7. Crypto, Hash, and Conversion Functions | Effective Python Penetration Testing

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

Effective Python Penetration Testing

By : Rejah Rehim

4 (1)

Effective Python Penetration Testing

4 (1)

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Python Scripting Essentials

1. Python Scripting Essentials

Setting up the scripting environment

Installing third-party libraries

Python language essentials

Summary

2. Analyzing Network Traffic with Scapy

2. Analyzing Network Traffic with Scapy

Sockets modules

Raw socket programming

Investigate network traffic with Scapy

Summary

3. Application Fingerprinting with Python

3. Application Fingerprinting with Python

Web scraping

Parsing HTML with lxml

OS fingerprinting

Get the EXIF data of an image

Web application fingerprinting

Summary

4. Attack Scripting with Python

4. Attack Scripting with Python

Injections

Broken authentication

Cross-site scripting (XSS)

Insecure direct object references

Security misconfiguration

Sensitive data exposure

Missing function level access control

CSRF attacks

Using components with known vulnerabilities

Unvalidated redirects and forwards

Summary

5. Fuzzing and Brute-Forcing

5. Fuzzing and Brute-Forcing

Fuzzing

Classification of fuzzers

Fuzzing and brute-forcing passwords

Dictionary attack

SSH brute-forcing

SMTP brute-forcing

Brute-forcing directories and file locations

Brute-force cracking password protected ZIP files

Summary

6. Debugging and Reverse Engineering

6. Debugging and Reverse Engineering

Reverse engineering

Portable executable analysis

Listing all imported and exported symbols

Disassembling with Capstone

PEfile with Capstone

Debugging

Using PyDBG

Summary

7. Crypto, Hash, and Conversion Functions

7. Crypto, Hash, and Conversion Functions

Cryptographic algorithms

Hash functions

Summary

8. Keylogging and Screen Grabbing

8. Keylogging and Screen Grabbing

Keyloggers

Keyloggers with pyhook

Screen grabbing

Summary

9. Attack Automation

9. Attack Automation

Paramiko

python-nmap

W3af REST API

Metasploit scripting with MSGRPC

ClamAV antivirus with Python

OWASP ZAP from Python

Accessing Nessus 6 API with Python

Summary

10. Looking Forward

10. Looking Forward

Pentestly

Twisted

Nscan

sqlmap

CapTipper

Immunity Debugger

pytbull

ghost.py

peepdf

Summary

Customer Reviews

4 (1)

5 star

0%

4 star

100%

3 star

0%

2 star

0%

1 star

0%

Hash functions

Hash functions are mainly used in cryptography to check the integrity of messages, digital signatures, manipulation detection, fingerprints, and password storage. A function is a good hash function if the input string cannot be guessed based on the output. As hash functions convert random amounts of data to fixed-length strings, there may be some inputs that hash into the same string. Hash functions are created in such a way as to make these collisions extremely difficult to find. The most used hash functions are as follows:

MD2, MD4, and MD5 have 128-bits length and are not secure. SHA-1 has 160-bits length, but it is also not secure.

Hashed Message Authentication Code (HMAC)

Hashed Message Authentication Code (HMAC) is used when we need to check for integrity and authenticity. It provides both server and client with a public key and a private key. The private key is only known to the server and client, but the public key is known to all.

In the case of HMAC, the key and the...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Effective Python Penetration Testing

Search

Your notes and bookmarks