Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python: Penetration Testing for Developers

You're reading from   Python: Penetration Testing for Developers Execute effective tests to identify software vulnerabilities

Arrow left icon
Product type Course
Published in Oct 2016
Publisher Packt
ISBN-13 9781787128187
Length 650 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (6):
Arrow left icon
Christopher Duffy Christopher Duffy
Author Profile Icon Christopher Duffy
Christopher Duffy
Mohit Raj Mohit Raj
Author Profile Icon Mohit Raj
Mohit Raj
Dave Mound Dave Mound
Author Profile Icon Dave Mound
Dave Mound
Terry Ip Terry Ip
Author Profile Icon Terry Ip
Terry Ip
Cameron Buchanan Cameron Buchanan
Author Profile Icon Cameron Buchanan
Cameron Buchanan
Andrew Mabbitt Andrew Mabbitt
Author Profile Icon Andrew Mabbitt
Andrew Mabbitt
+2 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (32) Chapters Close

Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Credits
Preface
1. Understanding the Penetration Testing Methodology 2. The Basics of Python Scripting FREE CHAPTER 3. Identifying Targets with Nmap, Scapy, and Python 4. Executing Credential Attacks with Python 5. Exploiting Services with Python 6. Assessing Web Applications with Python 7. Cracking the Perimeter with Python 8. Exploit Development with Python, Metasploit, and Immunity 9. Automating Reports and Tasks with Python 10. Adding Permanency to Python Tools 11. Python with Penetration Testing and Networking 12. Scanning Pentesting 13. Sniffing and Penetration Testing 14. Wireless Pentesting 15. Foot Printing of a Web Server and a Web Application 16. Client-side and DDoS Attacks 17. Pentesting of SQLI and XSS 18. Gathering Open Source Intelligence 19. Enumeration 20. Vulnerability Identification 21. SQL Injection 22. Web Header Manipulation 23. Image Analysis and Manipulation 24. Encryption and Encoding 25. Payloads and Shells 26. Reporting Bibliography
Index

Preface

Python is a powerful new-age scripting platform that allows you to build exploits, evaluate services, automate, and link solutions with ease. Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Because of the power and flexibility offered by it, Python has become one of the most popular languages used for penetration testing.

All topics in this course have been covered in individual modules so that you develop your skill after the completion of a module and get ready for the next. Through this comprehensive course, you’ll learn how to use Python for pentesting techniques from scratch to finish!

The first module takes a radically different approach to teaching both penetration testing and scripting with Python, instead of highlighting how to create scripts that do the same thing as the current tools in the market, or highlighting specific types of exploits that can be written. We will explore how to approach an engagement, and see where scripting fits into an assessment and where the current tools meet the needs. This methodology will teach you not only how to go from building introductory scripts to multithreaded attack tools, but also how to assess an organization like a professional regardless of your experience level.

The second module is a practical guide that shows you the advantages of using Python for pentesting, with the help of detailed code examples. This module starts by exploring the basics of networking with Python and then proceeds to network and wireless pentesting, including information gathering and attacking. Later on, we delve into hacking the application layer, where we start by gathering information from a website, and then eventually move on to concepts related to website hacking, such as parameter tampering, DDOS, XSS, and SQL injection.

In the last leg of this course, you will be exposed to over 60 recipes for performing pentesting to ensure you always have the right code on hand for web application testing. You can put each recipe to use and perform pentesting on the go! This module is aimed at enhancing your practical knowledge of pentesting.

What this learning path covers

Module 1, Learning Penetration Testing with Python, This module takes you through how to create Python scripts that meet relative needs that can be adapted to particular situations. As chapters progress, the script examples explain new concepts to enhance your foundational knowledge, culminating with you being able to build multi-threaded security tools, link security tools together, automate reports, create custom exploits, and expand Metasploit modules. Each chapter builds on concepts and tradecraft using detailed examples in test environments that you can simulate.

Module 2, Python Penetration Testing Essentials, Over the course of this module, we delve into hacking the application layer where we start with gathering information from a website. We then move on to concepts related to website hacking such as parameter tampering, DDoS, XSS, and SQL injection. We see how to perform wireless attacks with Python programs and check live systems and distinguish between the operating system and services of a remote machine. Your concepts on pentesting will be cleared right from the basics of the client/server architecture in Python.

Module 3, Python Web Penetration Testing Cookbook, This module is an pragmatic guide that gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers. If you’re a Python guru, you can look for ideas to apply your craft to penetration testing, or if you are a newbie Pythonist with some penetration testing chops, then this module serves as a perfect ending to your search for some hands-on experience in pentesting.

What you need for this learning path

Module 1:

You will need a system that can support multiple Virtual Machines (VMs) that run within an industry-standard hypervisor, such as VMware Workstation (a recent version) or Virtual Box. The preferred solution is VMware Workstation running on a recent version of Windows, such as Windows 10. An Internet connection will be required to allow you to download the supporting libraries and software packages, as necessary. Each of the detailed software packages and libraries will be listed at the beginning of each chapter..

Module 2:

You will need to have Python 2.7, Apache 2.x, RHEL 5.0 or CentOS 5.0, and Kali Linux.

Module 3:

You will need Python 2.7, an Internet connection for most recipes and a good sense of humor.

Who this learning path is for

If you are a Python programmer or a security researcher who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this course is ideal for you. Even if you are new to the field of ethical hacking, this course can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this course—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the course’s title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt course, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this course from your account at http://www.packtpub.com. If you purchased this course elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.

You can download the code files by following these steps:

  1. Log in or register to our website using your e-mail address and password.

  2. Hover the mouse pointer on the SUPPORT tab at the top.

  3. Click on Code Downloads & Errata.

  4. Enter the name of the course in the Search box.

  5. Select the course for which you’re looking to download the code files.

  6. Choose from the drop-down menu where you purchased this course from.

  7. Click on Code Download.

You can also download the code files by clicking on the Code Files button on the course’s webpage at the Packt Publishing website. This page can be accessed by entering the course’s name in the Search box. Please note that you need to be logged in to your Packt account.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR / 7-Zip for Windows

  • Zipeg / iZip / UnRarX for Mac

  • 7-Zip / PeaZip for Linux

The code bundle for the course is also hosted on GitHub at https://github.com/PacktPublishing/Python-Penetration-Testing-for-Developers. We also have other code bundles from our rich catalog of course and videos available at https://github.com/PacktPublishing/. Check them out!

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our courses—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this course. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your course, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the course in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this course, you can contact us at , and we will do our best to address the problem.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image