Python Web Penetration Testing Cookbook

 
 
Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 24. Juni 2015
  • |
  • 224 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
978-1-78439-990-0 (ISBN)
 
This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.
  • Englisch
  • Birmingham
  • |
  • Großbritannien
978-1-78439-990-0 (9781784399900)
1784399906 (1784399906)
weitere Ausgaben werden ermittelt
Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF. In his spare time, he enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water. He is married and lives in London. Terry Ip is a security consultant. After nearly a decade of learning how to support IT infrastructure, he decided that it would be much more fun learning how to break it instead. He is married and lives in Buckinghamshire, where he tends to his chickens. Andrew Mabbitt is a penetration tester living in London, UK. He spends his time beating down networks, mentoring, and helping newbies break into the industry. In his free time, he loves to travel, break things, and master the art of sarcasm.
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewers
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: Gathering Open Source Intelligence
  • Introduction
  • Gathering information using the Shodan API
  • Scripting a Google+ API search
  • Downloading profile pictures using the Google+ API
  • Harvesting additional results from the Google+ API using pagination
  • Getting screenshots of websites with QtWebKit
  • Screenshots based on a port list
  • Spidering websites
  • Chapter 2: Enumeration
  • Introduction
  • Performing a pingsweep with Scapy
  • Scanning with Scapy
  • Checking username validity
  • Brute forcing usernames
  • Enumerating files
  • Brute forcing passwords
  • Generating e-mail addresses from names
  • Finding e-mail addresses from web pages
  • Finding comments in source code
  • Chapter 3: Vulnerability Identification
  • Introduction
  • Automated URL-based Directory Traversal
  • Automated URL-based Cross-site scripting
  • Automated parameter-based Cross-site scripting
  • Automated fuzzing
  • jQuery checking
  • Header-based Cross-site scripting
  • Shellshock checking
  • Chapter 4: SQL Injection
  • Introduction
  • Checking jitter
  • Identifying URL-based SQLi
  • Exploiting Boolean SQLi
  • Exploiting Blind SQL Injection
  • Encoding payloads
  • Chapter 5: Web Header Manipulation
  • Introduction
  • Testing HTTP methods
  • Fingerprinting servers through HTTP headers
  • Testing for insecure headers
  • Brute forcing login through Authorization header
  • Testing for clickjacking vulnerabilities
  • Identifying alternative sites by spoofing user agents
  • Testing for insecure cookie flags
  • Session fixation through cookie injection
  • Chapter 6: Image Analysis and Manipulation
  • Introduction
  • Hiding a message using LSB steganography
  • Extracting messages hidden in LSB
  • Hiding text in images
  • Extracting text from images
  • Enabling command and control using steganography
  • Chapter 7: Encryption and Encoding
  • Introduction
  • Generating an MD5 hash
  • Generating an SHA 1/128/256 hash
  • Implementing SHA and MD5 hashes together
  • Implementing SHA in a real-world scenario
  • Generating a Bcrypt hash
  • Cracking an MD5 hash
  • Encoding with Base64
  • Encoding with ROT13
  • Cracking a substitution cipher
  • Cracking the Atbash cipher
  • Attacking one-time pad reuse
  • Predicting a linear congruential generator
  • Identifying hashes
  • Chapter 8: Payloads and Shells
  • Introduction
  • Extracting data through HTTP requests
  • Creating an HTTP C2
  • Creating an FTP C2
  • Creating an Twitter C2
  • Creating a simple Netcat shell
  • Chapter 9: Reporting
  • Introduction
  • Converting Nmap XML to CSV
  • Extracting links from a URL to Maltego
  • Extracting e-mails to Maltego
  • Parsing Sslscan into CSV
  • Generating graphs using plot.ly
  • Index

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

37,41 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok