Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Python Web Penetration Testing Cookbook
Benjamin May | Cameron Buchanan | Andrew Mabbitt | Dave Mound | Terry Ip
Jun, 2015 | 224 pages
No titles found
Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Python Web Penetration Testing Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Gathering Open Source Intelligence
Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
2
Enumeration
Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
3
Vulnerability Identification
Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
4
SQL Injection
SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
5
Web Header Manipulation
Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
6
Image Analysis and Manipulation
Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
7
Encryption and Encoding
Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
8
Payloads and Shells
Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
9
Reporting
Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly
Index
Index

Cracking the Atbash cipher

The Atbash cipher is a simple cipher that uses opposite values in the alphabet to transform words. For example, A is equal to Z and C is equal to X.

Getting ready

For this, we will only need the string module.

How to do it…

Since the Atbash cipher works by using the opposite value of a character in the alphabet, we can create a maketrans feature to substitute characters:

import string
input = raw_input("Please enter the value you would like to Atbash Cipher: ")
transform = string.maketrans(
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
"ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba")
final = string.translate(input, transform)
print final

How it works…

After importing the correct module, we request the input from the user for the value they would like encipher into the Atbash cipher:

import string
input = raw_input("Please enter the value you would like to Atbash Ciper: ")

Next, we create the maketrans feature to be used. We do this by listing the first...

Previous Section
End of Section 12
Next Section