What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!

Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!

50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

Thousands of reference materials covering every tech concept you need to stay up to date.

Subscribe now

View plans & pricing

Scanning Pentesting

Network scanning refers to a set of procedures that investigate a live host, the type of host, open ports, and the type of services running on the host. Network scanning is a part of intelligence gathering by virtue of which an attacker can create a profile of the target organization.

In this chapter, we will cover the following topics:

How to check live systems
Ping sweep
TCP scanner
How to create an efficient IP scanner
Services running on the target machine
The concept of a port scanner
How to create an efficient port scanner

You should have a basic knowledge of the TCP/IP layer communication. Before proceeding further, the concept of the protocol data unit (PDU) should be clear.

PDU is a unit of data specified in the protocol. It is the generic term for data at each layer:

For the application layer, PDU indicates data
For the transport layer, PDU indicates...

Key benefits

• Detect and avoid various attack types that put the privacy of a system at risk

• Leverage Python to build efficient code and eventually build a robust environment

• Learn about securing wireless applications and information gathering on a web server

Description

This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.

Who is this book for?

If you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

What you will learn

• The basics of network pentesting including network scanning and sniffing

• Wireless, wired attacks, and building traps for attack and torrent detection

• Web server footprinting and web application attacks, including the XSS and SQL injection attack

• Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script

• The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hacking

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!

Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!

50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

Thousands of reference materials covering every tech concept you need to stay up to date.

Subscribe now

View plans & pricing

Frequently bought together

€24.99

€24.99

€24.99

Total € 74.97

Filter reviews by

All

Amazon verified reviews

Kindle Customer Mar 25, 2015

Although the subject of security is not my area of expertise I bought this book with the idea of grasping the principles of systems / networks penetration in order to become more familiar with the tools used for such purposes.This is the kind of book that not only teaches you something new but does it in a refreshing way. I made me wonder: why would anyone rewrite some well known script in bash (or even a bat file for that matter) in Python ? because we can ! I can hear a lot of voices saying it outloud. But what if I told you that you can rewrite complete tools to sniff a network ? or how about using sockets directly from the command line ? If you ever wondered that too, well this is the book for us.Below you can see an image of my (Enthought Canopy) command line trying to get through the office's Proxy Server using one of the book's scripts.

Amazon Verified review

Finn M Glas Jan 14, 2019

Good but long read that tought me a lot

perceive Mar 15, 2015

We have another Python book, this time dedicated to Penetration Testing.The book itself is as much as use case scenario for using Python as a guide to Pen Testing, so if you are expecting a pen testing education I'd suggest more than this book here.However, if what you are after is how to use Python with real world examples this book may suit your needs. The provided code examples (you can download the code as well from Packt) are all very helpful in understanding where Python can be used in this field.If you have some experience in Pen testing already, the code will be more useful than nearly anything else.The main reason that I reduced the mark to 4 stars was that the books examples are all Python 2, not 3. For a book published in 2015 I'd like to know that the future proofing of my learning was in place. While there is an abundance of Python 2 code out there and it will not be going away anytime soon, the general python community is showing signs that the schism between 2 and 3 are reducing with more and more python 3 code being written. This is a minor issue for me, as most OS that I use will be maintaining support for both as far as I can see into the future.

Tim Crothers Mar 16, 2015

Solid introduction to using Python for Pentesting applications. The book doesn't go into an extreme amount of depth but then this is an "essentials" book. Topic was covered logically and the included sample code makes for a good baseline for crafting your own penetration related tools in Python. The book could use some more editing to clean up errors but they were all minor in nature so I only dinged one star as a result. Overall very good starting place if you wish to learn to craft some of your own tools for doing pentesting in Python. Well worth the purchase price.

Maarten J Broekman Mar 13, 2015

This book has potential, but suffers from a distinct lack of editing and verification. The concepts are great and the examples interesting, but the flaws bring it down.The grammar is broken and I found myself re-reading things multiple times, not because the concepts were hard but because the grammar made it difficult. For example, the author uses "foot printing" as the term that describes the identification of application information (e.g. the web server is Apache, version 2.2.3). From a software and systems perspective, this is the wrong term. The process of identifying an application is "fingerprinting". An application "footprint" is how much memory, cpu, disk space, IO it uses.Additionally, the examples need a little more explanation and / or verification. For example, the follow excerpt is incorrect:“You know that our computer has many interfaces. If you want to know the IP address of all the interfaces, use the extended interface:.>>> socket.gethostbyname_ex(socket.gethostname())('eXtreme', [], ['10.0.0.10', '192.168.10.1', '192.168.0.1'])>>>It returns one tuple containing three elements: first is the machine name, second is a list of aliases for the hostname (empty in this case,) and third is the list of IP addresses of interfaces.” - Excerpt From: “Python Penetration Testing Essentials.” iBooks.socket.gethostname() does return the hostname, but socket.gethostbyname_ex() does NOT return the IP addresses of all the interfaces. It returns all the IP addresses that resolve in DNS. Thus, in order for it to return the IPs of all the local interfaces, you would have to configure them in /etc/hosts to include the local hostname for each.

Python Penetration Testing Essentials: Techniques for ethical hacking with Python , Second Edition

What do you get with a Packt Subscription?

Python Penetration Testing Essentials

Scanning Pentesting

How to check live systems in a network and the concept of a live system

Ping sweep

What are the services running on the target machine?

Summary

Page 1 of 4

Key benefits

Description

Who is this book for?

What you will learn

Product Details

What do you get with a Packt Subscription?

Product Details

Frequently bought together

Table of Contents

Recommendations for you

Customer reviews

Filter reviews by

People who bought this also bought

About the author

FAQs

Python Penetration Testing Essentials: Techniques for ethical hacking with Python , Second Edition

What do you get with a Packt Subscription?

Key benefits

Description

Who is this book for?

What you will learn

Product Details

What do you get with a Packt Subscription?

Product Details

Packt Subscriptions

Frequently bought together

Table of Contents

Recommendations for you

Customer reviews

Filter reviews by

People who bought this also bought

About the author

FAQs