Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Python for Security and Networking
  • Table Of Contents Toc
Python for Security and Networking

Python for Security and Networking - Third Edition

By : José Manuel Ortega
4.8 (33)
Buy this Book
close
close
Python for Security and Networking

Python for Security and Networking

4.8 (33)
By: José Manuel Ortega
Buy this Book

Overview of this book

Python’s latest updates add numerous libraries that can be used to perform critical security-related missions, including detecting vulnerabilities in web applications, taking care of attacks, and helping to build secure and robust networks that are resilient to them. This fully updated third edition will show you how to make the most of them and improve your security posture. The first part of this book will walk you through Python scripts and libraries that you’ll use throughout the book. Next, you’ll dive deep into the core networking tasks where you will learn how to check a network’s vulnerability using Python security scripting and understand how to check for vulnerabilities in your network – including tasks related to packet sniffing. You’ll also learn how to achieve endpoint protection by leveraging Python packages along with writing forensics scripts. The next part of the book will show you a variety of modern techniques, libraries, and frameworks from the Python ecosystem that will help you extract data from servers and analyze the security in web applications. You’ll take your first steps in extracting data from a domain using OSINT tools and using Python tools to perform forensics tasks. By the end of this book, you will be able to make the most of Python to test the security of your network and applications.
Table of Contents (23 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
1
Section 1: Python Environment and System Programming Tools
Icon
Section 1: Python Environment and System Programming Tools
Lock Free Chapter
2
Working with Python Scripting
chevron up
Icon
Working with Python Scripting
Icon
Technical requirements
Icon
Learn about data structures and collections in Python
Icon
Working with functions, classes, and objects in Python
Icon
Working with files in Python
Icon
Python modules and packages
Icon
Managing dependencies and virtual environments
Icon
Development environments for Python scripting
Icon
Summary
Icon
Questions
Icon
Further reading
3
System Programming Packages
Icon
System Programming Packages
Icon
Technical requirements
Icon
Working with the filesystem in Python
Icon
Executing commands with the subprocess module
Icon
Managing threads in Python
Icon
Multithreading and concurrency in Python
Icon
Summary
Icon
Questions
Icon
Further reading
4
Section 2: Network Scripting and Packet Sniffing with Python
Icon
Section 2: Network Scripting and Packet Sniffing with Python
5
Socket Programming
Icon
Socket Programming
Icon
Technical requirements
Icon
Understanding the socket package for network requests
Icon
Port scanning with sockets
Icon
Implementing a reverse shell with sockets
Icon
Implementing a simple TCP client and TCP server
Icon
Implementing a simple UDP client and UDP server
Icon
Implementing an HTTP server in Python
Icon
Implementing secure sockets with the TLS and SSL modules
Icon
Summary
Icon
Questions
Icon
Further reading
6
HTTP Programming and Web Authentication
Icon
HTTP Programming and Web Authentication
Icon
Technical requirements
Icon
Building an HTTP client with urllib.request
Icon
Get request and response headers
Icon
Building an HTTP client with requests
Icon
Authentication mechanisms with Python
Icon
Implementing OAuth clients in Python with the requests-oauthlib module
Icon
Implementing a client with requests_oauthlib
Icon
Implementing JSON Web Tokens (JWTs) in Python
Icon
Summary
Icon
Questions
Icon
Further reading
7
Analyzing Network Traffic and Packet Sniffing
Icon
Analyzing Network Traffic and Packet Sniffing
Icon
Technical requirements
Icon
Capturing and injecting packets with pcapy-ng
Icon
Capturing and injecting packets with scapy
Icon
Port scanning and traceroute with scapy
Icon
Reading pcap files with scapy
Icon
Packet-sniffing with scapy
Icon
Working with scapy to detect ARP spoofing attacks
Icon
Summary
Icon
Questions
Icon
Further reading
8
Section 3: Server Scripting and Port Scanning with Python
Icon
Section 3: Server Scripting and Port Scanning with Python
9
Gathering Information from Servers with OSINT Tools
Icon
Gathering Information from Servers with OSINT Tools
Icon
Technical requirements
Icon
Introducing Open Source Intelligence (OSINT)
Icon
Getting information using Google Dorks
Icon
Getting information using SpiderFoot
Icon
Getting information on DNS servers with DNSPython and DNSRecon
Icon
Getting vulnerable addresses in servers with fuzzing
Icon
Summary
Icon
Questions
Icon
Further reading
10
Interacting with FTP, SFTP, and SSH Servers
Icon
Interacting with FTP, SFTP, and SSH Servers
Icon
Technical requirements
Icon
Connecting to FTP servers
Icon
Building an anonymous FTP scanner with Python
Icon
Connecting with SSH servers with paramiko and pysftp
Icon
Implementing an SSH server with paramiko
Icon
Checking the security of SSH servers
Icon
Summary
Icon
Questions
Icon
Further reading
11
Working with Nmap Scanner
Icon
Working with Nmap Scanner
Icon
Technical requirements
Icon
Introducing port scanning with Nmap
Icon
Synchronous and asynchronous scanning with python-nmap
Icon
Discovering services and vulnerabilities with Nmap scripts
Icon
Port scanning via online services
Icon
Summary
Icon
Questions
Icon
Further reading
12
Section 4: Server Vulnerabilities and Security in Web Applications
Icon
Section 4: Server Vulnerabilities and Security in Web Applications
13
Interacting with Vulnerability Scanners
Icon
Interacting with Vulnerability Scanners
Icon
Technical requirements
Icon
Introducing the OpenVAS vulnerability scanner
Icon
Accessing OpenVAS with Python
Icon
Introducing OWASP ZAP as an automated security testing tool
Icon
Interacting with OWASP ZAP using Python
Icon
WriteHat as a pentesting reports tool
Icon
Summary
Icon
Questions
Icon
Further reading
14
Interacting with Server Vulnerabilities in Web Applications
Icon
Interacting with Server Vulnerabilities in Web Applications
Icon
Technical requirements
Icon
Understanding vulnerabilities in web applications with OWASP
Icon
Analyzing and discovering vulnerabilities in CMS web applications
Icon
Discovering vulnerabilities in Tomcat server applications
Icon
Discovering SQL vulnerabilities with Python tools
Icon
Automating the process of detecting vulnerabilities in web applications
Icon
Summary
Icon
Questions
Icon
Further reading
15
Obtain Information from Vulnerabilities Databases
Icon
Obtain Information from Vulnerabilities Databases
Icon
Technical requirements
Icon
Identify and understand vulnerabilities and exploits
Icon
Searching for vulnerabilities in the NVD
Icon
Searching for vulnerabilities in the Vulners database
Icon
Searching for vulnerabilities with Pompem
Icon
Summary
Icon
Questions
Icon
Further reading
16
Section 5: Python Forensics
Icon
Section 5: Python Forensics
17
Extracting Geolocation and Metadata from Documents, Images, and Browsers
Icon
Extracting Geolocation and Metadata from Documents, Images, and Browsers
Icon
Technical requirements
Icon
Extracting geolocation information
Icon
Python modules for extracting geolocation information
Icon
Extracting metadata from images
Icon
Extracting metadata from PDF documents
Icon
Extracting metadata with PyPDF2
Icon
Extracting metadata with PyMuPDF
Icon
Identifying the technology used by a website
Icon
Extracting metadata from web browsers
Icon
Summary
Icon
Questions
Icon
Further reading
18
Python Tools for Brute-Force Attacks
Icon
Python Tools for Brute-Force Attacks
Icon
Technical requirements
Icon
Dictionary builders for brute-force attacks
Icon
Password list generator
Icon
Tools for brute-force attacks in Python
Icon
Executing brute-force attacks for web applications
Icon
Executing brute-force attacks for ZIP files
Icon
Summary
Icon
Questions
Icon
Further reading
19
Cryptography and Code Obfuscation
Icon
Cryptography and Code Obfuscation
Icon
Technical requirements
Icon
Encrypting and decrypting information with pycryptodome
Icon
Encrypting and decrypting information with cryptography
Icon
Generating keys securely with the secrets and hashlib modules
Icon
Python tools for code obfuscation
Icon
Summary
Icon
Questions
Icon
Further reading
20
Assessments – Answers to the End-of-Chapter Questions
Icon
Assessments – Answers to the End-of-Chapter Questions
21
Other Books You May Enjoy
Icon
Other Books You May Enjoy
22
Index
Icon
Index

Managing dependencies and virtual environments

In this section, you will be able to identify how to manage dependencies and the execution environment with pip and virtualenv.

Managing dependencies in a Python project

If our project has dependencies with other libraries, the goal will be to have a file where we have such dependencies, so that our module is built and distributed as quickly as possible. For this function, we can create a file called requirements.txt, which contains all the dependencies the module requires.

To install all the dependencies, we can use the following command with the pip utility:

$ pip -r requirements.txt

Here, pip is the Python package and dependency manager and requirements.txt is the file where all the dependencies of the project are saved.

TIP

Within the Python ecosystem, we can find new projects to manage the dependencies and packages of a Python project. For example, poetry (https://python-poetry.org) is a tool for handling dependency installation as well as building and packaging Python packages.

Install Python modules

Python has an active community of developers and users who develop both standard Python modules, as well as modules and packages developed by third parties. The Python Package Index, or PyPI (https://pypi.org), is the official software package repository for third-party applications in the Python programming language.

To install a new python Package, you have the following alternatives:

  • Use the one that is packaged depending on the operating system and distribution you are using. For example, using apt-cache show <package>
  • Install pip on your computer and, as a superuser, install the Python package that interests us. This solution can give us many problems, since we can break the dependencies between the versions of our Python packages installed on the system and some package may stop working.
  • Use virtual environments: It is a mechanism that allows you to manage Python programs and packages without having administration permissions, that is, any user without privileges can have one or more “isolated spaces” where they can install different versions of Python programs and packages. To create the virtual environments, we can use the virtualenv program or the venv module.

Generating the requirements.txt file

We also have the ability to create the requirements.txt file from the project source code. For this task, we can use the pipreqs module, whose code can be downloaded from the GitHub repository at https://github.com/bndr/pipreqs.

In this way, the module can be installed either with the pip install pipreqs command or through the GitHub code repository using the python setup.py install command.

For more information about the module, you can refer to the official PyPI page https://pypi.org/project/pipreqs/.

To generate the requirements.txt file, you could execute the following command:

$ pipreqs <path_project>

Working with virtual environments

When operating with Python, it’s strongly recommended that you use virtual environments. A virtual environment provides a separate environment for installing Python modules and an isolated copy of the Python executable file and associated files.

You can have as many virtual environments as you need, which means that you can have multiple module configurations configured, and you can easily switch between them.

Configuring virtualenv

When you install a Python module on your local computer without having to use a virtual environment, you install it on the operating system globally. Typically, this installation requires a user root administrator, and the Python module is configured for each user and project.

The best approach at this point is to create a Python virtual environment if you need to work on many Python projects, or if you are working with several projects that are sharing some modules.

virtualenv is a Python module that enables you to build isolated, virtual environments. Essentially, you must create a folder that contains all the executable files and modules needed for a project. You can install virtualenv as follows:

  1. Type in the following command: 
    $ sudo pip install virtualenv
  2. To create a new virtual environment, create a new folder and enter the folder from the command line: 
    $ cd your_new_folder
$ virtualenv name-of-virtual-environment
$ source bin/activate
  3. Once it is active, you will have a clean environment of modules and libraries, and you will have to download the dependencies of the project so that they are copied in this directory using the following command: 
    (venv) > pip install -r requirements.txt

    Executing this command will initiate a folder with the name indicated in your current working directory with all the executable files of Python and the pip module, which allows you to install different packages in your virtual environment.

    IMPORTANT NOTE

    If you are working with Python 3.3+, virtualenv is included in stdlib. You can get an installation update for virtualenv in the Python documentation: https://docs.python.org/3/library/venv.html.

  1. virtualenv is like a sandbox where all the dependencies of the project will be installed when you are working, and all modules and dependencies are kept separate. If users have the same version of Python installed on their machine, the same code will work in the virtual environment without requiring any changes.

Now that you know how to install your own virtual environment, let’s move on to review development environments for Python scripting, including Python IDLE and PyCharm.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Python for Security and Networking
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon