Python: Penetration Testing for Developers

Book Description

Unleash the power of Python scripting to execute effective and efficient penetration tests

About This Book

• Sharpen your pentesting skills with Python
• Develop your fluency with Python to write sharper scripts for rigorous security testing
• Get stuck into some of the most powerful tools in the security world

Who This Book Is For

If you are a Python programmer or a security researcher who has basic knowledge of Python programming and wants to learn about penetration testing with the help of Python, this course is ideal for you. Even if you are new to the field of ethical hacking, this course can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

What You Will Learn

• Familiarize yourself with the generation of Metasploit resource files and use the Metasploit Remote Procedure Call to automate exploit generation and execution
• Exploit the Remote File Inclusion to gain administrative access to systems with Python and other scripting languages
• Crack an organization’s Internet perimeter and chain exploits to gain deeper access to an organization’s resources
• Explore wireless traffic with the help of various programs and perform wireless attacks with Python programs
• Gather passive information from a website using automated scripts and perform XSS, SQL injection, and parameter tampering attacks
• Develop complicated header-based attacks through Python

In Detail

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level.

In the first module, we’ll show you how to get to grips with the fundamentals. This means you’ll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You’ll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat.

In the next module you’ll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert.

Finally in the third module, you’ll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.

This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:

• Learning Penetration Testing with Python by Christopher Duffy
• Python Penetration Testing Essentials by Mohit
• Python Web Penetration Testing Cookbook by Cameron Buchanan,Terry Ip, Andrew Mabbitt, Benjamin May and Dave Mound

Style and approach

This course provides a quick access to powerful, modern tools, and customizable scripts to kick-start the creation of your own Python web penetration testing toolbox.

Table of Contents

Module 1: Learning Penetration Testing with Python
Chapter 1: Understanding the Penetration Testing Methodology
Chapter 2: The Basics of Python Scripting
Chapter 3: Identifying Targets with Nmap, Scapy, and Python
Chapter 4: Executing Credential Attacks with Python
Chapter 5: Exploiting Services with Python
Chapter 6: Assessing Web Applications with Python
Chapter 7: Cracking the Perimeter with Python
Chapter 8: Exploit Development with Python, Metasploit, and Immunity
Chapter 9: Automating Reports and Tasks with Python
Chapter 10: Adding Permanency to Python Tools

Module 2: Python Penetration Testing Essentials
Chapter 1: Python with Penetration Testing and Networking
Chapter 2: Scanning Pentesting
Chapter 3: Sniffing and Penetration Testing
Chapter 4: Wireless Pentesting
Chapter 5: Foot Printing of a Web Server and a Web Application
Chapter 6: Client-side and DDoS Attacks
Chapter 7: Pentesting of SQLI and XSS

Module 3: Python Web Penetration Testing Cookbook
Chapter 1: Gathering Open Source Intelligence
Chapter 2: Enumeration
Chapter 3: Vulnerability Identification
Chapter 4: SQL Injection
Chapter 5: Web Header Manipulation
Chapter 6: Image Analysis and Manipulation
Chapter 7: Encryption and Encoding
Chapter 8: Payloads and Shells
Chapter 9: Reporting

中文：

书名：Python: Penetration Testing for Developers

释放Python脚本的力量，以执行有效和高效的渗透测试

About This Book

• Sharpen your pentesting skills with Python
• 熟练使用Python编写更敏锐的脚本，以便进行严格的安全测试
• 使用安全世界中一些最强大的工具

这本书是为谁写的

如果您是一名具有基本的Python编程知识的Python程序员或安全研究人员，并且想要了解有关借助Python进行渗透测试的知识，本课程是您的理想之选。即使您是道德黑客领域的新手，本课程也可以帮助您找到系统中的漏洞，以便您准备好应对任何类型的攻击或入侵。

你将学到什么

• 熟悉Metasploit资源文件的生成，并使用Metasploit远程过程调用来自动利用漏洞的生成和执行
• 利用远程文件包含来获得对使用Python和其他脚本语言的系统的管理访问权限
• 破解组织的互联网边界和链条漏洞，以更深入地访问组织的资源
• 借助各种程序探索无线流量，并使用Python程序执行无线攻击
• 使用自动脚本从网站收集被动信息，并执行XSS、SQL注入和参数篡改攻击
• 通过Python开发复杂的基于标头的攻击

In Detail

在工具和技术方面，网络罪犯总是领先一步。这意味着您需要使用相同的工具并采用相同的思维模式来适当地保护您的软件。本课程将向您展示如何做到这一点，演示如何有效地执行强大的五次测试，从而确保软件的安全。由三个关键模块组成，遵循每个模块，将您的Python和安全技能提升到一个新的水平。

在第一个模块中，我们将向您展示如何掌握基础知识。这意味着您将很快了解如何使用专门为您的需求设计的定制Python工具来解决五元组面临的一些常见挑战。您还将学习使用什么工具以及何时使用，这将使您在部署五元组工具以应对任何潜在威胁时充满信心。

在下一个模块中，您将开始侵入应用层。它涵盖了从参数篡改、DDoS、XXS和SQL注入的所有内容，它将建立在您在第一个模块中学到的知识和技能的基础上，使您成为一名更加流利的安全专家。

最后，在第三个模块中，您将找到60多个Python五步测试食谱。我们认为，这将很快成为您信任的资源，以应对任何试射情况。

此学习路径将Packt必须提供的一些最好的功能组合在一个完整的、经过精心策划的程序包中。它包括来自以下Packt产品的内容：

• Learning Penetration Testing with Python by Christopher Duffy
• 由MoHit编写的Python渗透测试要点
• 由卡梅隆·布坎南、特里·叶、安德鲁·马比特、本杰明·梅和戴夫·蒙德著的《Python网络渗透测试手册》

Style and approach

本课程提供快速访问功能强大的现代工具和可定制的脚本，以启动创建您自己的PythonWeb渗透测试工具箱。

Table of Contents

模块1：学习使用Python进行渗透测试
第1章：了解渗透测试方法
Chapter 2: The Basics of Python Scripting
第3章：使用Nmap、Scapy和Python识别目标
Chapter 4: Executing Credential Attacks with Python
第5章：使用Python开发服务
第6章：使用Python评估Web应用程序
第7章：使用Python破解边界
第8章：使用Python、Metasploit和免疫进行漏洞开发
第9章：使用Python自动执行报告和任务
第10章：将永久性添加到Python工具

模块2：Python渗透测试要点
第1章：具有渗透测试和网络的Python
Chapter 2: Scanning Pentesting
第3章：嗅探和渗透测试
Chapter 4: Wireless Pentesting
第5章：Web服务器和Web应用程序的足迹打印
Chapter 6: Client-side and DDoS Attacks
Chapter 7: Pentesting of SQLI and XSS

模块3：《Python Web渗透测试手册》
Chapter 1: Gathering Open Source Intelligence
第2章：枚举
Chapter 3: Vulnerability Identification
第4章：SQL注入
Chapter 5: Web Header Manipulation
第六章：图像分析和处理
Chapter 7: Encryption and Encoding
Chapter 8: Payloads and Shells
第9章：报告