O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Python: Penetration Testing for Developers

Book Description

Unleash the power of Python scripting to execute effective and efficient penetration tests

About This Book

  • Sharpen your pentesting skills with Python
  • Develop your fluency with Python to write sharper scripts for rigorous security testing
  • Get stuck into some of the most powerful tools in the security world

Who This Book Is For

If you are a Python programmer or a security researcher who has basic knowledge of Python programming and wants to learn about penetration testing with the help of Python, this course is ideal for you. Even if you are new to the field of ethical hacking, this course can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

What You Will Learn

  • Familiarize yourself with the generation of Metasploit resource files and use the Metasploit Remote Procedure Call to automate exploit generation and execution
  • Exploit the Remote File Inclusion to gain administrative access to systems with Python and other scripting languages
  • Crack an organization's Internet perimeter and chain exploits to gain deeper access to an organization's resources
  • Explore wireless traffic with the help of various programs and perform wireless attacks with Python programs
  • Gather passive information from a website using automated scripts and perform XSS, SQL injection, and parameter tampering attacks
  • Develop complicated header-based attacks through Python

In Detail

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level.

In the first module, we’ll show you how to get to grips with the fundamentals. This means you’ll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You’ll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat.

In the next module you’ll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert.

Finally in the third module, you’ll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.

This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:

  • Learning Penetration Testing with Python by Christopher Duffy
  • Python Penetration Testing Essentials by Mohit
  • Python Web Penetration Testing Cookbook by Cameron Buchanan,Terry Ip, Andrew Mabbitt, Benjamin May and Dave Mound

Style and approach

This course provides a quick access to powerful, modern tools, and customizable scripts to kick-start the creation of your own Python web penetration testing toolbox.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Python: Penetration Testing for Developers
    1. Table of Contents
    2. Python: Penetration Testing for Developers
    3. Python: Penetration Testing for Developers
    4. Credits
    5. Preface
      1. What this learning path covers
      2. What you need for this learning path
      3. Who this learning path is for
      4. Reader feedback
      5. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    6. 1. Module 1
      1. 1. Understanding the Penetration Testing Methodology
        1. An overview of penetration testing
        2. Understanding what penetration testing is not
          1. Vulnerability assessments
          2. Reverse engineering engagements
          3. Hacking
        3. Assessment methodologies
        4. The penetration testing execution standard
          1. Pre-engagement interactions
            1. White Box Testing
            2. Grey Box Testing
            3. Black Box Testing
            4. Double Blind Testing
          2. Intelligence gathering
          3. Threat modeling
          4. Vulnerability analysis
          5. Exploitation
          6. Post exploitation
          7. Reporting
          8. An example engagement
        5. Penetration testing tools
          1. NMAP
          2. Metasploit
          3. Veil
          4. Burp Suite
          5. Hydra
          6. John the Ripper
            1. Cracking Windows passwords with John
          7. oclHashcat
          8. Ophcrack
          9. Mimikatz and Incognito
          10. SMBexec
          11. Cewl
          12. Responder
          13. theHarvester and Recon-NG
          14. pwdump and fgdump
          15. Netcat
          16. Sysinternals tools
        6. Summary
      2. 2. The Basics of Python Scripting
        1. Understanding the difference between interpreted and compiled languages
        2. Python – the good and the bad
        3. A Python interactive interpreter versus a script
        4. Environmental variables and PATH
        5. Understanding dynamically typed languages
        6. The first Python script
        7. Developing scripts and identifying errors
          1. Reserved words, keywords, and built-in functions
          2. Global and local variables
          3. Understanding a namespace
          4. Modules and imports
        8. Python formatting
          1. Indentation
        9. Python variables
          1. Debugging variable values
          2. String variables
          3. Number variables
          4. Converting string and number variables
          5. List variables
          6. Tuple variables
          7. Dictionary variables
          8. Understanding default values and constructors
          9. Passing a variable to a string
        10. Operators
          1. Comparison operators
          2. Assignment operators
          3. Arithmetic operators
          4. Logical and membership operators
        11. Compound statements
          1. The if statements
          2. Python loops
            1. The while loop
            2. The for loop
              1. The break condition
          3. Conditional handlers
        12. Functions
          1. The impact of dynamically typed languages on functions on functions
          2. Curly brackets
          3. How to comment your code
        13. The Python style guide
          1. Classes
          2. Functions
          3. Variables and instance names
        14. Arguments and options
        15. Your first assessor script
        16. Summary
      3. 3. Identifying Targets with Nmap, Scapy, and Python
        1. Understanding how systems communicate
          1. The Ethernet frame architecture
            1. Layer 2 in Ethernet networks
            2. Layer 2 in wireless networks
          2. The IP packet architecture
          3. The TCP header architecture
          4. Understanding how TCP works
            1. The TCP three-way handshake
          5. The UDP header architecture
          6. Understanding how UDP works
        2. Understanding Nmap
          1. Inputting the target ranges for Nmap
          2. Executing the different scan types
            1. Executing TCP full connection scans
            2. Executing SYN scans
            3. Executing ACK scans
            4. Executing UDP scans
          3. Executing combined UDP and TCP scans
          4. Skipping the operating system scans
          5. Different output types
            1. Understanding the Nmap Grepable output
            2. Understanding the Nmap XML output
          6. The Nmap scripting engine
          7. Being efficient with Nmap scans
            1. Determining your interface details with the netifaces library
        3. Nmap libraries for Python
        4. The Scapy library for Python
        5. Summary
      4. 4. Executing Credential Attacks with Python
        1. The types of credential attacks
          1. Defining the online credential attack
          2. Defining the offline credential attack
        2. Identifying the target
        3. Creating targeted usernames
          1. Generating and verifying usernames with help from the U.S. census
          2. Generating the usernames
        4. Testing for users using SMTP VRFY
          1. Creating the SMTP VRFY script
        5. Summary
      5. 5. Exploiting Services with Python
        1. Understanding the new age of service exploitation
        2. Understanding the chaining of exploits
          1. Checking for weak, default, or known passwords
          2. Gaining root access to the system
          3. Understanding the cracking of Linux hashes
          4. Testing for the synchronization of account credentials
        3. Automating the exploit train with Python
        4. Summary
      6. 6. Assessing Web Applications with Python
        1. Identifying live applications versus open ports
        2. Identifying hidden files and directories with Python
        3. Credential attacks with Burp Suite
        4. Using twill to walk through the source
        5. Understanding when to use Python for web assessments
          1. Understanding when to use specific libraries
          2. Being efficient during web assessments
        6. Summary
      7. 7. Cracking the Perimeter with Python
        1. Understanding today's perimeter
          1. Clear-text protocols
          2. Web applications
