Book description
Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing
In Detail
This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.
What You Will Learn
- Enumerate users on web apps through Python
- Develop complicated header-based attacks through Python
- Deliver multiple XSS strings and check their execution success
- Handle outputs from multiple tools and create attractive reports
- Create PHP pages that test scripts and tools
- Identify parameters and URLs vulnerable to Directory Traversal
- Replicate existing tool functionality in Python
- Create basic dial-back Python scripts using reverse shells and basic Python PoC malware
Table of contents
-
Python Web Penetration Testing Cookbook
- Table of Contents
- Python Web Penetration Testing Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Gathering Open Source Intelligence
- Introduction
- Gathering information using the Shodan API
- Scripting a Google+ API search
- Downloading profile pictures using the Google+ API
- Harvesting additional results from the Google+ API using pagination
- Getting screenshots of websites with QtWebKit
- Screenshots based on a port list
- Spidering websites
- 2. Enumeration
- 3. Vulnerability Identification
- 4. SQL Injection
-
5. Web Header Manipulation
- Introduction
- Testing HTTP methods
- Fingerprinting servers through HTTP headers
- Testing for insecure headers
- Brute forcing login through the Authorization header
- Testing for clickjacking vulnerabilities
- Identifying alternative sites by spoofing user agents
- Testing for insecure cookie flags
- Session fixation through a cookie injection
- 6. Image Analysis and Manipulation
-
7. Encryption and Encoding
- Introduction
- Generating an MD5 hash
- Generating an SHA 1/128/256 hash
- Implementing SHA and MD5 hashes together
- Implementing SHA in a real-world scenario
- Generating a Bcrypt hash
- Cracking an MD5 hash
- Encoding with Base64
- Encoding with ROT13
- Cracking a substitution cipher
- Cracking the Atbash cipher
- Attacking one-time pad reuse
- Predicting a linear congruential generator
- Identifying hashes
- 8. Payloads and Shells
- 9. Reporting
- Index
Product information
- Title: Python Web Penetration Testing Cookbook
- Author(s):
- Release date: June 2015
- Publisher(s): Packt Publishing
- ISBN: 9781784392932
You might also like
book
Learning Python Web Penetration Testing
Leverage the simplicity of Python and available libraries to build web security testing tools for your …
book
Python Penetration Testing Cookbook
Over 50+ hands-on recipes to help you pen test networks using Python, discover vulnerabilities, and find …
book
Python Penetration Testing Essentials
This book gives you the skills you need to use Python for penetration testing, with the …
book
Python: Penetration Testing for Developers
Unleash the power of Python scripting to execute effective and efficient penetration tests About This Book …