You are previewing Python Web Penetration Testing Cookbook.
O'Reilly logo
Python Web Penetration Testing Cookbook

Book Description

Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing

In Detail

This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.

What You Will Learn

  • Enumerate users on web apps through Python

  • Develop complicated header-based attacks through Python

  • Deliver multiple XSS strings and check their execution success

  • Handle outputs from multiple tools and create attractive reports

  • Create PHP pages that test scripts and tools

  • Identify parameters and URLs vulnerable to Directory Traversal

  • Replicate existing tool functionality in Python

  • Create basic dial-back Python scripts using reverse shells and basic Python PoC malware

  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Python Web Penetration Testing Cookbook
      1. Table of Contents
      2. Python Web Penetration Testing Cookbook
      3. Credits
      4. About the Authors
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
        2. Disclamer
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Sections
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        5. Conventions
        6. Reader feedback
        7. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Gathering Open Source Intelligence
        1. Introduction
        2. Gathering information using the Shodan API
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        3. Scripting a Google+ API search
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also…
          5. There's more…
        4. Downloading profile pictures using the Google+ API
          1. How to do it
          2. How it works
        5. Harvesting additional results from the Google+ API using pagination
          1. How to do it
          2. How it works
        6. Getting screenshots of websites with QtWebKit
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        7. Screenshots based on a port list
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
        8. Spidering websites
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
      9. 2. Enumeration
        1. Introduction
        2. Performing a ping sweep with Scapy
          1. How to do it…
          2. How it works…
        3. Scanning with Scapy
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Checking username validity
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        5. Brute forcing usernames
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        6. Enumerating files
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Brute forcing passwords
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Generating e-mail addresses from names
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        9. Finding e-mail addresses from web pages
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        10. Finding comments in source code
          1. How to do it…
          2. How it works…
          3. There's more…
      10. 3. Vulnerability Identification
        1. Introduction
        2. Automated URL-based Directory Traversal
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more
        3. Automated URL-based Cross-site scripting
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Automated parameter-based Cross-site scripting
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Automated fuzzing
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. jQuery checking
          1. How to do it…
          2. How it works…
          3. There's more…
        7. Header-based Cross-site scripting
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Shellshock checking
          1. Getting ready
          2. How to do it…
          3. How it works…
      11. 4. SQL Injection
        1. Introduction
        2. Checking jitter
          1. How to do it…
          2. How it works…
          3. There's more…
        3. Identifying URL-based SQLi
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Exploiting Boolean SQLi
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Exploiting Blind SQL Injection
          1. How to do it…
          2. How it works…
          3. There's more…
        6. Encoding payloads
          1. How to do it…
          2. How it works…
          3. There's more…
      12. 5. Web Header Manipulation
        1. Introduction
        2. Testing HTTP methods
          1. How to do it…
          2. How it works…
          3. There's more…
        3. Fingerprinting servers through HTTP headers
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Testing for insecure headers
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Brute forcing login through the Authorization header
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. Testing for clickjacking vulnerabilities
          1. How to do it…
          2. How it works…
        7. Identifying alternative sites by spoofing user agents
          1. How to do it…
          2. How it works…
          3. See also
        8. Testing for insecure cookie flags
          1. How to do it…
          2. How it works…
          3. There's more…
        9. Session fixation through a cookie injection
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
      13. 6. Image Analysis and Manipulation
        1. Introduction
        2. Hiding a message using LSB steganography
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        3. Extracting messages hidden in LSB
          1. How to do it…
          2. How it works…
          3. There's more…
        4. Hiding text in images
          1. How to do it…
          2. How it works…
          3. There's more…
        5. Extracting text from images
          1. How to do it…
          2. How it works…
          3. There's more…
        6. Enabling command and control using steganography
          1. Getting ready
          2. How to do it…
          3. How it works…
      14. 7. Encryption and Encoding
        1. Introduction
        2. Generating an MD5 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Generating an SHA 1/128/256 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Implementing SHA and MD5 hashes together
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Implementing SHA in a real-world scenario
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Generating a Bcrypt hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Cracking an MD5 hash
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Encoding with Base64
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Encoding with ROT13
          1. Getting ready
          2. How to do it…
          3. How it works…
        10. Cracking a substitution cipher
          1. Getting ready
          2. How to do it…
          3. How it works…
        11. Cracking the Atbash cipher
          1. Getting ready
          2. How to do it…
          3. How it works…
        12. Attacking one-time pad reuse
          1. Getting ready
          2. How to do it…
          3. How it works…
        13. Predicting a linear congruential generator
          1. Getting ready
          2. How to do it…
          3. How it works…
        14. Identifying hashes
          1. Getting ready
          2. How to do it…
          3. How it works…
      15. 8. Payloads and Shells
        1. Introduction
        2. Extracting data through HTTP requests
          1. Getting Ready
          2. How to do it…
          3. How it works…
        3. Creating an HTTP C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        4. Creating an FTP C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        5. Creating an Twitter C2
          1. Getting Started
          2. How to do it…
          3. How it works…
        6. Creating a simple Netcat shell
          1. How to do it…
          2. How it works…
      16. 9. Reporting
        1. Introduction
        2. Converting Nmap XML to CSV
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Extracting links from a URL to Maltego
          1. How to do it…
          2. How it works…
          3. There’s more…
        4. Extracting e-mails to Maltego
          1. How to do it…
          2. How it works…
        5. Parsing Sslscan into CSV
          1. How to do it…
          2. How it works…
        6. Generating graphs using plot.ly
          1. Getting ready
          2. How to do it…
          3. How it works…
      17. Index