舉報 
會員
Hands-On Penetration Testing with Python
Furqan Khan 著
更新時間:2021-07-02 14:14:57
開會員,本書免費讀 >
Withthecurrenttechnologicalandinfrastructuralshift,penetrationtestingisnolongeraprocess-orientedactivity.Modern-daypenetrationtestingdemandslotsofautomationandinnovation;theonlylanguagethatdominatesallitspeersisPython.GiventhehugenumberoftoolswritteninPython,anditspopularityinthepenetrationtestingspace,thislanguagehasalwaysbeenthefirstchoiceforpenetrationtesters.Hands-OnPenetrationTestingwithPythonwalksyouthroughadvancedPythonprogrammingconstructs.Onceyouarefamiliarwiththecoreconcepts,you’llexploretheadvancedusesofPythoninthedomainofpenetrationtestingandoptimization.You’llthenmoveontounderstandinghowPython,datascience,andthecybersecurityecosystemcommunicatewithoneanother.Intheconcludingchapters,you’llstudyexploitdevelopment,reverseengineering,andcybersecurityusecasesthatcanbeautomatedwithPython.Bytheendofthisbook,you’llhaveacquiredadequateskillstoleveragePythonasahelpfultooltopentestandsecureinfrastructure,whilealsocreatingyourowncustomexploits.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Chapter 15 Other Wonders of Python
- Chapter 14 Cyber Threat Intelligence
- Chapter 13 Exploit Development
- Chapter 12 Reverse Engineering Windows Applications
品牌:中圖公司
上架時間:2021-07-02 12:33:53
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-07-02 14:14:57
- Other Books You May Enjoy
- Chapter 15 Other Wonders of Python
- Chapter 14 Cyber Threat Intelligence
- Chapter 13 Exploit Development
- Chapter 12 Reverse Engineering Windows Applications
- Chapter 11 Reverse Engineering Linux Applications
- Chapter 10 Building a Custom Crawler
- Chapter 9 Automating Web Application Scanning - Part 2
- Chapter 8 Automating Web Application Scanning - Part 1
- Chapter 7 Machine Learning and Cybersecurity
- Chapter 6 Vulnerability Scanner Python - Part 2
- Chapter 5 Vulnerability Scanner Python - Part 1
- Chapter 4 Advanced Python Modules
- Chapter 3 Concept Handling
- Chapter 2 Building Python Scripts
- Chapter 1 Introduction to Python
- Assessments
- Further reading
- Questions
- Summary
- Python for antivirus-free persistence shells
- Stealing browser passwords with Python
- Parsing Twitter tweets
- pyhook – a Windows-based keylogger
- pyxhook – a Linux based Keylogger
- Keylogger and exfiltration via sockets
- The need to have custom parsers
- Running the code
- Nessus parser
- Running the code
- Nmap parser
- Report parsers
- Other Wonders of Python
- Further reading
- Questions
- Summary
- External lookups
- STIX and TAXII and external lookups
- Executing the code
- Threat scoring algorithm
- Threat scoring weighed file
- Threat scoring
- MISP API (PyMISP)
- MISP UI and API
- Threat scoring capability
- Installing MISP
- MISP
- Tools and API
- Cyber threat intelligence platforms
- Automated threat intelligence
- Manual threat intelligence
- Introduction to cyber threat intelligence
- Cyber Threat Intelligence
- Further reading
- Questions
- Summary
- Downloading and installing Veil
- Encoding shell codes to avoid detection
- Developing a Metasploit module to exploit a network service
- Executing the RFI exploit
- Executing the LFI exploit
- LFI/RFI exploit code
- Exploit development (LFI + RFI)
- Reverse shell with Python
- Reverse shell with Netcat
- Manually executing an LFI exploit
- Scripting exploits over web-based vulnerabilities
- Exploit Development
- Further reading
- Questions
- Summary
- Exploiting buffer overflows in Windows
- Windows and assembly
- Fuzzing Windows applications
- Debuggers
- Reverse Engineering Windows Applications
- Further reading
- Questions
- Summary
- String format vulnerabilities
- Heap buffer overflow in Linux
- Exploiting a buffer overflow
- Stack buffer overflow in Linux
- Linux and assembly code
- Fuzzing in action
- Fuzzing Linux applications
- Debugger
- Reverse Engineering Linux Applications
- Further reading
- Questions
- Summary
- Execution of code
- Crawler code – crawler.py
- Driver code – run_crawler.py
- Code explanation
- Urls.py and Views.py code snippet
- Crawler code
- Getting started
- Setup and installations
- Building a Custom Crawler
- Further reading
- Questions
- Summary
- Automatically detecting missing HSTS with Python
- SSL stripping (missing HSTS header)
- Automatically detecting clickjacking with Python
- X-Frame-Options
- Clickjacking
- Script in action
- Automatically detecting CSRF with Python
- CSRF
- Script in action
- Automatic detection of XSS with Python
- DOM-based or Type 0 XSS attacks
- Reflected or Type 2 XSS attacks
- Stored or Type 1 XSS attacks
- XSS
- Automated Web Application Scanning - Part 2
- Further reading
- Questions
- Summary
- Automatic detection of SQL injection with Python
- SQL injection
- Burp automation with Python
- Automating web application scanning with Burp Suite
- Automating Web Application Scanning - Part 1
- Further reading
- Questions
- Summary
- Step 2 – writing the code to train and test our model
- Step 1 – tagging the raw data
- Using natural language processing with penetration testing reports
- Natural language processing
- Implementation code
- Summarizing the Naive Bayes classifier
- Naive Bayes classifier
- Classification models
- Multiple linear regression
- How does the regression model work?
- Simple linear regression
- Regression-based machine learning models
- Setting up a Machine Learning environment in Kali Linux
- Machine Learning
- Machine Learning and Cybersecurity
- Further reading
- Questions
- Summary
- Reporting
- Downloading reports or analyzing when scan would be completed
- Pausing and resuming scans
- Sequential default mode
- Concurrent mode
- Reconfiguration after discovery is finished
- Sequential mode
- Scanning modules
- Usage [PTO-GUI]
- GUI version of vulnerability scanner
- Database schema for the service-scanning portion of the vulnerability scanner
- Executing the code
- Storing details in database
- HTTP_based() – automating web specific use-cases
- generalCommands_Tout_Sniff() – automating Tshark
- general_interactive() – automating interactive terminal scripts (test_ssl.sh)
- singleLineCommands_Timeout() – automating Java Ruby Perl NSE Python Bash scripts
- custom_meta() – automating Metasploit
- Pexpect – automating terminal: <SSH Telnet Wireshark w3af>
- auto_commands.py
- launchExploits()
- launchConfiguration()
- parse_and_process()
- main()
- driver_meta.py
- Driver_scanner.py
- A closer look at the code
- Architectural overview
- Vulnerability Scanner Python - Part 2
- Further reading
- Questions
- Summary
- Database schema for the port scanning portion of the vulnerability scanner
- Executing the code
- Getting started
- A closer look at the code
- Service scanning
- Port scanning
- Objective and architectural overview
- Using the Nmap module to conduct Nmap port scanning
- Controlling the Nmap output with the script
- Building a network scanner with Python
- Introducing Nmap
- Vulnerability Scanner Python - Part 1
- Further reading
- Questions
- Summary
- Reverse TCP shells with Python
- Socket programming basics
- Subprocesses
- Multiprocess pooling
- Process joins enumeration and termination
- Demonic and non-demonic processes
- Multitasking with processes
- Thread concurrency control
- Intercommunication between threads
- Thread joins and enumeration
- Demonic and non-demonic threads
- Multitasking with threads
- Advanced Python Modules
- Further reading
- Questions
- Summary
- Exception handling
- CSV
- JSON data manipulation
- XML data manipulation
- Data manipulation and parsing with XML JSON and CSV data
- Regular expressions in Python
- Console I/O
- Renaming and deleting files and accessing directories
- File access and manipulation
- Files directories and I/O access
- Static instance and class methods in Python
- Polymorphism with classes (abstract classes)
- Polymorphism with functions
- Polymorphism
- Abstract classes
- Aggregation
- Association
- Composition
- Access modifiers in Python
- Inheritance
- Class relationships
- Classes and objects
- Object-oriented programming in Python
- Concept Handling
- Further reading
- Questions
- Summary
- Map Lambda zip and filters
- Comprehensions
- Generators and comprehensions
- Modules and packages
- Functions and methods in Python
- A closer look at for loops
- Iteration iterable and iterator
- The for loop
- The while loop
- Loops
- The if...elif condition
- The if...else condition
- The if condition
- Conditional statements
- Indentation
- Technical requirements
- Building Python Scripts
- Questions
- Summary
- Python operators
- Dictionaries in Python
- Tuples in Python
- in and not in
- Replication with len() max() and min()
- Removing elements from lists
- Copying lists
- Merging and updating lists
- Slicing the lists
- List types
- The endswith() isdigit() isalpha() islower() isupper() and capitalize() methods
- The in and not in methods
- The find() index() upper() lower() len() and count() methods
- The split() method
- The strip() lstrip() and rstrip() methods
- String concatenation and replication
- Substrings or string slicing
- The replace( ) method
- String operations through methods and built-in functions
- String indexes
- String types
- Numbers
- Python data types
- Python keywords
- Variable naming conventions
- Variables and keywords
- Getting started
- Installing Python
- About Python – compiled or interpreted
- Why Python?
- Technical requirements
- Introduction to Python
- Disclaimer
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the author
- Contributors
- Packt.com
- Why subscribe?
- About Packt
- Dedication
- Hands-On Penetration Testing with Python
- Copyright and Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Penetration Testing with Python
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Introduction to Python
- Technical requirements
- Why Python?
- About Python – compiled or interpreted
- Installing Python
- Getting started
- Variables and keywords
- Variable naming conventions
- Python keywords
- Python data types
- Numbers
- String types
- String indexes
- String operations through methods and built-in functions
- The replace( ) method
- Substrings or string slicing
- String concatenation and replication
- The strip() lstrip() and rstrip() methods
- The split() method
- The find() index() upper() lower() len() and count() methods
- The in and not in methods
- The endswith() isdigit() isalpha() islower() isupper() and capitalize() methods
- List types
- Slicing the lists
- Merging and updating lists
- Copying lists
- Removing elements from lists
- Replication with len() max() and min()
- in and not in
- Tuples in Python
- Dictionaries in Python
- Python operators
- Summary
- Questions
- Building Python Scripts
- Technical requirements
- Indentation
- Conditional statements
- The if condition
- The if...else condition
- The if...elif condition
- Loops
- The while loop
- The for loop
- Iteration iterable and iterator
- A closer look at for loops
- Functions and methods in Python
- Modules and packages
- Generators and comprehensions
- Comprehensions
- Map Lambda zip and filters
- Summary
- Questions
- Further reading
- Concept Handling
- Object-oriented programming in Python
- Classes and objects
- Class relationships
- Inheritance
- Access modifiers in Python
- Composition
- Association
- Aggregation
- Abstract classes
- Polymorphism
- Polymorphism with functions
- Polymorphism with classes (abstract classes)
- Static instance and class methods in Python
- Files directories and I/O access
- File access and manipulation
- Renaming and deleting files and accessing directories
- Console I/O
- Regular expressions in Python
- Data manipulation and parsing with XML JSON and CSV data
- XML data manipulation
- JSON data manipulation
- CSV
- Exception handling
- Summary
- Questions
- Further reading
- Advanced Python Modules
- Multitasking with threads
- Demonic and non-demonic threads
- Thread joins and enumeration
- Intercommunication between threads
- Thread concurrency control
- Multitasking with processes
- Demonic and non-demonic processes
- Process joins enumeration and termination
- Multiprocess pooling
- Subprocesses
- Socket programming basics
- Reverse TCP shells with Python
- Summary
- Questions
- Further reading
- Vulnerability Scanner Python - Part 1
- Introducing Nmap
- Building a network scanner with Python
- Controlling the Nmap output with the script
- Using the Nmap module to conduct Nmap port scanning
- Objective and architectural overview
- Port scanning
- Service scanning
- A closer look at the code
- Getting started
- Executing the code
- Database schema for the port scanning portion of the vulnerability scanner
- Summary
- Questions
- Further reading
- Vulnerability Scanner Python - Part 2
- Architectural overview
- A closer look at the code
- Driver_scanner.py
- driver_meta.py
- main()
- parse_and_process()
- launchConfiguration()
- launchExploits()
- auto_commands.py
- Pexpect – automating terminal: <SSH Telnet Wireshark w3af>
- custom_meta() – automating Metasploit
- singleLineCommands_Timeout() – automating Java Ruby Perl NSE Python Bash scripts
- general_interactive() – automating interactive terminal scripts (test_ssl.sh)
- generalCommands_Tout_Sniff() – automating Tshark
- HTTP_based() – automating web specific use-cases
- Storing details in database
- Executing the code
- Database schema for the service-scanning portion of the vulnerability scanner
- GUI version of vulnerability scanner
- Usage [PTO-GUI]
- Scanning modules
- Sequential mode
- Reconfiguration after discovery is finished
- Concurrent mode
- Sequential default mode
- Pausing and resuming scans
- Downloading reports or analyzing when scan would be completed
- Reporting
- Summary
- Questions
- Further reading
- Machine Learning and Cybersecurity
- Machine Learning
- Setting up a Machine Learning environment in Kali Linux
- Regression-based machine learning models
- Simple linear regression
- How does the regression model work?
- Multiple linear regression
- Classification models
- Naive Bayes classifier
- Summarizing the Naive Bayes classifier
- Implementation code
- Natural language processing
- Using natural language processing with penetration testing reports
- Step 1 – tagging the raw data
- Step 2 – writing the code to train and test our model
- Summary
- Questions
- Further reading
- Automating Web Application Scanning - Part 1
- Automating web application scanning with Burp Suite
- Burp automation with Python
- SQL injection
- Automatic detection of SQL injection with Python
- Summary
- Questions
- Further reading
- Automated Web Application Scanning - Part 2
- XSS
- Stored or Type 1 XSS attacks
- Reflected or Type 2 XSS attacks
- DOM-based or Type 0 XSS attacks
- Automatic detection of XSS with Python
- Script in action
- CSRF
- Automatically detecting CSRF with Python
- Script in action
- Clickjacking
- X-Frame-Options
- Automatically detecting clickjacking with Python
- SSL stripping (missing HSTS header)
- Automatically detecting missing HSTS with Python
- Summary
- Questions
- Further reading
- Building a Custom Crawler
- Setup and installations
- Getting started
- Crawler code
- Urls.py and Views.py code snippet
- Code explanation
- Driver code – run_crawler.py
- Crawler code – crawler.py
- Execution of code
- Summary
- Questions
- Further reading
- Reverse Engineering Linux Applications
- Debugger
- Fuzzing Linux applications
- Fuzzing in action
- Linux and assembly code
- Stack buffer overflow in Linux
- Exploiting a buffer overflow
- Heap buffer overflow in Linux
- String format vulnerabilities
- Summary
- Questions
- Further reading
- Reverse Engineering Windows Applications
- Debuggers
- Fuzzing Windows applications
- Windows and assembly
- Exploiting buffer overflows in Windows
- Summary
- Questions
- Further reading
- Exploit Development
- Scripting exploits over web-based vulnerabilities
- Manually executing an LFI exploit
- Reverse shell with Netcat
- Reverse shell with Python
- Exploit development (LFI + RFI)
- LFI/RFI exploit code
- Executing the LFI exploit
- Executing the RFI exploit
- Developing a Metasploit module to exploit a network service
- Encoding shell codes to avoid detection
- Downloading and installing Veil
- Summary
- Questions
- Further reading
- Cyber Threat Intelligence
- Introduction to cyber threat intelligence
- Manual threat intelligence
- Automated threat intelligence
- Cyber threat intelligence platforms
- Tools and API
- MISP
- Installing MISP
- Threat scoring capability
- MISP UI and API
- MISP API (PyMISP)
- Threat scoring
- Threat scoring weighed file
- Threat scoring algorithm
- Executing the code
- STIX and TAXII and external lookups
- External lookups
- Summary
- Questions
- Further reading
- Other Wonders of Python
- Report parsers
- Nmap parser
- Running the code
- Nessus parser
- Running the code
- The need to have custom parsers
- Keylogger and exfiltration via sockets
- pyxhook – a Linux based Keylogger
- pyhook – a Windows-based keylogger
- Parsing Twitter tweets
- Stealing browser passwords with Python
- Python for antivirus-free persistence shells
- Summary
- Questions
- Further reading
- Assessments
- Chapter 1 Introduction to Python
- Chapter 2 Building Python Scripts
- Chapter 3 Concept Handling
- Chapter 4 Advanced Python Modules
- Chapter 5 Vulnerability Scanner Python - Part 1
- Chapter 6 Vulnerability Scanner Python - Part 2
- Chapter 7 Machine Learning and Cybersecurity
- Chapter 8 Automating Web Application Scanning - Part 1
- Chapter 9 Automating Web Application Scanning - Part 2
- Chapter 10 Building a Custom Crawler
- Chapter 11 Reverse Engineering Linux Applications
- Chapter 12 Reverse Engineering Windows Applications
- Chapter 13 Exploit Development
- Chapter 14 Cyber Threat Intelligence
- Chapter 15 Other Wonders of Python
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-02 14:14:57
