Effective Python Penetration Testing

Book Image

Effective Python Penetration Testing

By : Rejah Rehim

Book Image

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.

Effective Python Penetration Testing

Effective Python Penetration Testing

Credits

About the Author

About the Author

About the Reviewer

About the Reviewer

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Python Scripting Essentials

Python Scripting Essentials

Setting up the scripting environment

Installing third-party libraries

Python language essentials

Analyzing Network Traffic with Scapy

Analyzing Network Traffic with Scapy

Sockets modules

Raw socket programming

Investigate network traffic with Scapy

Application Fingerprinting with Python

Application Fingerprinting with Python

Parsing HTML with lxml

OS fingerprinting

Get the EXIF data of an image

Web application fingerprinting

Attack Scripting with Python

Attack Scripting with Python

Broken authentication

Cross-site scripting (XSS)

Insecure direct object references

Security misconfiguration

Sensitive data exposure

Missing function level access control

Using components with known vulnerabilities

Unvalidated redirects and forwards

Fuzzing and Brute-Forcing

Fuzzing and Brute-Forcing

Classification of fuzzers

Fuzzing and brute-forcing passwords

Dictionary attack

SSH brute-forcing

SMTP brute-forcing

Brute-forcing directories and file locations

Brute-force cracking password protected ZIP files

Debugging and Reverse Engineering

Debugging and Reverse Engineering

Reverse engineering

Portable executable analysis

Listing all imported and exported symbols

Disassembling with Capstone

PEfile with Capstone

Crypto, Hash, and Conversion Functions

Crypto, Hash, and Conversion Functions

Cryptographic algorithms

Keylogging and Screen Grabbing

Keylogging and Screen Grabbing

Keyloggers with pyhook

Screen grabbing

Attack Automation

Attack Automation

Metasploit scripting with MSGRPC

ClamAV antivirus with Python

OWASP ZAP from Python

Accessing Nessus 6 API with Python

Looking Forward

Looking Forward

Immunity Debugger

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Cryptographic algorithms

The following three types of cryptography algorithms are used most often:

Hash functions: Hash functions are also known as one-way encryption, and have no key. A hash function outputs a fixed-length hash value for plaintext inputs, and it's impossible to recover the length or content of the plaintext.

Keyed hash functions: Keyed hashing is used to build message authentication codes (MACs); MACs are intended to prevent brute-force attacks. So, they are intentionally designed to be slow.

Symmetric encryption / Secret key (Encryption algorithms): Encryption algorithms output a ciphertext for some text inputs using a variable key and, we can decrypt the ciphertext using the same key.

Public key algorithms: For public key algorithms, we have two different keys: one for encryption and the other to decrypt. So, we can share the public key that can encrypt the message, but it can only be decrypted using the decrypt key, which is not shared.