Python Web Penetration Testing Cookbook.

Format:

Book

Author/Creator:

Buchanan, Cameron.

Contributor:

Ip, Terry.

Mabbitt, Andrew.

May, Benjamin.

Mound, Dave.

Language:

English

Subjects (All):

Computer programming.

Object-oriented programming (Computer science).

Python (Computer program language).

Local Subjects:

Computer programming.

Object-oriented programming (Computer science).

Python (Computer program language).

Physical Description:

1 online resource (224 p.)

Edition:

1st edition

Other Title:

Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing

Place of Publication:

Birmingham : Packt Publishing, 2015.

Language Note:

English

System Details:

text file

Summary:

This book is for testers looking for quick access to powerful, modern tools and customizable scripts to kick-start the creation of their own Python web penetration testing toolbox.

Contents:

Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Gathering Open Source Intelligence; Introduction; Gathering information using the Shodan API; Scripting a Google+ API search; Downloading profile pictures using the Google+ API; Harvesting additional results from the Google+ API using pagination; Getting screenshots of websites with QtWebKit; Screenshots based on a port list; Spidering websites; Chapter 2: Enumeration; Introduction; Performing a pingsweep with Scapy; Scanning with Scapy; Checking username validity

Brute forcing usernamesEnumerating files; Brute forcing passwords; Generating e-mail addresses from names; Finding e-mail addresses from web pages; Finding comments in source code; Chapter 3: Vulnerability Identification; Introduction; Automated URL-based Directory Traversal; Automated URL-based Cross-site scripting; Automated parameter-based Cross-site scripting; Automated fuzzing; jQuery checking; Header-based Cross-site scripting; Shellshock checking; Chapter 4: SQL Injection; Introduction; Checking jitter; Identifying URL-based SQLi; Exploiting Boolean SQLi; Exploiting Blind SQL Injection

Encoding payloadsChapter 5: Web Header Manipulation; Introduction; Testing HTTP methods; Fingerprinting servers through HTTP headers; Testing for insecure headers; Brute forcing login through Authorization header; Testing for clickjacking vulnerabilities; Identifying alternative sites by spoofing user agents; Testing for insecure cookie flags; Session fixation through cookie injection; Chapter 6: Image Analysis and Manipulation; Introduction; Hiding a message using LSB steganography; Extracting messages hidden in LSB; Hiding text in images; Extracting text from images

Enabling command and control using steganographyChapter 7: Encryption and Encoding; Introduction; Generating an MD5 hash; Generating an SHA 1/128/256 hash; Implementing SHA and MD5 hashes together; Implementing SHA in a real-world scenario; Generating a Bcrypt hash; Cracking an MD5 hash; Encoding with Base64; Encoding with ROT13; Cracking a substitution cipher; Cracking the Atbash cipher; Attacking one-time pad reuse; Predicting a linear congruential generator ; Identifying hashes; Chapter 8: Payloads and Shells; Introduction; Extracting data through HTTP requests; Creating an HTTP C2

Creating an FTP C2Creating an Twitter C2; Creating a simple Netcat shell; Chapter 9: Reporting; Introduction; Converting Nmap XML to CSV; Extracting links from a URL to Maltego; Extracting e-mails to Maltego; Parsing Sslscan into CSV; Generating graphs using plot.ly; Index

Notes:

Description based upon print version of record.

ISBN:

9781784399900

1784399906

OCLC:

913880050