Book Image

Hands-On Penetration Testing with Python

By : Furqan Khan
Book Image

Hands-On Penetration Testing with Python

By: Furqan Khan

Overview of this book

With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers. Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python. By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.

Related Content you might be interested in

Current Title:

Small book image
Hands-On Penetration Testing with Python
Furqan Khan
Jan, 2019 | 502 pages
Small book image
Penetration Testing with Shellcode
Hamza Megahed
Feb, 2018 | 346 pages
Small book image
Offensive Shellcode from Scratch.
Rishalin Pillay
Apr, 2022 | 208 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Introduction to Python
Introduction to Python
Technical requirements
Why Python?
Getting started
Python data types
Python operators
Summary
Questions
2
Building Python Scripts
Building Python Scripts
Technical requirements
Indentation
Conditional statements
Loops
Functions and methods in Python
Modules and packages
Generators and comprehensions
Summary
Questions
Further reading
3
Concept Handling
Concept Handling
Object-oriented programming in Python
Files, directories, and I/O access
Regular expressions in Python
Data manipulation and parsing with XML, JSON, and CSV data
Exception handling
Summary
Questions
Further reading
4
Advanced Python Modules
Advanced Python Modules
Multitasking with threads
Multitasking with processes
Subprocesses
Socket programming basics
Reverse TCP shells with Python
Summary
Questions
Further reading
5
Vulnerability Scanner Python - Part 1
Vulnerability Scanner Python - Part 1
Introducing Nmap
Building a network scanner with Python
Summary
Questions
Further reading
6
Vulnerability Scanner Python - Part 2
Vulnerability Scanner Python - Part 2
Architectural overview
Usage [PTO-GUI]
Pausing and resuming scans
Reporting
Summary
Questions
Further reading
7
Machine Learning and Cybersecurity
Machine Learning and Cybersecurity
Machine Learning
Regression-based machine learning models
Classification models
Natural language processing
Summary
Questions
Further reading
8
Automating Web Application Scanning - Part 1
Automating Web Application Scanning - Part 1
Automating web application scanning with Burp Suite
Summary
Questions
Further reading
9
Automated Web Application Scanning - Part 2
Automated Web Application Scanning - Part 2
XSS
CSRF
Clickjacking
SSL stripping (missing HSTS header)
Summary
Questions
Further reading
10
Building a Custom Crawler
Building a Custom Crawler
Setup and installations
Getting started
Execution of code
Summary
Questions
Further reading
11
Reverse Engineering Linux Applications
Reverse Engineering Linux Applications
Debugger
Fuzzing Linux applications
Stack buffer overflow in Linux
String format vulnerabilities
Summary
Questions
Further reading
12
Reverse Engineering Windows Applications
Reverse Engineering Windows Applications
Debuggers
Fuzzing Windows applications
Exploiting buffer overflows in Windows
Summary
Questions
Further reading
13
Exploit Development
Exploit Development
Scripting exploits over web-based vulnerabilities
Developing a Metasploit module to exploit a network service
Encoding shell codes to avoid detection
Summary
Questions
Further reading
14
Cyber Threat Intelligence
Cyber Threat Intelligence
Introduction to cyber threat intelligence
Cyber threat intelligence platforms
Tools and API
Threat scoring
STIX and TAXII and external lookups
Summary
Questions
Further reading
15
Other Wonders of Python
Other Wonders of Python
Report parsers
Keylogger and exfiltration via sockets
Parsing Twitter tweets
Stealing browser passwords with Python
Python for antivirus-free persistence shells
Summary
Questions
Further reading
16
Assessments
Assessments
Chapter 1, Introduction to Python
Chapter 2, Building Python Scripts
Chapter 3, Concept Handling
Chapter 4, Advanced Python Modules
Chapter 5, Vulnerability Scanner Python - Part 1
Chapter 6, Vulnerability Scanner Python - Part 2
Chapter 7, Machine Learning and Cybersecurity
Chapter 8, Automating Web Application Scanning - Part 1
Chapter 9, Automating Web Application Scanning - Part 2
Chapter 10, Building a Custom Crawler
Chapter 11, Reverse Engineering Linux Applications
Chapter 12, Reverse Engineering Windows Applications
Chapter 13, Exploit Development
Chapter 14, Cyber Threat Intelligence
Chapter 15, Other Wonders of Python
17
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Summary

We demonstrated the same steps here as in the previous chapter, but in a Windows environment. The concepts are largely the same between Windows and Linux environments, but the implementation of stacks and registers may vary a little. For this reason, it is important to be well versed in exploitation in both environments. In the next chapter, we will develop exploits in Python and also in Ruby to extend the capabilities of the Metasploit framework.

Previous Section
End of Section 5
Next Section