Effective Python Penetration Testing
上QQ阅读APP看书,第一时间看更新

What this book covers

Chapter 1, Python Scripting Essentials, breaks the ice by providing the basic concepts of Python scripting, installing third-party libraries, threading, process execution, exception handling, and penetration testing.

Chapter 2, Analyzing Network Traffic with Scapy, introduces a packet-manipulation tool, Scapy, which allows users to sniff, create, send, and slice packets for analysis. The chapter provides insight into investigating network traffic using Scapy, parsing DNS traffic, packet sniffing, packet injection, and passive OS fingerprinting. This empowers you to create and send custom packets over the network and analyze the raw output received for various protocols.

Chapter 3, Application Fingerprinting with Python, discusses the basics of fingerprinting web applications using Python. You will master the techniques of web scraping, e-mail gathering, OS fingerprinting, application fingerprinting, and information gathering using Python libraries.

Chapter 4, Attack Scripting with Python, addresses this issue of attacks with Python scripts needing to be addressed for efficient penetration testing by detailing the techniques of attacks and OWASP top vulnerabilities. You will learn to write scripts to exploit the same.

Chapter 5, Fuzzing and Brute-Forcing, tells you how fuzzing and brute-forcing still remain the top attacks tackled by testers. This chapter summarizes fuzzing and brute-forcing passwords, directories, and file locations; brute-force cracking ZIP files; HTML form authentication; and the Sulley fuzzing framework. This enables the user to extend the fuzzing tools for pentesting requirements with Python.

Chapter 6, Debugging and Reverse Engineering, describes the debugging and reverse-engineering techniques that should be mastered by a pentester. The debugging techniques are presented using Capstone and PyDBG.

Chapter 7, Crypto, Hash, and Conversion Functions, summarizes the Python Cryptography ToolKit, which helps you write scripts to find different types of password hashes.

Chapter 8, Keylogging and Screen Grabbing, discusses the basics of keylogging and screen-grabbing techniques. The techniques are presented with PyHook, which helps log keyboard events and take screenshots using Python.

Chapter 9, Attack Automation, gives a detailed description of attack automation by covering SSH brute forcing, SFTP automations with paramiko, Nmap automation, W3af automation, Metasploit integration, and antivirus and IDS evasion.

Chapter 10, Looking Forward, gives an insight into some of the tools written in Python that can be incorporated in pentesting. You can use these tools to improve your skill set in Penetration Testing