O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Effective Python Penetration Testing

Book Description

Pen test your system like a pro and overcome vulnerabilities by leveraging Python scripts, libraries, and tools

About This Book

  • Learn to utilize your Python scripting skills to pentest a computer system, network, and web-application
  • Get proficient at the art of assessing vulnerabilities by conducting effective penetration testing
  • This is the ultimate guide that teaches you how to use Python to protect your systems against sophisticated cyber attacks

Who This Book Is For

This book is ideal for those who are comfortable with Python or a similar language and need no help with basic programming concepts, but want to understand the basics of penetration testing and the problems pentesters face.

What You Will Learn

  • Write Scapy scripts to investigate network traffic
  • Get to know application fingerprinting techniques with Python
  • Understand the attack scripting techniques
  • Write fuzzing tools with pentesting requirements
  • Learn basic attack scripting methods
  • Utilize cryptographic toolkits in Python
  • Automate pentesting with Python tools and libraries

In Detail

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks.

We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner.

Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.

Style and approach

This is an expert’s guide to Python with a practical based approach, where each chapter will help you improve your penetration testing skills using Python to become a master pen tester.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Effective Python Penetration Testing
    1. Effective Python Penetration Testing
    2. Credits
    3. About the Author
    4. About the Reviewer
    5. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
    6. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    7. 1. Python Scripting Essentials
      1. Setting up the scripting environment
        1. Setting up in Linux
        2. Setting up in Mac
        3. Setting up in Windows
      2. Installing third-party libraries
        1. Setuptools and pip
        2. Working with virtual environments
          1. Using virtualenv and virtualwrapper
      3. Python language essentials
        1. Variables and types
        2. Strings
        3. Lists
        4. Dictionaries
        5. Networking
        6. Handling exceptions
      4. Summary
    8. 2. Analyzing Network Traffic with Scapy
      1. Sockets modules
        1. Socket
          1. Methods in socket module
          2. Creating a socket
          3. Connecting to a server and sending data
          4. Receiving data
          5. Handling multiple connections
        2. SocketServer
          1. Simple server with the SocketServer module
      2. Raw socket programming
        1. Creating a raw socket
        2. Basic raw socket sniffer
        3. Raw socket packet injection
      3. Investigate network traffic with Scapy
        1. Packet sniffing with Scapy
        2. Packet injection with Scapy
        3. Scapy send and receive methods
        4. Programming with Scapy
      4. Summary
    9. 3. Application Fingerprinting with Python
      1. Web scraping
        1. urllib / urllib2 module
          1. Useful methods of urllib/urllib2
          2. Requests module
          3. Parsing HTML using BeautifulSoup
          4. Download all images on a page
      2. Parsing HTML with lxml
        1. Scrapy
        2. E-mail gathering
      3. OS fingerprinting
      4. Get the EXIF data of an image
      5. Web application fingerprinting
      6. Summary
    10. 4. Attack Scripting with Python
      1. Injections
      2. Broken authentication
      3. Cross-site scripting (XSS)
      4. Insecure direct object references
      5. Security misconfiguration
      6. Sensitive data exposure
      7. Missing function level access control
      8. CSRF attacks
      9. Using components with known vulnerabilities
      10. Unvalidated redirects and forwards
      11. Summary
    11. 5. Fuzzing and Brute-Forcing
      1. Fuzzing
      2. Classification of fuzzers
        1. Mutation (dump) fuzzers
        2. Generation (intelligent) fuzzers
      3. Fuzzing and brute-forcing passwords
      4. Dictionary attack
      5. SSH brute-forcing
      6. SMTP brute-forcing
      7. Brute-forcing directories and file locations
      8. Brute-force cracking password protected ZIP files
        1. Sulley fuzzing framework
          1. Installation
          2. Scripting with sulley
          3. Primitives
          4. Blocks and groups
          5. Sessions
      9. Summary
    12. 6. Debugging and Reverse Engineering
      1. Reverse engineering
      2. Portable executable analysis
        1. DOS header
        2. PE header
          1. Loading PE file
        3. Inspecting headers
        4. Inspecting sections
        5. PE packers
      3. Listing all imported and exported symbols
      4. Disassembling with Capstone
      5. PEfile with Capstone
      6. Debugging
        1. Breakpoints
      7. Using PyDBG
      8. Summary
    13. 7. Crypto, Hash, and Conversion Functions
      1. Cryptographic algorithms
      2. Hash functions
        1. Hashed Message Authentication Code (HMAC)
        2. Message-digest algorithm (MD5)
        3. Secure Hash Algorithm (SHA)
        4. HMAC in Python
        5. hashlib algorithms
        6. Password hashing algorithms
        7. Symmetric encryption algorithms
          1. Block  and stream cipher
        8. PyCrypto
          1. AES encryption of a file
      3. Summary
    14. 8. Keylogging and Screen Grabbing
      1. Keyloggers
        1. Hardware keyloggers
        2. Software keyloggers
      2. Keyloggers with pyhook
      3. Screen grabbing
      4. Summary
    15. 9. Attack Automation
      1. Paramiko
        1. Establish SSH connection with paramiko
        2. Running commands with paramiko
        3. SFTP with paramiko
      2. python-nmap
      3. W3af REST API
      4. Metasploit scripting with MSGRPC
      5. ClamAV antivirus with Python
      6. OWASP ZAP from Python
        1. Breaking weak captcha
        2. Automating BeEF with Python
          1. Installing BeEF
          2. Connecting BeEF with Metasploit
          3. Accessing BeEF API with Python
      7. Accessing Nessus 6 API with Python
      8. Summary
    16. 10. Looking Forward
      1. Pentestly
      2. Twisted
      3. Nscan
      4. sqlmap
      5. CapTipper
      6. Immunity Debugger
      7. pytbull
      8. ghost.py
      9. peepdf
      10. Summary