O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Python Penetration Testing Essentials

Book Description

Employ the power of Python to get the best out of pentesting

In Detail

This book is a practical guide that shows you the advantages of using Python for pentesting with the help of detailed code examples.

We start by exploring the basics of networking with Python and then proceed to network hacking. Next, we delve into hacking the application layer where we start with gathering information from a website. We then move on to concepts related to website hacking such as parameter tampering, DDoS, XSS, and SQL injection.

By reading this book, you will learn different techniques and methodologies that will familiarize you with the art of pentesting as well as creating automated programs to find the admin console, SQL injection, and XSS attack.

What You Will Learn

  • Monitor the Ethernet IP and TCP traffic over the network
  • Explore wireless traffic with the help of various programs
  • Perform wireless attacks with Python programs
  • Check live systems and distinguish between the operating system and services of a remote machine
  • Broaden your concepts in pentesting right from the basics of the client/server architecture in Python
  • Gather passive information from a website using automated scripts
  • Perform XSS, SQL injection, and parameter tampering attacks

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Python Penetration Testing Essentials
    1. Table of Contents
    2. Python Penetration Testing Essentials
    3. Credits
    4. About the Author
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Python with Penetration Testing and Networking
      1. Introducing the scope of pentesting
        1. The need for pentesting
        2. Components to be tested
        3. Qualities of a good pentester
        4. Defining the scope of pentesting
      2. Approaches to pentesting
      3. Introducing Python scripting
      4. Understanding the tests and tools you'll need
      5. Learning the common testing platforms with Python
      6. Network sockets
      7. Server socket methods
      8. Client socket methods
      9. General socket methods
      10. Moving on to the practical
        1. Socket exceptions
        2. Useful socket methods
      11. Summary
    9. 2. Scanning Pentesting
      1. How to check live systems in a network and the concept of a live system
        1. Ping sweep
        2. The TCP scan concept and its implementation using a Python script
        3. How to create an efficient IP scanner
      2. What are the services running on the target machine?
        1. The concept of a port scanner
        2. How to create an efficient port scanner
      3. Summary
    10. 3. Sniffing and Penetration Testing
      1. Introducing a network sniffer
        1. Passive sniffing
        2. Active sniffing
      2. Implementing a network sniffer using Python
        1. Format characters
      3. Learning about packet crafting
      4. Introducing ARP spoofing and implementing it using Python
        1. The ARP request
        2. The ARP reply
        3. The ARP cache
      5. Testing the security system using custom packet crafting and injection
        1. Network disassociation
        2. A half-open scan
        3. The FIN scan
        4. ACK flag scanning
        5. Ping of death
      6. Summary
    11. 4. Wireless Pentesting
      1. Wireless SSID finding and wireless traffic analysis by Python
        1. Detecting clients of an AP
      2. Wireless attacks
        1. The deauthentication (deauth) attacks
        2. The MAC flooding attack
          1. How the switch uses the CAM tables
          2. The MAC flood logic
      3. Summary
    12. 5. Foot Printing of a Web Server and a Web Application
      1. The concept of foot printing of a web server
      2. Introducing information gathering
        1. Checking the HTTP header
      3. Information gathering of a website from SmartWhois by the parser BeautifulSoup
      4. Banner grabbing of a website
      5. Hardening of a web server
      6. Summary
    13. 6. Client-side and DDoS Attacks
      1. Introducing client-side validation
      2. Tampering with the client-side parameter with Python
      3. Effects of parameter tampering on business
      4. Introducing DoS and DDoS
        1. Single IP single port
        2. Single IP multiple port
        3. Multiple IP multiple port
        4. Detection of DDoS
      5. Summary
    14. 7. Pentesting of SQLI and XSS
      1. Introducing the SQL injection attack
      2. Types of SQL injections
        1. Simple SQL injection
        2. Blind SQL injection
      3. Understanding the SQL injection attack by a Python script
      4. Learning about Cross-Site scripting
        1. Persistent or stored XSS
        2. Nonpersistent or reflected XSS
      5. Summary
    15. Index