Book description
Utilize Python scripting to execute effective and efficient penetration tests
About This Book
- Understand how and where Python scripts meet the need for penetration testing
- Familiarise yourself with the process of highlighting a specific methodology to exploit an environment to fetch critical data
- Develop your Python and penetration testing skills with real-world examples
In Detail
Python is a powerful new-age scripting platform that allows you to build exploits, evaluate services, automate, and link solutions with ease. Python is a multi-paradigm programming language well suited to both object-oriented application development as well as functional design patterns. Because of the power and flexibility offered by it, Python has become one of the most popular languages used for penetration testing.
This book highlights how you can can evaluate an organization methodically and realistically. Specific tradecraft and techniques are covered that show you exactly when and where industry tools can and should be used and when Python fits a need that proprietary and open source solutions do not.
Initial methodology, and Python fundamentals are established and then built on. Specific examples are created with vulnerable system images, which are available to the community to test scripts, techniques, and exploits. This book walks you through real-world penetration testing challenges and how Python can help.
From start to finish, the book takes you through how to create Python scripts that meet relative needs that can be adapted to particular situations. As chapters progress, the script examples explain new concepts to enhance your foundational knowledge, culminating with you being able to build multi-threaded security tools, link security tools together, automate reports, create custom exploits, and expand Metasploit modules.
What You Will Learn
- Familiarise yourself with the generation of Metasploit resource files
- Use the Metasploit Remote Procedure Call (MSFRPC) to automate exploit generation and execution
- Use Python's Scapy, network, socket, office, Nmap libraries, and custom modules
- Parse Microsoft Office spreadsheets and eXtensible Markup Language (XML) data files
- Write buffer overflows and reverse Metasploit modules to expand capabilities
- Exploit Remote File Inclusion (RFI) to gain administrative access to systems with Python and other scripting languages
- Crack an organization's Internet perimeter
- Chain exploits to gain deeper access to an organization's resources
- Interact with web services with Python
Who This Book Is For
If you are a security professional or researcher, with knowledge of different operating systems and a conceptual idea of penetration testing, and you would like to grow your knowledge in Python, then this book is ideal for you.
Style and approach
This book is a practical guide that will help you become better penetration testers and/or Python security tool developers. Each chapter builds on concepts and tradecraft using detailed examples in test environments that you can simulate.
Table of contents
-
Learning Penetration Testing with Python
- Table of Contents
- Learning Penetration Testing with Python
- Credits
- Disclaimer
- About the Author
- Acknowlegements
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Understanding the Penetration Testing Methodology
-
2. The Basics of Python Scripting
- Understanding the difference between interpreted and compiled languages
- Python – the good and the bad
- A Python interactive interpreter versus a script
- Environmental variables and PATH
- Understanding dynamically typed languages
- The first Python script
- Developing scripts and identifying errors
- Python formatting
- Python variables
- Operators
- Compound statements
- Functions
- The Python style guide
- Arguments and options
- Your first assessor script
- Summary
-
3. Identifying Targets with Nmap, Scapy, and Python
- Understanding how systems communicate
- Understanding Nmap
- Nmap libraries for Python
- The Scapy library for Python
- Summary
- 4. Executing Credential Attacks with Python
- 5. Exploiting Services with Python
- 6. Assessing Web Applications with Python
- 7. Cracking the Perimeter with Python
-
8. Exploit Development with Python, Metasploit, and Immunity
- Getting started with registers
- Understanding the Windows memory structure
- Understanding memory addresses and endianness
- Understanding the manipulation of the stack
- Understanding immunity
- Understanding basic buffer overflow
- Writing a basic buffer overflow exploit
- Understanding stack adjustments
- Understanding the purpose of local exploits
- Understanding other exploit scripts
- Reversing Metasploit modules
- Understanding protection mechanisms
- Summary
- 9. Automating Reports and Tasks with Python
- 10. Adding Permanency to Python Tools
- Index
Product information
- Title: Learning Penetration Testing with Python
- Author(s):
- Release date: September 2015
- Publisher(s): Packt Publishing
- ISBN: 9781785282324
You might also like
book
Python Penetration Testing Cookbook
Over 50+ hands-on recipes to help you pen test networks using Python, discover vulnerabilities, and find …
book
Effective Python Penetration Testing
Pen test your system like a pro and overcome vulnerabilities by leveraging Python scripts, libraries, and …
book
Python: Penetration Testing for Developers
Unleash the power of Python scripting to execute effective and efficient penetration tests About This Book …
book
Learning Python Web Penetration Testing
Leverage the simplicity of Python and available libraries to build web security testing tools for your …