33,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Pen test your system like a pro and overcome vulnerabilities by leveraging Python scripts, libraries, and tools
About This Book
- Learn to utilize your Python scripting skills to pentest a computer system, network, and web-application
- Get proficient at the art of assessing vulnerabilities by conducting effective penetration testing
- This is the ultimate guide that teaches you how to use Python to protect your systems against sophisticated cyber attacks
Who This Book Is For
This book is ideal for those who are comfortable with Python or a similar language and need no help with basic programming concepts, but want to understand the basics of penetration testing and the problems pentesters face.
What You Will Learn
- Write Scapy scripts to investigate network traffic
- Get to know application fingerprinting techniques with Python
- Understand the attack scripting techniques
- Write fuzzing tools with pentesting requirements
- Learn basic attack scripting methods
- Utilize cryptographic toolkits in Python
- Automate pentesting with Python tools and libraries
In Detail
Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks.
We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner.
Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.
Style and approach
This is an expert's guide to Python with a practical based approach, where each chapter will help you improve your penetration testing skills using Python to become a master pen tester.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 153
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Effective Python Penetration Testing
Effective Python Penetration Testing
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: June 2016
Production reference: 1200616
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-069-6
www.packtpub.com
Credits
Author
Rejah Rehim
Copy Editor
Safis Editing
Reviewer
Richard Marsden
Project Coordinator
Ulhas Kambali
Commissioning Editor
Sarah Crofton
Proofreader
Safis Editing
Acquisition Editor
Nadeem Bagban
Indexer
Monica Ajmera Mehta
Content Development Editor
Onkar Wani
Graphics
Jason Monteiro
Technical Editor
Shivani K. Mistry
Production Coordinator
Aparna Bhagat
About the Author
Rejah Rehim is currently a security architect with FAYA India and is a long-time preacher of open source. He is a steady contributor to the Mozilla Foundation, and his name has been featured on the San Francisco Monument made by the Mozilla Foundation.
He is a part of the Mozilla add-on review board and has contributed to the development of several node modules. He has to his credit the creation of eight Mozilla add-ons, including the highly successful Clear Console add-on, which was selected as one of the best Mozilla add-ons of 2013. With a user base of more than 44,000, it has registered more than 6,90,000 downloads to date. He has successfully created the world's first, one-of-a-kind security testing browser bundle, PenQ, an open source Linux-based penetration testing browser bundle preconfigured with tools for spidering, advanced web searching, fingerprinting, and so on.
Rejah is also an active member of OWASP and is the chapter leader of OWASP Kerala. He is also an active speaker at FAYA:80, one of the premier monthly tech rendezvous in Technopark, Kerala. Besides being a part of the cyber security division of FAYA currently and QBurst in the past, Rejah is also a fan of process automation and has implemented it in FAYA. In addition to these, Rejah also volunteers with Cyberdome, an initiative of the Kerala police department, as Deputy Commander.
I am thankful to God the Almighty for helping me complete this book. I wish to express my deep and sincere gratitude to my parents and my wife, Ameena Rahamath, for their moral support and prayers in every phase of my life and growth.
I also express my deep gratitude to my friends and family for their constant help in both personal and professional spheres. I am truly blessed to be working with the smartest and most dedicated people in the world at FAYA. This humble endeavor has been successful with the constant support and motivation of my colleagues, notably Deepu S. Nath and Arunima S. Kumar. I would like to specially thank Onkar Wani (content development editor at Packt Publishing) for supporting me during the course of completing this book.
About the Reviewer
Richard Marsden has over 20 years of professional software development experience. After starting in the field of geophysical surveying for the oil industry, he has spent the last 10 years running Winwaed Software Technology LLC, an independent software vendor. Winwaed specializes in geospatial tools and applications, including web applications, and operate the http://www.mapping-tools.com website for tools and add-ins for geospatial products, such as Caliper Maptitude and Microsoft MapPoint.
Richard was also a technical reviewer for the following books by Packt publishing: Python Geospatial Development and Python Geospatial Analysis Essentials, both by Erik Westra; Python Geospatial Analysis Cookbook by Michael Diener; and Mastering Python Forensics by Dr. Michael Spreitzenbarth and Dr. Johann Uhrmann.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.
Preface
Python is a high-level and general-purpose language with clear syntax and a comprehensive standard library. Often referred to as a scripting language, Python is dominant in information security with its low complexity, limitless libraries, and third-party modules. Security experts have singled out Python as a language for developing information security toolkits, such as w3af . The modular design, human-readable code, and fully developed suite of libraries make Python suitable for security researchers and experts to write scripts and build tools for security testing.
Python-based tools include all types of fuzzers, proxies, and even the occasional exploit. Python is the driving language for several current open source penetration-testing tools from Volatility for memory analysis to libPST for abstracting the process of examining e-mails. It is a great language to learn because of the large number of reverse engineering and exploitation libraries available for your use. So, learning Python may help you in difficult situations where you need to extend or tweak those tools.
In this book,we will get an idea of how a penetration tester can use these tools and libraries to aid his or her day-to-day work.
What this book covers
Chapter 1, Python Scripting Essentials, breaks the ice by providing the basic concepts of Python scripting, installing third-party libraries, threading, process execution, exception handling, and penetration testing.
Chapter 2, Analyzing Network Traffic with Scapy, introduces a packet-manipulation tool, Scapy, which allows users to sniff, create, send, and slice packets for analysis. The chapter provides insight into investigating network traffic using Scapy, parsing DNS traffic, packet sniffing, packet injection, and passive OS fingerprinting. This empowers you to create and send custom packets over the network and analyze the raw output received for various protocols.
Chapter 3, Application Fingerprinting with Python, discusses the basics of fingerprinting web applications using Python. You will master the techniques of web scraping, e-mail gathering, OS fingerprinting, application fingerprinting, and information gathering using Python libraries.
Chapter 4, Attack Scripting with Python, addresses this issue of attacks with Python scripts needing to be addressed for efficient penetration testing by detailing the techniques of attacks and OWASP top vulnerabilities. You will learn to write scripts to exploit the same.
Chapter 5, Fuzzing and Brute-Forcing, tells you how fuzzing and brute-forcing still remain the top attacks tackled by testers. This chapter summarizes fuzzing and brute-forcing passwords, directories, and file locations; brute-force cracking ZIP files; HTML form authentication; and the Sulley fuzzing framework. This enables the user to extend the fuzzing tools for pentesting requirements with Python.
Chapter 6, Debugging and Reverse Engineering, describes the debugging and reverse-engineering techniques that should be mastered by a pentester. The debugging techniques are presented using Capstone and PyDBG.
Chapter 7, Crypto, Hash, and Conversion Functions, summarizes the Python Cryptography ToolKit, which helps you write scripts to find different types of password hashes.
Chapter 8, Keylogging and Screen Grabbing, discusses the basics of keylogging and screen-grabbing techniques. The techniques are presented with PyHook, which helps log keyboard events and take screenshots using Python.
Chapter 9, Attack Automation, gives a detailed description of attack automation by covering SSH brute forcing, SFTP automations with paramiko, Nmap automation, W3af automation, Metasploit integration, and antivirus and IDS evasion.
Chapter 10, Looking Forward, gives an insight into some of the tools written in Python that can be incorporated in pentesting. You can use these tools to improve your skill set in Penetration Testing
What you need for this book
You basically need a computer with Python installed on it.
Who this book is for
This book is ideal for those who are comfortable with Python or a similar language and need no help with basic programming concepts but want to understand the basics of penetration testing and the problems pentesters face.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
You can download the code files by following these steps:
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Effective-Python-Penetration-Testing. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at [email protected] with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.
Chapter 1. Python Scripting Essentials
Python is still the leading language in the world of penetration testing (pentesting) and information security. Python-based tools include all kinds of tools (used for inputting massive amounts of random data to find errors and security loop holes), proxies, and even the exploit frameworks. If you are interested in tinkering with pentesting tasks, Python is the best language to learn because of its large number of reverse engineering and exploitation libraries.
Over the years, Python has received numerous updates and upgrades. For example, Python 2 was released in 2000 and Python 3 in 2008. Unfortunately, Python 3 is not backward compatible, hence most of the programs written in Python 2 will not work in Python 3. Even though Python 3 was released in 2008, most of the libraries and programs still use Python 2. To do better penetration testing, the tester should be able to read, write, and rewrite Python scripts.
Python being a scripting language, security experts have preferred Python as a language to develop security toolkits. Its human-readable code, modular design, and large number of libraries provide a start for security experts and researchers to create sophisticated tools with it. Python comes with a vast library (standard library) which accommodates almost everything, from simple I/O to platform-specific API calls. Many of the default and user-contributed libraries and modules can help us in penetration testing with building tools to achieve interesting tasks.
In this chapter, we will cover the following:
