If you are a Python programmer or a security researcher who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this book is ideal for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.
Author(s): Mohit
Publisher: Packt Pub Limited
Year: 2015
Language: English
Pages: 178
Cover
Copyright
Credits
About the Author
About the Reviewers
www.PacktPub.com
Table of Contents
Preface
Chapter 1: Python with Penetration
Testing and Networking
Introducing the scope of pentesting
The need for pentesting
Components to be tested
Qualities of a good pentester
Defining the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Socket exceptions
Useful socket methods
Summary
Chapter 2
: Scanning Pentesting
How to check live systems in a network and the concept of a live system
Ping sweep
The TCP scan concept and its implementation using a Python script
How to create an efficient IP scanner
What are the services running on the target machine?
The concept of a port scanner
How to create an efficient port scanner
Summary
Chapter 3
: Sniffing and Penetration Testing
Introducing a network sniffer
Passive sniffing
Active sniffing
Implementing a network sniffer using Python
Format characters
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
The ARP request
The ARP reply
The ARP cache
Testing the security system using custom packet crafting and injection
Network disassociation
A half-open scan
The FIN scan
ACK flag scanning
Ping of death
Summary
Chapter 4
: Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Detecting clients of an AP
Wireless attacks
The deauthentication (deauth) attacks
The MAC flooding attack
How the switch uses the CAM tables
The MAC flood logic
Summary
Chapter 5
: Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Checking the HTTP header
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
Chapter 6
: Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Single IP single port
Single IP multiple port
Multiple IP multiple port
Detection of DDoS
Summary
Chapter 7
: Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Simple SQL injection
Blind SQL injection
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Persistent or stored XSS
Nonpersistent or reflected XSS
Summary
Index
Symbol
A
B
C
D
F
G
H
I
L
M
N
O
P
R
S
T
U
W
X
