Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Python Penetration Testing Essentials
  • Table Of Contents Toc
Python Penetration Testing Essentials

Python Penetration Testing Essentials

By : Mohit Raj
3 (9)
Buy this Book
close
close
Python Penetration Testing Essentials

Python Penetration Testing Essentials

3 (9)
By: Mohit Raj
Buy this Book

Overview of this book

If you are a Python programmer or a security researcher who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this book is ideal for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.
Table of Contents (9 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Python with Penetration Testing and Networking
chevron up
Icon
1. Python with Penetration Testing and Networking
Icon
Introducing the scope of pentesting
Icon
Approaches to pentesting
Icon
Introducing Python scripting
Icon
Understanding the tests and tools you'll need
Icon
Learning the common testing platforms with Python
Icon
Network sockets
Icon
Server socket methods
Icon
Client socket methods
Icon
General socket methods
Icon
Moving on to the practical
Icon
Summary
2
2. Scanning Pentesting
Icon
2. Scanning Pentesting
Icon
How to check live systems in a network and the concept of a live system
Icon
What are the services running on the target machine?
Icon
Summary
3
3. Sniffing and Penetration Testing
Icon
3. Sniffing and Penetration Testing
Icon
Introducing a network sniffer
Icon
Implementing a network sniffer using Python
Icon
Learning about packet crafting
Icon
Introducing ARP spoofing and implementing it using Python
Icon
Testing the security system using custom packet crafting and injection
Icon
Summary
4
4. Wireless Pentesting
Icon
4. Wireless Pentesting
Icon
Wireless SSID finding and wireless traffic analysis by Python
Icon
Wireless attacks
Icon
Summary
5
5. Foot Printing of a Web Server and a Web Application
Icon
5. Foot Printing of a Web Server and a Web Application
Icon
The concept of foot printing of a web server
Icon
Introducing information gathering
Icon
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Icon
Banner grabbing of a website
Icon
Hardening of a web server
Icon
Summary
6
6. Client-side and DDoS Attacks
Icon
6. Client-side and DDoS Attacks
Icon
Introducing client-side validation
Icon
Tampering with the client-side parameter with Python
Icon
Effects of parameter tampering on business
Icon
Introducing DoS and DDoS
Icon
Summary
7
7. Pentesting of SQLI and XSS
Icon
7. Pentesting of SQLI and XSS
Icon
Introducing the SQL injection attack
Icon
Types of SQL injections
Icon
Understanding the SQL injection attack by a Python script
Icon
Learning about Cross-Site scripting
Icon
Summary
8
Index
Icon
Index

Introducing the scope of pentesting

In simple words, penetration testing is to test the information security measures of a company. Information security measures entail a company's network, database, website, public-facing servers, security policies, and everything else specified by the client. At the end of the day, a pentester must present a detailed report of their findings such as weakness, vulnerability in the company's infrastructure, and the risk level of particular vulnerability, and provide solutions if possible.

The need for pentesting

There are several points that describe the significance of pentesting:

  • Pentesting identifies the threats that might expose the confidentiality of an organization
  • Expert pentesting provides assurance to the organization with a complete and detailed assessment of organizational security
  • Pentesting assesses the network's efficiency by producing huge amount of traffic and scrutinizes the security of devices such as firewalls, routers, and switches
  • Changing or upgrading the existing infrastructure of software, hardware, or network design might lead to vulnerabilities that can be detected by pentesting
  • In today's world, potential threats are increasing significantly; pentesting is a proactive exercise to minimize the chance of being exploited
  • Pentesting ensures whether suitable security policies are being followed or not

Consider an example of a well-reputed e-commerce company that makes money from online business. A hacker or group of black hat hackers find a vulnerability in the company's website and hack it. The amount of loss the company will have to bear will be tremendous.

Components to be tested

An organization should conduct a risk assessment operation before pentesting; this will help identify the main threats such as misconfiguration or vulnerability in:

  • Routers, switches, or gateways
  • Public-facing systems; websites, DMZ, e-mail servers, and remote systems
  • DNS, firewalls, proxy servers, FTP, and web servers

Testing should be performed on all hardware and software components of a network security system.

Qualities of a good pentester

The following points describe the qualities of good pentester. They should:

  • Choose a suitable set of tests and tools that balance cost and benefits
  • Follow suitable procedures with proper planning and documentation
  • Establish the scope for each penetration test, such as objectives, limitations, and the justification of procedures
  • Be ready to show how to exploit the vulnerabilities
  • State the potential risks and findings clearly in the final report and provide methods to mitigate the risk if possible
  • Keep themselves updated at all times because technology is advancing rapidly

A pentester tests the network using manual techniques or the relevant tools. There are lots of tools available in the market. Some of them are open source and some of them are highly expensive. With the help of programming, a programmer can make his own tools. By creating your own tools, you can clear your concepts and also perform more R&D. If you are interested in pentesting and want to make your own tools, then the Python programming language is the best, as extensive and freely available pentesting packages are available in Python, in addition to its ease of programming. This simplicity, along with the third-party libraries such as scapy and mechanize, reduces code size. In Python, to make a program, you don't need to define big classes such as Java. It's more productive to write code in Python than in C, and high-level libraries are easily available for virtually any imaginable task.

If you know some programming in Python and are interested in pentesting this book is ideal for you.

Defining the scope of pentesting

Before we get into pentesting, the scope of pentesting should be defined. The following points should be taken into account while defining the scope:

  • You should develop the scope of the project in consultation with the client. For example, if Bob (the client) wants to test the entire network infrastructure of the organization, then pentester Alice would define the scope of pentesting by taking this network into account. Alice will consult Bob on whether any sensitive or restricted areas should be included or not.
  • You should take into account time, people, and money.
  • You should profile the test boundaries on the basis of an agreement signed by the pentester and the client.
  • Changes in business practice might affect the scope. For example, the addition of a subnet, new system component installations, the addition or modification of a web server, and so on, might change the scope of pentesting.

The scope of pentesting is defined in two types of tests:

  • A non-destructive test: This test is limited to finding and carrying out the tests without any potential risks. It performs the following actions:
    • Scans and identifies the remote system for potential vulnerabilities
    • Investigates and verifies the findings
    • Maps the vulnerabilities with proper exploits
    • Exploits the remote system with proper care to avoid disruption
    • Provides a proof of concept
    • Does not attempt a Denial-of-Service (DoS) attack
  • A destructive test: This test can produce risks. It performs the following actions:
    • Attempts DoS and buffer overflow attacks, which have the potential to bring down the system
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Python Penetration Testing Essentials
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon