O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hands-On Penetration Testing with Python

Book Description

A practical guide to implementing defensive techniques in your ecosystem successfully with the help of Python.

About This Book
  • Identify and expose vulnerabilities in your infrastructure with Python
  • Bypass Cloud environments, Wi-Fi network, Bluetooth devices and fetch sensitive data with simple Python programs.
  • Make robust and powerful cybersecurity tools with python
Who This Book Is For

Hands-On Penetration Testing with Python is for you if you are a developer with prior knowledge of Python, and want in-depth insight into the pentesting ecosystem. This book guides you through the advanced use of Python for cybersecurity and pentesting, helping you to better understand security loopholes within your infrastructure and cloud environments.

What You Will Learn
  • Study penetration testing automation
  • Explore Security Operations Centre (SOC) use cases and cloud security
  • Discover enterprise- or organization-specific use cases and threat hunting automation
  • Understand reverse engineering, fuzzing, and exploit development
  • Walk through day-to-day scenarios of cybersecurity that can be automated with Python
  • Comprehend data science, Python, and cyber security all under one hood
In Detail

With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation, and the only language which dominates all its peers in the penetration testing domain is Python. Given the huge number of tools written in Python and its popularity in the penetration testing space, this language has always been the first choice for penetration testers.

Hands-On Penetration Testing with Python walks you through the advanced Python programming constructs. Once you are familiar with the core concepts, you'll explore the advanced use of Python in the domain of penetration testing and optimization. You'll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In addition to this, you'll study development, reverse engineering, and encountered cybersecurity use cases that can be automated with Python.

By the end of this book, you'll have discovered how to leverage Python as a helpful tool to pentest and secure infrastructure, whilst also creating your own custom exploits.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Preface
  2. Introduction to Python
    1. Technical requirements
    2. Why Python ?
      1. About Python – Compiled or Interpreted
      2. Installation
    3. Getting Started with Basics
      1. Variables and Keywords
      2. Variable Naming Conventions 
      3. Python Keywords
      1. Numbers
      3. String Indexes 
      4. String operations through methods and inbuilt functions 
      5. LIST TYPES
      6. Tuples in Python
      7. Dictionary in Python
    6. Summary
    7. Questions
  3. Building Python Scripts
    1. Technical requirements
    3. Conditional Statements
      2. IF-ELSE Condition
      3. IF-ELIF Condition
    4. LOOPS
      1. While Loops
      2. For Loop
        1. Iteration ,Iterable and Iterator
          1. Deep dive in for loops
    5. Functions / Methods in Python
    6. Modules and packages
    7. Generators and Comprehensions
      1. Comprehensions
        1. Map ,Lambda ,Zip and Filter
    8. Summary
    9. Questions
    10. Further Reading
  4. Concept Handling
    1. Object Oriented Programming in Python
      1. Classes and Objects
      2. Class Relationships
        1. Inheritance
        2. Access Modifiers in Python (Public ,Private Protected)
        3. Composition
        4. Association
        5. Aggregation
      3. Abstract Classes
      4. Polymorphism
        1. Polymorphism with Functions
        2. Polymorphism with classes (abstract classes)
      5. Static ,Instance and Class methods in Python
    2. Files , Directory and I/O access
      1. File Access and Manipulation
      2. Renaming ,Deleting files and Accessing Directories.
      3. Console IO
    3. Regular Expressions in python
    4. XML ,JSON, CSV Data manipulation and parsing
      1. JSON Data Manipulation
      2. CSV
    5. Exception Handling
    6. Summary
    7. Questions
    8. Further Reading
  5. Advance Python Modules
    1. Multitasking with Threads
      1. Daemonic and Non Daemonic Threads
      2. Thread Joins and Enumeration
      3. Intercommunication Between Threads
      4. Thread Concurrency Control
    2. Multitasking with Processes 
      1. Daemonic and Non Daemonic Processes
      2. Process  Joins , Enumeration and Termination
      3. Multiprocess Pooling
    3. Subprocess
    4. Socket Programming Basics
    5. Reverse TCP Shell with Python
    6. Summary
    7. Questions
    8. Further Reading
  6. Vulnerability Scanner Python (PART 1)
    1. Nmap
    2. Building Network Scanner with Python
      1. Controlling Nmap Output with the script
      2. Using  Nmap module to conduct Nmap Port Scanning
        1. Objective and Architectural Overview
        2. Deep dive in the Code
          1. Getting started
        3. Executing The code
        4. Database Schema for Port Scanning portion of Vulnerability Scanner
    3. Summary
    4. Questions
    5. Further Reading
  7. Vulnerability Scanner Python (PART 2)
    1. Architectural Overview
      1. Deep dive in the Code
        1. Driver_scanner.py
        2. driver_meta.py
          1. main()
          2. parse_and_process()
          3. launchConfiguration()
          4. launchExploits()
        3. auto_commands.py
          1. Pexpect
          2. custom_meta()
          3. singleLineCommands_Timeout()
          4. general_interactive()
          5. generalCommands_Tout_Sniff()
          6. HTTP_based()
        4. IPexploits.py
        5. Executing The code
        6. Database Schema for Service Scanning portion of Vulnerability Scanner.
        7. GUI version of Vulnerability Scanner.
    2. Summary
    3. Questions
    4. Further Reading
  8. ML and cyber security
    1. Introduction to Machine Learning
      1. Setting up Machine Learning Environment in Kali Linux
      2. Regression based Machine learning models
        1. Euclidean distance
        2. Simple Linear Regression
          1. How does the regression model work
        3. Multiple Linear Regression
      3. Classification models
        1. Naive Bayes Classifier
          1. Summary of Naive Bayes classifier
          2. Implementation Code.
      4. Natural Language Processing
      5. Using Natural Language processing with Penetration Testing Reports
    2. Summary
    3. Questions
    4. Further Reading
  9. Build a Custom Crawler
  10. Automate Web Application Scanning (Part 1)
  11. Automate Web Application Scanning (Part 2)
  12. Reverse Engineering Windows Applications
  13. Reverse Engineering Linux Applications
  14. Data Exfiltration using Python
  15. Cyber Threat Intelligence
  16. Data security in Cloud
  17. Incident Response - Risk Assessment in Cloud
  18. Python for Cyber Security
  19. Exploiting Internet explorer
  20. Bypassing Host-Based Firewall
  21. Exploit Development