Book Image

Learning Penetration Testing with Python

By : Christopher Duffy
Book Image

Learning Penetration Testing with Python

By: Christopher Duffy

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Penetration Testing with Python
Christopher Duffy
Sep, 2015 | 314 pages
No titles found
Table of Contents (19 chapters)
Learning Penetration Testing with Python
Learning Penetration Testing with Python
Credits
Credits
Disclaimer
Disclaimer
About the Author
About the Author
Acknowlegements
Acknowlegements
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Understanding the Penetration Testing Methodology
Understanding the Penetration Testing Methodology
An overview of penetration testing
Understanding what penetration testing is not
Assessment methodologies
The penetration testing execution standard
Penetration testing tools
Summary
2
The Basics of Python Scripting
The Basics of Python Scripting
Understanding the difference between interpreted and compiled languages
Python – the good and the bad
A Python interactive interpreter versus a script
Environmental variables and PATH
Understanding dynamically typed languages
The first Python script
Developing scripts and identifying errors
Python formatting
Python variables
Operators
Compound statements
Functions
The Python style guide
Arguments and options
Your first assessor script
Summary
3
Identifying Targets with Nmap, Scapy, and Python
Identifying Targets with Nmap, Scapy, and Python
Understanding how systems communicate
Understanding Nmap
Nmap libraries for Python
The Scapy library for Python
Summary
4
Executing Credential Attacks with Python
Executing Credential Attacks with Python
The types of credential attacks
Identifying the target
Creating targeted usernames
Testing for users using SMTP VRFY
Summary
5
Exploiting Services with Python
Exploiting Services with Python
Understanding the new age of service exploitation
Understanding the chaining of exploits
Automating the exploit train with Python
Summary
6
Assessing Web Applications with Python
Assessing Web Applications with Python
Identifying live applications versus open ports
Identifying hidden files and directories with Python
Credential attacks with Burp Suite
Using twill to walk through the source
Understanding when to use Python for web assessments
Summary
7
Cracking the Perimeter with Python
Cracking the Perimeter with Python
Understanding today's perimeter
Understanding the link between accounts and services
Cracking inboxes with Burp Suite
Identifying the attack path
Gaining access through websites
Summary
8
Exploit Development with Python, Metasploit, and Immunity
Exploit Development with Python, Metasploit, and Immunity
Getting started with registers
Understanding the Windows memory structure
Understanding memory addresses and endianness
Understanding the manipulation of the stack
Understanding immunity
Understanding basic buffer overflow
Writing a basic buffer overflow exploit
Understanding stack adjustments
Understanding the purpose of local exploits
Understanding other exploit scripts
Reversing Metasploit modules
Understanding protection mechanisms
Summary
9
Automating Reports and Tasks with Python
Automating Reports and Tasks with Python
Understanding how to parse XML files for reports
Understanding how to create a Python class
Summary
10
Adding Permanency to Python Tools
Adding Permanency to Python Tools
Understanding logging within Python
Understanding the difference between multithreading and multiprocessing
Building industry-standard tools
Summary
Index
Index

About the Reviewers

S. Boominathan is a highly proficient security professional who has more than three years of experience in the field of information security, including vulnerability assessment and penetration testing. He is currently working with an India-based bellwether MNC. He has certifications of and knowledge in N+,CCNA, CCSA, CEHV8, CHFIV4, and QCP (QualysGuard certified professional). He is also a wireless penetration testing expert. Boominathan feels very much privileged to work in his current company. He has worked in various fields simultaneously, such as malware analysis, vulnerability assessment, network penetration testing, wireless penetration testing, and so on.

I would like to thank my parents, Sundaram and Valli; my wife, Uthira; and my brother, Sriram, for helping me review this book thoroughly. I would also like to thank the author and Packt Publishing for providing me with the opportunity to review this book.

Tajinder Singh Kalsi is an entrepreneur. He is the cofounder of and a technical evangelist at Virscent Technologies, with more than seven years of working experience in the field of IT. He commenced his career with WIPRO as a technical associate, and later became an IT consultant cum trainer. As of now, he conducts seminars in colleges all across India on topics such as information security, Android application development, website development, and cloud computing. Tajinder has taught nearly 9,500 students in more than 125 colleges so far. Apart from training, he also maintains blogs (www.virscent.com/blog and http://tajinderkalsi.com/blog/), where he provides various hacking tricks. He has earlier reviewed books titled Web Application Penetration Testing with Kali Linux and Mastering Kali Linux for Advanced Penetration Testing.

You can contact him on Facebook at https://www.facebook.com/tajinder.kalsi.tj, or follow his website at http://www.tajinderkalsi.com/.

I would like to thank the team at Packt Publishing for discovering me through my blog and offering me this opportunity again. I would also like to thank my family and close friends for all the support they have given while I was working on this project.

Luke Presland is a cybersecurity specialist currently working for the Defence Science and Technology Laboratory within the UK Ministry of Defence. Previously, he worked in both tech publishing and the online gaming industry, with a specialization in social engineering techniques and countermeasures.

His interests include many aspects of security, from the security of systems and embedded devices, to penetration testing and the combination of social and technical approaches to security vulnerabilities.

Luke spends most of his time working out how to break things and attempting to fix them.

Previous Section
Next Chapter