舉報 
會員
Hands-On Penetration Testing with Python
Withthecurrenttechnologicalandinfrastructuralshift,penetrationtestingisnolongeraprocess-orientedactivity.Modern-daypenetrationtestingdemandslotsofautomationandinnovation;theonlylanguagethatdominatesallitspeersisPython.GiventhehugenumberoftoolswritteninPython,anditspopularityinthepenetrationtestingspace,thislanguagehasalwaysbeenthefirstchoiceforpenetrationtesters.Hands-OnPenetrationTestingwithPythonwalksyouthroughadvancedPythonprogrammingconstructs.Onceyouarefamiliarwiththecoreconcepts,you’llexploretheadvancedusesofPythoninthedomainofpenetrationtestingandoptimization.You’llthenmoveontounderstandinghowPython,datascience,andthecybersecurityecosystemcommunicatewithoneanother.Intheconcludingchapters,you’llstudyexploitdevelopment,reverseengineering,andcybersecurityusecasesthatcanbeautomatedwithPython.Bytheendofthisbook,you’llhaveacquiredadequateskillstoleveragePythonasahelpfultooltopentestandsecureinfrastructure,whilealsocreatingyourowncustomexploits.
目錄(311章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Penetration Testing with Python
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Introduction to Python
- Technical requirements
- Why Python?
- About Python – compiled or interpreted
- Installing Python
- Getting started
- Variables and keywords
- Variable naming conventions
- Python keywords
- Python data types
- Numbers
- String types
- String indexes
- String operations through methods and built-in functions
- The replace( ) method
- Substrings or string slicing
- String concatenation and replication
- The strip() lstrip() and rstrip() methods
- The split() method
- The find() index() upper() lower() len() and count() methods
- The in and not in methods
- The endswith() isdigit() isalpha() islower() isupper() and capitalize() methods
- List types
- Slicing the lists
- Merging and updating lists
- Copying lists
- Removing elements from lists
- Replication with len() max() and min()
- in and not in
- Tuples in Python
- Dictionaries in Python
- Python operators
- Summary
- Questions
- Building Python Scripts
- Technical requirements
- Indentation
- Conditional statements
- The if condition
- The if...else condition
- The if...elif condition
- Loops
- The while loop
- The for loop
- Iteration iterable and iterator
- A closer look at for loops
- Functions and methods in Python
- Modules and packages
- Generators and comprehensions
- Comprehensions
- Map Lambda zip and filters
- Summary
- Questions
- Further reading
- Concept Handling
- Object-oriented programming in Python
- Classes and objects
- Class relationships
- Inheritance
- Access modifiers in Python
- Composition
- Association
- Aggregation
- Abstract classes
- Polymorphism
- Polymorphism with functions
- Polymorphism with classes (abstract classes)
- Static instance and class methods in Python
- Files directories and I/O access
- File access and manipulation
- Renaming and deleting files and accessing directories
- Console I/O
- Regular expressions in Python
- Data manipulation and parsing with XML JSON and CSV data
- XML data manipulation
- JSON data manipulation
- CSV
- Exception handling
- Summary
- Questions
- Further reading
- Advanced Python Modules
- Multitasking with threads
- Demonic and non-demonic threads
- Thread joins and enumeration
- Intercommunication between threads
- Thread concurrency control
- Multitasking with processes
- Demonic and non-demonic processes
- Process joins enumeration and termination
- Multiprocess pooling
- Subprocesses
- Socket programming basics
- Reverse TCP shells with Python
- Summary
- Questions
- Further reading
- Vulnerability Scanner Python - Part 1
- Introducing Nmap
- Building a network scanner with Python
- Controlling the Nmap output with the script
- Using the Nmap module to conduct Nmap port scanning
- Objective and architectural overview
- Port scanning
- Service scanning
- A closer look at the code
- Getting started
- Executing the code
- Database schema for the port scanning portion of the vulnerability scanner
- Summary
- Questions
- Further reading
- Vulnerability Scanner Python - Part 2
- Architectural overview
- A closer look at the code
- Driver_scanner.py
- driver_meta.py
- main()
- parse_and_process()
- launchConfiguration()
- launchExploits()
- auto_commands.py
- Pexpect – automating terminal: <SSH Telnet Wireshark w3af>
- custom_meta() – automating Metasploit
- singleLineCommands_Timeout() – automating Java Ruby Perl NSE Python Bash scripts
- general_interactive() – automating interactive terminal scripts (test_ssl.sh)
- generalCommands_Tout_Sniff() – automating Tshark
- HTTP_based() – automating web specific use-cases
- Storing details in database
- Executing the code
- Database schema for the service-scanning portion of the vulnerability scanner
- GUI version of vulnerability scanner
- Usage [PTO-GUI]
- Scanning modules
- Sequential mode
- Reconfiguration after discovery is finished
- Concurrent mode
- Sequential default mode
- Pausing and resuming scans
- Downloading reports or analyzing when scan would be completed
- Reporting
- Summary
- Questions
- Further reading
- Machine Learning and Cybersecurity
- Machine Learning
- Setting up a Machine Learning environment in Kali Linux
- Regression-based machine learning models
- Simple linear regression
- How does the regression model work?
- Multiple linear regression
- Classification models
- Naive Bayes classifier
- Summarizing the Naive Bayes classifier
- Implementation code
- Natural language processing
- Using natural language processing with penetration testing reports
- Step 1 – tagging the raw data
- Step 2 – writing the code to train and test our model
- Summary
- Questions
- Further reading
- Automating Web Application Scanning - Part 1
- Automating web application scanning with Burp Suite
- Burp automation with Python
- SQL injection
- Automatic detection of SQL injection with Python
- Summary
- Questions
- Further reading
- Automated Web Application Scanning - Part 2
- XSS
- Stored or Type 1 XSS attacks
- Reflected or Type 2 XSS attacks
- DOM-based or Type 0 XSS attacks
- Automatic detection of XSS with Python
- Script in action
- CSRF
- Automatically detecting CSRF with Python
- Script in action
- Clickjacking
- X-Frame-Options
- Automatically detecting clickjacking with Python
- SSL stripping (missing HSTS header)
- Automatically detecting missing HSTS with Python
- Summary
- Questions
- Further reading
- Building a Custom Crawler
- Setup and installations
- Getting started
- Crawler code
- Urls.py and Views.py code snippet
- Code explanation
- Driver code – run_crawler.py
- Crawler code – crawler.py
- Execution of code
- Summary
- Questions
- Further reading
- Reverse Engineering Linux Applications
- Debugger
- Fuzzing Linux applications
- Fuzzing in action
- Linux and assembly code
- Stack buffer overflow in Linux
- Exploiting a buffer overflow
- Heap buffer overflow in Linux
- String format vulnerabilities
- Summary
- Questions
- Further reading
- Reverse Engineering Windows Applications
- Debuggers
- Fuzzing Windows applications
- Windows and assembly
- Exploiting buffer overflows in Windows
- Summary
- Questions
- Further reading
- Exploit Development
- Scripting exploits over web-based vulnerabilities
- Manually executing an LFI exploit
- Reverse shell with Netcat
- Reverse shell with Python
- Exploit development (LFI + RFI)
- LFI/RFI exploit code
- Executing the LFI exploit
- Executing the RFI exploit
- Developing a Metasploit module to exploit a network service
- Encoding shell codes to avoid detection
- Downloading and installing Veil
- Summary
- Questions
- Further reading
- Cyber Threat Intelligence
- Introduction to cyber threat intelligence
- Manual threat intelligence
- Automated threat intelligence
- Cyber threat intelligence platforms
- Tools and API
- MISP
- Installing MISP
- Threat scoring capability
- MISP UI and API
- MISP API (PyMISP)
- Threat scoring
- Threat scoring weighed file
- Threat scoring algorithm
- Executing the code
- STIX and TAXII and external lookups
- External lookups
- Summary
- Questions
- Further reading
- Other Wonders of Python
- Report parsers
- Nmap parser
- Running the code
- Nessus parser
- Running the code
- The need to have custom parsers
- Keylogger and exfiltration via sockets
- pyxhook – a Linux based Keylogger
- pyhook – a Windows-based keylogger
- Parsing Twitter tweets
- Stealing browser passwords with Python
- Python for antivirus-free persistence shells
- Summary
- Questions
- Further reading
- Assessments
- Chapter 1 Introduction to Python
- Chapter 2 Building Python Scripts
- Chapter 3 Concept Handling
- Chapter 4 Advanced Python Modules
- Chapter 5 Vulnerability Scanner Python - Part 1
- Chapter 6 Vulnerability Scanner Python - Part 2
- Chapter 7 Machine Learning and Cybersecurity
- Chapter 8 Automating Web Application Scanning - Part 1
- Chapter 9 Automating Web Application Scanning - Part 2
- Chapter 10 Building a Custom Crawler
- Chapter 11 Reverse Engineering Linux Applications
- Chapter 12 Reverse Engineering Windows Applications
- Chapter 13 Exploit Development
- Chapter 14 Cyber Threat Intelligence
- Chapter 15 Other Wonders of Python
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-02 14:14:57
推薦閱讀
- C語言程序設計(第2 版)
- 樂高機器人設計技巧:EV3結構設計與編程指導
- AutoCAD VBA參數化繪圖程序開發與實戰編碼
- HTML5+CSS3網頁設計
- Nginx實戰:基于Lua語言的配置、開發與架構詳解
- JavaCAPS基礎、應用與案例
- Python算法指南:程序員經典算法分析與實現
- HTML5+CSS3 Web前端開發技術(第2版)
- Oracle數據庫編程經典300例
- NGUI for Unity
- Java Hibernate Cookbook
- 深入理解Kafka:核心設計與實踐原理
- 用Python動手學統計學
- JavaScript Unit Testing
- Leaflet.js Essentials
- ASP.NET jQuery Cookbook(Second Edition)
- 面向物聯網的Android應用開發與實踐
- The Java Workshop
- Jenkins 2.x Continuous Integration Cookbook(Third Edition)
- Python3網絡爬蟲寶典
- Introduction to Programming
- Access 2013數據庫應用案例課堂
- TypeScript實戰
- PhoneGap and AngularJS for Cross:platform Development
- 自然語言處理實戰:從入門到項目實踐
- JavaScript入門經典(第7版)
- CPU眼里的C/C++
- Learning Internet of Things
- Home Automation with Intel Galileo
- Arduino iOS Blueprints
