Python: Penetration Testing for Developers Learning Path

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level. In the first module, we’ll show you how to get to grips with the fundamentals. This means you’ll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You’ll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat. In the next module you’ll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert. Finally in the third module, you’ll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.

Author(s): Christopher Duffy
Publisher: Packt Publishing
Year: 2016

Language: English
Pages: 650

Cover
Copyright
Credits
Preface
Table of Contents
Module 1
Chapter 1: Understanding the Penetration Testing Methodology
An overview of penetration testing
Understanding what penetration testing is not
Assessment methodologies
The penetration testing execution standard
Penetration testing tools
Summary
Chapter 2: The Basics of Python Scripting
The first Python script
Developing scripts and identifying errors
Python formatting
Python variables
Operators
Compound statements
Functions
The Python style guide
Arguments and options
Your first assessor script
Summary
Chapter 3: Identifying Targets with Nmap, Scapy, and Python
Understanding how systems communicate
Understanding Nmap
Nmap libraries for Python
The Scapy library for Python
Summary
Chapter 4: Executing Credential Attacks with Python
The types of credential attacks
Identifying the target
Creating targeted usernames
Testing for users using SMTP VRFY
Summary
Chapter 5: Exploiting Services
with Python
Understanding the new age of service exploitation
Understanding the chaining of exploits
Automating the exploit train with Python
Summary
Chapter 6: Assessing Web Applications with Python
Identifying live applications versus open ports
Identifying hidden files and directories with Python
Credential attacks with Burp Suite
Using twill to walk through the source
Understanding when to use Python for web assessments
Summary
Chapter 7: Cracking the Perimeter
with Python
Understanding today's perimeter
Understanding the link between accounts and services
Cracking inboxes with Burp Suite
Identifying the attack path
Gaining access through websites
Summary
Chapter 8: Exploit Development with Python, Metasploit,
and Immunity
Getting started with registers
Understanding the Windows memory structure
Understanding memory addresses and endianness
Understanding the manipulation of the stack
Understanding immunity
Understanding basic buffer overflow
Writing a basic buffer overflow exploit
Understanding stack adjustments
Understanding the purpose of local exploits
Understanding other exploit scripts
Reversing Metasploit modules
Understanding protection mechanisms
Summary
Chapter 9: Automating Reports and Tasks with Python
Understanding how to parse XML files for reports
Understanding how to create a Python class
Summary
Chapter 10: Adding Permanency to Python Tools
Understanding logging within Python
Understanding the difference between multithreading and multiprocessing
Building industry-standard tools
Summary
Module 2
Chapter 1: Python with Penetration
Testing and Networking
Introducing the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Summary
Chapter 2: Scanning Pentesting
How to check live systems in a network and the concept of a live system
What are the services running on the target machine?
Summary
Chapter 3: Sniffing and Penetration Testing
Introducing a network sniffer
Implementing a network sniffer using Python
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
Testing the security system using custom packet crafting and injection
Summary
Chapter 4: Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Wireless attacks
Summary
Chapter 5: Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
Chapter 6: Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Summary
Chapter 7: Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Summary
Module 3
Chapter 1: Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
Chapter 2: Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
Chapter 3: Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
Chapter 4: SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
Chapter 5: Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
Chapter 6: Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
Chapter 7: Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
Chapter 8: Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
Chapter 9: Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly
Bibliography