Book Image

Effective Python Penetration Testing

By : Rejah Rehim
Book Image

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.
Table of Contents (16 chapters)
Effective Python Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface

Brute-forcing directories and file locations


We could write a custom spider script to crawl the target website to discover sufficient information about the web application. However, there are often lots of configuration files, leftover development files, backup files, debugging scripts, and many other files that can provide sensitive information about the web application or expose some functionality that the developer of the application did not intend to expose.

The method to discover this type of content is to use brute-forcing to trace common filenames and directories. It is always far superior to have our own custom scripts, which will help us to customize the target files and to filter the results according to our requirements.

First, as usual we import the required modules. Here we use threading to run multiple requests in parallel. But make sure to keep the threads low; a large number of threads may cause denial of service:

import urllib 
import urllib2 
import threading 
...