Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Hands-On Penetration Testing with Python
Dedication
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Introduction to Python
Technical requirements
Why Python?
About Python – compiled or interpreted
Installing Python
Getting started
Variables and keywords
Variable naming conventions
Python keywords
Python data types
Numbers
String types
String indexes
String operations through methods and built-in functions
The replace( ) method
Substrings or string slicing
String concatenation and replication
The strip(), lstrip(), and rstrip() methods
The split() method
The find(), index(), upper(), lower(), len(), and count() methods
The in and not in methods
The endswith(), isdigit(), isalpha(), islower(), isupper(), and capitalize() methods
List types
Slicing the lists
Merging and updating lists
Copying lists
Removing elements from lists
Replication with len(), max(), and min()
in and not in
Tuples in Python
Dictionaries in Python
Python operators
Summary
Questions
Building Python Scripts
Technical requirements
Indentation
Conditional statements
The if condition
The if...else condition
The if...elif condition
Loops
The while loop
The for loop
Iteration, iterable, and iterator
A closer look at for loops
Functions and methods in Python
Modules and packages
Generators and comprehensions
Comprehensions
Map, Lambda, zip, and filters
Summary
Questions
Further reading
Concept Handling
Object-oriented programming in Python
Classes and objects
Class relationships
Inheritance
Access modifiers in Python
Composition
Association
Aggregation
Abstract classes
Polymorphism
Polymorphism with functions
Polymorphism with classes (abstract classes)
Static, instance, and class methods in Python
Files, directories, and I/O access
File access and manipulation
Renaming and deleting files and accessing directories
Console I/O
Regular expressions in Python
Data manipulation and parsing with XML, JSON, and CSV data
XML data manipulation
JSON data manipulation
CSV
Exception handling
Summary
Questions
Further reading
Advanced Python Modules
Multitasking with threads
Demonic and non-demonic threads
Thread joins and enumeration
Intercommunication between threads
Thread concurrency control
Multitasking with processes
Demonic and non-demonic processes
Process joins, enumeration, and termination
Multiprocess pooling
Subprocesses
Socket programming basics
Reverse TCP shells with Python
Summary
Questions
Further reading
Vulnerability Scanner Python - Part 1
Introducing Nmap
Building a network scanner with Python
Controlling the Nmap output with the script
Using the Nmap module to conduct Nmap port scanning
Objective and architectural overview
Port scanning
Service scanning
A closer look at the code
Getting started
Executing the code
Database schema for the port scanning portion of the vulnerability scanner
Summary
Questions
Further reading
Vulnerability Scanner Python - Part 2
Architectural overview
A closer look at the code
Driver_scanner.py
driver_meta.py
main()
parse_and_process()
launchConfiguration()
launchExploits()
auto_commands.py
Pexpect
custom_meta()
singleLineCommands_Timeout()
general_interactive()
generalCommands_Tout_Sniff()
HTTP_based()
IPexploits.py
Executing the code
Database schema for the service-scanning portion of the vulnerability scanner
GUI version of vulnerability scanner
Usage [PTO-GUI]
Scanning modules
Sequential mode
Reconfiguration after discovery is finished
Concurrent mode
Sequential default mode
Pausing and resuming scans
Downloading reports or analyzing when scan would be completed
Reporting
Summary
Questions
Further reading
Machine Learning and Cybersecurity
Machine Learning
Setting up a Machine Learning environment in Kali Linux
Regression-based machine learning models
Simple linear regression
How does the regression model work?
Multiple linear regression
Classification models
Naive Bayes classifier
Summarizing the Naive Bayes classifier
Implementation code
Natural language processing
Using natural language processing with penetration testing reports
Step 1– tagging the raw data
Step 2–writing the code to train and test our model
Summary
Questions
Further reading
Automating Web Application Scanning - Part 1
Automating web application scanning with Burp Suite
Burp automation with Python
SQL injection
Automatic detection of SQL injection with Python
Summary
Questions
Further reading
Automated Web Application Scanning - Part 2
XSS
Stored or Type 1 XSS attacks
Reflected or Type 2 XSS attacks
DOM-based or Type 0 XSS attacks
Automatic detection of XSS with Python
Script in action
CSRF
Automatically detecting CSRF with Python
Script in action
Clickjacking
X-Frame-Options
Automatically detecting clickjacking with Python
SSL stripping (missing HSTS header)
Automatically detecting missing HSTS with Python
Summary
Questions
Further reading
Building a Custom Crawler
Setup and installations
Getting started
Crawler code
Urls.py and Views.py code snippet
Code explanation
Driver code – run_crawler.py
Crawler code – crawler.py
Execution of code
Summary
Questions
Further reading
Reverse Engineering Linux Applications
Debugger
Fuzzing Linux applications
Fuzzing in action
Linux and assembly code
Stack buffer overflow in Linux
Exploiting a buffer overflow
Heap buffer overflow in Linux
String format vulnerabilities
Summary
Questions
Further reading
Reverse Engineering Windows Applications
Debuggers
Fuzzing Windows applications
Windows and assembly
Exploiting buffer overflows in Windows
Summary
Questions
Further reading
Exploit Development
Scripting exploits over web-based vulnerabilities
Manually executing an LFI exploit
Reverse shell with Netcat
Reverse shell with Python
Exploit development (LFI + RFI)
LFI/RFI exploit code
Executing the LFI exploit
Executing the RFI exploit
Developing a Metasploit module to exploit a network service
Encoding shell codes to avoid detection
Downloading and installing Veil
Summary
Questions
Further reading
Cyber Threat Intelligence
Introduction to cyber threat intelligence
Manual threat intelligence
Automated threat intelligence
Cyber threat intelligence platforms
Tools and API
MISP
Installing MISP
Threat scoring capability
MISP UI and API
MISP API (PyMISP)
Threat scoring
Threat scoring weighed file
Threat scoring algorithm
Executing the code
STIX and TAXII and external lookups
External lookups
Summary
Questions
Further reading
Other Wonders of Python
Report parsers
Nmap parser
Running the code
Nessus parser
Running the code
The need to have custom parsers
Keylogger and exfiltration via sockets
pyxhook – a Linux based Keylogger
pyhook – a Windows-based keylogger
Parsing Twitter tweets
Stealing browser passwords with Python
Python for antivirus-free persistence shells
Summary
Questions
Further reading
Assessments
Chapter 1, Introduction to Python
Chapter 2, Building Python Scripts
Chapter 3, Concept Handling
Chapter 4, Advanced Python Modules
Chapter 5, Vulnerability Scanner Python - Part 1
Chapter 6, Vulnerability Scanner Python - Part 2
Chapter 7, Machine Learning and Cybersecurity
Chapter 8, Automating Web Application Scanning - Part 1
Chapter 9, Automating Web Application Scanning - Part 2
Chapter 10, Building a Custom Crawler
Chapter 11, Reverse Engineering Linux Applications
Chapter 12, Reverse Engineering Windows Applications
Chapter 13, Exploit Development
Chapter 14, Cyber Threat Intelligence
Chapter 15, Other Wonders of Python
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →