Book Image

Python Penetration Testing Essentials - Second Edition

By : Mohit Raj
Book Image

Python Penetration Testing Essentials - Second Edition

By: Mohit Raj

Overview of this book

This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.
Table of Contents (11 chapters)

Introducing the SQL injection attack

SQL injection is a technique, or you could say, an expert technique, that is used to steal data by taking advantage of a nonvalidated input vulnerability. The method by which a web application works can be seen in the following screenshot:

The method by which a web application works

If our query were not validated, then it would go to the database for execution, and then it might reveal sensitive data or delete data. How data-driven websites work is shown in the preceding screenshot. In this screenshot, we are shown that the client opens the web page on a local computer. The host is connected to a web server via the internet. The preceding screenshot clearly shows the method by which the web application interacts with the database of a web server.