Book Image

Python Penetration Testing Cookbook

By : Rejah Rehim
Book Image

Python Penetration Testing Cookbook

By: Rejah Rehim

Overview of this book

Penetration testing is the use of tools and code to attack a system in order to assess its vulnerabilities to external threats. Python allows pen testers to create their own tools. Since Python is a highly valued pen-testing language, there are many native libraries and Python bindings available specifically for pen-testing tasks. Python Penetration Testing Cookbook begins by teaching you how to extract information from web pages. You will learn how to build an intrusion detection system using network sniffing techniques. Next, you will find out how to scan your networks to ensure performance and quality, and how to carry out wireless pen testing on your network to avoid cyber attacks. After that, we’ll discuss the different kinds of network attack. Next, you’ll get to grips with designing your own torrent detection program. We’ll take you through common vulnerability scenarios and then cover buffer overflow exploitation so you can detect insecure coding. Finally, you’ll master PE code injection methods to safeguard your network.
Table of Contents (15 chapters)

XMAS scanning

With XMAS scanning, we will send a TCP packet with a bunch of flags all at once (PSH, FIN, and URG). We will get an RST if the port is closed. If the port is open or filtered, then there will be no response from the server. It's similar to the FIN scan, other than the packet-creating part.

How to do it...

Here are the steps to create a XMAS scanner with Scapy:

  1. Create a copy of the file we created for the previous recipe (FIN scanning). As it is quite similar, we only need to change the packet-creation section.
  2. To create and send a packet with PSH, FIN, and URG flags in it, update the packet-crafting section inside the probe_port method, as follows:
p = IP(dst=ip)/TCP(sport=src_port, dport=port, flags=...