You are previewing Learning Penetration Testing with Python.
O'Reilly logo
Learning Penetration Testing with Python

Book Description

Utilize Python scripting to execute effective and efficient penetration tests

About This Book

  • Understand how and where Python scripts meet the need for penetration testing

  • Familiarise yourself with the process of highlighting a specific methodology to exploit an environment to fetch critical data

  • Develop your Python and penetration testing skills with real-world examples

  • Who This Book Is For

    If you are a security professional or researcher, with knowledge of different operating systems and a conceptual idea of penetration testing, and you would like to grow your knowledge in Python, then this book is ideal for you.

    What You Will Learn

  • Familiarise yourself with the generation of Metasploit resource files

  • Use the Metasploit Remote Procedure Call (MSFRPC) to automate exploit generation and execution

  • Use Python's Scrapy, network, socket, office, Nmap libraries, and custom modules

  • Parse Microsoft Office spreadsheets and eXtensible Markup Language (XML) data files

  • Write buffer overflows and reverse Metasploit modules to expand capabilities

  • Exploit Remote File Inclusion (RFI) to gain administrative access to systems with Python and other scripting languages

  • Crack an organization's Internet perimeter

  • Chain exploits to gain deeper access to an organization's resources

  • Interact with web services with Python

  • In Detail

    Python is a powerful new-age scripting platform that allows you to build exploits, evaluate services, automate, and link solutions with ease. Python is a multi-paradigm programming language well suited to both object-oriented application development as well as functional design patterns. Because of the power and flexibility offered by it, Python has become one of the most popular languages used for penetration testing.

    This book highlights how you can can evaluate an organization methodically and realistically. Specific tradecraft and techniques are covered that show you exactly when and where industry tools can and should be used and when Python fits a need that proprietary and open source solutions do not.

    Initial methodology, and Python fundamentals are established and then built on. Specific examples are created with vulnerable system images, which are available to the community to test scripts, techniques, and exploits. This book walks you through real-world penetration testing challenges and how Python can help.

    From start to finish, the book takes you through how to create Python scripts that meet relative needs that can be adapted to particular situations. As chapters progress, the script examples explain new concepts to enhance your foundational knowledge, culminating with you being able to build multi-threaded security tools, link security tools together, automate reports, create custom exploits, and expand Metasploit modules.

    Style and approach

    This book is a practical guide that will help you become better penetration testers and/or Python security tool developers. Each chapter builds on concepts and tradecraft using detailed examples in test environments that you can simulate.

    Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Learning Penetration Testing with Python
      1. Table of Contents
      2. Learning Penetration Testing with Python
      3. Credits
      4. Disclaimer
      5. About the Author
      6. Acknowlegements
      7. About the Reviewers
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      9. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Downloading the color images of this book
          3. Errata
          4. Piracy
          5. Questions
      10. 1. Understanding the Penetration Testing Methodology
        1. An overview of penetration testing
        2. Understanding what penetration testing is not
          1. Vulnerability assessments
          2. Reverse engineering engagements
          3. Hacking
        3. Assessment methodologies
        4. The penetration testing execution standard
          1. Pre-engagement interactions
            1. White Box Testing
            2. Grey Box Testing
            3. Black Box Testing
            4. Double Blind Testing
          2. Intelligence gathering
          3. Threat modeling
          4. Vulnerability analysis
          5. Exploitation
          6. Post exploitation
          7. Reporting
          8. An example engagement
        5. Penetration testing tools
          1. NMAP
          2. Metasploit
          3. Veil
          4. Burp Suite
          5. Hydra
          6. John the Ripper
            1. Cracking Windows passwords with John
          7. oclHashcat
          8. Ophcrack
          9. Mimikatz and Incognito
          10. SMBexec
          11. Cewl
          12. Responder
          13. theHarvester and Recon-NG
          14. pwdump and fgdump
          15. Netcat
          16. Sysinternals tools
        6. Summary
      11. 2. The Basics of Python Scripting
        1. Understanding the difference between interpreted and compiled languages
        2. Python – the good and the bad
        3. A Python interactive interpreter versus a script
        4. Environmental variables and PATH
        5. Understanding dynamically typed languages
        6. The first Python script
        7. Developing scripts and identifying errors
          1. Reserved words, keywords, and built-in functions
          2. Global and local variables
          3. Understanding a namespace
          4. Modules and imports
        8. Python formatting
          1. Indentation
        9. Python variables
          1. Debugging variable values
          2. String variables
          3. Number variables
          4. Converting string and number variables
          5. List variables
          6. Tuple variables
          7. Dictionary variables
          8. Understanding default values and constructors
          9. Passing a variable to a string
        10. Operators
          1. Comparison operators
          2. Assignment operators
          3. Arithmetic operators
          4. Logical and membership operators
        11. Compound statements
          1. The if statements
          2. Python loops
            1. The while loop
            2. The for loop
              1. The break condition
          3. Conditional handlers
        12. Functions
          1. The impact of dynamically typed languages on functions on functions
          2. Curly brackets
          3. How to comment your code
        13. The Python style guide
          1. Classes
          2. Functions
          3. Variables and instance names
        14. Arguments and options
        15. Your first assessor script
        16. Summary
      12. 3. Identifying Targets with Nmap, Scapy, and Python
        1. Understanding how systems communicate
          1. The Ethernet frame architecture
            1. Layer 2 in Ethernet networks
            2. Layer 2 in wireless networks
          2. The IP packet architecture
          3. The TCP header architecture
          4. Understanding how TCP works
            1. The TCP three-way handshake
          5. The UDP header architecture
          6. Understanding how UDP works
        2. Understanding Nmap
          1. Inputting the target ranges for Nmap
          2. Executing the different scan types
            1. Executing TCP full connection scans
            2. Executing SYN scans
            3. Executing ACK scans
            4. Executing UDP scans
          3. Executing combined UDP and TCP scans
          4. Skipping the operating system scans
          5. Different output types
            1. Understanding the Nmap Grepable output
            2. Understanding the Nmap XML output
          6. The Nmap scripting engine
          7. Being efficient with Nmap scans
            1. Determining your interface details with the netifaces library
        3. Nmap libraries for Python
        4. The Scapy library for Python
        5. Summary
      13. 4. Executing Credential Attacks with Python
        1. The types of credential attacks
          1. Defining the online credential attack
          2. Defining the offline credential attack
        2. Identifying the target
        3. Creating targeted usernames
          1. Generating and verifying usernames with help from the U.S. census
          2. Generating the usernames
        4. Testing for users using SMTP VRFY
          1. Creating the SMTP VRFY script
        5. Summary
      14. 5. Exploiting Services with Python
        1. Understanding the new age of service exploitation
        2. Understanding the chaining of exploits
          1. Checking for weak, default, or known passwords
          2. Gaining root access to the system
          3. Understanding the cracking of Linux hashes
          4. Testing for the synchronization of account credentials
        3. Automating the exploit train with Python
        4. Summary
      15. 6. Assessing Web Applications with Python
        1. Identifying live applications versus open ports
        2. Identifying hidden files and directories with Python
        3. Credential attacks with Burp Suite
        4. Using twill to walk through the source
        5. Understanding when to use Python for web assessments
          1. Understanding when to use specific libraries
          2. Being efficient during web assessments
        6. Summary
      16. 7. Cracking the Perimeter with Python
        1. Understanding today's perimeter
          1. Clear-text protocols
          2. Web applications
          3. Encrypted remote access services
          4. Virtual Private Networks (VPNs)
          5. Mail services
          6. Domain Name Service (DNS)
          7. User Datagram Protocol (UDP) services
        2. Understanding the link between accounts and services
        3. Cracking inboxes with Burp Suite
        4. Identifying the attack path
          1. Understanding the limitations of perimeter scanning
          2. Downloading backup files from a TFTP server
            1. Determining the backup filenames
          3. Cracking Cisco MD5 hashes
        5. Gaining access through websites
          1. The execution of file inclusion attacks
            1. Verifying an RFI vulnerability
            2. Exploiting the hosts through RFI
        6. Summary
      17. 8. Exploit Development with Python, Metasploit, and Immunity
        1. Getting started with registers
          1. Understanding general purpose registers
            1. The EAX
            2. The EBX
            3. The ECX
            4. The EDX
          2. Understanding special purpose registers
            1. The EBP
            2. The EDI
            3. The EIP
            4. The ESP
        2. Understanding the Windows memory structure
          1. Understanding the stack and the heap
          2. Understanding the program image and dynamic-link libraries
          3. Understanding the process environment block
          4. Understanding the thread environment block
          5. Kernel
        3. Understanding memory addresses and endianness
        4. Understanding the manipulation of the stack
        5. Understanding immunity
        6. Understanding basic buffer overflow
        7. Writing a basic buffer overflow exploit
        8. Understanding stack adjustments
        9. Understanding the purpose of local exploits
        10. Understanding other exploit scripts
          1. Exploiting standalone binaries by executing scripts
          2. Exploiting systems by TCP service
          3. Exploiting systems by UDP service
        11. Reversing Metasploit modules
        12. Understanding protection mechanisms
        13. Summary
      18. 9. Automating Reports and Tasks with Python
        1. Understanding how to parse XML files for reports
        2. Understanding how to create a Python class
          1. Creating a Python script to parse an Nmap XML
          2. Creating a Python script to generate Excel spreadsheets
        3. Summary
      19. 10. Adding Permanency to Python Tools
        1. Understanding logging within Python
        2. Understanding the difference between multithreading and multiprocessing
          1. Creating a multithreaded script in Python
          2. Creating a multiprocessing script in Python
        3. Building industry-standard tools
        4. Summary
      20. Index