Book Image

Hands-On Penetration Testing with Python

By : Furqan Khan

Book Image

Hands-On Penetration Testing with Python

By: Furqan Khan

Overview of this book

With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers. Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python. By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Introduction to Python

Introduction to Python

Technical requirements

Getting started

Python data types

Python operators

Building Python Scripts

Building Python Scripts

Technical requirements

Conditional statements

Functions and methods in Python

Modules and packages

Generators and comprehensions

Further reading

Concept Handling

Concept Handling

Object-oriented programming in Python

Files, directories, and I/O access

Regular expressions in Python

Data manipulation and parsing with XML, JSON, and CSV data

Exception handling

Further reading

Advanced Python Modules

Advanced Python Modules

Multitasking with threads

Multitasking with processes

Socket programming basics

Reverse TCP shells with Python

Further reading

Vulnerability Scanner Python - Part 1

Vulnerability Scanner Python - Part 1

Introducing Nmap

Building a network scanner with Python

Further reading

Vulnerability Scanner Python - Part 2

Vulnerability Scanner Python - Part 2

Architectural overview

Usage [PTO-GUI]

Pausing and resuming scans

Further reading

Machine Learning and Cybersecurity

Machine Learning and Cybersecurity

Machine Learning

Regression-based machine learning models

Classification models

Natural language processing

Further reading

Automating Web Application Scanning - Part 1

Automating Web Application Scanning - Part 1

Automating web application scanning with Burp Suite

Further reading

Automated Web Application Scanning - Part 2

Automated Web Application Scanning - Part 2

SSL stripping (missing HSTS header)

Further reading

Building a Custom Crawler

Building a Custom Crawler

Setup and installations

Getting started

Execution of code

Further reading

Reverse Engineering Linux Applications

Reverse Engineering Linux Applications

Fuzzing Linux applications

Stack buffer overflow in Linux

String format vulnerabilities

Further reading

Reverse Engineering Windows Applications

Reverse Engineering Windows Applications

Fuzzing Windows applications

Exploiting buffer overflows in Windows

Further reading

Exploit Development

Exploit Development

Scripting exploits over web-based vulnerabilities

Developing a Metasploit module to exploit a network service

Encoding shell codes to avoid detection

Further reading

Cyber Threat Intelligence

Cyber Threat Intelligence

Introduction to cyber threat intelligence

Cyber threat intelligence platforms

STIX and TAXII and external lookups

Further reading

Other Wonders of Python

Other Wonders of Python

Keylogger and exfiltration via sockets

Parsing Twitter tweets

Stealing browser passwords with Python

Python for antivirus-free persistence shells

Further reading

Assessments

Chapter 1, Introduction to Python

Chapter 2, Building Python Scripts

Chapter 3, Concept Handling

Chapter 4, Advanced Python Modules

Chapter 5, Vulnerability Scanner Python - Part 1

Chapter 6, Vulnerability Scanner Python - Part 2

Chapter 7, Machine Learning and Cybersecurity

Chapter 8, Automating Web Application Scanning - Part 1

Chapter 9, Automating Web Application Scanning - Part 2

Chapter 10, Building a Custom Crawler

Chapter 11, Reverse Engineering Linux Applications

Chapter 12, Reverse Engineering Windows Applications

Chapter 13, Exploit Development

Chapter 14, Cyber Threat Intelligence

Chapter 15, Other Wonders of Python

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

To get the most out of this book

To get the most out of this book, all that's required is a desire to keep going and understand every concept in detail before proceeding further.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at www.packt.com.
Select the SUPPORT tab.
Click on Code Downloads & Errata.
Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows
Zipeg/iZip/UnRarX for Mac
7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Hands-On-Penetration-Testing-with-Python. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781788990820_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To use the Python Terminal, simply type the python3 command in your Terminal prompt."

A block of code is set as follows:

a=44
b=33
if a > b:
    print("a is greater")
print("End")

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

my_list=[1,"a",[1,2,3],{"k1":"v1"}]
my_list[0] -> 1
my_List[1] -> "a"
my_list[2] -> [1,2,3]
my_list[2][0] -> 1
my_list[2][2] -> 3
my_list[3] -> {"k1":"v1"}
my_list[3]["k1"] -> "v1"
my_list[3].get("k1") -> "v1

Any command-line input or output is written as follows:

import threading
>>> class a(threading.Thread):
... def __init__(self):
... threading.Thread.__init__(self)
... def run(self):
... print("Thread started")
...

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on the Start Crawling button."

Warnings or important notes appear like this.

Tips and tricks appear like this.