You are previewing Effective Python Penetration Testing.
O'Reilly logo
Effective Python Penetration Testing

Book Description

Pen test your system like a pro and overcome vulnerabilities by leveraging Python scripts, libraries, and tools

About This Book

  • Learn to utilize your Python scripting skills to pentest a computer system, network, and web-application

  • Get proficient at the art of assessing vulnerabilities by conducting effective penetration testing

  • This is the ultimate guide that teaches you how to use Python to protect your systems against sophisticated cyber attacks

  • Who This Book Is For

    This book is ideal for those who are comfortable with Python or a similar language and need no help with basic programming concepts, but want to understand the basics of penetration testing and the problems pentesters face.

    What You Will Learn

  • Write Scapy scripts to investigate network traffic

  • Get to know application fingerprinting techniques with Python

  • Understand the attack scripting techniques

  • Write fuzzing tools with pentesting requirements

  • Learn basic attack scripting methods

  • Utilize cryptographic toolkits in Python

  • Automate pentesting with Python tools and libraries

  • In Detail

    Penetration testing is a practice of testing a computer system, network, or web application to find weaknesses in security that an attacker can exploit. Effective Python Penetration Testing will help you utilize your Python scripting skills to safeguard your networks from cyberattacks.

    We will begin by providing you with an overview of Python scripting and penetration testing. You will learn to analyze network traffic by writing Scapy scripts and will see how to fingerprint web applications with Python libraries such as ProxMon and Spynner.

    Moving on, you will find out how to write basic attack scripts, and will develop debugging and reverse engineering skills with Python libraries. Toward the end of the book, you will discover how to utilize cryptography toolkits in Python and how to automate Python tools and libraries.

    Style and approach

    This is an expert’s guide to Python with a practical based approach, where each chapter will help you improve your penetration testing skills using Python to become a master pen tester.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the code file.

    Table of Contents

    1. Effective Python Penetration Testing
      1. Effective Python Penetration Testing
      2. Credits
      3. About the Author
      4. About the Reviewer
        1. eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      6. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      7. 1. Python Scripting Essentials
        1. Setting up the scripting environment
          1. Setting up in Linux
          2. Setting up in Mac
          3. Setting up in Windows
        2. Installing third-party libraries
          1. Setuptools and pip
          2. Working with virtual environments
            1. Using virtualenv and virtualwrapper
        3. Python language essentials
          1. Variables and types
          2. Strings
          3. Lists
          4. Dictionaries
          5. Networking
          6. Handling exceptions
        4. Summary
      8. 2. Analyzing Network Traffic with Scapy
        1. Sockets modules
          1. Socket
            1. Methods in socket module
            2. Creating a socket
            3. Connecting to a server and sending data
            4. Receiving data
            5. Handling multiple connections
          2. SocketServer
            1. Simple server with the SocketServer module
        2. Raw socket programming
          1. Creating a raw socket
          2. Basic raw socket sniffer
          3. Raw socket packet injection
        3. Investigate network traffic with Scapy
          1. Packet sniffing with Scapy
          2. Packet injection with Scapy
          3. Scapy send and receive methods
          4. Programming with Scapy
        4. Summary
      9. 3. Application Fingerprinting with Python
        1. Web scraping
          1. urllib / urllib2 module
            1. Useful methods of urllib/urllib2
            2. Requests module
            3. Parsing HTML using BeautifulSoup
            4. Download all images on a page
        2. Parsing HTML with lxml
          1. Scrapy
          2. E-mail gathering
        3. OS fingerprinting
        4. Get the EXIF data of an image
        5. Web application fingerprinting
        6. Summary
      10. 4. Attack Scripting with Python
        1. Injections
        2. Broken authentication
        3. Cross-site scripting (XSS)
        4. Insecure direct object references
        5. Security misconfiguration
        6. Sensitive data exposure
        7. Missing function level access control
        8. CSRF attacks
        9. Using components with known vulnerabilities
        10. Unvalidated redirects and forwards
        11. Summary
      11. 5. Fuzzing and Brute-Forcing
        1. Fuzzing
        2. Classification of fuzzers
          1. Mutation (dump) fuzzers
          2. Generation (intelligent) fuzzers
        3. Fuzzing and brute-forcing passwords
        4. Dictionary attack
        5. SSH brute-forcing
        6. SMTP brute-forcing
        7. Brute-forcing directories and file locations
        8. Brute-force cracking password protected ZIP files
          1. Sulley fuzzing framework
            1. Installation
            2. Scripting with sulley
            3. Primitives
            4. Blocks and groups
            5. Sessions
        9. Summary
      12. 6. Debugging and Reverse Engineering
        1. Reverse engineering
        2. Portable executable analysis
          1. DOS header
          2. PE header
            1. Loading PE file
          3. Inspecting headers
          4. Inspecting sections
          5. PE packers
        3. Listing all imported and exported symbols
        4. Disassembling with Capstone
        5. PEfile with Capstone
        6. Debugging
          1. Breakpoints
        7. Using PyDBG
        8. Summary
      13. 7. Crypto, Hash, and Conversion Functions
        1. Cryptographic algorithms
        2. Hash functions
          1. Hashed Message Authentication Code (HMAC)
          2. Message-digest algorithm (MD5)
          3. Secure Hash Algorithm (SHA)
          4. HMAC in Python
          5. hashlib algorithms
          6. Password hashing algorithms
          7. Symmetric encryption algorithms
            1. Block  and stream cipher
          8. PyCrypto
            1. AES encryption of a file
        3. Summary
      14. 8. Keylogging and Screen Grabbing
        1. Keyloggers
          1. Hardware keyloggers
          2. Software keyloggers
        2. Keyloggers with pyhook
        3. Screen grabbing
        4. Summary
      15. 9. Attack Automation
        1. Paramiko
          1. Establish SSH connection with paramiko
          2. Running commands with paramiko
          3. SFTP with paramiko
        2. python-nmap
        3. W3af REST API
        4. Metasploit scripting with MSGRPC
        5. ClamAV antivirus with Python
        6. OWASP ZAP from Python
          1. Breaking weak captcha
          2. Automating BeEF with Python
            1. Installing BeEF
            2. Connecting BeEF with Metasploit
            3. Accessing BeEF API with Python
        7. Accessing Nessus 6 API with Python
        8. Summary
      16. 10. Looking Forward
        1. Pentestly
        2. Twisted
        3. Nscan
        4. sqlmap
        5. CapTipper
        6. Immunity Debugger
        7. pytbull
        9. peepdf
        10. Summary