Python Penetration Testing Essentials E-Book

Python Penetration Testing Essentials Second Edition

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor:Vijin BorichaAcquisition Editor:Noyonika DasContent Development Editor:Roshan KumarTechnical Editor: Sushmeeta JenaCopy Editor: Safis EditingProject Coordinator:Hardik BhindeProofreader: Safis EditingIndexer:Aishwarya GangawaneGraphics:Jason MonteiroProduction Coordinator:Deepika Naik

First published: January 2015 Second edition: May 2018

Production reference: 1290518

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78913-896-2

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Mohit is a Python programmer with a keen interest in the field of information security. He has B.Tech (UIET, KUK, 2009) and M.E (Thapar University, 2012) degree. He is a CEH, ECSA at EC-Council USA. He has worked in IBM and Sapient. He is currently doing PhD from Thapar Institute of Engg & Technology under Dr. Maninder Singh. He has published several articles in national and international magazines. He is the author of Python Penetration Testing Essentials, Python: Penetration Testing for Developers and Learn Python in 7 Days also by Packt. His username is mohitrajcs on gmail. .

About the reviewers

Sanjeev Jaiswal is a computer graduate from CUSAT with 9 years of industrial experience. He uses Perl, Python, AWS, and GNU/Linux for his day-to-day activities. He's currently working on projects involving penetration testing, source code review, security design, and implementations in AWS and Cloud security projects.

He is learning DevSecOps and security automation currently as well. Sanjeev loves teaching engineering students and IT professionals. He has been teaching for the past 8 years in his leisure time. He founded Alien Coders and Cybercloud Guru as well.

Rejah Rehim is currently the Director and Chief Information Security Officer (CISO) of Appfabs. Previously holding the title of SecurityArchitect at FAYA India, he is a long-time preacher of open source and steady contributor to the Mozilla Foundation. He has successfully created the world's first security testing browser bundle, PenQ, an open source Linux-based penetration testing browser bundle preconfigured with tools for security testing. He is also an active member of OWASP and the chapterleader of OWASP Kerala. Additionally, Rejah also holds the title of commander at Cyberdome, an initiative of the Kerala Police Department.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Python Penetration Testing Essentials Second Edition

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Code in Action

Conventions used

Get in touch

Reviews

Python with Penetration Testing and Networking

Introducing the scope of pentesting

The need for pentesting

Components to be tested

Qualities of a good pentester

Defining the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Server socket methods

Client socket methods

General socket methods

Moving on to the practical

Socket exceptions

Useful socket methods

Summary

Scanning Pentesting

How to check live systems in a network and the concept of a live system

Ping sweep

The TCP scan concept and its implementation using a Python script

How to create an efficient IP scanner in Windows

How to create an efficient IP scanner in Linux

The concept of the Linux-based IP scanner

nmap with Python

What are the services running on the target machine?

The concept of a port scanner

How to create an efficient port scanner

Summary

Sniffing and Penetration Testing

Introducing a network sniffer

Passive sniffing

Active sniffing

Implementing a network sniffer using Python

Format characters

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

The ARP request

The ARP reply

The ARP cache

Testing the security system using custom packet crafting 

A half-open scan

The FIN scan

ACK flag scanning

Summary

Network Attacks and Prevention

Technical requirements

DHCP starvation attack

The MAC flooding attack

How the switch uses the CAM tables

The MAC flood logic

Gateway disassociation by RAW socket

Torrent detection

Running the program in hidden mode

Summary

Wireless Pentesting

Introduction to 802.11 frames

Wireless SSID finding and wireless traffic analysis with Python

Detecting clients of an AP

Wireless hidden SSID scanner

Wireless attacks

The deauthentication (deauth) attack

Detecting the deauth attack

Summary

Honeypot – Building Traps for Attackers

Technical requirements

Fake ARP reply

Fake ping reply

Fake port-scanning reply

Fake OS-signature reply to nmap

Fake web server reply

Summary 

Foot Printing a Web Server and a Web Application

The concept of foot printing a web server

Introducing information gathering

Checking the HTTP header

Information gathering of a website from whois.domaintools.com 

Email address gathering from a web page

Banner grabbing of a website

Hardening of a web server

Summary

Client-Side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Single IP, single ports

Single IP, multiple port

Multiple IP, multiple ports

Detection of DDoS

Summary

Pentesting SQL and XSS

Introducing the SQL injection attack

Types of SQL injections

Simple SQL injection

Blind SQL injection

Understanding the SQL injection attack by a Python script

Learning about cross-site scripting

Persistent or stored XSS

Nonpersistent or reflected XSS

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

This book is a practical guide that shows you the advantages of using Python for pentesting, with the help of detailed code examples. This book starts by exploring the basics of networking with Python and then proceeds to network and wireless pentesting, including information gathering and attacking. You will learn how to build honeypot traps. Later on, we delve into hacking the application layer, where we start by gathering information from a website, and then eventually move on to concepts related to website hacking, such as parameter tampering, DDOS, XSS, and SQL injection.

Who this book is for

If you are a Python programmer, a security researcher, or a network admin who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this book is ideal for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

What this book covers

Chapter 1, Python with Penetration Testing and Networking, goes through the prerequisites of the following chapters. This chapter also discusses the socket and its methods. The server socket's method defines how to create a simple server.

Chapter 2, Scanning Pentesting, covers how to perform network scanning to gather information on a network, host, and the services that are running on the hosts. You will see a very fast and efficient IP scanner.

Chapter 3, Sniffing and Penetration Testing, teaches how to perform active sniffing and how to create a Transport layer sniffer. You will learn special kinds of scanning.

Chapter 4, Network Attacks and Prevention, outlines different types of network attacks, such as DHCP starvation and switch mac flooding. You will learn how to detect a torrent on the client side.

Chapter 5, Wireless Pentesting, goes through wireless frames and explains how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script. In this type of attack, you will learn how to perform pentesting attacks on the AP.

Chapter 6, Honeypot – Building Traps for Attackers, focuses on how to build a trap for attackers. You will learn how to bulid code from TCP layer 2 to TCP layer 4.

Chapter 7, Foot Printing a Web Server and a Web Application, dives into the importance of a web server signature, email gathering, and why knowing the server signature is the first step in hacking.

Chapter 8, Client-Side and DDoS Attacks, explores client-side validation and how to bypass client-side validation. This chapter covers the implantation of four types of DDoS attacks.

Chapter 9, Pentesting SQL and XSS, discusses two major web attacks: SQL injection and XSS. In SQL injection, you will learn how to find the admin login page using a Python script.

To get the most out of this book

In order to understand the book reader must have the knowledge of Networking fundamentals, basic knowledge of Linux OS, good knowledge of information security and core Python.

In order to perform experiments or run the codes reader can use the virtual machine (Vmware, virtual box). For Wireless pen-testing readers can use a wireless card TP-Link TL-WN722N. Becuase TL-WN722N wireless card supports the Kali Linux in VMware.

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packtpub.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Python-Penetration-Testing-Essentials-Second-Edition. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/PythonPenetrationTestingEssentialsSecondEdition_ColorImages.pdf.

Code in Action

Visit the following link to check out videos of the code being run:https://goo.gl/sBHVND

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Python with Penetration Testing and Networking

Penetration (pen) tester and hacker are similar terms. The difference is that penetration testers work for an organization to prevent hacking attempts, while hackers hack for any purpose such as fame, selling vulnerability for money, or to exploit the vulnerability of personal enmity.

Lots of well-trained hackers have got jobs in the information security field by hacking into a system and then informing the victim of their security bug(s) so that they might be fixed.

A hacker is called a penetration tester when they work for an organization or company to secure its system. A pentester performs hacking attempts to break into the network after getting legal approval from the client and then presents a report of their findings. To become an expert in pentesting, a person should have a deep knowledge of the concepts of their technology. In this chapter, we will cover the following topics:

The scope of pentesting

The need for pentesting

Components to be tested

Qualities of a good pentester

Approaches to pentesting

Understanding the tests and tools you'll need

Network sockets

Server socket methods

Client socket methods

General socket methods

Practical examples of sockets

Socket exceptions

Useful socket methods

Introducing the scope of pentesting

In simple words, penetration testing is used to test the information security measures of a company. Information security measures entail a company's network, database, website, public-facing servers, security policies, and everything else specified by the client. At the end of the day, a pentester must present a detailed report of their findings such as weaknesses, vulnerabilities in the company's infrastructure, and the risk level of particular vulnerabilities, and provide solutions if possible.

The need for pentesting

There are several points that describe the significance of pentesting:

Pentesting identifies the threats that might expose the confidentiality of an organization

Expert pentesting provides assurance to the organization with a complete and detailed assessment of organizational security

Pentesting assesses the network's efficiency by producing a huge amount of traffic and scrutinizes the security of devices such as firewalls, routers, and switches

Changing or upgrading the existing infrastructure of software, hardware, or network design might lead to vulnerabilities that can be detected by pentesting

In today's world, potential threats are increasing significantly; pentesting is a proactive exercise to minimize the chances of being exploited

Pentesting ensures whether suitable security policies are being followed or not

Consider the example of a well-reputed e-commerce company that makes money from an online business. A hacker or a group of black hat hackers find a vulnerability in the company's website and hack it. The amount of loss the company will have to bear will be tremendous.

Components to be tested

An organization should conduct a risk assessment operation before pentesting; this will help identify the main threats such as misconfiguration or vulnerability in:

Routers, switches, or gateways

Public-facing systems; websites, DMZ, email servers, and remote systems

DNS, firewalls, proxy servers, FTP, and web servers

Testing should be performed on all hardware and software components of a network security system.

Qualities of a good pentester

The following points describe the qualities of a good pentester. They should:

Choose a suitable set of tests and tools that balance cost and benefits

Follow suitable procedures with proper planning and documentation

Establish the scope for each penetration test, such as objectives, limitations, and the justification of procedures

Be ready to show how to exploit the vulnerabilities that they find

State the potential risks and findings clearly in the final report and provide methods to mitigate the risk(s) if possible

Keep themselves updated at all times because technology is advancing rapidly

A pentester tests the network using manual techniques or the relevant tools. There are lots of tools available on the market. Some of them are open source and some of them are highly expensive. With the help of programming, a programmer can make his/her own tools. By creating your own tools, you can clear your concepts and also perform more R&D. If you are interested in pentesting and want to make your own tools, then the Python programming language is the best, since extensive and freely available pentesting packages are available in Python, in addition to its ease of programming. This simplicity, along with the third-party libraries such as scapy and mechanize, reduces the code size. In Python, to make a program, you don't need to define big classes such as Java. It's more productive to write code in Python than in C, and high-level libraries are easily available for virtually any imaginable task.

If you know some programming in Python and are interested in pentesting, this book is perfect for you.

Defining the scope of pentesting

Before we get into pentesting, the scope of pentesting should be defined. The following points should be taken into account while defining the scope:

You should develop the scope of the project by consulting with the client. For example, if Bob (the client) wants to test the entire network infrastructure of the organization, then pentester Alice would define the scope of pentesting by taking this network into account. Alice will consult Bob on whether any sensitive or restricted areas should be included or not.

You should take into account time, people, and money.

You should profile the test boundaries on the basis of an agreement signed by the pentester and the client.

Changes in business practice might affect the scope. For example, the addition of a subnet, new system component installations, the addition or modification of a web server, and so on, might change the scope of pentesting.

The scope of pentesting is defined in two types of tests:

A non-destructive test

: This test is limited to finding and carrying out the tests without any potential risks. It performs the following actions:

Scans and identifies the remote system for potential vulnerabilities

Investigates and verifies the findings

Maps the vulnerabilities with proper exploits

Exploits the remote system with proper care to avoid disruption

Provides a proof of concept

Does not attempt a

Denial-of-Service

(

DoS

) attack

A destructive test

: This test can produce risks. It performs the following actions:

Attempts a DoS attack and a buffer overflow attack, which have the potential to bring down the system

Approaches to pentesting

There are three types of approaches to pentesting:

Black-box pentesting follows a non-deterministic approach of testing:

You will be given just a company name

It is like hacking with the knowledge of an outside attacker

You do not need any prior knowledge of the system

It is time-consuming

White-box pentesting follows a deterministic approach to testing:

You will be given complete knowledge of the infrastructure that needs to be tested