Book Image

Python Penetration Testing Essentials

By : Mohit
Book Image

Python Penetration Testing Essentials

By: Mohit

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Python Penetration Testing Essentials
Mohit
Jan, 2015 | 178 pages
No titles found
Table of Contents (14 chapters)
Python Penetration Testing Essentials
Python Penetration Testing Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Python with Penetration Testing and Networking
Python with Penetration Testing and Networking
Introducing the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Summary
2
Scanning Pentesting
Scanning Pentesting
How to check live systems in a network and the concept of a live system
What are the services running on the target machine?
Summary
3
Sniffing and Penetration Testing
Sniffing and Penetration Testing
Introducing a network sniffer
Implementing a network sniffer using Python
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
Testing the security system using custom packet crafting and injection
Summary
4
Wireless Pentesting
Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Wireless attacks
Summary
5
Foot Printing of a Web Server and a Web Application
Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
6
Client-side and DDoS Attacks
Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Summary
7
Pentesting of SQLI and XSS
Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Summary
Index
Index

Network sockets

A network socket address contains an IP address and port number. In a very simple way, a socket is a way to talk to other computers. By means of a socket, a process can communicate with another process over the network.

In order to create a socket, use the socket.socket() function that is available in the socket module. The general syntax of a socket function is as follows:

s = socket.socket (socket_family, socket_type, protocol=0)

Here is the description of the parameters:

socket_family: socket.AF_INET, PF_PACKET

AF_INET is the address family for IPv4. PF_PACKET operates at the device driver layer. The pcap library for Linux uses PF_PACKET. You will see more details on PF_PACKET in Chapter 3, Sniffing and Penetration Testing. These arguments represent the address families and the protocol of the transport layer:

Socket_type : socket.SOCK_DGRAM, socket.SOCK_RAW,socket.SOCK_STREAM

The socket.SOCK_DGRAM argument depicts that UDP is unreliable and connectionless, and socket.SOCK_STREAM depicts that TCP is reliable and is a two-way, connection-based service. We will discuss socket.SOCK_RAW in Chapter 3, Sniffing and Penetration Testing.

protocol

Generally, we leave this argument; it takes 0 if not specified. We will see the use of this argument in Chapter 3, Sniffing and Penetration Testing.

Previous Section
End of Section 7
Next Section