Python: Penetration Testing for Developers

(ebook) (audiobook) (audiobook)

Autorzy:: Christopher Duffy, Mohit Raj, Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May

Python: Penetration Testing for Developers Christopher Duffy, Mohit Raj, Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May - okładka książki

Python: Penetration Testing for Developers Christopher Duffy, Mohit Raj, Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May - okładka audiobooka MP3

Python: Penetration Testing for Developers Christopher Duffy, Mohit Raj, Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May - okładka audiobooks CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 650
Dostępne formaty:: PDF

ePub

Ebook

229,00 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level.

In the first module, we'll show you how to get to grips with the fundamentals. This means you'll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You'll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat.

In the next module you'll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert.

Finally in the third module, you'll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.

This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:

? Learning Penetration Testing with Python by Christopher Duffy

? Python Penetration Testing Essentials by Mohit

? Python Web Penetration Testing Cookbook by Cameron Buchanan,Terry Ip, Andrew Mabbitt, Benjamin May and Dave Mound

Wybrane bestsellery

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Oceny i opinie klientów: Python: Penetration Testing for Developers Christopher Duffy, Mohit Raj, Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: Python: Penetration Testing for Developers
ISBN Ebooka:: 978-17-871-2097-6, 9781787120976
Data wydania ebooka:: 2016-10-21 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 8.5MB
Rozmiar pliku ePub:: 18.8MB

Kategorie:
Hacking » Testy penetracyjne
Programowanie » Python - Programowanie
Systemy operacyjne » Linux

Spis treści książki

Python: Penetration Testing for Developers
- Table of Contents
- Python: Penetration Testing for Developers
- Python: Penetration Testing for Developers
- Credits
- Preface
  - What this learning path covers
  - What you need for this learning path
  - Who this learning path is for
  - Reader feedback
  - Customer support
    - Downloading the example code
    - Errata
    - Piracy
    - Questions
- 1. Module 1
  - 1. Understanding the Penetration Testing Methodology
    - An overview of penetration testing
    - Understanding what penetration testing is not
      - Vulnerability assessments
      - Reverse engineering engagements
      - Hacking
    - Assessment methodologies
    - The penetration testing execution standard
      - Pre-engagement interactions
        
        White Box Testing
        
        Grey Box Testing
        
        Black Box Testing
        
        Double Blind Testing
      - Intelligence gathering
      - Threat modeling
      - Vulnerability analysis
      - Exploitation
      - Post exploitation
      - Reporting
      - An example engagement
    - Penetration testing tools
      - NMAP
      - Metasploit
      - Veil
      - Burp Suite
      - Hydra
      - John the Ripper
        
        Cracking Windows passwords with John
      - oclHashcat
      - Ophcrack
      - Mimikatz and Incognito
      - SMBexec
      - Cewl
      - Responder
      - theHarvester and Recon-NG
      - pwdump and fgdump
      - Netcat
      - Sysinternals tools
    - Summary
  - 2. The Basics of Python Scripting
    - Understanding the difference between interpreted and compiled languages
    - Python the good and the bad
    - A Python interactive interpreter versus a script
    - Environmental variables and PATH
    - Understanding dynamically typed languages
    - The first Python script
    - Developing scripts and identifying errors
      - Reserved words, keywords, and built-in functions
      - Global and local variables
      - Understanding a namespace
      - Modules and imports
    - Python formatting
      - Indentation
    - Python variables
      - Debugging variable values
      - String variables
      - Number variables
      - Converting string and number variables
      - List variables
      - Tuple variables
      - Dictionary variables
      - Understanding default values and constructors
      - Passing a variable to a string
    - Operators
      - Comparison operators
      - Assignment operators
      - Arithmetic operators
      - Logical and membership operators
    - Compound statements
      - The if statements
      - Python loops
        
        The while loop
        
        The for loop
        
        The break condition
      - Conditional handlers
    - Functions
      - The impact of dynamically typed languages on functions on functions
      - Curly brackets
      - How to comment your code
    - The Python style guide
      - Classes
      - Functions
      - Variables and instance names
    - Arguments and options
    - Your first assessor script
    - Summary
  - 3. Identifying Targets with Nmap, Scapy, and Python
    - Understanding how systems communicate
      - The Ethernet frame architecture
        
        Layer 2 in Ethernet networks
        
        Layer 2 in wireless networks
      - The IP packet architecture
      - The TCP header architecture
      - Understanding how TCP works
        
        The TCP three-way handshake
      - The UDP header architecture
      - Understanding how UDP works
    - Understanding Nmap
      - Inputting the target ranges for Nmap
      - Executing the different scan types
        
        Executing TCP full connection scans
        
        Executing SYN scans
        
        Executing ACK scans
        
        Executing UDP scans
      - Executing combined UDP and TCP scans
      - Skipping the operating system scans
      - Different output types
        
        Understanding the Nmap Grepable output
        
        Understanding the Nmap XML output
      - The Nmap scripting engine
      - Being efficient with Nmap scans
        
        Determining your interface details with the netifaces library
    - Nmap libraries for Python
    - The Scapy library for Python
    - Summary
  - 4. Executing Credential Attacks with Python
    - The types of credential attacks
      - Defining the online credential attack
      - Defining the offline credential attack
    - Identifying the target
    - Creating targeted usernames
      - Generating and verifying usernames with help from the U.S. census
      - Generating the usernames
    - Testing for users using SMTP VRFY
      - Creating the SMTP VRFY script
    - Summary
  - 5. Exploiting Services with Python
    - Understanding the new age of service exploitation
    - Understanding the chaining of exploits
      - Checking for weak, default, or known passwords
      - Gaining root access to the system
      - Understanding the cracking of Linux hashes
      - Testing for the synchronization of account credentials
    - Automating the exploit train with Python
    - Summary
  - 6. Assessing Web Applications with Python
    - Identifying live applications versus open ports
    - Identifying hidden files and directories with Python
    - Credential attacks with Burp Suite
    - Using twill to walk through the source
    - Understanding when to use Python for web assessments
      - Understanding when to use specific libraries
      - Being efficient during web assessments
    - Summary
  - 7. Cracking the Perimeter with Python
    - Understanding todays perimeter
      - Clear-text protocols
      - Web applications
      - Encrypted remote access services
      - Virtual Private Networks (VPNs)
      - Mail services
      - Domain Name Service (DNS)
      - User Datagram Protocol (UDP) services
    - Understanding the link between accounts and services
    - Cracking inboxes with Burp Suite
    - Identifying the attack path
      - Understanding the limitations of perimeter scanning
      - Downloading backup files from a TFTP server
        
        Determining the backup filenames
      - Cracking Cisco MD5 hashes
    - Gaining access through websites
      - The execution of file inclusion attacks
        
        Verifying an RFI vulnerability
        
        Exploiting the hosts through RFI
    - Summary
  - 8. Exploit Development with Python, Metasploit, and Immunity
    - Getting started with registers
      - Understanding general purpose registers
        
        The EAX
        
        The EBX
        
        The ECX
        
        The EDX
      - Understanding special purpose registers
        
        The EBP
        
        The EDI
        
        The EIP
        
        The ESP
    - Understanding the Windows memory structure
      - Understanding the stack and the heap
      - Understanding the program image and dynamic-link libraries
      - Understanding the process environment block
      - Understanding the thread environment block
      - Kernel
    - Understanding memory addresses and endianness
    - Understanding the manipulation of the stack
    - Understanding immunity
    - Understanding basic buffer overflow
    - Writing a basic buffer overflow exploit
    - Understanding stack adjustments
    - Understanding the purpose of local exploits
    - Understanding other exploit scripts
      - Exploiting standalone binaries by executing scripts
      - Exploiting systems by TCP service
      - Exploiting systems by UDP service
    - Reversing Metasploit modules
    - Understanding protection mechanisms
    - Summary
  - 9. Automating Reports and Tasks with Python
    - Understanding how to parse XML files for reports
    - Understanding how to create a Python class
      - Creating a Python script to parse an Nmap XML
      - Creating a Python script to generate Excel spreadsheets
    - Summary
  - 10. Adding Permanency to Python Tools
    - Understanding logging within Python
    - Understanding the difference between multithreading and multiprocessing
      - Creating a multithreaded script in Python
      - Creating a multiprocessing script in Python
    - Building industry-standard tools
    - Summary
- 2. Module 2
  - 1. Python with Penetration Testing and Networking
    - Introducing the scope of pentesting
      - The need for pentesting
      - Components to be tested
      - Qualities of a good pentester
      - Defining the scope of pentesting
    - Approaches to pentesting
    - Introducing Python scripting
    - Understanding the tests and tools you'll need
    - Learning the common testing platforms with Python
    - Network sockets
    - Server socket methods
    - Client socket methods
    - General socket methods
    - Moving on to the practical
      - Socket exceptions
      - Useful socket methods
    - Summary
  - 2. Scanning Pentesting
    - How to check live systems in a network and the concept of a live system
      - Ping sweep
      - The TCP scan concept and its implementation using a Python script
      - How to create an efficient IP scanner
    - What are the services running on the target machine?
      - The concept of a port scanner
      - How to create an efficient port scanner
    - Summary
  - 3. Sniffing and Penetration Testing
    - Introducing a network sniffer
      - Passive sniffing
      - Active sniffing
    - Implementing a network sniffer using Python
      - Format characters
    - Learning about packet crafting
    - Introducing ARP spoofing and implementing it using Python
      - The ARP request
      - The ARP reply
      - The ARP cache
    - Testing the security system using custom packet crafting and injection
      - Network disassociation
      - A half-open scan
      - The FIN scan
      - ACK flag scanning
      - Ping of death
    - Summary
  - 4. Wireless Pentesting
    - Wireless SSID finding and wireless traffic analysis by Python
      - Detecting clients of an AP
    - Wireless attacks
      - The deauthentication (deauth) attacks
      - The MAC flooding attack
        
        How the switch uses the CAM tables
        
        The MAC flood logic
    - Summary
  - 5. Foot Printing of a Web Server and a Web Application
    - The concept of foot printing of a web server
    - Introducing information gathering
      - Checking the HTTP header
    - Information gathering of a website from SmartWhois by the parser BeautifulSoup
    - Banner grabbing of a website
    - Hardening of a web server
    - Summary
  - 6. Client-side and DDoS Attacks
    - Introducing client-side validation
    - Tampering with the client-side parameter with Python
    - Effects of parameter tampering on business
    - Introducing DoS and DDoS
      - Single IP single port
      - Single IP multiple port
      - Multiple IP multiple port
      - Detection of DDoS
    - Summary
  - 7. Pentesting of SQLI and XSS
    - Introducing the SQL injection attack
    - Types of SQL injections
      - Simple SQL injection
      - Blind SQL injection
    - Understanding the SQL injection attack by a Python script
    - Learning about Cross-Site scripting
      - Persistent or stored XSS
      - Nonpersistent or reflected XSS
    - Summary
- 3. Module 3
  - 1. Gathering Open Source Intelligence
    - Introduction
    - Gathering information using the Shodan API
      - Getting ready
      - How to do it
      - How it works
      - There's more
    - Scripting a Google+ API search
      - Getting ready
      - How to do it
      - How it works
      - See also
      - There's more
    - Downloading profile pictures using the Google+ API
      - How to do it
      - How it works
    - Harvesting additional results from the Google+ API using pagination
      - How to do it
      - How it works
    - Getting screenshots of websites with QtWebKit
      - Getting ready
      - How to do it
      - How it works
      - There's more
    - Screenshots based on a port list
      - Getting ready
      - How to do it
      - How it works
      - There's more
    - Spidering websites
      - Getting ready
      - How to do it
      - How it works
      - There's more
  - 2. Enumeration
    - Introduction
    - Performing a ping sweep with Scapy
      - How to do it
      - How it works
    - Scanning with Scapy
      - How to do it
      - How it works
      - There's more
    - Checking username validity
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - Brute forcing usernames
      - Getting ready
      - How to do it
      - How it works
      - See also
    - Enumerating files
      - Getting ready
      - How to do it
      - How it works
    - Brute forcing passwords
      - Getting ready
      - How to do it
      - How it works
      - See also
    - Generating e-mail addresses from names
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - Finding e-mail addresses from web pages
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - Finding comments in source code
      - How to do it
      - How it works
      - There's more
  - 3. Vulnerability Identification
    - Introduction
    - Automated URL-based Directory Traversal
      - Getting ready
      - How to do it
      - How it works
      - There's more
    - Automated URL-based Cross-site scripting
      - How to do it
      - How it works
      - There's more
    - Automated parameter-based Cross-site scripting
      - How to do it
      - How it works
      - There's more
    - Automated fuzzing
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - jQuery checking
      - How to do it
      - How it works
      - There's more
    - Header-based Cross-site scripting
      - Getting ready
      - How to do it
      - How it works
      - See also
    - Shellshock checking
      - Getting ready
      - How to do it
      - How it works
  - 4. SQL Injection
    - Introduction
    - Checking jitter
      - How to do it
      - How it works
      - There's more
    - Identifying URL-based SQLi
      - How to do it
      - How it works
      - There's more
    - Exploiting Boolean SQLi
      - How to do it
      - How it works
      - There's more
    - Exploiting Blind SQL Injection
      - How to do it
      - How it works
      - There's more
    - Encoding payloads
      - How to do it
      - How it works
      - There's more
  - 5. Web Header Manipulation
    - Introduction
    - Testing HTTP methods
      - How to do it
      - How it works
      - There's more
    - Fingerprinting servers through HTTP headers
      - How to do it
      - How it works
      - There's more
    - Testing for insecure headers
      - Getting ready
      - How to do it
      - How it works
    - Brute forcing login through the Authorization header
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - Testing for clickjacking vulnerabilities
      - How to do it
      - How it works
    - Identifying alternative sites by spoofing user agents
      - How to do it
      - How it works
      - See also
    - Testing for insecure cookie flags
      - How to do it
      - How it works
      - There's more
    - Session fixation through a cookie injection
      - Getting ready
      - How to do it
      - How it works
      - There's more
  - 6. Image Analysis and Manipulation
    - Introduction
    - Hiding a message using LSB steganography
      - Getting ready
      - How to do it
      - How it works
      - There's more
      - See also
    - Extracting messages hidden in LSB
      - How to do it
      - How it works
      - There's more
    - Hiding text in images
      - How to do it
      - How it works
      - There's more
    - Extracting text from images
      - How to do it
      - How it works
      - There's more
    - Enabling command and control using steganography
      - Getting ready
      - How to do it
      - How it works
  - 7. Encryption and Encoding
    - Introduction
    - Generating an MD5 hash
      - Getting ready
      - How to do it
      - How it works
    - Generating an SHA 1/128/256 hash
      - Getting ready
      - How to do it
      - How it works
    - Implementing SHA and MD5 hashes together
      - Getting ready
      - How to do it
      - How it works
    - Implementing SHA in a real-world scenario
      - Getting ready
      - How to do it
      - How it works
    - Generating a Bcrypt hash
      - Getting ready
      - How to do it
      - How it works
    - Cracking an MD5 hash
      - Getting ready
      - How to do it
      - How it works
    - Encoding with Base64
      - Getting ready
      - How to do it
      - How it works
    - Encoding with ROT13
      - Getting ready
      - How to do it
      - How it works
    - Cracking a substitution cipher
      - Getting ready
      - How to do it
      - How it works
    - Cracking the Atbash cipher
      - Getting ready
      - How to do it
      - How it works
    - Attacking one-time pad reuse
      - Getting ready
      - How to do it
      - How it works
    - Predicting a linear congruential generator
      - Getting ready
      - How to do it
      - How it works
    - Identifying hashes
      - Getting ready
      - How to do it
      - How it works
  - 8. Payloads and Shells
    - Introduction
    - Extracting data through HTTP requests
      - Getting Ready
      - How to do it
      - How it works
    - Creating an HTTP C2
      - Getting Started
      - How to do it
      - How it works
    - Creating an FTP C2
      - Getting Started
      - How to do it
      - How it works
    - Creating an Twitter C2
      - Getting Started
      - How to do it
      - How it works
    - Creating a simple Netcat shell
      - How to do it
      - How it works
  - 9. Reporting
    - Introduction
    - Converting Nmap XML to CSV
      - Getting ready
      - How to do it
      - How it works
    - Extracting links from a URL to Maltego
      - How to do it
      - How it works
      - Theres more
    - Extracting e-mails to Maltego
      - How to do it
      - How it works
    - Parsing Sslscan into CSV
      - How to do it
      - How it works
    - Generating graphs using plot.ly
      - Getting ready
      - How to do it
      - How it works
- A. Bibliography
- Index

pokaż cały spis treści