Python Penetration Testing Cookbook E-Book

BIRMINGHAM - MUMBAI

Python Penetration Testing Cookbook

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2017

Production reference: 1271117

ISBN 978-1-78439-977-1

www.packtpub.com

Credits

Author

Rejah Rehim

Copy Editor

Safis Editing

Reviewers

Dr. S. Gowrishankar

Sanjeev Jaiswal

Project Coordinator

Judie Jose

Commissioning Editor

Gebin George

Proofreader

Safis Editing

Acquisition Editor

Shrilekha Inani

Indexer

Rekha Nair

Content Development Editor

Devika Battike

Graphics

Tania Dutta

Technical Editor

Aditya Khadye

Production Coordinator

Arvindkumar Gupta

About the Author

Rejah Rehim is currently the Director and Chief Information Officer (CIO) of Appfabs. Previously holding the title of Security Architect at FAYA India, he is a long-time preacher of open source.

He is a steady contributor to the Mozilla Foundation and his name has been added to the San Francisco Firefox Monument. A member of the Mozilla add-ons review board, he has contributed to the development of several node modules. He is credited with the creation of nine Mozilla add-ons, including the very popular Clear Console add-on, which was selected as one of the best Mozilla add-ons of 2013. With a user base of more than 44,000, it has seen more than 800,000 downloads to date. He has successfully created the world's first security testing browser bundle, PenQ, an open source Linux-based penetration testing browser bundle preconfigured with tools for spidering, advanced web searching, fingerprinting, and so on.

Rejah is also an active member of OWASP and the chapter leader of OWASP Kerala. He is also an active speaker at FAYA:80, a tech community based in Kerala, with the mission of free knowledge sharing. Besides being a part of the cyber security division of FAYA, Rejah is also a student of process automation and has implemented it in FAYA.

Additionally, Rejah also holds the title of commander at Cyberdome, an initiative of the Kerala Police Department.

About the Reviewers

Dr. S. Gowrishankar is currently working as an associate professor in the department of computer science and engineering at Dr. Ambedkar Institute of Technology, Bengaluru, Karnataka, India.

He received his PhD in engineering from Jadavpur University, Kolkata, West-Bengal, India in 2010 and an M.Tech in software engineering and a B.E in computer science and engineering from Visvesvaraya Technological University (VTU), Belagavi, Karnataka, India in the years 2005 and 2003, respectively.

From 2011 to 2014, he worked as senior research scientist and tech lead at Honeywell Technology Solutions, Bengaluru, Karnataka, India.

He has published several papers in various reputable international journals and has spoken at conferences. He is serving as editor and reviewer for various prestigious international journals. He is also member of IEEE, ACM, CSI, and ISTE.

He has delivered many keynote addresses and has been invited to talk throughout India on a variety of subjects related to computer science and engineering. He has been instrumental in organizing several conferences, workshops, and seminars. He has also served on the panel of a number of academic bodies of universities and autonomous colleges as a BOS and BOE member.

His current research interests are mainly focused on data science, including its technical aspects, as well as its applications and implications. Specifically, he is interested in the application of machine learning, data mining, and big data analytics in healthcare.

Sanjeev Jaiswal is a computer science graduate from CUSAT and has 8 years of extensive experience in web development and application security. He enjoys writing applications using Perl and Python in Linux environment. He is the founder of a technical blogging website—AlienCoders.

Currently, he is involved in product security and cloud security (AWS) related projects. He is also learning network security at present. He has authored two books with Packt and has reviewed more than eight books from Packt regarding Python, penetration testing, and security projects.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1784399779.

If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Why Python in Penetration Testing?

Introduction

Why Python is a great option for security scripting

Getting ready

How to do it...

Python can be used in both  and interpreted and compiled forms

Syntax and indented layout

Simple learning curve

Powerful third-party libraries

Cross-platform (code anywhere)

Python 3 language basics and differences

Getting ready

How to do it...

Python 2

Python 3

Python 2.7

Key differences between Python 2.7 and Python 3

Setting Up a Python Environment

Introduction

Setting up a Python environment in Linux

Getting ready

How to do it...

Installing Python

Setting up a virtual environment

Setting up the editor or IDE

Setting up a Python environment in macOS

Getting ready

How to do it...

Installing Python

Setting up a Python environment in Windows

How to do it...

Web Scraping with Python

Introduction

Download web pages with Python scripts

Getting ready

How to do it...

With Python 2

With Python 3

Changing the user agent

How to do it...

Downloading files

Getting ready

How to do it...

Using a regular expression to get the information from the downloaded web pages

How to do it...

Requesting and downloading dynamic website pages

Escaping invalid characters

How to do it...

Dynamic GET requests

How to do it...

Data Parsing with Python

Introduction

Parsing HTML tables

Getting ready

How to do it...

Extracting data from HTML documents

Getting ready

How to do it...

Parsing XML data

Getting ready

How to do it...

Web Scraping with Scrapy and BeautifulSoup

Introduction

Web spiders with Scrapy

Getting ready

How to do it...

Scrapy shell

How to do it...

Link extractor with Scrapy

How to do it...

Scraping after logging into websites using Scrapy

Getting ready

How to do it...

Network Scanning with Python

Introduction

Simple port scanner

Getting ready

How to do it...

IP range/network scanner

Getting ready

How to do it...

Stealth scanning

Getting ready

How to do it...

FIN scanning

How to do it...

XMAS scanning

How to do it...

TCP ACK scanning

How to do it...

LanScan

Getting ready

How to do it...

Network Sniffing with Python

Introduction

Packet sniffer in Python

Getting ready

How to do it...

Parsing the packet

How to do it...

PyShark

Getting ready

How to do it...

Scapy Basics

Introduction

Creating a packet with Scapy

Getting ready

How to do it...

Sending and receiving packets with Scapy

How to do it...

Layering packets

How to do it...

Reading and writing to pcap files

How to do it...

Sniffing packets

How to do it...

ARP man-in-the-middle tool with Scapy

How to do it...

Wi-Fi Sniffing

Introduction

Finding Wi-Fi devices

Getting ready

How to do it...

Linux

macOS

Finding SSIDs

How to do it...

Exposing hidden SSIDs

How to do it...

Dictionary attack on hidden SSIDs

How to do it...

Fake access points with Scapy

How to do it...

Layer 2 Attacks

Introduction

ARP Watcher

How to do it...

ARP cache poisoning

Getting ready

Linux

macOS

How to do it...

MAC flooder

How to do it...

VLAN hopping

How to do it...

ARP spoofing over VLAN hopping

How to do it...

DHCP starvation

How to do it...

TCP/IP Attacks

Introduction

IP spoofing

How to do it...

SYN flooding

How to do it...

Password sniffer with Python over LAN

How to do it...

Introduction to Exploit Development

Introduction

CPU registers

Getting ready

General purpose registers

Special purpose registers

How to do it...

Memory dump

How to do it...

CPU instructions

How to do it...

Windows Exploit Development

Introduction

Windows memory layout

Getting ready

The stack

The heap

Program image and dynamic link libraries

Process Environment Block (PEB)

Thread Environment Block (TEB)

How to do it...

Buffer overflow with saved return pointer overwrite

Getting ready

Installing Mona

How to do it...

Structured Exception Handling

Getting ready

How to do it...

Egg hunters

Getting ready

How to do it...

Linux Exploit Development

Introduction

Format string exploitation

Getting ready

Global offset table

Generating shell code

How to do it...

Buffer overflow

How to do it...

Preface

Python is a dynamic but interpreted language, which comes under high-level programming languages. With its clear syntax and an extensive library, it is used as a general-purpose language. Based on Python's interpreted nature, it's often considered as a scripting language. Python is dominant in information security as it's less complex and possesses limitless libraries and third-party modules. Security experts have preferred Python as a language to develop information security toolkits such as w3af, sqlmap, and many more. Python's modular design, which help to reuse the code and code readability, make Python suites the preferred choice for security researchers and experts to write scripts and build tools for security testing.

Information security tools, including fuzzers, proxies, scanners, and even the exploits has been written with Python. Also, Python is the language for several current open source penetration testing tools from volatility for memory analysis to libPST and for abstracting the process of examining emails. It is the right language to learn for an information security researcher because of the large number of reverse engineering and exploitation libraries available for your use. So, learning Python may help you in difficult situations, where you need to extend or tweak these tools.

In this book, we will deal with how a security researcher could use these tools and libraries to aid his day-to-day work. The following pages will help you learn to detect and exploit various types of vulnerabilities, while enhancing your knowledge on the concepts of wireless applications and information gathering through practical recipes. Read on to explore a pragmatic way to penetration test using Python to build efficient code and save time.

What this book covers

Chapter 1, Why Python in Penetration Testing?, begins with the importance of Python in security testing and shows the reader how to configure the basic environment.

Chapter 2, Setting Up a Python Environment, deals with how to set up the environment in different operating systems to start penetration testing with them.

Chapter 3, Web Scraping with Python, decodes how to download web pages with Python scripts, and provides you with the basics of web scraping, followed by a detailed description of how to use regular expressions to get information from downloaded web pages with Python scripts, and, also, how to request and download dynamic website pages to crawl the data in it.

Chapter 4, Data Parsing with Python, shows you how to parse HTML tables with the help of Python modules to download data in tables from websites and to extract data from HTML documents and generate .csv/Excel sheets with the help of scripts.

Chapter 5, Web Scraping with Scrapy and BeautifulSoup, is where you will learn how to build and run web spiders to crawl to web pages with the Python Scrapy module. Also, how to use the interactive shell of Scrapy will be explained, where you can try and debug your scraping code very quickly within the Terminal. It also deals with how to extract links from web pages crawled by Scrapy and to use those links to get more pages from the website. Learn how to detect and traverse links to other pages and grab data from those pages with the Scrapy module.

Chapter 6, Network Scanning with Python, teaches how to create a scanner to scan an IP for its open ports to get details, and how to create a stealth scanning script with the help of Scapy. Also, how to create a script to scan a range of IPs with Python and how to use the LanScan Python 3 module, which helps scan networks, will be dealt with. With LanScan, we can gather information about the hosts and devices on the local network.

Chapter 7, Network Sniffing with Python, is a detailed guide on how to write a basic packet sniffer, how to write scripts to parse the sniffed packets with Python, how to parse and format a MAC address with Python modules, how to decode a sniffed packet with the help of Python modules, and how to use Pyshark, a Python wrapper for TShark.

Chapter 8, Scapy Basics, deals with how to create a packet with the Scapy Python module, which helps craft custom packets, and how to send packets and receive answers with Scapy. Also, how to write scripts that can read from a pcap file and write back with the Scapy module is explained. Scapy is all about the layering of protocols together to make custom packets. This section will help readers get a clearer picture of layering packets with Scapy and how to use Scapy to sniff network packets.

Chapter 9, Wi-Fi Sniffing, looks at how to write scripts to scan and get a list of the Wi-Fi devices available with the help of Python modules. You will also learn how to write scripts to find hidden Wi-Fi SSIDs with the help of Python modules, as well as how to write scripts to expose hidden SSIDS with Scapy. Also, how to write a script that can run a dictionary attack on hidden Wi-Fi SSIDs with Scapy and how to set up a fake access point with Scapy are covered.

Chapter 10, Layer 2 Attacks