Cargando…
Python penetration testing essentials : employ the power of Python to get the best out of pentesting /
If you are a Python programmer or a security researcher who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this book is ideal for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai [India] :
Packt Publishing,
2015.
|
| Colección: | Community experience distilled
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Python with Penetration Testing and Networking; Introducing the scope of pentesting; The need for pentesting; Components to be tested; Qualities of a good pentester; Defining the scope of pentesting; Approaches to pentesting; Introducing Python scripting; Understanding the tests and tools you'll need; Learning the common testing platforms with Python; Network sockets; Server socket methods; Client socket methods; General socket methods; Moving on to the practical
- Socket exceptionsUseful socket methods; Summary; Chapter 2: Scanning Pentesting; How to check live systems in a network and the concept of a live system; Ping sweep; The TCP scan concept and its implementation using a Python script; How to create an efficient IP scanner; What are the services running on the target machine?; The concept of a port scanner; How to create an efficient port scanner; Summary; Chapter 3: Sniffing and Penetration Testing; Introducing a network sniffer; Passive sniffing; Active sniffing; Implementing a network sniffer using Python; Format characters
- Learning about packet craftingIntroducing ARP spoofing and implementing it using Python; The ARP request ; The ARP reply; The ARP cache; Testing the security system using custom packet crafting and injection; Network disassociation; A half-open scan; The FIN scan; ACK flag scanning; Ping of death; Summary; Chapter 4: Wireless Pentesting; Wireless SSID finding and wireless traffic analysis by Python; Detecting clients of an AP; Wireless attacks; The deauthentication (deauth) attacks; The MAC flooding attack; How the switch uses the CAM tables; The MAC flood logic; Summary
- Chapter 5: Foot Printing of a Web Server and a Web ApplicationThe concept of foot printing of a web server; Introducing information gathering ; Checking the HTTP header; Information gathering of a website from SmartWhois by the parser BeautifulSoup; Banner grabbing of a website; Hardening of a web server; Summary; Chapter 6: Client-side and DDoS Attacks; Introducing client-side validation; Tampering with the client-side parameter with Python; Effects of parameter tampering on business; Introducing DoS and DDoS; Single IP single port; Single IP multiple port; Multiple IP multiple port
- Detection of DDoSSummary; Chapter 7: Pentesting of SQLI and XSS; Introducing the SQL injection attack; Types of SQL injections; Simple SQL injection; Blind SQL injection; Understanding the SQL injection attack by a Python script; Learning about Cross-Site scripting; Persistent or stored XSS; Nonpersistent or reflected XSS; Summary; Index