Home Page Icon
Home Page
Table of Contents for
Python: Penetration Testing for Developers
Close
Python: Penetration Testing for Developers
by Dave Mound, Benjamin May, Andrew Mabbitt, Terry Ip, Cameron Buchanan, Mohit, Chr
Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Table of Contents
Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Credits
Preface
What this learning path covers
What you need for this learning path
Who this learning path is for
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Module 1
1. Understanding the Penetration Testing Methodology
An overview of penetration testing
Understanding what penetration testing is not
Vulnerability assessments
Reverse engineering engagements
Hacking
Assessment methodologies
The penetration testing execution standard
Pre-engagement interactions
White Box Testing
Grey Box Testing
Black Box Testing
Double Blind Testing
Intelligence gathering
Threat modeling
Vulnerability analysis
Exploitation
Post exploitation
Reporting
An example engagement
Penetration testing tools
NMAP
Metasploit
Veil
Burp Suite
Hydra
John the Ripper
Cracking Windows passwords with John
oclHashcat
Ophcrack
Mimikatz and Incognito
SMBexec
Cewl
Responder
theHarvester and Recon-NG
pwdump and fgdump
Netcat
Sysinternals tools
Summary
2. The Basics of Python Scripting
Understanding the difference between interpreted and compiled languages
Python – the good and the bad
A Python interactive interpreter versus a script
Environmental variables and PATH
Understanding dynamically typed languages
The first Python script
Developing scripts and identifying errors
Reserved words, keywords, and built-in functions
Global and local variables
Understanding a namespace
Modules and imports
Python formatting
Indentation
Python variables
Debugging variable values
String variables
Number variables
Converting string and number variables
List variables
Tuple variables
Dictionary variables
Understanding default values and constructors
Passing a variable to a string
Operators
Comparison operators
Assignment operators
Arithmetic operators
Logical and membership operators
Compound statements
The if statements
Python loops
The while loop
The for loop
The break condition
Conditional handlers
Functions
The impact of dynamically typed languages on functions on functions
Curly brackets
How to comment your code
The Python style guide
Classes
Functions
Variables and instance names
Arguments and options
Your first assessor script
Summary
3. Identifying Targets with Nmap, Scapy, and Python
Understanding how systems communicate
The Ethernet frame architecture
Layer 2 in Ethernet networks
Layer 2 in wireless networks
The IP packet architecture
The TCP header architecture
Understanding how TCP works
The TCP three-way handshake
The UDP header architecture
Understanding how UDP works
Understanding Nmap
Inputting the target ranges for Nmap
Executing the different scan types
Executing TCP full connection scans
Executing SYN scans
Executing ACK scans
Executing UDP scans
Executing combined UDP and TCP scans
Skipping the operating system scans
Different output types
Understanding the Nmap Grepable output
Understanding the Nmap XML output
The Nmap scripting engine
Being efficient with Nmap scans
Determining your interface details with the netifaces library
Nmap libraries for Python
The Scapy library for Python
Summary
4. Executing Credential Attacks with Python
The types of credential attacks
Defining the online credential attack
Defining the offline credential attack
Identifying the target
Creating targeted usernames
Generating and verifying usernames with help from the U.S. census
Generating the usernames
Testing for users using SMTP VRFY
Creating the SMTP VRFY script
Summary
5. Exploiting Services with Python
Understanding the new age of service exploitation
Understanding the chaining of exploits
Checking for weak, default, or known passwords
Gaining root access to the system
Understanding the cracking of Linux hashes
Testing for the synchronization of account credentials
Automating the exploit train with Python
Summary
6. Assessing Web Applications with Python
Identifying live applications versus open ports
Identifying hidden files and directories with Python
Credential attacks with Burp Suite
Using twill to walk through the source
Understanding when to use Python for web assessments
Understanding when to use specific libraries
Being efficient during web assessments
Summary
7. Cracking the Perimeter with Python
Understanding today's perimeter
Clear-text protocols
Web applications
Encrypted remote access services
Virtual Private Networks (VPNs)
Mail services
Domain Name Service (DNS)
User Datagram Protocol (UDP) services
Understanding the link between accounts and services
Cracking inboxes with Burp Suite
Identifying the attack path
Understanding the limitations of perimeter scanning
Downloading backup files from a TFTP server
Determining the backup filenames
Cracking Cisco MD5 hashes
Gaining access through websites
The execution of file inclusion attacks
Verifying an RFI vulnerability
Exploiting the hosts through RFI
Summary
8. Exploit Development with Python, Metasploit, and Immunity
Getting started with registers
Understanding general purpose registers
The EAX
The EBX
The ECX
The EDX
Understanding special purpose registers
The EBP
The EDI
The EIP
The ESP
Understanding the Windows memory structure
Understanding the stack and the heap
Understanding the program image and dynamic-link libraries
Understanding the process environment block
Understanding the thread environment block
Kernel
Understanding memory addresses and endianness
Understanding the manipulation of the stack
Understanding immunity
Understanding basic buffer overflow
Writing a basic buffer overflow exploit
Understanding stack adjustments
Understanding the purpose of local exploits
Understanding other exploit scripts
Exploiting standalone binaries by executing scripts
Exploiting systems by TCP service
Exploiting systems by UDP service
Reversing Metasploit modules
Understanding protection mechanisms
Summary
9. Automating Reports and Tasks with Python
Understanding how to parse XML files for reports
Understanding how to create a Python class
Creating a Python script to parse an Nmap XML
Creating a Python script to generate Excel spreadsheets
Summary
10. Adding Permanency to Python Tools
Understanding logging within Python
Understanding the difference between multithreading and multiprocessing
Creating a multithreaded script in Python
Creating a multiprocessing script in Python
Building industry-standard tools
Summary
2. Module 2
1. Python with Penetration Testing and Networking
Introducing the scope of pentesting
The need for pentesting
Components to be tested
Qualities of a good pentester
Defining the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Server socket methods
Client socket methods
General socket methods
Moving on to the practical
Socket exceptions
Useful socket methods
Summary
2. Scanning Pentesting
How to check live systems in a network and the concept of a live system
Ping sweep
The TCP scan concept and its implementation using a Python script
How to create an efficient IP scanner
What are the services running on the target machine?
The concept of a port scanner
How to create an efficient port scanner
Summary
3. Sniffing and Penetration Testing
Introducing a network sniffer
Passive sniffing
Active sniffing
Implementing a network sniffer using Python
Format characters
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
The ARP request
The ARP reply
The ARP cache
Testing the security system using custom packet crafting and injection
Network disassociation
A half-open scan
The FIN scan
ACK flag scanning
Ping of death
Summary
4. Wireless Pentesting
Wireless SSID finding and wireless traffic analysis by Python
Detecting clients of an AP
Wireless attacks
The deauthentication (deauth) attacks
The MAC flooding attack
How the switch uses the CAM tables
The MAC flood logic
Summary
5. Foot Printing of a Web Server and a Web Application
The concept of foot printing of a web server
Introducing information gathering
Checking the HTTP header
Information gathering of a website from SmartWhois by the parser BeautifulSoup
Banner grabbing of a website
Hardening of a web server
Summary
6. Client-side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Single IP single port
Single IP multiple port
Multiple IP multiple port
Detection of DDoS
Summary
7. Pentesting of SQLI and XSS
Introducing the SQL injection attack
Types of SQL injections
Simple SQL injection
Blind SQL injection
Understanding the SQL injection attack by a Python script
Learning about Cross-Site scripting
Persistent or stored XSS
Nonpersistent or reflected XSS
Summary
3. Module 3
1. Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Getting ready
How to do it…
How it works…
There's more…
Scripting a Google+ API search
Getting ready
How to do it…
How it works…
See also…
There's more…
Downloading profile pictures using the Google+ API
How to do it
How it works
Harvesting additional results from the Google+ API using pagination
How to do it
How it works
Getting screenshots of websites with QtWebKit
Getting ready
How to do it…
How it works…
There's more…
Screenshots based on a port list
Getting ready
How to do it…
How it works…
There's more…
Spidering websites
Getting ready
How to do it…
How it works…
There's more…
2. Enumeration
Introduction
Performing a ping sweep with Scapy
How to do it…
How it works…
Scanning with Scapy
How to do it…
How it works…
There's more…
Checking username validity
Getting ready
How to do it…
How it works…
There's more…
See also
Brute forcing usernames
Getting ready
How to do it…
How it works…
See also
Enumerating files
Getting ready
How to do it…
How it works…
Brute forcing passwords
Getting ready
How to do it…
How it works…
See also
Generating e-mail addresses from names
Getting ready
How to do it…
How it works…
There's more…
See also
Finding e-mail addresses from web pages
Getting ready
How to do it…
How it works…
There's more…
See also
Finding comments in source code
How to do it…
How it works…
There's more…
3. Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Getting ready
How to do it…
How it works…
There's more
Automated URL-based Cross-site scripting
How to do it…
How it works…
There's more…
Automated parameter-based Cross-site scripting
How to do it…
How it works…
There's more…
Automated fuzzing
Getting ready
How to do it…
How it works…
There's more…
See also
jQuery checking
How to do it…
How it works…
There's more…
Header-based Cross-site scripting
Getting ready
How to do it…
How it works…
See also
Shellshock checking
Getting ready
How to do it…
How it works…
4. SQL Injection
Introduction
Checking jitter
How to do it…
How it works…
There's more…
Identifying URL-based SQLi
How to do it…
How it works…
There's more…
Exploiting Boolean SQLi
How to do it…
How it works…
There's more…
Exploiting Blind SQL Injection
How to do it…
How it works…
There's more…
Encoding payloads
How to do it…
How it works…
There's more…
5. Web Header Manipulation
Introduction
Testing HTTP methods
How to do it…
How it works…
There's more…
Fingerprinting servers through HTTP headers
How to do it…
How it works…
There's more…
Testing for insecure headers
Getting ready
How to do it…
How it works…
Brute forcing login through the Authorization header
Getting ready
How to do it…
How it works…
There's more…
See also
Testing for clickjacking vulnerabilities
How to do it…
How it works…
Identifying alternative sites by spoofing user agents
How to do it…
How it works…
See also
Testing for insecure cookie flags
How to do it…
How it works…
There's more…
Session fixation through a cookie injection
Getting ready
How to do it…
How it works…
There's more…
6. Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Getting ready
How to do it…
How it works…
There's more…
See also
Extracting messages hidden in LSB
How to do it…
How it works…
There's more…
Hiding text in images
How to do it…
How it works…
There's more…
Extracting text from images
How to do it…
How it works…
There's more…
Enabling command and control using steganography
Getting ready
How to do it…
How it works…
7. Encryption and Encoding
Introduction
Generating an MD5 hash
Getting ready
How to do it…
How it works…
Generating an SHA 1/128/256 hash
Getting ready
How to do it…
How it works…
Implementing SHA and MD5 hashes together
Getting ready
How to do it…
How it works…
Implementing SHA in a real-world scenario
Getting ready
How to do it…
How it works…
Generating a Bcrypt hash
Getting ready
How to do it…
How it works…
Cracking an MD5 hash
Getting ready
How to do it…
How it works…
Encoding with Base64
Getting ready
How to do it…
How it works…
Encoding with ROT13
Getting ready
How to do it…
How it works…
Cracking a substitution cipher
Getting ready
How to do it…
How it works…
Cracking the Atbash cipher
Getting ready
How to do it…
How it works…
Attacking one-time pad reuse
Getting ready
How to do it…
How it works…
Predicting a linear congruential generator
Getting ready
How to do it…
How it works…
Identifying hashes
Getting ready
How to do it…
How it works…
8. Payloads and Shells
Introduction
Extracting data through HTTP requests
Getting Ready
How to do it…
How it works…
Creating an HTTP C2
Getting Started
How to do it…
How it works…
Creating an FTP C2
Getting Started
How to do it…
How it works…
Creating an Twitter C2
Getting Started
How to do it…
How it works…
Creating a simple Netcat shell
How to do it…
How it works…
9. Reporting
Introduction
Converting Nmap XML to CSV
Getting ready
How to do it…
How it works…
Extracting links from a URL to Maltego
How to do it…
How it works…
There’s more…
Extracting e-mails to Maltego
How to do it…
How it works…
Parsing Sslscan into CSV
How to do it…
How it works…
Generating graphs using plot.ly
Getting ready
How to do it…
How it works…
A. Bibliography
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Table of Contents
Next
Next Chapter
Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset