What this book covers
Chapter 1, Understanding the Penetration Testing Methodology, highlights the specific tactics, techniques, and procedures that assessors use to evaluate the resistance of an organization's security strategy. It also covers Simulated malicious actors and the common tools of the trade.
Chapter 2, The Basics of Python Scripting, helps grow the skills of transition programmers and new assessors with the Python language, which culminates into writing useful assessor scripts.
Chapter 3, Identifying Targets with Nmap, Scapy, and Python, builds the foundational network packet and protocol knowledge, which then translates directly into writing Python scripts that utilize the Nmap and Scapy libraries to automate target identification for exploitation.
Chapter 4, Executing Credential Attacks with Python, showcases the most common ways by which attackers gain initial access to resources not withstanding phishing. It focuses on industry-leading practices regarding accurately targeting an organization.
Chapter 5, Exploiting Services with Python, features how exploits are identified to gain initial access, how post-exploitation techniques are researched to gain privileged access, and how that access is leveraged to gain access to other systems using automated scripts.
Chapter 6, Assessing Web Applications with Python, is a climax of techniques that pivot on the automation of analyzing a web application's weaknesses. This is where Python can be used to improve assessments of complex applications with chained techniques.
Chapter 7, Cracking the Perimeter with Python, emphasizes some of the common techniques that real malicious actors and assessors alike use to gain access to the semi-trusted and trusted networks of an organization. This is done using tools and techniques that include Python and hinge on current industry practices.
Chapter 8, Exploit Development with Python, Metasploit and Immunity, underscores how basic exploits and Metasploit modules are researched, written, and updated by assessors to capture the risk of using poorly developed, outdated, or unsupported software on relevant systems.
Chapter 9, Automating Reports and Tasks with Python, stresses assessors' need to save as much time as possible on assessments, by creating Python scripts that automate the analysis of security tool results and outputs to include eXtensible Markup Language (XML), in an effort to provide usable reporting formats.
Chapter 10, Adding Permanency to Python Tools, is the final chapter. It features the ways in which you can update your scripts to take advantage of advanced capabilities, such as logging, multithreading, and multiprocessing, to create industry-standard tools.
