Book Image

Effective Python Penetration Testing

By : Rejah Rehim
Book Image

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.
Table of Contents (16 chapters)
Effective Python Penetration Testing
About the Author
About the Reviewer

Classification of fuzzers

Many classifications exist for fuzzing based on target, attack vectors used, and fuzzing method. Fuzzing targets include file formats, network protocols, command-line arguments, environment variables, web applications, and many others. Fuzzing can be broadly categorized based on the way test cases are generated. They are mutation fuzzing (dump) and generation fuzzing (intelligent).

Mutation (dump) fuzzers

A fuzzer that creates completely random input is known as a mutation or dump fuzzer. This type of fuzzer mutates the existing input value blindly. But it lacks an understandable format or structure of the data. For example, it can be replacing or appending a random slice of data to the desired input.

Generation (intelligent) fuzzers

Generation fuzzers create inputs from scratch rather than mutating existing input. So, it requires some level of intelligence in order to generate input that makes at least some sense to the target application.

In contrast to mutation fuzzers...