Hands-On Penetration Testing with Python

▶Book Description
With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers.

Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python.

By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.

▶What You Will Learn
⦁ Get to grips with Custom vulnerability scanner development
⦁ Familiarize yourself with web application scanning automation and exploit development
⦁ Walk through day-to-day cybersecurity scenarios that can be automated with Python
⦁ Discover enterprise-or organization-specific use cases and threat-hunting automation
⦁ Understand reverse engineering, fuzzing, buffer overflows , key-logger development, and exploit development for buffer overflows.
⦁ Understand web scraping in Python and use it for processing web responses
⦁ Explore Security Operations Centre (SOC) use cases
⦁ Get to understand Data Science, Python, and cybersecurity all under one hood

▶Key Features
⦁ Identify and expose vulnerabilities in your infrastructure with Python
⦁ Learn custom exploit development .
⦁ Make robust and powerful cybersecurity tools with Python

▶Who This Book Is For
If you are a security consultant , developer or a cyber security enthusiast with little or no knowledge of Python and want in-depth insight into how the pen-testing ecosystem and python combine to create offensive tools , exploits , automate cyber security use-cases and much more then this book is for you. Hands-On Penetration Testing with Python guides you through the advanced uses of Python for cybersecurity and pen-testing, helping you to better understand security loopholes within your infrastructure.

▶What this book covers
⦁ Chapter 1, Introduction to Python, covers the basics of Python, focusing primarily on data types, variables, expressions, and program structures utilized by Python. The objective is to familiarize the reader with the basics of the Python programming language with a view to using and leveraging it in forthcoming chapters.

⦁ Chapter 2, Building Python Scripts, covers further concepts of Python that form the basis for writing a Python script, while also exploring concepts such as functions, modules, loops, packages, and imports.

⦁ Chapter 3, Concept Handling, introduces the reader to other Python-related concepts, including classes, objects, IO and directory access, regular expressions, exception handling, and the parsing of CSV, JSON, and XML files.

⦁ Chapter 4, Advanced Python Modules, takes the learning process to an advanced level and explores the power of Python to understand multiprocessing and multithreading concepts, along with socket programming.

⦁ Chapter 5, Vulnerability Scanner Python - Part 1, explores the advanced concepts that are required in order to make a mini vulnerability scanning engine, which would take the port scanning results from a custom port scanner build over Nmap and apply various open source scripts and Metasploit modules, along with Python, Ruby, and NSE scripts. The results would be aggregated and finally, a report would be drafted for analysts to analyze. This chapter is very big in terms of complexity and lines of code and is split into two pars. This part focuses on the automation of port scanning with Python.

⦁ Chapter 6, Vulnerability Scanner Python - Part 2, explores the advanced concepts that are required in order to make a mini vulnerability scanning engine. This chapter is a continuation of the previous chapter, with the reader learning how to orchestrate a variety of Kali Linux tools to work together in order to automate the service enumeration phase of the vulnerability assessment, thereby completing the development of the custom vulnerability scanner.

⦁ Chapter 7, Machine Learning and Cybersecurity, tries to connect the cyber security space with data science and shed some light as to how we can use machine learning and natural language processing to automate the manual report analysis phase of penetration testing. This chapter will also glue all the previous parts together to make a mini penetration testing toolkit based on the learning we have acquired hitherto.

⦁ Chapter 8, Automating Web Application Scanning - Part 1, explains to readers how they can use Python to automate various web application attack categories, with some of the most well known being SQL injection, XSS, CSRF, and clickjacking.

⦁ Chapter 9, Automated Web Application Scanning - Part 2, is a continuation of the previous chapter. Here, the reader is going to understand how they can use Python to develop custom exploits that will exploit the web application and end up giving shell access to a user using Python.

⦁ Chapter 10, Building a Custom Crawler, explains how to build a custom crawler coded in Python in order to crawl through the application, with and without authentication, while listing out injection points and web pages of the application under testing. The capabilities of the crawler can be extended and tailored as per requirements.

⦁ Chapter 11, Reverse Engineering Linux Applications and Buffer Overflows, explains how to perform reverse engineering with Linux applications. The reader is also going to understand how Python can be used in aiding buffer overflow vulnerabilities in the Linux environment. The chapter also guides readers on custom exploit development, targeting buffer overflow vulnerabilities.

⦁ Chapter 12, Reverse Engineering Windows Applications, explains how to perform reverse engineering with Windows applications and how Python can be used in aiding buffer overflow vulnerabilities in the Windows environment. The chapter also guides readers on custom exploit development, targeting buffer overflow vulnerabilities.

⦁ Chapter 13, Exploit Development, explains how readers can create their own exploits written in Python, exploits that can be extended as Metasploit modules, and also covers the encoding of shells to avoid detection.

⦁ Chapter 14, Cyber Threat Intelligence, guides readers on how to use Python for cyber threat intelligence and the gathering of threat feeds, threat scoring, and finally, how to utilize the information obtained such that the SIEMs, IPS, and IDS systems are powered by the latest threat information to aid in early detection.

⦁ Chapter 15, Other Wonders of Python, covers how to use Python for extracting Google browser-saved passwords, developing a custom keylogger, parsing Nessus and Nmap report files, and more.