Python Penetration Testing Essentials电子书

Python Penetration Testing Essentials

Table of Contents

Python Penetration Testing Essentials

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Python with Penetration Testing and Networking

Introducing the scope of pentesting

The need for pentesting

Components to be tested

Qualities of a good pentester

Defining the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Server socket methods

Client socket methods

General socket methods

Moving on to the practical

Socket exceptions

Useful socket methods

Summary

2. Scanning Pentesting

How to check live systems in a network and the concept of a live system

Ping sweep

The TCP scan concept and its implementation using a Python script

How to create an efficient IP scanner

What are the services running on the target machine?

The concept of a port scanner

How to create an efficient port scanner

Summary

3. Sniffing and Penetration Testing

Introducing a network sniffer

Passive sniffing

Active sniffing

Implementing a network sniffer using Python

Format characters

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

The ARP request

The ARP reply

The ARP cache

Testing the security system using custom packet crafting and injection

Network disassociation

A half-open scan

The FIN scan

ACK flag scanning

Ping of death

Summary

4. Wireless Pentesting

Wireless SSID finding and wireless traffic analysis by Python

Detecting clients of an AP

Wireless attacks

The deauthentication (deauth) attacks

The MAC flooding attack

How the switch uses the CAM tables

The MAC flood logic

Summary

5. Foot Printing of a Web Server and a Web Application

The concept of foot printing of a web server

Introducing information gathering

Checking the HTTP header

Information gathering of a website from SmartWhois by the parser BeautifulSoup

Banner grabbing of a website

Hardening of a web server

Summary

6. Client-side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Single IP single port

Single IP multiple port

Multiple IP multiple port

Detection of DDoS

Summary

7. Pentesting of SQLI and XSS

Introducing the SQL injection attack

Types of SQL injections

Simple SQL injection

Blind SQL injection

Understanding the SQL injection attack by a Python script

Learning about Cross-Site scripting

Persistent or stored XSS

Nonpersistent or reflected XSS

Summary

Index