Book Image

Python for Security and Networking - Third Edition

By : José Ortega
4 (3)
Book Image

Python for Security and Networking - Third Edition

4 (3)
By: José Ortega

Overview of this book

Python’s latest updates add numerous libraries that can be used to perform critical security-related missions, including detecting vulnerabilities in web applications, taking care of attacks, and helping to build secure and robust networks that are resilient to them. This fully updated third edition will show you how to make the most of them and improve your security posture. The first part of this book will walk you through Python scripts and libraries that you’ll use throughout the book. Next, you’ll dive deep into the core networking tasks where you will learn how to check a network’s vulnerability using Python security scripting and understand how to check for vulnerabilities in your network – including tasks related to packet sniffing. You’ll also learn how to achieve endpoint protection by leveraging Python packages along with writing forensics scripts. The next part of the book will show you a variety of modern techniques, libraries, and frameworks from the Python ecosystem that will help you extract data from servers and analyze the security in web applications. You’ll take your first steps in extracting data from a domain using OSINT tools and using Python tools to perform forensics tasks. By the end of this book, you will be able to make the most of Python to test the security of your network and applications.
Table of Contents (23 chapters)
1
Section 1: Python Environment and System Programming Tools
4
Section 2: Network Scripting and Packet Sniffing with Python
8
Section 3: Server Scripting and Port Scanning with Python
12
Section 4: Server Vulnerabilities and Security in Web Applications
16
Section 5: Python Forensics
20
Assessments – Answers to the End-of-Chapter Questions
21
Other Books You May Enjoy
22
Index

Reading pcap files with scapy

In this section, you will learn the basics of reading pcap files. PCAP (Packet CAPture) refers to the API that allows you to capture network packets for processing. The PCAP format is standard and is used by well-known network analysis tools such as TCPDump, WinDump, Wireshark, TShark, and Ettercap. Scapy incorporates two functions to work with PCAP file, which will allow us to read and write about them:

  • rdcap(): Reads and loads a .pcap file.
  • wdcap(): Writes the contents of a list of packages in a .pcap file.

With the rdpcap() function, we can read a pcap file and get a list of packages that can be handled directly from Python:

>>> packets = rdpcap('packets.pcap')
>>> packets.summary()
Ether / IP / TCP 10.0.2.15:personal_agent > 10.0.2.2:9170 A / Padding
Ether / IP / TCP 10.0.2.15:personal_agent > 10.0.2.2:9170 PA / Raw
Ether / IP / TCP 10.0.2.2:9170 > 10.0.2.15:personal_agent A
Ether...