Book Image

Effective Python Penetration Testing

By : Rejah Rehim
Book Image

Effective Python Penetration Testing

By: Rejah Rehim

Overview of this book

Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks. We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner. Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.
Table of Contents (16 chapters)
Effective Python Penetration Testing
About the Author
About the Reviewer

OWASP ZAP from Python

OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.

OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the python-owasp-zap module to access this API. The python-owasp-zap-v2.4 module can be installed with pip.

Start by loading the required modules:

from zapv2 import ZAPv2 
from pprint import pprint 
import time 

Define the target to scan:

target = ''

Now, we can instantiate the zap instance, as follows:

zap = zapv2()

This will instantiate a new instance with the assumption zap listens in the default port 8080. If Zap listens a non-default port, then we have to pass the custom proxy settings as the parameters, as follows:

zap = ZAPv2(proxies={'http': '', 'https': ''}) 

Set the target...