Gray Hat C#

Gray Hat C#

A Hacker's Guide to Creating and Automating Security Tools
by Brandon Perry
June 2017, 304 pp.

Learn to use C#’s powerful set of core ­libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you’ll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.

After a crash course in C# and some of its advanced features, you’ll learn how to:

  • Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads
  • Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections
  • Write a .NET decompiler for OS X and Linux
  • Parse and read offline registry hives to dump system information
  • Automate the security tools Arachni and Metasploit using their MSGPACK RPCs

Streamline and simplify your workday by making the most of C#’s extensive repertoire of powerful tools and libraries with Gray Hat C#.

Author Bio 

Brandon Perry has been writing C# applications since the advent of the open source .NET implementation Mono. In his free time, he ­enjoys writing modules for the Metasploit framework, parsing binary files, and fuzzing things. He is the co-author of Wicked Cool Shell Scripts, 2nd Edition (No Starch Press). He ­manages his software and other projects at

Table of contents 

Chapter 1: C# Crash Course
Chapter 2: Fuzzing and Exploiting XSS and SQL Injection
Chapter 3: Fuzzing SOAP Endpoints
Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads
Chapter 5: Automating Nessus
Chapter 6: Automating Nexpose
Chapter 7: Automating OpenVAS
Chapter 8: Automating the Cuckoo Sandbox
Chapter 9: Automating sqlmap
Chapter 10: Automating ClamAV
Chapter 11: Automating Metasploit
Chapter 12: Automating Arachni
Chapter 13: Decompiling and Reversing Managed Assemblies
Chapter 14: Reading Offline Registry Hives

View the detailed Table of Contents
View the Index


Gray Hat C# is a highly valuable resource that will help you make the most of your SDLC via practical examples. This book will teach you how to integrate with a plethora of widely used and established security tools. Test harder, and ship with confidence.”
Tasos Laskos, Creator of Arachni

“An immersive read that leaves the reader with an excellent understanding of the potential of C#.”
Infosecurity Magazine

“Perry's explanations of what the code does are excellent. If you're trying to test projects to see where vulnerabilities lie so you can close down the holes, I highly recommend this title.”
I Programmer