This chapter introduces automated attack and penetration tools and delves into the topics of risk, vulnerabilities, and exploits. A vulnerability is nothing more than a weakness in computer software or the design of a system. Software vulnerabilities typically result from coding errors, bugs, and design flaws.

Security professionals spend a lot of their time on vulnerabilities, but that does not mean that all vulnerabilities are addressed and corrected. Consider, for instance, the analogy of a defective vehicle. Years ago, my brother was given a Ford F-Series truck for a graduation present. Although pleased at the time, he soon discovered that about 8 million of these trucks were recalled due to a faulty ignition switch. This small defect in the design of the switch forced the Ford Motor Company to recall these trucks and replace the faulty component. Compare this to buying a piece of software, where you find out that the software has a design defect. What are your options? As you probably already know, you are at the mercy of the developer to create a patch or update it. If the software is already a couple of years old, as was the case with the Ford F-150, the developer may no longer support the software, leaving you with two options: continue to use vulnerable software or spend money on an upgrade.

The concept behind attack and penetration tools is to look at how vulnerable a piece of software, an application, or a networked ...