book

Effective Python Penetration Testing

Name: Effective Python Penetration Testing
Author: Rejah Rehim
ISBN: 9781785280696

by Rejah Rehim

June 2016

Intermediate to advanced

164 pages

3h 16m

English

Packt Publishing

Read now

Unlock full access

Effective Python Penetration Testing
Effective Python Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions

Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Python Scripting Essentials
Setting up the scripting environmentSetting up in LinuxSetting up in MacSetting up in Windows
Installing third-party libraries
Setuptools and pipWorking with virtual environmentsUsing virtualenv and virtualwrapper
Python language essentials
Variables and typesStringsListsDictionariesNetworkingHandling exceptions
Summary
2. Analyzing Network Traffic with Scapy
Sockets modulesSocketMethods in socket moduleCreating a socketConnecting to a server and sending dataReceiving dataHandling multiple connectionsSocketServerSimple server with the SocketServer module
Raw socket programming
Creating a raw socketBasic raw socket snifferRaw socket packet injection
Investigate network traffic with Scapy
Packet sniffing with ScapyPacket injection with ScapyScapy send and receive methodsProgramming with Scapy
Summary
3. Application Fingerprinting with Python
Web scrapingurllib / urllib2 moduleUseful methods of urllib/urllib2Requests moduleParsing HTML using BeautifulSoupDownload all images on a page
Parsing HTML with lxml
ScrapyE-mail gathering
OS fingerprinting
Get the EXIF data of an image
Web application fingerprinting
Summary
4. Attack Scripting with Python
Injections
Broken authentication
Cross-site scripting (XSS)
Insecure direct object references
Security misconfiguration
Sensitive data exposure
Missing function level access control
CSRF attacks
Using components with known vulnerabilities
Unvalidated redirects and forwards
Summary
5. Fuzzing and Brute-Forcing
Fuzzing
Classification of fuzzers
Mutation (dump) fuzzersGeneration (intelligent) fuzzers
Fuzzing and brute-forcing passwords
Dictionary attack
SSH brute-forcing
SMTP brute-forcing
Brute-forcing directories and file locations
Brute-force cracking password protected ZIP files
Sulley fuzzing frameworkInstallationScripting with sulleyPrimitivesBlocks and groupsSessions
Summary
6. Debugging and Reverse Engineering
Reverse engineering
Portable executable analysis
DOS headerPE headerLoading PE fileInspecting headersInspecting sectionsPE packers
Listing all imported and exported symbols
Disassembling with Capstone
PEfile with Capstone
Debugging
Breakpoints
Using PyDBG
Summary
7. Crypto, Hash, and Conversion Functions
Cryptographic algorithms
Hash functions
Hashed Message Authentication Code (HMAC)Message-digest algorithm (MD5)Secure Hash Algorithm (SHA)HMAC in Pythonhashlib algorithmsPassword hashing algorithmsSymmetric encryption algorithmsBlock and stream cipherPyCryptoAES encryption of a file
Summary
8. Keylogging and Screen Grabbing
KeyloggersHardware keyloggersSoftware keyloggers
Keyloggers with pyhook
Screen grabbing
Summary
9. Attack Automation
ParamikoEstablish SSH connection with paramikoRunning commands with paramikoSFTP with paramiko
python-nmap
W3af REST API
Metasploit scripting with MSGRPC
ClamAV antivirus with Python
OWASP ZAP from Python
Breaking weak captchaAutomating BeEF with PythonInstalling BeEFConnecting BeEF with MetasploitAccessing BeEF API with Python
Accessing Nessus 6 API with Python
Summary
10. Looking Forward
Pentestly
Twisted
Nscan
sqlmap
CapTipper
Immunity Debugger
pytbull
ghost.py
peepdf
Summary

Overview

Effective Python Penetration Testing guides you through leveraging Python scripts, libraries, and tools to perform professional-grade penetration testing. You'll learn skills like analyzing network traffic, fingerprinting applications, scripting attacks, and automating pentests. With an emphasis on practical application, this book prepares you to identify and address vulnerabilities in systems.

What this Book will help me do

Learn to write Scapy scripts to analyze complex network traffic for vulnerabilities.
Acquire skills to fingerprint web applications effectively using Python tools like ProxMon and Spynner.
Master crafting attack scripts and fuzzing tools tailored to penetration testing scenarios.
Gain knowledge of cryptographic toolkit usage in Python for enhancing security.
Understand methods to automate penetration testing tasks for efficient security assessments.

Author(s)

Rejah Rehim is a seasoned penetration tester and security expert with years of experience in cybersecurity. His work focuses on educating practitioners on how to proactively secure systems. Known for his engaging teaching style, Rejah emphasizes practical and actionable knowledge in his writing to prepare readers for real-world cyber defense challenges.

Who is it for?

This book is perfect for Python programmers who want to extend their skills to include penetration testing. If you are familiar with core Python programming concepts and seek to apply these skills to cybersecurity, this book is for you. It's ideal for IT professionals, developers, and ethical hackers aiming to identify and prevent security weaknesses. Students of cybersecurity and entry-level pentesters will also find this resource invaluable for gaining hands-on experience.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781785280696

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills