .NET 4, C# 4, Silverlight 4, and Visual Studio tools in the real world. The authors break down the vast .NET 4 Framework into easily digestible portions to offer you a strong foundation on what makes .NET such a popular and successful framework for building a wide range of solutions. Breaks down the .NET 4 Framework into easily understandable sections Features more than a dozen MVPs serving as authors, each of whom focuses on a particular area of expertise Covers such topics as Windows Presentation Foundation, Silverlight 4, Windows Communication Foundation, ASP.NET performance, the entity framework, and more Shares C# tips and tricks and .NET architecture best practices from a team of Microsoft MVPs Real World .NET 4 and C# isthe ultimate resource for discovering and understanding the .NET 4 Framework. From the Back Cover Unparalleled advice for using the most popular tools of the .NET Framework Written by 15 experienced and knowledgeable MVPs, this unique book delves into the world of .NET 4, providing you with invaluable information on using the .NET Framework, C#, Silverlight, and Visual Studio for building a wide range of solutions or enhancing existing solutions. David Giard ASP.NET and jQuery Bill Evjen ASP.NET Performance György Balássy Ethical Hacking of ASP.NET Gill Cleeren How to Build a Real-World Silverlight 5 Application Jeremy Likness Silverlight — The Silver Lining for Line-of-Business Applications Daron Yöndem Tips and Tricks for Designers and Developers Kevin Grossnicklaus MVVM Patterns in Silverlight 4 Alex Golesh Windows Phone “Mango” for Silverlight Developers Christian Weyer Pragmatic Services Communication with WCF Dominick Baier Securing WCF Services Using the Windows Identity Foundation (WIF) Jeffrey Juday Applied .NET Task Parallel Library Vishwas Lele The WF Programming Language Christian Nagel Practical WPF Data Binding Scott Millett Driving Development with User Stories and BDD Caleb Jenkins Automated Unit Testing [h=3]Book Details[/h] Paperback: 648 pages Publisher: Wrox (November 2011) Language: English ISBN-10: 1118021967 ISBN-13: 978-1118021965 File Size: 37.2 MiB [h=3]E-Book[/h] [FilePost] Wrox.Real.World.NET.CSharp.and.Silverlight.Nov.2011.rar [FileJungle] Wrox.Real.World.NET.CSharp.and.Silverlight.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] Real World .NET, C#, and Silverlight Sursa: Real World .NET, C#, and Silverlight | Wow! eBook - Blog

[h=2]bash Cookbook[/h] [h=3]Book Description[/h] The key to mastering any Unix system, especially Linux and Mac OS X, is a thorough knowledge of shell scripting. Scripting is a way to harness and customize the power of any Unix system, and it’s an essential skill for any Unix users, including system administrators and professional OS X developers. But beneath this simple promise lies a treacherous ocean of variations in Unix commands and standards. bash Cookbook teaches shell scripting the way Unix masters practice the craft. It presents a variety of recipes and tricks for all levels of shell programmers so that anyone can become a proficient user of the most common Unix shell — the bash shell — and cygwin or other popular Unix emulation packages. Packed full of useful scripts, along with examples that explain how to create better scripts, this new cookbook gives professionals and power users everything they need to automate routine tasks and enable them to truly manage their systems — rather than have their systems manage them. Table of Contents Chapter 1 Beginning bash Chapter 2 Standard Output Chapter 3 Standard Input Chapter 4 Executing Commands Chapter 5 Basic Scripting: Shell Variables Chapter 6 Shell Logic and Arithmetic Chapter 7 Intermediate Shell Tools I Chapter 8 Intermediate Shell Tools II Chapter 9 Finding Files: find, locate, slocate Chapter 10 Additional Features for Scripting Chapter 11 Working with Dates and Times Chapter 12 End-User Tasks As Shell Scripts Chapter 13 Parsing and Similar Tasks Chapter 14 Writing Secure Shell Scripts Chapter 15 Advanced Scripting Chapter 16 Configuring and Customizing bash Chapter 17 Housekeeping and Administrative Tasks Chapter 18 Working Faster by Typing Less Chapter 19 Tips and Traps: Common Goofs for Novices Appendix A Reference Lists Appendix B Examples Included with bash Appendix C Command-Line Processing Appendix D Revision Control Appendix E Building bash from Source [h=3]Book Details[/h] Paperback: 624 pages Publisher: O’Reilly Media (May 2007) Language: English ISBN-10: 0596526784 ISBN-13: 978-0596526788 File Size: 3.4 MiB [h=3]E-Book[/h] [FilePost] Oreilly.bash.Cookbook.May.2007.rar [FileJungle] Oreilly.bash.Cookbook.May.2007.rar [h=3]Paper Book[/h] [Amazon] bash Cookbook Sursa: bash Cookbook | Wow! eBook - Blog

[h=2]Mastering Algorithms with C[/h] [h=3]Book Description[/h] There are many books on data structures and algorithms, including some with useful libraries of C functions. Mastering Algorithms with C offers you a unique combination of theoretical background and working code. With robust solutions for everyday programming tasks, this book avoids the abstract style of most classic data structures and algorithms texts, but still provides all of the information you need to understand the purpose and use of common programming techniques. Implementations, as well as interesting, real-world examples of each data structure and algorithm, are included. Using both a programming style and a writing style that are exceptionally clean, Kyle Loudon shows you how to use such essential data structures as lists, stacks, queues, sets, trees, heaps, priority queues, and graphs. He explains how to use algorithms for sorting, searching, numerical analysis, data compression, data encryption, common graph problems, and computational geometry. And he describes the relative efficiency of all implementations. The compression and encryption chapters not only give you working code for reasonably efficient solutions, they offer explanations of concepts in an approachable manner for people who never have had the time or expertise to study them in depth. Anyone with a basic understanding of the C language can use this book. In order to provide maintainable and extendible code, an extra level of abstraction (such as pointers to functions) is used in examples where appropriate. Understanding that these techniques may be unfamiliar to some programmers, Loudon explains them clearly in the introductory chapters. Contents include: Pointers Recursion Analysis of algorithms Data structures (lists, stacks, queues, sets, hash tables, trees, heaps, priority queues, graphs) Sorting and searching Numerical methods Data compression Data encryption Graph algorithms Geometric algorithms Table of Contents Part I: Preliminaries Chapter 1 Introduction Chapter 2 Pointer Manipulation Chapter 3 Recursion Chapter 4 Analysis of Algorithms Part II: Data Structures Chapter 5 Linked Lists Chapter 6 Stacks and Queues Chapter 7 Sets Chapter 8 Hash Tables Chapter 9 Trees Chapter 10 Heaps and Priority Queues Chapter 11 Graphs Part III: Algorithms Chapter 12 Sorting and Searching Chapter 13 Numerical Methods Chapter 14 Data Compression Chapter 15 Data Encryption Chapter 16 Graph Algorithms Chapter 17 Geometric Algorithms [h=3]Book Details[/h] Paperback: 560 pages Publisher: O’Reilly Media (August 1999) Language: English ISBN-10: 1565924533 ISBN-13: 978-1565924536 File Size: 6.3 MiB [h=3]E-Book[/h] [FilePost] Oreilly.Mastering.Algorithms.with.C.Aug.1999.rar [FileJungle] Oreilly.Mastering.Algorithms.with.C.Aug.1999.rar [h=3]Paper Book[/h] [Amazon] Mastering Algorithms with C Sursa: Mastering Algorithms with C | Wow! eBook - Blog

[h=2]Pro HTML5 and CSS3 Design Patterns[/h] [h=3]Book Description[/h] Pro HTML5 and CSS3 Design Patterns is a reference book and a cookbook on how to style web pages using CSS3 and HTML5. It contains 350 ready–to–use patterns (CSS3 and HTML5 code snippets) that you can copy and paste into your code. Each pattern can be combined with other patterns to create an unlimited number of solutions, and each pattern works reliably in all major browsers without the need for browser hacks. The book is completely up-to-date with code, best practices, and browser compatibilities for HTML5 and CSS3—enabling you to dive in and make use of these new technologies in production environments. Pro HTML5 and CSS3 Design Patterns is so much more than just a cookbook, though! It systematically covers every usable feature of CSS3 and combines these features with HTML5 to create reusable patterns. Each pattern has an intuitive name to make it easy to find, remember, and refer to. Accessibility and best practices are carefully engineered into each design pattern, example, and source code. The book’s layout, with a pattern’s example on the left page and its explanation on the right, makes it easy to find a pattern and study it without having to flip between pages. The book is also readable from cover to cover, with topics building carefully upon previous topics. Pro HTML5 and CSS3 Design Patterns book unleashes your productivity and creativity in web design and development. Instead of hacking your way toward a solution, you’ll learn how to predictably create successful designs every time by reusing and combining modular design patterns. What you’ll learn Code CSS3 and HTML5 Use CSS3 Selectors Use six CSS3 Box Models Create rounded corners, shadows, gradients, sprites, and transparency Replace text with images without affecting accessibility Style text with fonts, highlights, decorations, and shadows Create flexible, fluid layouts Position elements with absolute pixel precision Stack elements in layers Size, stretch, shrinkwrap, indent, align, and offset elements Style tables with borders and alternating striped rows Size table columns automatically Integrate CSS3 and JavaScript without embedding JavaScript in HTML5 Create drop caps, callouts, quotes, and alerts Who this book is for A software developer can use this book to learn CSS3 for the first time. A designer familiar with CSS3 can use this book to master CSS3 and HTML5. If you are completely new to coding or completely new to CSS3 and HTML5, you may want to read an introductory book on CSS3 and HTML5 first. Table of Contents Design Patterns: Making CSS 3 Easy! HTML Design Patterns CSS Selectors and Inheritance Box Models Box Model Extents Box Model Properties Positioning Models Positioning: Indented, Offset, and Aligned Positioning: Advanced Styling Text Spacing Content Aligning Content Blocks Images Tables Table Column Layouts Layouts Dropcaps Callouts and Quotes Alerts [h=3]Book Details[/h] Paperback: 532 pages Publisher: Apress (November 2011) Language: English ISBN-10: 1430237805 ISBN-13: 978-1430237808 File Size: 42.6 MiB [h=3]E-Book[/h] [FilePost] Apress.Pro.HTML5.and.CSS3.Design.Patterns.Nov.2011.rar [FileJungle] Apress.Pro.HTML5.and.CSS3.Design.Patterns.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] Pro HTML5 and CSS3 Design Patterns Sursa: Pro HTML5 and CSS3 Design Patterns | Wow! eBook - Blog

WeBaCoo (Web Backdoor Cookie) 0.1.2 Authored by Anestis Bechtsoudis | Site github.com Posted Dec 9, 2011 WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. Download: http://packetstormsecurity.org/files/download/107700/webacoo-0.1.2.tar.gz Sursa: WeBaCoo (Web Backdoor Cookie) 0.1.2 ? Packet Storm

[h=2]Free Tool Provides Point and Click SQL Injection Vulnerability Scanning[/h]By Steve Ragan on December 10, 2011 NT OBJECTives, an application security vendor based in Irvine, California, has released a new tool that not only scans for SQL Injection vulnerabilities, but also exploits them with just a few extra clicks. The tool, NTO SQL Invader, works as a stand-alone tool, but when used in combination with NT OBJECTives’ other products can take advantage of additional reporting abilities. While not the only SQL Injection scanner / exploitation tool available, the interface is clean and easy to follow, which can offer IT teams and security auditors the ability to not only say there is a problem, but show solid proof as well. "Accurate vulnerability identification is a crucial and challenging task but it is only half the battle,” says Dan Kuykendall, co-CEO and CTO of NT OBJECTives. “We wanted to support organizations in their analysis and remediation efforts by providing an easy to use tool that enables penetration testers to demonstrate how these vulnerabilities can be exploited. We felt it was important to provide a free and useful tool to our customers and to the entire community.” While we can hype the tool and its ease of use all day long, it’s better to see for yourself. NT OBJECTives has a quick three minute demo video showing the basics of the tool, which for most testers and security analysts highlights everything needed to get up and running. Sursa: Free Tool Provides Point and Click SQL Injection Vulnerability Scanning | SecurityWeek.Com NTO SQL Invader: http://rstcenter.com/forum/44578-nto-sql-invader.rst Haideti script-kidies, "la treaba"...

Enforcing Permanent DEP Filed under: Shellcode — Didier Stevens @ 21:12 Here’s a video of an exercise in my White Hat Shellcode Workshop I gave at Brucon in September. Sursa: White Hat Shellcode Workshop: Enforcing Permanent DEP

[h=1]5 Hottest Security Jobs in 2012[/h] Security Analyst, Architect Head Top Career Opportunities December 9, 2011 - Upasana Gupta, Contributing Editor, CareersInfoSecurity Information security is one of those rare fields - it has more job openings than people to fill them. Dice.com, the largest IT job site, confirms this job growth and indicates a 79 percent increase in the total number of information security jobs posted on the site from September 2009 to September 2011. Based on a review of job postings, here are the five hottest jobs for information security pros in 2012: [h=3]Security Analyst[/h] Employers have posted 42 percent more security analyst jobs on Dice in September 2011 than in 2010. This is no surprise, especially when employment among information security analysts soared by 16 percent this year during the second quarter, with the Bureau of Labor reporting no unemployment during the first two quarters of 2011. (see Infosec Joblessness Remains Steady, at 0%). John Reed, executive director at Robert Half Technology, an IT staffing firm, attributes the high growth to organizations becoming more security aware in light of cyber crimes, and needing hands-on IT security folks to uncover new vulnerabilities in order to keep their environment secure. "These are individuals on the front lines of security, fighting the fight everyday, and as such are critical for organizations to have," he says. BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure, as well as respond to computer security breaches and viruses. Average Salary: $84,000 for a security analyst position. Who's Hiring: Demand is high with federal government, state agencies, defense contractors and healthcare organizations. [h=3]Security Architect[/h] Forty percent more jobs are posted on Dice this year. The move to mobile, wireless and cloud services by organizations has created a huge demand for this position, says Mano Paul, (ISC)2 software assurance adviser. These services are pushing the need for a "new breed of architects and business- savvy leaders who understand business requirements, and can translate them into functional specifications without compromising on the assurance aspects," he says. Dice.com defines a security architect as a professional who designs systems, databases, infrastructure and networks to be secure. They provide information security solutions to the architecture of an enterprise ensuring the security of business information at every point. Average Salary: $120,000 for a security architect position. Who's Hiring: Large financial institutions, healthcare organizations, technology companies and cloud providers. [h=3]Application Security[/h] Thirty-three percent more jobs are posted on Dice in application security this year. The increased focus on customer-facing technologies, use of mobile applications, need for secure software and products within organizations and transitions to electronic health records have led to the demand for these jobs. "High incidences of application attacks, data breaches and applications that are conduits to the data, combined with surge in tech businesses, is pushing growth for qualified professionals," Paul says. The Open Web Application Security Project, a not-for-profit organization focused on improving the security of application software, defines application security professionals as those that use software and security methods to protect applications from external threats and vulnerabilities. They are largely involved in building security measures into an application's life cycle including design, development, deployment, upgrade or maintenance. Average Salary: $93,000 for an application security position. Who's Hiring: Online companies, technology firms, cloud providers and security vendors. [h=3]Security Engineer[/h] Employers have posted 27 percent more security engineer jobs on Dice this year. This field is hot because the role is broad and covers areas from penetration testing, vulnerability assessments, programming, designing systems to testing software. "It's not like a painting on the wall that you hang up and it's done. Organizations need constant assessment of their risk and vulnerabilities, and therefore require such breadth of expertise," Reed says. BLS defines security engineers as those who securely design, develop, test and evaluate computer applications and system software. Although programmers write and support programs in new languages, much of the design, security and development are the responsibility of security engineers. They also focus in developing algorithms, and analyzing and solving programming problems for specific network systems. Average Salary: $94,000 for a security engineer position. Who's Hiring: This position is in demand in all sectors, including government, healthcare, finance, in addition to online and technology companies. [h=3]Network Security[/h] Twenty-five percent more jobs are posted on Dice within network security this year. Of the 100 jobs that make Money magazine's and Payscale.com's list, network security was ranked number eight last year as one of the most desirable job positions, carrying an annualized 10-year forecast growth of 27 percent. "Network security continues to be a pain point for companies," says Alice Hill, managing director of Dice.com. She finds that organizations continue to prioritize investing in these professionals to protect critical infrastructure and keep their technology platforms safe from ongoing cyber threats like malware and hacking. Further, she says that the growing use of sophisticated computer networks, including Internet and intranet sites, and the need for faster, more efficient networking products, are increasing the demand for these professionals. BLS defines network security as those who design and evaluate network systems, such as local area networks, wide area networks and Internet systems. They perform network modeling, analysis, and planning, that deals with the interfacing of computer and communications equipment. Their primary focus is in protecting the computer systems in the network from unwanted intrusions, misuse, access or modifications. Average Salary: $93,000 for a network security engineer position. Who's Hiring: An increased demand is coming from government agencies, healthcare organizations, consulting companies and defense contractors. Editors Note: Salaries cited in the story came from salary tracking websites Indeed.com and Payscale.com. Sursa: 5 Hottest Security Jobs

Browser Security Comparison A Quantitative Approach Document Profile Version 0.0 Published 12/6/2011 Contents Authors ......................................................................................................................................................... v Executive Summary ...................................................................................................................................... 1 Methodology Delta .................................................................................................................................. 1 Results ...................................................................................................................................................... 2 Conclusion ................................................................................................................................................ 2 Introduction ................................................................................................................................................. 3 Analysis Targets ....................................................................................................................................... 4 Analysis Environment............................................................................................................................... 4 Analysis Goals .......................................................................................................................................... 4 Browser Architecture ................................................................................................................................... 5 Google Chrome ........................................................................................................................................ 5 Internet Explorer ...................................................................................................................................... 5 Mozilla Firefox .......................................................................................................................................... 6 Summary .................................................................................................................................................. 6 Browser Comparison ................................................................................................................................ 8 Historical Vulnerability Statistics .................................................................................................................. 8 Browser Comparison ................................................................................................................................ 8 Issues with Counting Vulnerabilities ......................................................................................................... 9 Issues Surrounding Timeline Data .......................................................................................................... 10 Issues Surrounding Severity .................................................................................................................... 11 Issues Unique to Particular Vendors ....................................................................................................... 11 Data Gathering Methodology ................................................................................................................. 13 Update Frequencies ............................................................................................................................... 13 Publicly Known Vulnerabilities ................................................................................................................ 16 Vulnerabilities by Severity ...................................................................................................................... 17 Time to Patch ......................................................................................................................................... 18 URL Blacklist Services ................................................................................................................................. 20 Comparing Blacklists ............................................................................................................................... 20 “Antivirus-via-HTTP” ............................................................................................................................... 20 Multi-Browser Defense ........................................................................................................................... 20 Comparing Blacklist Services ................................................................................................................... 21 Comparison Methodology ...................................................................................................................... 21 Results Analysis ...................................................................................................................................... 21 Conclusions ............................................................................................................................................ 25 Anti-exploitation Technologies ................................................................................................................... 26 Address Space Layout Randomization (ASLR) ......................................................................................... 26 Data Execution Prevention (DEP) ............................................................................................................ 26 Stack Cookies (/GS) ................................................................................................................................ 26 SafeSEH/SEHOP ...................................................................................................................................... 26 Sandboxing ............................................................................................................................................. 27 JIT Hardening ......................................................................................................................................... 28 Browser Anti-Exploitation Analysis ............................................................................................................. 31 Browser Comparison ............................................................................................................................... 32 Google Chrome ...................................................................................................................................... 34 Microsoft Internet Explorer .................................................................................................................... 45 Mozilla Firefox ........................................................................................................................................ 58 Browser Add-Ons ....................................................................................................................................... 67 Browser Comparison ............................................................................................................................... 68 Google Chrome ...................................................................................................................................... 69 Internet Explorer .................................................................................................................................... 80 Firefox .................................................................................................................................................... 89 Add-on summary ................................................................................................................................... 97 Conclusions ................................................................................................................................................ 98 Bibliography ............................................................................................................................................. 100 Appendix A – Chrome Frame ......................................................................................................................... I Overview ................................................................................................................................................... I Decomposition ......................................................................................................................................... II Security Implications ............................................................................................................................... III Risk Mitigation Strategies ......................................................................................................................... V Conclusion ................................................................................................................................................ V Bibliography ............................................................................................................................................ VI Appendix B .................................................................................................................................................... I Google Chrome ......................................................................................................................................... I Internet Explorer ................................................................................................................................... XIII Mozilla Firefox ..................................................................................................................................... XVIII Tools .............................................................................................................................................................. I Authors Listed in alphabetical order: - Joshua Drake (jdrake@accuvant.com) - Paul Mehta (pmehta@accuvant.com) - Charlie Miller (charlie.miller@accuvant.com) - Shawn Moyer (smoyer@accuvant.com) - Ryan Smith (rsmith@accuvant.com) - Chris Valasek (cvalasek@accuvant.com) Pages: 140 Download: http://www.accuvant.com/sites/default/files/AccuvantBrowserSecCompar_FINAL.pdf

Bun, sa lamurim situatia: "Stiu pe cineva care are ceva de genul... POS stealer. Este un virus mic, care se instaleaza in terminalele POS si, tot ce trece prin terminal salveaza... ori in mail ori urca pe un ftp. Daca stie cineva ceva, rog PM." Eu din acest post inteleg ca esti interesat de un POS stealer, ceea ce nu e tocmai ceva etic si regulile forumului interzic astfel de rahaturi aici, vrem ca oamenii de aici sa fie oameni pasionati de securitate IT, programare, NU de furturi, carding si alte rahaturi. Nu vreau sa se stranga aici tot felul de astfel de persoane dormice de furat date bancare din POS-uri. Regulile forumului sunt destul de clare in aceasta privinta. Daca ai nelamuriri in continuare si nu esti de acord cu banul, iti poti crea un alt cont si imi poti trimite un PM de pe el. Asta daca nu esti tu cel care a inceput sa injure pe la prezentare, in aceste conditii nu cred ca are rost sa te chinui. Edit: Daca vrei sa ajungi asa: http://packetstormsecurity.org/news/view/20311/Four-Romanians-Charged-With-Hacking-150-Subway-Shops.html e problema ta, noi nu vrem sa incurajam astfel de rahaturi si nu suntem de acord cu ele.

Am mai facut cateva modificari de ordin grafic. Am mai centrat putin lucrurile. O sa ma ocup si de altele azi si maine.

Ca idee, TOATE datele trec prin serverele Yahoo! Am facut un test cu un transfer de fisier si fisierul era transmis tot printr-un server Yahoo!, deci nu poti vedea IP-ul celui cu care vorbesti pe messenger.

Da, chiar nu mi-ar fi trecut prin cap sa dau Next la instalare, ma gandeam ca: "Frate, poate iau virusi daca dau Next". Acum serios, nu cred ca e nevoie de un tutorial despre cum sa instalezi si sa folosesti un client FTP. Si mai serios, incercati sa postati lucruri interesante, aici la tutoriale romana sunt o gramada de rahaturi imputite, porcarii care nu o sa ajute pe nimeni sa se ridice si sa invete mai multe. Oricum, nu e nicio problema ca ai postat, dimpotriva, poate fi foarte util multor persoane, dar cred ca majoritatea celor de aici stiu sa foloseasca un client FTP. Ar fi perfect daca ar traduce cineva niste tutoriale din engleza...

Bun, la puscarie cu ei.

Ok, daca mai gasesti astfel de probleme sa postezi. Valabil si pentru ceilalti. O sa repar ce se poate. Daca mai sunt persoane care "si-au pierdut" conturile sa procedeze la fel: username vechi si un link cu un post de pe vechiul username + alte detalii ca join date sau mai stiu eu ce.

User: LLegoLLaS User: Petzy User: BGS User: wildchild User: tromfil Am "rezolvat" problema cu conturile (pentru cei de mai sus). Datele de pe noile conturi au fost sterse. Totusi, nu garantez ca aveti toate datele de dinainte. De fapt pot sa spun ca nu garantez pentru niciun utilizator ca are toate datele de dinainte de probleme. Am actualizat si "post count" pentru toti utilizatorii forumului. Cam atat pentru aceasta seara, imi era mai usor daca nu foloseati conturile noi sa nu stau sa sterg datele existente (in afara de posturi). Maine seara si in weekend rezolv si alte probleme, mai sunt...

[h=2]Six Ways to Automate Metasploit[/h] Posted by HD Moore on Dec 8, 2011 10:44:35 AM Onward Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul of our development process. Our primary goals were to accelerate community collaboration and better define the scopes of our open source projects. The first step was to migrate all open source development to GitHub. This has resulted in a flood of contributors and lots of great new features and content. One controversial change involved removing old, buggy automation tools that simply didn't meet the quality bar, or our scope for the framework. This resulted in the removal of file_autopwn and db_autopwn. Both of these modules were easy to use, but were more likely to fall over and crash than produce useful results. The db_autopwn code started off as a joke and never reached a point where it was actually stable. For anyone who really wants to use db_autopwn, a community contributor maintains it as a plugin in a GitHub fork. The Metasploit products (inlcuding the open source Metasploit Framework) support automation at multiple levels. How you automate the product depends on what type of task you are working on and the granularity needed. The list below is not comprehensive; there are an infinite number of ways to extend, include, and automate Metaspoit, but these are the best supported and most common methods. The Metasploit Console Resource Scripts The console (msfconsole or msfpro) supports basic automation using Resource Scripts. These scripts contain a set of console commands that are executed when the script loads. In addition to basic console commands, these scripts are also treated as ERB templates. ERB is a way to embed Ruby code directly into a document. This allows you to call APIs that are not exposed via console commands and even programmatically generate and return a list of commands based on your own logic. Resource Scripts can be specified with the -r option to the Metasploit Console and ~/.msf4/msfconsole.rc is automatically executed on startup if it exists. Resource Scripts can also be executed from the console prompt through the resource command. Plugins The console (msfconsole or msfpro) also supports the concept of Plugins. Plugins add new console commands that provide a utlity or automation function. The flexibility of the Ruby language allows Plugins to do nearly anything, from exposing new automation capabilities, to providing socket-level content filtering to prevent the tripping of a remote IDS. Direct integration with Nexpose, Nessus, and OpenVAS from the console are accomplished through plugins. The full list of default plugins can be found in the GitHub repository. Plugins are the suggested way to work on new console commands and share them with the wider community. Auxiliary Module Custom Commands Auxiliary modules are defined as any Metasploit module that performs a remote operation of some sort, but doesn't take an actual payload like an exploit. Auxiliary modules handle things like reconnaisance, authentication bypass, network sniffing, and vulnerability discovery. One little-used feature of Auxiliary modules is the ability to define new console commands from within the module context. The user would enter "use auxiliary/module/name" and if the module exposes new commands, these would become available to the console. One example is the TrendMicro ServerProtect File Access module. Custom Auxiliary Modules Although we do not accept modules that run other modules into the Metaspoit Framework proper, these are trivial to create as custom modules and allow for any form of automation, exposed through any supported user interface. The major advantage to writing automation tools as Auxiliary modules is that they will usually work just fine from Metasploit Community Edition or Metasploit Pro, as well third-party interfaces like MSFGUI. One example of an existing automation module in the framework (and one that is still being reviewed from a design perspective) is browser_autopwn. This module will automatically configure exploit modules and redirect the target to the appropriate one. The reason why this isn't really a good fit for the framework is that payload and target selection are hardcoded to values that may not always work. We are looking into better ways to handle client-side exploit automation, but until then, it serves as an in-tree example of Auxiliary module automation. Metasploit Remote API The Metasploit Framework and Metasploit Pro both support automation using a documented Remote API. On the framework side, this exposes a wide range of functionality at the lowest level, allowing the caller to run modules, interact with sessions, and generally access the backend of the Metasploit instance. Metasploit Pro builds on this by offering access to the commercial product features through the same API. In fact, the Metasploit Pro user interface uses this same API to drive the backend automation. The product was built with automation and extensibility in-mind. Using Metasploit Pro with the Remote API makes it painless to remotely automate a penetration test, across multiple instances of Pro, all from a central location. Rapid7 customers are using this today to conduct automation exploitation during off-hour scan windows and to automate things like password testing across dozens of remote sites at once, with centralized reporting. You can find examples of the Pro API automation in the documentation directory of the framework. The msfrpc-client GEM is available for Ruby developers. Ruby Programming At the end of the day, the Metasploit Framework is a development environment more than it is a standalone product. The APIs offered make it easy to embed a copy of the framework into another tool, parse the module database looking for a specific set of criteria, or even repurpose the existing network APIs to build something new. Each of the previous methods makes it easy to load custom Ruby code and leverage that code in a useful way; to get the most out of the Metasploit products, it helps to become familiar with the framework API itself. Nearly all of the framework code is available under an open source license and the latest changes can be found in the main GitHub repository. Metasploit Pro customers are encouraged to contact support (and likely, from there, the development team) about any ideas they have for development or integration. Nearly any code written for the Metasploit Framework is drop-in compatible with Metasploit Pro. Support If you have any questions about automation, the Discussion forum in the Rapid7 Community is a great way to get started. For realtime discussion, the #metasploit channel on the FreeNode IRC network (#metasploit) is a great resource as well. Sursa: https://community.rapid7.com/community/metasploit/blog/2011/12/08/six-ways-to-automate-metasploit