Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Python Penetration Testing Essentials
  • Toc
  • feedback
Python Penetration Testing Essentials

Python Penetration Testing Essentials

By : Mohit Raj
3.2 (10)
close
Python Penetration Testing Essentials

Python Penetration Testing Essentials

3.2 (10)
By: Mohit Raj

Overview of this book

This book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples. We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection. By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.
Table of Contents (11 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Python with Penetration Testing and Networking
Python with Penetration Testing and Networking
Introducing the scope of pentesting
Approaches to pentesting
Introducing Python scripting
Understanding the tests and tools you'll need
Learning the common testing platforms with Python
Network sockets
Summary
2
Scanning Pentesting
Scanning Pentesting
How to check live systems in a network and the concept of a live system
What are the services running on the target machine?
Summary
3
Sniffing and Penetration Testing
Sniffing and Penetration Testing
Introducing a network sniffer
Implementing a network sniffer using Python
Learning about packet crafting
Introducing ARP spoofing and implementing it using Python
Testing the security system using custom packet crafting
Summary
4
Network Attacks and Prevention
Network Attacks and Prevention
Technical requirements
DHCP starvation attack
The MAC flooding attack
Gateway disassociation by RAW socket
Torrent detection
Summary
5
Wireless Pentesting
Wireless Pentesting
Introduction to 802.11 frames
Wireless SSID finding and wireless traffic analysis with Python
Wireless attacks
Summary
6
Honeypot – Building Traps for Attackers
Honeypot – Building Traps for Attackers
Technical requirements
Fake ARP reply
Fake ping reply
Fake port-scanning reply
Fake OS-signature reply to nmap
Fake web server reply
Summary
7
Foot Printing a Web Server and a Web Application
chevron up
Foot Printing a Web Server and a Web Application
The concept of foot printing a web server
Introducing information gathering
Information gathering of a website from whois.domaintools.com
Email address gathering from a web page
Banner grabbing of a website
Hardening of a web server
Summary
8
Client-Side and DDoS Attacks
Client-Side and DDoS Attacks
Introducing client-side validation
Tampering with the client-side parameter with Python
Effects of parameter tampering on business
Introducing DoS and DDoS
Summary
9
Pentesting SQL and XSS
Pentesting SQL and XSS
Introducing the SQL injection attack
Types of SQL injections
Understanding the SQL injection attack by a Python script
Learning about cross-site scripting
Summary
10
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Hardening of a web server

In this section, let's shed some light on common mistakes observed on a web server. We will also discuss some points to harden the web server:

  • Always hide your server signature.
  • If possible, set a fake server signature to mislead attackers.
  • Handle the errors.
  • If possible, use a virtual environment (jailing) to run the application.
  • Try to hide the programming language page extensions, because it will be difficult for the attacker to see the programming language of the web applications.
  • Update the web server with the latest patch from the vendor. It avoids any chance of exploitation of the web server. The server can at least be secured for known vulnerabilities.
  • Don't use a third-party patch to update the web server. A third-party patch may contain trojans or viruses.
  • Do not install other applications on the web server. If you install an OS,...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 7
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete