万本电子书0元读

万本电子书0元读

顶部广告

Hands-On Penetration Testing with Python电子书

售       价:¥

30人正在读 | 0人评论 6.5

作       者:Furqan Khan

出  版  社:Packt Publishing

出版时间:2019-01-31

字       数:44.0万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Implement defensive techniques in your ecosystem successfully with Python Key Features * Identify and expose vulnerabilities in your infrastructure with Python * Learn custom exploit development . * Make robust and powerful cybersecurity tools with Python Book Description With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers. Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python. By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits. What you will learn * Get to grips with Custom vulnerability scanner development * Familiarize yourself with web application scanning automation and exploit development * Walk through day-to-day cybersecurity scenarios that can be automated with Python * Discover enterprise-or organization-specific use cases and threat-hunting automation * Understand reverse engineering, fuzzing, buffer overflows , key-logger development, and exploit development for buffer overflows. * Understand web scraping in Python and use it for processing web responses * Explore Security Operations Centre (SOC) use cases * Get to understand Data Science, Python, and cybersecurity all under one hood Who this book is for If you are a security consultant , developer or a cyber security enthusiast with little or no knowledge of Python and want in-depth insight into how the pen-testing ecosystem and python combine to create offensive tools , exploits , automate cyber security use-cases and much more then this book is for you. Hands-On Penetration Testing with Python guides you through the advanced uses of Python for cybersecurity and pen-testing, helping you to better understand security loopholes within your infrastructure .
目录展开

Title Page

Copyright and Credits

Hands-On Penetration Testing with Python

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Introduction to Python

Technical requirements

Why Python?

About Python – compiled or interpreted

Installing Python

Getting started

Variables and keywords

Variable naming conventions

Python keywords

Python data types

Numbers

String types

String indexes

String operations through methods and built-in functions

The replace( ) method

Substrings or string slicing

String concatenation and replication

The strip(), lstrip(), and rstrip() methods

The split() method

The find(), index(), upper(), lower(), len(), and count() methods

The in and not in methods

The endswith(), isdigit(), isalpha(), islower(), isupper(), and capitalize() methods

List types

Slicing the lists

Merging and updating lists

Copying lists

Removing elements from lists

Replication with len(), max(), and min()

in and not in

Tuples in Python

Dictionaries in Python

Python operators

Summary

Questions

Building Python Scripts

Technical requirements

Indentation

Conditional statements

The if condition

The if...else condition

The if...elif condition

Loops

The while loop

The for loop

Iteration, iterable, and iterator

A closer look at for loops

Functions and methods in Python

Modules and packages

Generators and comprehensions

Comprehensions

Map, Lambda, zip, and filters

Summary

Questions

Further reading

Concept Handling

Object-oriented programming in Python

Classes and objects

Class relationships

Inheritance

Access modifiers in Python

Composition

Association

Aggregation

Abstract classes

Polymorphism

Polymorphism with functions

Polymorphism with classes (abstract classes)

Static, instance, and class methods in Python

Files, directories, and I/O access

File access and manipulation

Renaming and deleting files and accessing directories

Console I/O

Regular expressions in Python

Data manipulation and parsing with XML, JSON, and CSV data

XML data manipulation

JSON data manipulation

CSV

Exception handling

Summary

Questions

Further reading

Advanced Python Modules

Multitasking with threads

Demonic and non-demonic threads

Thread joins and enumeration

Intercommunication between threads

Thread concurrency control

Multitasking with processes

Demonic and non-demonic processes

Process joins, enumeration, and termination

Multiprocess pooling

Subprocesses

Socket programming basics

Reverse TCP shells with Python

Summary

Questions

Further reading

Vulnerability Scanner Python - Part 1

Introducing Nmap

Building a network scanner with Python

Controlling the Nmap output with the script

Using the Nmap module to conduct Nmap port scanning

Objective and architectural overview

Port scanning

Service scanning

A closer look at the code

Getting started

Executing the code

Database schema for the port scanning portion of the vulnerability scanner

Summary

Questions

Further reading

Vulnerability Scanner Python - Part 2

Architectural overview

A closer look at the code

Driver_scanner.py

driver_meta.py

main()

parse_and_process()

launchConfiguration()

launchExploits()

auto_commands.py

Pexpect – automating terminal: <SSH, Telnet, Wireshark, w3af>

custom_meta() – automating Metasploit

singleLineCommands_Timeout() – automating Java , Ruby, Perl, NSE, Python, Bash scripts

general_interactive() – automating interactive terminal scripts (test_ssl.sh)

generalCommands_Tout_Sniff() – automating Tshark

HTTP_based() – automating web specific use-cases

Storing details in database

Executing the code

Database schema for the service-scanning portion of the vulnerability scanner

GUI version of vulnerability scanner

Usage [PTO-GUI]

Scanning modules

Sequential mode

Reconfiguration after discovery is finished

Concurrent mode

Sequential default mode

Pausing and resuming scans

Downloading reports or analyzing when scan would be completed

Reporting

Summary

Questions

Further reading

Machine Learning and Cybersecurity

Machine Learning

Setting up a Machine Learning environment in Kali Linux

Regression-based machine learning models

Simple linear regression

How does the regression model work?

Multiple linear regression

Classification models

Naive Bayes classifier

Summarizing the Naive Bayes classifier

Implementation code

Natural language processing

Using natural language processing with penetration testing reports

Step 1 – tagging the raw data

Step 2 – writing the code to train and test our model

Summary

Questions

Further reading

Automating Web Application Scanning - Part 1

Automating web application scanning with Burp Suite

Burp automation with Python

SQL injection

Automatic detection of SQL injection with Python

Summary

Questions

Further reading

Automated Web Application Scanning - Part 2

XSS

Stored or Type 1 XSS attacks

Reflected or Type 2 XSS attacks

DOM-based or Type 0 XSS attacks

Automatic detection of XSS with Python

Script in action

CSRF

Automatically detecting CSRF with Python

Script in action

Clickjacking

X-Frame-Options

Automatically detecting clickjacking with Python

SSL stripping (missing HSTS header)

Automatically detecting missing HSTS with Python

Summary

Questions

Further reading

Building a Custom Crawler

Setup and installations

Getting started

Crawler code

Urls.py and Views.py code snippet

Code explanation

Driver code – run_crawler.py

Crawler code – crawler.py

Execution of code

Summary

Questions

Further reading

Reverse Engineering Linux Applications

Debugger

Fuzzing Linux applications

Fuzzing in action

Linux and assembly code

Stack buffer overflow in Linux

Exploiting a buffer overflow

Heap buffer overflow in Linux

String format vulnerabilities

Summary

Questions

Further reading

Reverse Engineering Windows Applications

Debuggers

Fuzzing Windows applications

Windows and assembly

Exploiting buffer overflows in Windows

Summary

Questions

Further reading

Exploit Development

Scripting exploits over web-based vulnerabilities

Manually executing an LFI exploit

Reverse shell with Netcat

Reverse shell with Python

Exploit development (LFI + RFI)

LFI/RFI exploit code

Executing the LFI exploit

Executing the RFI exploit

Developing a Metasploit module to exploit a network service

Encoding shell codes to avoid detection

Downloading and installing Veil

Summary

Questions

Further reading

Cyber Threat Intelligence

Introduction to cyber threat intelligence

Manual threat intelligence

Automated threat intelligence

Cyber threat intelligence platforms

Tools and API

MISP

Installing MISP

Threat scoring capability

MISP UI and API

MISP API (PyMISP)

Threat scoring

Threat scoring weighed file

Threat scoring algorithm

Executing the code

STIX and TAXII and external lookups

External lookups

Summary

Questions

Further reading

Other Wonders of Python

Report parsers

Nmap parser

Running the code

Nessus parser

Running the code

The need to have custom parsers

Keylogger and exfiltration via sockets

pyxhook – a Linux based Keylogger

pyhook – a Windows-based keylogger

Parsing Twitter tweets

Stealing browser passwords with Python

Python for antivirus-free persistence shells

Summary

Questions

Further reading

Assessments

Chapter 1, Introduction to Python

Chapter 2, Building Python Scripts

Chapter 3, Concept Handling

Chapter 4, Advanced Python Modules

Chapter 5, Vulnerability Scanner Python - Part 1

Chapter 6, Vulnerability Scanner Python - Part 2

Chapter 7, Machine Learning and Cybersecurity

Chapter 8, Automating Web Application Scanning - Part 1

Chapter 9, Automating Web Application Scanning - Part 2

Chapter 10, Building a Custom Crawler

Chapter 11, Reverse Engineering Linux Applications

Chapter 12, Reverse Engineering Windows Applications

Chapter 13, Exploit Development

Chapter 14, Cyber Threat Intelligence

Chapter 15, Other Wonders of Python

Other Books You May Enjoy

Leave a review - let other readers know what you think

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部