Python Web Penetration Testing Cookbook

Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing
Preview in Mapt

Python Web Penetration Testing Cookbook

Cameron Buchanan et al.

1 customer reviews
Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing
Mapt Subscription
FREE
$29.99/m after trial
eBook
$25.20
RRP $35.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$25.20
$44.99
$29.99p/m after trial
RRP $35.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Python Web Penetration Testing Cookbook Book Cover
Python Web Penetration Testing Cookbook
$ 35.99
$ 25.20
Python: Web Development with Penetration Testing Book Cover
Python: Web Development with Penetration Testing
$ 124.99
$ 106.25
Buy 2 for $35.00
Save $125.98
Add to Cart
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 

Book Details

ISBN 139781784392932
Paperback224 pages

Book Description

This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.

Table of Contents

Chapter 1: Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
Chapter 2: Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
Chapter 3: Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
Chapter 4: SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
Chapter 5: Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
Chapter 6: Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
Chapter 7: Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
Chapter 8: Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
Chapter 9: Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly

What You Will Learn

  • Enumerate users on web apps through Python
  • Develop complicated header-based attacks through Python
  • Deliver multiple XSS strings and check their execution success
  • Handle outputs from multiple tools and create attractive reports
  • Create PHP pages that test scripts and tools
  • Identify parameters and URLs vulnerable to Directory Traversal
  • Replicate existing tool functionality in Python
  • Create basic dial-back Python scripts using reverse shells and basic Python PoC malware

Authors

Table of Contents

Chapter 1: Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
Chapter 2: Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
Chapter 3: Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
Chapter 4: SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
Chapter 5: Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
Chapter 6: Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
Chapter 7: Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
Chapter 8: Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
Chapter 9: Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly

Book Details

ISBN 139781784392932
Paperback224 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Web Penetration Testing with Kali Linux Book Cover
Web Penetration Testing with Kali Linux
$ 29.99
$ 21.00
Mastering Object-oriented Python Book Cover
Mastering Object-oriented Python
$ 26.99
$ 18.90
Python Network Programming Cookbook Book Cover
Python Network Programming Cookbook
$ 26.99
$ 18.90
Web Penetration Testing with Kali Linux Book Cover
Web Penetration Testing with Kali Linux
$ 29.99
$ 21.00
Python Machine Learning Book Cover
Python Machine Learning
$ 35.99
$ 25.20
Selenium Testing Tools Cookbook Book Cover
Selenium Testing Tools Cookbook
$ 26.99
$ 18.90