Python penetration testing essentials : techniques for ethical hacking with Python / Mohit.

Format:

Book

Author/Creator:

Mohit, author.

Language:

English

Subjects (All):

Python (Computer program language).

Penetration testing (Computer security).

Physical Description:

1 online resource (1 volume) : illustrations

Edition:

Second edition.

Place of Publication:

Birmingham ; Mumbai : Packt, [2018]

System Details:

text file

Biography/History:

Raj Mohit: Mohit Raj is a Python programmer with a keen interest in the field of information security. He completed his bachelor's degree in technology in computer science from Kurukshetra University, Kurukshetra, and his masters in engineering (2012) in computer science from Thapar University, Patiala. He is a C

Summary:

This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1. About This Book Detect and avoid various attack types that put the privacy of a system at risk Leverage Python to build efficient code and eventually build a robust environment Learn about securing wireless applications and information gathering on a web server Who This Book Is For If you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion. What You Will Learn The basics of network pentesting including network scanning and sniffing Wireless, wired attacks, and building traps for attack and torrent detection Web server footprinting and web application attacks, including the XSS and SQL injection attack Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hacking In Detail This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking - such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks. Style and approach The book starts at a basic level and moves to a higher level of network and web security. The execution and performance of code are both taken into account.

Contents:

Cover

Title Page

Copyright and Credits

Packt Upsell

Contributors

Table of Contents

Preface

Chapter 1: Python with Penetration Testing and Networking

Introducing the scope of pentesting

The need for pentesting

Components to be tested

Qualities of a good pentester

Defining the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Server socket methods

Client socket methods

General socket methods

Moving on to the practical

Socket exceptions

Useful socket methods

Summary

Chapter 2: Scanning Pentesting

How to check live systems in a network and the concept of a live system

Ping sweep

The TCP scan concept and its implementation using a Python script

How to create an efficient IP scanner in Windows

How to create an efficient IP scanner in Linux

The concept of the Linux-based IP scanner

nmap with Python

What are the services running on the target machine?

The concept of a port scanner

How to create an efficient port scanner

Chapter 3: Sniffing and Penetration Testing

Introducing a network sniffer

Passive sniffing

Active sniffing

Implementing a network sniffer using Python

Format characters

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

The ARP request

The ARP reply

The ARP cache

Testing the security system using custom packet crafting

A half-open scan

The FIN scan

ACK flag scanning

Chapter 4: Network Attacks and Prevention

Technical requirements

DHCP starvation attack

The MAC flooding attack

How the switch uses the CAM tables

The MAC flood logic

Gateway disassociation by RAW socket.

Torrent detection

Running the program in hidden mode

Chapter 5: Wireless Pentesting

Introduction to 802.11 frames

Wireless SSID finding and wireless traffic analysis with Python

Detecting clients of an AP

Wireless hidden SSID scanner

Wireless attacks

The deauthentication (deauth) attack

Detecting the deauth attack

Chapter 6: Honeypot - Building Traps for Attackers

Fake ARP reply

Fake ping reply

Fake port-scanning reply

Fake OS-signature reply to nmap

Fake web server reply

Chapter 7: Foot Printing a Web Server and a Web Application

The concept of foot printing a web server

Introducing information gathering

Checking the HTTP header

Information gathering of a website from whois.domaintools.com

Email address gathering from a web page

Banner grabbing of a website

Hardening of a web server

Chapter 8: Client-Side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Single IP, single ports

Single IP, multiple port

Multiple IP, multiple ports

Detection of DDoS

Chapter 9: Pentesting SQL and XSS

Introducing the SQL injection attack

Types of SQL injections

Simple SQL injection

Blind SQL injection

Understanding the SQL injection attack by a Python script

Learning about cross-site scripting

Persistent or stored XSS

Nonpersistent or reflected XSS

Other Books You May Enjoy

Index.

Notes:

Description based on print version record.

ISBN:

9781789136043

1789136040

OCLC:

1041187915