Book Image

Mastering Python for Networking and Security - Second Edition

By : José Ortega
Book Image

Mastering Python for Networking and Security - Second Edition

By: José Ortega

Overview of this book

It’s now more apparent than ever that security is a critical aspect of IT infrastructure, and that devastating data breaches can occur from simple network line hacks. As shown in this book, combining the latest version of Python with an increased focus on network security can help you to level up your defenses against cyber attacks and cyber threats. Python is being used for increasingly advanced tasks, with the latest update introducing new libraries and packages featured in the Python 3.7.4 recommended version. Moreover, most scripts are compatible with the latest versions of Python and can also be executed in a virtual environment. This book will guide you through using these updated packages to build a secure network with the help of Python scripting. You’ll cover a range of topics, from building a network to the procedures you need to follow to secure it. Starting by exploring different packages and libraries, you’ll learn about various ways to build a network and connect with the Tor network through Python scripting. You will also learn how to assess a network's vulnerabilities using Python security scripting. Later, you’ll learn how to achieve endpoint protection by leveraging Python packages, along with writing forensic scripts. By the end of this Python book, you’ll be able to use Python to build secure apps using cryptography and steganography techniques.

Related Content you might be interested in

Current Title:

Small book image
Mastering Python for Networking and Security - Second Edition
José Ortega
Jan, 2021 | 538 pages
Small book image
Learning Python Networking,
Sam Washington | M O Faruque Sarker | Joseacute Ortega
Mar, 2019 | 490 pages
Small book image
Mastering Kali Linux for Advanced Penetration Testing
Vijay Kumar Velu
Jun, 2017 | 510 pages
Small book image
Python Penetration Testing Essentials
Mohit Raj
May, 2018 | 230 pages
Table of Contents (22 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: The Python Environment and System Programming Tools
Section 1: The Python Environment and System Programming Tools
Free Chapter
2
Chapter 1: Working with Python Scripting
Chapter 1: Working with Python Scripting
Technical requirements
Introduction to Python scripting
Exploring Python data structures
Python functions, classes, and managing exceptions
Python modules and packages
Managing dependencies and virtual environments
Development environments for Python scripting
Summary
Questions
Further reading
3
Chapter 2: System Programming Packages
Chapter 2: System Programming Packages
Technical requirements
Introducing system modules in Python
Working with the filesystem in Python
Managing threads in Python
Working with socket.io
Summary
Questions
Further reading
4
Section 2: Network Scripting and Extracting Information from the Tor Network with Python
Section 2: Network Scripting and Extracting Information from the Tor Network with Python
5
Chapter 3: Socket Programming
Chapter 3: Socket Programming
Technical requirements
Introducing sockets in Python
Implementing an HTTP server in Python
Implementing a reverse shell with sockets
Resolving IPS domains, addresses, and managing exceptions
Port scanning with sockets
Implementing a simple TCP client and TCP server
Implementing a simple UDP client and UDP server
Summary
Questions
Further reading
6
Chapter 4: HTTP Programming
Chapter 4: HTTP Programming
Technical requirements
Introducing the HTTP protocol
Building an HTTP client with http.client
Building an HTTP client with urllib.request
Get response and request headers
Building an HTTP client with requests
Building an HTTP client with httpx
Authentication mechanisms with Python
Summary
Questions
Further reading
7
Chapter 5: Connecting to the Tor Network and Discovering Hidden Services
Chapter 5: Connecting to the Tor Network and Discovering Hidden Services
Technical requirements
Understanding the Tor Project and hidden services
Tools for anonymity in the Tor network
Discovering hidden services with OSINT tools
Modules and packages in Python for connecting to the Tor network
Tools that allow us to search hidden services and automate the crawling process in the Tor network
Summary
Questions
8
Section 3: Server Scripting and Port Scanning with Python
Section 3: Server Scripting and Port Scanning with Python
9
Chapter 6: Gathering Information from Servers
Chapter 6: Gathering Information from Servers
Technical requirements
Extracting information from servers with Shodan
Using Shodan filters and the BinaryEdge search engine
Using the socket module to obtain server information
Getting information on DNS servers with DNSPython
Getting vulnerable addresses in servers with fuzzing
Summary
Questions
Further reading
10
Chapter 7: Interacting with FTP, SFTP, and SSH Servers
Chapter 7: Interacting with FTP, SFTP, and SSH Servers
Technical requirements
Connecting with FTP servers
Building an anonymous FTP scanner with Python
Connecting with SSH servers with paramiko and pysftp
Implementing SSH clients and servers with the asyncSSH and asyncio modules
Checking the security in SSH servers with the ssh-audit tool
Summary
Questions
Further reading
11
Chapter 8: Working with Nmap Scanner
Chapter 8: Working with Nmap Scanner
Technical requirements
Introducing port scanning with Nmap
Scan modes with python-nmap
Working with Nmap through the os and subprocess modules
Discovering services and vulnerabilities with Nmap scripts
Summary
Questions
Further reading
12
Section 4: Server Vulnerabilities and Security in Python Modules
Section 4: Server Vulnerabilities and Security in Python Modules
13
Chapter 9: Interacting with Vulnerability Scanners
Chapter 9: Interacting with Vulnerability Scanners
Technical requirements
Understanding vulnerabilities and exploits
Introducing the Nessus vulnerability scanner
Introducing the OpenVAS vulnerability scanner
Accessing OpenVAS with Python
Summary
Questions
Further reading
14
Chapter 10: Identifying Server Vulnerabilities in Web Applications
Chapter 10: Identifying Server Vulnerabilities in Web Applications
Technical requirements
Understanding vulnerabilities in web applications with OWASP
Analyzing and discovering vulnerabilities in CMS web applications
Discovering SQL vulnerabilities with Python tools
Testing Heartbleed and SSL/TLS vulnerabilities
Scanning TLS/SSL configurations with SSLyze
Summary
Questions
Further reading
15
Chapter 11: Security and Vulnerabilities in Python Modules
Chapter 11: Security and Vulnerabilities in Python Modules
Technical requirements
Exploring security in Python modules
Static code analysis for detecting vulnerabilities
Detecting Python modules with backdoors and malicious code
Security in Python web applications with the Flask framework
Python security best practices
Summary
Questions
Further reading
16
Section 5: Python Forensics
Section 5: Python Forensics
17
Chapter 12: Python Tools for Forensics Analysis
Chapter 12: Python Tools for Forensics Analysis
Technical requirements
Volatility framework for extracting data from memory and disk images
Connecting and analyzing SQLite databases
Network forensics with PcapXray
Getting information from the Windows registry
Logging in Python
Summary
Questions
Further reading
18
Chapter 13: Extracting Geolocation and Metadata from Documents, Images, and Browsers
Chapter 13: Extracting Geolocation and Metadata from Documents, Images, and Browsers
Technical requirements
Extracting geolocation information
Extracting metadata from images
Extracting metadata from PDF documents
Identifying the technology used by a website
Extracting metadata from web browsers
Summary
Questions
Further reading
19
Chapter 14: Cryptography and Steganography
Chapter 14: Cryptography and Steganography
Technical requirements
Encrypting and decrypting information with pycryptodome
Encrypting and decrypting information with cryptography
Steganography techniques for hiding information in images
Steganography with Stepic
Generating keys securely with the secrets and hashlib modules
Summary
Questions
Further reading
20
Assessments
Assessments
Chapter 1 – Working with Python Scripting
Chapter 2 – System Programming Packages
Chapter 3 – Socket Programming
Chapter 4 – HTTP Programming
Chapter 5 – Connecting to the Tor Network and Discovering Hidden Services
Chapter 6 – Gathering Information from Servers
Chapter 7 – Interacting with FTP, SFTP, and SSH Servers
Chapter 8 – Working with Nmap Scanner
Chapter 9 – Interacting with Vulnerability Scanners
Chapter 10 – Identifying Server Vulnerabilities in Web Applications
Chapter 11 – Security and Vulnerabilities in Python Modules
Chapter 12 – Python Tools for Forensics Analysis
Chapter 13 – Extracting Geolocation and Metadata from Documents, Images, and Browsers
Chapter 14 – Cryptography and Steganography
21
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Working with Python Scripting, introduces you to the Python language, object-oriented programming, data structures, exceptions, managing dependencies for developing with Python, and development environments.

Chapter 2, System Programming Packages, teaches you about the main Python modules for system programming, looking at topics including reading and writing files, threads, sockets, multithreading, and concurrency.

Chapter 3, Socket Programming, provides you with some basics of Python networking using the socket module. This module exposes all of the necessary pieces to quickly write TCP and UDP clients, as well as servers for writing low-level network applications.

Chapter 4, HTTP Programming, covers the HTTP protocol and the main Python modules, such as the urllib standard library, and the requests and httpx modules to retrieve and manipulate web content. We also cover HTTP authentication mechanisms and how we can manage them with the requests module.

Chapter 5, Connecting to the Tor Network and Discovering Hidden Services, explains how Tor can assist us in the research and development of tools from an anonymity and privacy point of view. In addition, we will review how to extract information from hidden services using Python modules.

Chapter 6, Gathering Information from Servers, explores the modules that allow the extraction of information that servers are exposing publicly, such as Shodan and Binary Edge. We will also look at getting server banners and information on DNS servers and introduce you to fuzzy processing using the pywebfuzz module.

Chapter 7, Interacting with FTP, SFTP, and SSH Servers, details the Python modules that allow us to interact with FTP, SFTP, and SSH servers, checking the security in SSH servers with the ssh-audit tool. Also, we will learn how to implement SSH clients and servers with the asyncSSH and asyncio modules.

Chapter 8, Working with Nmap Scanner, introduces Nmap as a port scanner and covers how to implement network scanning with Python and Nmap to gather information on a network, a specific host, and the services that are running on that host. Also, we cover how to find possible vulnerabilities in a given network with Nmap scripts.

Chapter 9, Interacting with Vulnerability Scanner, gets into Nessus and OpenVAS as vulnerability scanners and gives you reporting tools for the main vulnerabilities that can be found in servers and web applications with them. Also, we cover how to use them programmatically from Python, with the nessrest and Python-gmv modules.

Chapter 10, Identifying Server Vulnerabilities in Web Applications, covers the main vulnerabilities in web applications with OWASP methodology and the tools we can find in the Python ecosystem for vulnerability scanning in CMS and web applications, such as sqlmap. We will also cover testing openSSL/TLS vulnerabilities in servers with the sslyze module.

Chapter 11, Security and Vulnerabilities in Python Modules, covers security and vulnerabilities in Python modules. Also, we cover the review of Python tools such as Bandit as a static code analyzer for detecting vulnerabilities and Python best practices from a security perspective.

Chapter 12, Python Tools for Forensics Analysis, covers the main tools we have in Python for extracting information from memory, sqlite databases, research about network forensics with PcapXray, getting information from the Windows registry, and using the logging module to register errors and debug Python scripts.

Chapter 13, Extracting Geolocation and Metadata from Documents, Images, and Browsers, explores the main modules we have in Python for extracting information about geolocation and metadata from images and documents, identifying web technologies, and extracting metadata from Chrome and Firefox browsers.

Chapter 14, Cryptography and Steganography, covers the main modules we have in Python for encrypting and decrypting information, such as pycryptodome and cryptography. Also, we cover steganography techniques and how to hide information in images with stepic modules. Finally, we will cover Python modules for generating keys securely with the secrets and hashlib modules.

Previous Section
Next Section