Book Image

Effective Python Penetration Testing

By : Rejah Rehim
Book Image

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.
Table of Contents (16 chapters)
Effective Python Penetration Testing
About the Author
About the Reviewer


In general, the fuzzing process consists of the following phases:

  • Identifying the target: For fuzzing an application, we have to identify the target application. For instance, a FTP server with a specific IP and running on port 21.

  • Identifying inputs: As we know, the vulnerability exists because the target application accepts a malformed input and processes it without sanitizing. So, we have to identify those inputs that the application accepts. For instance, the user name and password are input in the FTP server.

  • Creating fuzz data: After getting all the input parameters, we have to create invalid input data to send to the target application. Fuzzing data is often known as payloads.

  • Fuzzing: After creating the fuzz data, we have to send it to the target application.

  • Monitoring the exceptions and logging: Now we have to watch the target application for interesting responses and crashes and save this data for manual analysis. Monitoring web application fuzzing is a bit different,...