Book Image

Python Penetration Testing Essentials - Second Edition

By : Mohit Raj

Book Image

Python Penetration Testing Essentials - Second Edition

By: Mohit Raj

Overview of this book

This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Python with Penetration Testing and Networking

Python with Penetration Testing and Networking

Introducing the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Scanning Pentesting

Scanning Pentesting

How to check live systems in a network and the concept of a live system

What are the services running on the target machine?

Sniffing and Penetration Testing

Sniffing and Penetration Testing

Introducing a network sniffer

Implementing a network sniffer using Python

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

Testing the security system using custom packet crafting

Network Attacks and Prevention

Network Attacks and Prevention

Technical requirements

DHCP starvation attack

The MAC flooding attack

Gateway disassociation by RAW socket

Torrent detection

Wireless Pentesting

Wireless Pentesting

Introduction to 802.11 frames

Wireless SSID finding and wireless traffic analysis with Python

Wireless attacks

Honeypot – Building Traps for Attackers

Honeypot – Building Traps for Attackers

Technical requirements

Fake ping reply

Fake port-scanning reply

Fake OS-signature reply to nmap

Fake web server reply

Foot Printing a Web Server and a Web Application

Foot Printing a Web Server and a Web Application

The concept of foot printing a web server

Introducing information gathering

Information gathering of a website from whois.domaintools.com

Email address gathering from a web page

Banner grabbing of a website

Hardening of a web server

Client-Side and DDoS Attacks

Client-Side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Pentesting SQL and XSS

Pentesting SQL and XSS

Introducing the SQL injection attack

Types of SQL injections

Understanding the SQL injection attack by a Python script

Learning about cross-site scripting

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Introducing Python scripting

Before you start reading this book, you should know the basics of Python programming, such as the basic syntax, variable type, data type tuple, list dictionary, functions, strings, and methods. Two versions, 3.4 and 2.7.8, are available at python.org/downloads/.

In this book, all experiments and demonstrations have been done in Python version 2.7.8. If you use Linux OSes such as Kali or BackTrack, then there will be no issue, because many programs, such as wireless sniffing, do not work on the Windows platform. Kali Linux also uses the 2.7 version. If you love to work on Red Hat or CentOS, then this version is suitable for you.

Most hackers choose this profession because they don't want to do programming. They want to use tools. However, without programming, a hacker cannot enhance his/her skills. Each and every time, they have to search for the tools over the internet. Believe me, after seeing its simplicity, you will love this language.