Book Image

Python Penetration Testing Cookbook

By : Rejah Rehim

Book Image

Python Penetration Testing Cookbook

By: Rejah Rehim

Overview of this book

Penetration testing is the use of tools and code to attack a system in order to assess its vulnerabilities to external threats. Python allows pen testers to create their own tools. Since Python is a highly valued pen-testing language, there are many native libraries and Python bindings available specifically for pen-testing tasks. Python Penetration Testing Cookbook begins by teaching you how to extract information from web pages. You will learn how to build an intrusion detection system using network sniffing techniques. Next, you will find out how to scan your networks to ensure performance and quality, and how to carry out wireless pen testing on your network to avoid cyber attacks. After that, we’ll discuss the different kinds of network attack. Next, you’ll get to grips with designing your own torrent detection program. We’ll take you through common vulnerability scenarios and then cover buffer overflow exploitation so you can detect insecure coding. Finally, you’ll master PE code injection methods to safeguard your network.

Preface

What this book covers

What you need for this book

Who this book is for

Reader feedback

Customer support

Free Chapter

Why Python in Penetration Testing?

Why Python in Penetration Testing?

Why Python is a great option for security scripting

Python 3 language basics and differences

Setting Up a Python Environment

Setting Up a Python Environment

Setting up a Python environment in Linux

Setting up a Python environment in macOS

Setting up a Python environment in Windows

Web Scraping with Python

Web Scraping with Python

Download web pages with Python scripts

Changing the user agent

Downloading files

Using a regular expression to get the information from the downloaded web pages

Requesting and downloading dynamic website pages

Dynamic GET requests

Data Parsing with Python

Data Parsing with Python

Parsing HTML tables

Extracting data from HTML documents

Parsing XML data

Web Scraping with Scrapy and BeautifulSoup

Web Scraping with Scrapy and BeautifulSoup

Web spiders with Scrapy

Link extractor with Scrapy

Scraping after logging into websites using Scrapy

Network Scanning with Python

Network Scanning with Python

Simple port scanner

IP range/network scanner

Stealth scanning

TCP ACK scanning

Network Sniffing with Python

Network Sniffing with Python

Packet sniffer in Python

Parsing the packet

Scapy Basics

Creating a packet with Scapy

Sending and receiving packets with Scapy

Layering packets

Reading and writing to pcap files

Sniffing packets

ARP man-in-the-middle tool with Scapy

Wi-Fi Sniffing

Finding Wi-Fi devices

Exposing hidden SSIDs

Dictionary attack on hidden SSIDs

Fake access points with Scapy

Layer 2 Attacks

Layer 2 Attacks

ARP cache poisoning

ARP spoofing over VLAN hopping

DHCP starvation

TCP/IP Attacks

Password sniffer with Python over LAN

Introduction to Exploit Development

Introduction to Exploit Development

CPU instructions

Windows Exploit Development

Windows Exploit Development

Windows memory layout

Buffer overflow with saved return pointer overwrite

Structured Exception Handling

Linux Exploit Development

Linux Exploit Development

Format string exploitation

Buffer overflow

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Introduction

This chapter will go through some Windows-based vulnerabilities and the exploit techniques using Python. The solution for the exploit development tasks is to replace the program instructions with our instructions to manipulate the application behavior. We will be using an Immunity Debugger for debugging the applications. As the victim machine will be a Windows machine, we require a machine with Window XP OS installed on it. We are using the old XP version for the ease of exploiting, and the sample applications with vulnerabilities will work in XP.