Python: Penetration Testing for Developers

Unleash the power of Python scripting to execute effective and efficient penetration tests
Preview in Mapt

Python: Penetration Testing for Developers

Christopher Duffy et al.

2 customer reviews
Unleash the power of Python scripting to execute effective and efficient penetration tests

Quick links: > What will you learn?> Table of content> Product reviews

Mapt Subscription
FREE
$29.99/m after trial
eBook
$5.00
RRP $67.99
Save 92%
Print + eBook
$84.99
RRP $84.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$5.00
$84.99
$29.99 p/m after trial
RRP $67.99
RRP $84.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Python: Penetration Testing for Developers Book Cover
Python: Penetration Testing for Developers
$ 67.99
$ 5.00
Natural Language Processing: Python and NLTK Book Cover
Natural Language Processing: Python and NLTK
$ 67.99
$ 5.00
Buy 2 for $10.00
Save $125.98
Add to Cart

Book Details

ISBN 139781787128187
Paperback650 pages

Book Description

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level.

In the first module, we’ll show you how to get to grips with the fundamentals. This means you’ll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You’ll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat.

In the next module you’ll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert.

Finally in the third module, you’ll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.

This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:

Table of Contents

Chapter 1: Understanding the Penetration Testing Methodology
An overview of penetration testing
Understanding what penetration testing is not
Assessment methodologies
The penetration testing execution standard
Penetration testing tools
Summary
Chapter 2: The Basics of Python Scripting
Understanding the difference between interpreted and compiled languages
Python – the good and the bad
A Python interactive interpreter versus a script
Environmental variables and PATH
Understanding dynamically typed languages
The first Python script
Developing scripts and identifying errors
Python formatting
Python variables
Operators
Compound statements
Functions
The Python style guide
Arguments and options
Your first assessor script
Summary
Chapter 3: Identifying Targets with Nmap, Scapy, and Python
Understanding how systems communicate
Understanding Nmap
Nmap libraries for Python
The Scapy library for Python
Summary
Chapter 4: Executing Credential Attacks with Python
The types of credential attacks
Identifying the target
Creating targeted usernames
Testing for users using SMTP VRFY
Summary
Chapter 5: Exploiting Services with Python
Understanding the new age of service exploitation
Understanding the chaining of exploits
Automating the exploit train with Python
Summary
Chapter 6: Assessing Web Applications with Python
Identifying live applications versus open ports
Identifying hidden files and directories with Python
Credential attacks with Burp Suite
Using twill to walk through the source
Understanding when to use Python for web assessments
Summary
Chapter 7: Cracking the Perimeter with Python
Understanding today's perimeter
Understanding the link between accounts and services
Cracking inboxes with Burp Suite
Identifying the attack path
Gaining access through websites
Summary
Chapter 8: Exploit Development with Python, Metasploit, and Immunity
Getting started with registers
Understanding the Windows memory structure
Understanding memory addresses and endianness
Understanding the manipulation of the stack
Understanding immunity
Understanding basic buffer overflow
Writing a basic buffer overflow exploit
Understanding stack adjustments
Understanding the purpose of local exploits
Understanding other exploit scripts
Reversing Metasploit modules
Understanding protection mechanisms
Summary
Chapter 9: Automating Reports and Tasks with Python
Understanding how to parse XML files for reports
Understanding how to create a Python class
Summary
Chapter 10: Adding Permanency to Python Tools
Understanding logging within Python
Understanding the difference between multithreading and multiprocessing
Building industry-standard tools
Summary
Chapter 11: Python with Penetration Testing and Networking
Introducing the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Summary
Chapter 12: Scanning Pentesting
How to check live systems in a network and the concept of a live system
What are the services running on the target machine?
Summary
Chapter 13: Sniffing and Penetration Testing
Introducing a network sniffer
Implementing a network sniffer using Python
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
Testing the security system using custom packet crafting and injection
Summary
Chapter 14: Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Wireless attacks
Summary
Chapter 15: Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
Chapter 16: Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Summary
Chapter 17: Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Summary
Chapter 18: Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
Chapter 19: Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
Chapter 20: Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
Chapter 21: SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
Chapter 22: Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
Chapter 23: Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
Chapter 24: Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
Chapter 25: Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
Chapter 26: Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly

What You Will Learn

  • Familiarize yourself with the generation of Metasploit resource files and use the Metasploit Remote Procedure Call to automate exploit generation and execution
  • Exploit the Remote File Inclusion to gain administrative access to systems with Python and other scripting languages
  • Crack an organization's Internet perimeter and chain exploits to gain deeper access to an organization's resources
  • Explore wireless traffic with the help of various programs and perform wireless attacks with Python programs
  • Gather passive information from a website using automated scripts and perform XSS, SQL injection, and parameter tampering attacks
  • Develop complicated header-based attacks through Python

Authors

Table of Contents

Chapter 1: Understanding the Penetration Testing Methodology
An overview of penetration testing
Understanding what penetration testing is not
Assessment methodologies
The penetration testing execution standard
Penetration testing tools
Summary
Chapter 2: The Basics of Python Scripting
Understanding the difference between interpreted and compiled languages
Python – the good and the bad
A Python interactive interpreter versus a script
Environmental variables and PATH
Understanding dynamically typed languages
The first Python script
Developing scripts and identifying errors
Python formatting
Python variables
Operators
Compound statements
Functions
The Python style guide
Arguments and options
Your first assessor script
Summary
Chapter 3: Identifying Targets with Nmap, Scapy, and Python
Understanding how systems communicate
Understanding Nmap
Nmap libraries for Python
The Scapy library for Python
Summary
Chapter 4: Executing Credential Attacks with Python
The types of credential attacks
Identifying the target
Creating targeted usernames
Testing for users using SMTP VRFY
Summary
Chapter 5: Exploiting Services with Python
Understanding the new age of service exploitation
Understanding the chaining of exploits
Automating the exploit train with Python
Summary
Chapter 6: Assessing Web Applications with Python
Identifying live applications versus open ports
Identifying hidden files and directories with Python
Credential attacks with Burp Suite
Using twill to walk through the source
Understanding when to use Python for web assessments
Summary
Chapter 7: Cracking the Perimeter with Python
Understanding today's perimeter
Understanding the link between accounts and services
Cracking inboxes with Burp Suite
Identifying the attack path
Gaining access through websites
Summary
Chapter 8: Exploit Development with Python, Metasploit, and Immunity
Getting started with registers
Understanding the Windows memory structure
Understanding memory addresses and endianness
Understanding the manipulation of the stack
Understanding immunity
Understanding basic buffer overflow
Writing a basic buffer overflow exploit
Understanding stack adjustments
Understanding the purpose of local exploits
Understanding other exploit scripts
Reversing Metasploit modules
Understanding protection mechanisms
Summary
Chapter 9: Automating Reports and Tasks with Python
Understanding how to parse XML files for reports
Understanding how to create a Python class
Summary
Chapter 10: Adding Permanency to Python Tools
Understanding logging within Python
Understanding the difference between multithreading and multiprocessing
Building industry-standard tools
Summary
Chapter 11: Python with Penetration Testing and Networking
Introducing the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Summary
Chapter 12: Scanning Pentesting
How to check live systems in a network and the concept of a live system
What are the services running on the target machine?
Summary
Chapter 13: Sniffing and Penetration Testing
Introducing a network sniffer
Implementing a network sniffer using Python
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
Testing the security system using custom packet crafting and injection
Summary
Chapter 14: Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Wireless attacks
Summary
Chapter 15: Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
Chapter 16: Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Summary
Chapter 17: Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Summary
Chapter 18: Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
Chapter 19: Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
Chapter 20: Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
Chapter 21: SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
Chapter 22: Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
Chapter 23: Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
Chapter 24: Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
Chapter 25: Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
Chapter 26: Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly

Book Details

ISBN 139781787128187
Paperback650 pages
Read More
From 2 reviews

Read More Reviews

Recommended for You

Natural Language Processing: Python and NLTK Book Cover
Natural Language Processing: Python and NLTK
$ 67.99
$ 5.00
Python: Deeper Insights into Machine Learning Book Cover
Python: Deeper Insights into Machine Learning
$ 71.99
$ 5.00
Penetration Testing: A Survival Guide Book Cover
Penetration Testing: A Survival Guide
$ 69.99
$ 5.00
Flask: Building Python Web Services Book Cover
Flask: Building Python Web Services
$ 79.99
$ 5.00
Mastering Django: Core Book Cover
Mastering Django: Core
$ 39.99
$ 5.00
Python: End-to-end Data Analysis Book Cover
Python: End-to-end Data Analysis
$ 71.99
$ 5.00