Effective Python Penetration Testing

Effective Python Penetration Testing

By : Rejah Rehim

Buy this Book

Effective Python Penetration Testing

By: Rejah Rehim

Buy this Book

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.

Effective Python Penetration Testing

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Python Scripting Essentials

Setting up the scripting environment

Installing third-party libraries

Python language essentials

Summary

Analyzing Network Traffic with Scapy

Sockets modules

Raw socket programming

Investigate network traffic with Scapy

Summary

Application Fingerprinting with Python

Web scraping

Parsing HTML with lxml

OS fingerprinting

Get the EXIF data of an image

Web application fingerprinting

Summary

Attack Scripting with Python

Injections

Broken authentication

Cross-site scripting (XSS)

Insecure direct object references

Security misconfiguration

Sensitive data exposure

Missing function level access control

CSRF attacks

Using components with known vulnerabilities

Unvalidated redirects and forwards

Summary

Fuzzing and Brute-Forcing

Fuzzing

Classification of fuzzers

Fuzzing and brute-forcing passwords

Dictionary attack

SSH brute-forcing

SMTP brute-forcing

Brute-forcing directories and file locations

Brute-force cracking password protected ZIP files

Summary

Debugging and Reverse Engineering

Reverse engineering

Portable executable analysis

Listing all imported and exported symbols

Disassembling with Capstone

PEfile with Capstone

Debugging

Using PyDBG

Summary

Crypto, Hash, and Conversion Functions

Cryptographic algorithms

Hash functions

Summary

Keylogging and Screen Grabbing

Keyloggers

Keyloggers with pyhook

Screen grabbing

Summary

Attack Automation

Paramiko

python-nmap

W3af REST API

Metasploit scripting with MSGRPC

ClamAV antivirus with Python

OWASP ZAP from Python

Accessing Nessus 6 API with Python

Summary

Looking Forward

Pentestly

Twisted

Nscan

sqlmap

CapTipper

Immunity Debugger

pytbull

ghost.py

peepdf

Summary

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Chapter 5. Fuzzing and Brute-Forcing

One of the most helpful tools that a security tester can have is a fuzzing tool to test a parameter of an application. Fuzzing has been very effective at finding security vulnerabilities, as it can be used for finding weaknesses by scanning an application attack surface. Fuzzers can test an application for directory traversal, command execution, SQL injection, and cross site scripting vulnerabilities.

The best fuzzers are highly customizable, so in this chapter, we'll learn how to build our own fuzzers that can be used for a specific application.

The topics covered in this chapter are as follows:

Fuzzing and brute-forcing passwords
SSH brute-forcing
SMTP brute-forcing
Brute-forcing directories and file locations
Brute-force cracking password-protected zip files
Sulley fuzzing framework

Effective Python Penetration Testing

By : Rejah Rehim

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Related Content you might be interested in

Current Title:

Effective Python Penetration Testing

Chapter 5. Fuzzing and Brute-Forcing