          3. Encrypted remote access services
          4. Virtual Private Networks (VPNs)
          5. Mail services
          6. Domain Name Service (DNS)
          7. User Datagram Protocol (UDP) services
        2. Understanding the link between accounts and services
        3. Cracking inboxes with Burp Suite
        4. Identifying the attack path
          1. Understanding the limitations of perimeter scanning
          2. Downloading backup files from a TFTP server
            1. Determining the backup filenames
          3. Cracking Cisco MD5 hashes
        5. Gaining access through websites
          1. The execution of file inclusion attacks
            1. Verifying an RFI vulnerability
            2. Exploiting the hosts through RFI
        6. Summary
      8. 8. Exploit Development with Python, Metasploit, and Immunity
        1. Getting started with registers
          1. Understanding general purpose registers
            1. The EAX
            2. The EBX
            3. The ECX
            4. The EDX
          2. Understanding special purpose registers
            1. The EBP
            2. The EDI
            3. The EIP
            4. The ESP
        2. Understanding the Windows memory structure
          1. Understanding the stack and the heap
          2. Understanding the program image and dynamic-link libraries
          3. Understanding the process environment block
          4. Understanding the thread environment block
          5. Kernel
        3. Understanding memory addresses and endianness
        4. Understanding the manipulation of the stack
        5. Understanding immunity
        6. Understanding basic buffer overflow
        7. Writing a basic buffer overflow exploit
        8. Understanding stack adjustments
        9. Understanding the purpose of local exploits
        10. Understanding other exploit scripts
          1. Exploiting standalone binaries by executing scripts
          2. Exploiting systems by TCP service
          3. Exploiting systems by UDP service
        11. Reversing Metasploit modules
        12. Understanding protection mechanisms
        13. Summary
      9. 9. Automating Reports and Tasks with Python
        1. Understanding how to parse XML files for reports
        2. Understanding how to create a Python class
          1. Creating a Python script to parse an Nmap XML
          2. Creating a Python script to generate Excel spreadsheets
        3. Summary
      10. 10. Adding Permanency to Python Tools
        1. Understanding logging within Python
        2. Understanding the difference between multithreading and multiprocessing
          1. Creating a multithreaded script in Python
          2. Creating a multiprocessing script in Python
        3. Building industry-standard tools
        4. Summary
    7. 2. Module 2
      1. 1. Python with Penetration Testing and Networking
        1. Introducing the scope of pentesting
          1. The need for pentesting
          2. Components to be tested
          3. Qualities of a good pentester
          4. Defining the scope of pentesting
        2. Approaches to pentesting
        3. Introducing Python scripting
        4. Understanding the tests and tools you'll need
        5. Learning the common testing platforms with Python
        6. Network sockets
        7. Server socket methods
        8. Client socket methods
        9. General socket methods
        10. Moving on to the practical
          1. Socket exceptions
          2. Useful socket methods
        11. Summary
      2. 2. Scanning Pentesting
        1. How to check live systems in a network and the concept of a live system
          1. Ping sweep
          2. The TCP scan concept and its implementation using a Python script
          3. How to create an efficient IP scanner
        2. What are the services running on the target machine?
          1. The concept of a port scanner
          2. How to create an efficient port scanner
        3. Summary
      3. 3. Sniffing and Penetration Testing
        1. Introducing a network sniffer
          1. Passive sniffing
          2. Active sniffing
        2. Implementing a network sniffer using Python
          1. Format characters
        3. Learning about packet crafting
        4. Introducing ARP spoofing and implementing it using Python
          1. The ARP request
          2. The ARP reply
          3. The ARP cache
        5. Testing the security system using custom packet crafting and injection
          1. Network disassociation
          2. A half-open scan
          3. The FIN scan
          4. ACK flag scanning
          5. Ping of death
        6. Summary
      4. 4. Wireless Pentesting
        1. Wireless SSID finding and wireless traffic analysis by Python
          1. Detecting clients of an AP
        2. Wireless attacks
          1. The deauthentication (deauth) attacks
          2. The MAC flooding attack
            1. How the switch uses the CAM tables
            2. The MAC flood logic
        3. Summary
      5. 5. Foot Printing of a Web Server and a Web Application
        1. The concept of foot printing of a web server
        2. Introducing information gathering
          1. Checking the HTTP header
        3. Information gathering of a website from SmartWhois by the parser BeautifulSoup
        4. Banner grabbing of a website
        5. Hardening of a web server
        6. Summary
      6. 6. Client-side and DDoS Attacks
        1. Introducing client-side validation
        2. Tampering with the client-side parameter with Python
        3. Effects of parameter tampering on business
        4. Introducing DoS and DDoS
          1. Single IP single port
          2. Single IP multiple port
          3. Multiple IP multiple port
          4. Detection of DDoS
        5. Summary
      7. 7. Pentesting of SQLI and XSS
        1. Introducing the SQL injection attack
        2. Types of SQL injections
          1. Simple SQL injection
          2. Blind SQL injection
        3. Understanding the SQL injection attack by a Python script
        4. Learning about Cross-Site scripting
          1. Persistent or stored XSS
          2. Nonpersistent or reflected XSS
        5. Summary
    8. 3. Module 3
      1. 1. Gathering Open Source Intelligence
        1. Introduction
        2. Gathering information using the Shodan API
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        3. Scripting a Google+ API search
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also…
          5. There's more…
        4. Downloading profile pictures using the Google+ API
          1. How to do it
          2. How it works
        5. Harvesting additional results from the Google+ API using pagination
          1. How to do it
          2. How it works
        6. Getting screenshots of websites with QtWebKit
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        7. Screenshots based on a port list
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        8. Spidering websites
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
      2. 2. Enumeration
        1. Introduction
        2. Performing a ping sweep with Scapy
          1. How to do it…
          2. How it works…
        3. Scanning with Scapy
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Checking username validity
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        5. Brute forcing usernames
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        6. Enumerating files
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Brute forcing passwords
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Generating e-mail addresses from names
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        9. Finding e-mail addresses from web pages
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        10. Finding comments in source code
          1. How to do it…
          2. How it works…
          3. There's more…
      3. 3. Vulnerability Identification
        1. Introduction
        2. Automated URL-based Directory Traversal
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more
        3. Automated URL-based Cross-site scripting
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Automated parameter-based Cross-site scripting
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Automated fuzzing
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. jQuery checking
          1. How to do it…
          2. How it works…
          3. There's more…
        7. Header-based Cross-site scripting
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Shellshock checking
          1. Getting ready
          2. How to do it…
          3. How it works…
      4. 4. SQL Injection
        1. Introduction
        2. Checking jitter
          1. How to do it…
          2. How it works…
          3. There's more…
        3. Identifying URL-based SQLi
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Exploiting Boolean SQLi
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Exploiting Blind SQL Injection
          1. How to do it…
          2. How it works…
          3. There's more…
        6. Encoding payloads
          1. How to do it…
          2. How it works…
          3. There's more…
      5. 5. Web Header Manipulation
        1. Introduction
        2. Testing HTTP methods
          1. How to do it…
          2. How it works…
          3. There's more…
        3. Fingerprinting servers through HTTP headers
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Testing for insecure headers
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Brute forcing login through the Authorization header
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. Testing for clickjacking vulnerabilities
          1. How to do it…
          2. How it works…
        7. Identifying alternative sites by spoofing user agents
          1. How to do it…
          2. How it works…
          3. See also
        8. Testing for insecure cookie flags
          1. How to do it…
          2. How it works…
          3. There's more…
        9. Session fixation through a cookie injection
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
      6. 6. Image Analysis and Manipulation
        1. Introduction
        2. Hiding a message using LSB steganography
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        3. Extracting messages hidden in LSB
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Hiding text in images
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Extracting text from images
          1. How to do it…
          2. How it works…
          3. There's more…
        6. Enabling command and control using steganography
          1. Getting ready
          2. How to do it…
          3. How it works…
      7. 7. Encryption and Encoding
        1. Introduction
        2. Generating an MD5 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Generating an SHA 1/128/256 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Implementing SHA and MD5 hashes together
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Implementing SHA in a real-world scenario
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Generating a Bcrypt hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Cracking an MD5 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Encoding with Base64
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Encoding with ROT13
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Cracking a substitution cipher
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Cracking the Atbash cipher
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. Attacking one-time pad reuse
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. Predicting a linear congruential generator
          1. Getting ready
          2. How to do it…
          3. How it works…
        14. Identifying hashes
          1. Getting ready
          2. How to do it…
          3. How it works…
      8. 8. Payloads and Shells
        1. Introduction
        2. Extracting data through HTTP requests
          1. Getting Ready
          2. How to do it…
          3. How it works…
        3. Creating an HTTP C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        4. Creating an FTP C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        5. Creating an Twitter C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        6. Creating a simple Netcat shell
          1. How to do it…
          2. How it works…
      9. 9. Reporting
        1. Introduction
        2. Converting Nmap XML to CSV
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Extracting links from a URL to Maltego
          1. How to do it…
          2. How it works…
          3. There’s more…
        4. Extracting e-mails to Maltego
          1. How to do it…
          2. How it works…
        5. Parsing Sslscan into CSV
          1. How to do it…
          2. How it works…
        6. Generating graphs using plot.ly
          1. Getting ready
          2. How to do it…
          3. How it works…
    9. A. Bibliography
    10. Index