Python Web Penetration Testing Cookbook by Mound, Dave -- Read -- Imperial Library of Trantor

Log In

Or create an account ->

Imperial Library

Home
About
News
Upload
Forum

Help

Login/SignUp

Index

Cover Table of Contents Python Web Penetration Testing Cookbook Python Web Penetration Testing Cookbook Credits About the Authors About the Reviewers www.PacktPub.com Disclamer Preface What you need for this book Who this book is for Sections Conventions Reader feedback Customer support 1. Gathering Open Source Intelligence Gathering information using the Shodan API Scripting a Google+ API search Downloading profile pictures using the Google+ API Harvesting additional results from the Google+ API using pagination Getting screenshots of websites with QtWebKit Screenshots based on a port list Spidering websites 2. Enumeration Performing a ping sweep with Scapy Scanning with Scapy Checking username validity Brute forcing usernames Enumerating files Brute forcing passwords Generating e-mail addresses from names Finding e-mail addresses from web pages Finding comments in source code 3. Vulnerability Identification Automated URL-based Directory Traversal Automated URL-based Cross-site scripting Automated parameter-based Cross-site scripting Automated fuzzing jQuery checking Header-based Cross-site scripting Shellshock checking 4. SQL Injection Checking jitter Identifying URL-based SQLi Exploiting Boolean SQLi Exploiting Blind SQL Injection Encoding payloads 5. Web Header Manipulation Testing HTTP methods Fingerprinting servers through HTTP headers Testing for insecure headers Brute forcing login through the Authorization header Testing for clickjacking vulnerabilities Identifying alternative sites by spoofing user agents Testing for insecure cookie flags Session fixation through a cookie injection 6. Image Analysis and Manipulation Hiding a message using LSB steganography Extracting messages hidden in LSB Hiding text in images Extracting text from images Enabling command and control using steganography 7. Encryption and Encoding Generating an MD5 hash Generating an SHA 1/128/256 hash Implementing SHA and MD5 hashes together Implementing SHA in a real-world scenario Generating a Bcrypt hash Cracking an MD5 hash Encoding with Base64 Encoding with ROT13 Cracking a substitution cipher Cracking the Atbash cipher Attacking one-time pad reuse Predicting a linear congruential generator Identifying hashes 8. Payloads and Shells Extracting data through HTTP requests Creating an HTTP C2 Creating an FTP C2 Creating an Twitter C2 Creating a simple Netcat shell 9. Reporting Converting Nmap XML to CSV Extracting links from a URL to Maltego Extracting e-mails to Maltego Parsing Sslscan into CSV Generating graphs using plot.ly Index

← Prev
Back
Next →

← Prev
Back
Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion