eBook - ePub
Hands-On Penetration Testing with Python
Enhance your ethical hacking skills to build automated and intelligent systems
Furqan Khan
This is a test
Share book
- 502 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Hands-On Penetration Testing with Python
Enhance your ethical hacking skills to build automated and intelligent systems
Furqan Khan
Book details
Book preview
Table of contents
Citations
About This Book
Implement defensive techniques in your ecosystem successfully with Python
Key Features
- Identify and expose vulnerabilities in your infrastructure with Python
- Learn custom exploit development.
- Make robust and powerful cybersecurity tools with Python
Book Description
With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers.
Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you'll explore the advanced uses of Python in the domain of penetration testing and optimization. You'll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you'll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python.
By the end of this book, you'll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.
What you will learn
- Get to grips with Custom vulnerability scanner development
- Familiarize yourself with web application scanning automation and exploit development
- Walk through day-to-day cybersecurity scenarios that can be automated with Python
- Discover enterprise-or organization-specific use cases and threat-hunting automation
- Understand reverse engineering, fuzzing, buffer overflows, key-logger development, and exploit development for buffer overflows.
- Understand web scraping in Python and use it for processing web responses
- Explore Security Operations Centre (SOC) use cases
- Get to understand Data Science, Python, and cybersecurity all under one hood
Who this book is for
If you are a security consultant, developer or a cyber security enthusiast with little or no knowledge of Python and want in-depth insight into how the pen-testing ecosystem and python combine to create offensive tools, exploits, automate cyber security use-cases and much more then this book is for you. Hands-On Penetration Testing with Python guides you through the advanced uses of Python for cybersecurity and pen-testing, helping you to better understand security loopholes within your infrastructure.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Hands-On Penetration Testing with Python an online PDF/ePUB?
Yes, you can access Hands-On Penetration Testing with Python by Furqan Khan in PDF and/or ePUB format, as well as other popular books in Informatica & Sicurezza informatica. We have over one million books available in our catalogue for you to explore.
Information
Vulnerability Scanner Python - Part 1
When we talk of port scanning, the tool that automatically comes to mind is Nmap. Nmap has a good reputation and it is arguably the best open source port scanner available. It has tons of features that allow you to carry out a wide variety of scans over the network to discover what hosts are alive, what ports are open, and also which services and service versions are running on the host. It also has an engine (the Nmap scanning engine) that can scan NSE scripts, that is used to discover common vulnerabilities with the running services. In this chapter, we will make use of Python in order to automate the process of port scanning. This chapter will form the basis for our automated vulnerability scanner, and will supplement the subsequent chapter, which will focus on automating service scanning and enumeration.
This chapter covers the following topics:
- Introducing Nmap
- Building a network scanner with Python
Introducing Nmap
Our port scanner will be made on top of Nmap, with additional features and capabilities, such as parallel port scanning a target and pausing and resuming a scan. It will also have a web GUI that we can use to conduct our scans.
Let's take a look at the various properties of Nmap:
- The following screenshot shows the different scan techniques that are available with Nmap:
- The following screenshot shows host discovery and port specification, along with some examples:
- The following screenshot shows service and version detection and OS detection, along with some examples:
- The following screenshot shows the timing and performance, along with some examples:
- The following screenshot shows NSE scripts, along with some examples:
- The following screenshot shows Firewall/IDS evasion and spoofing, along with some examples:
- The following screenshot shows some helpful Nmap output examples:
The preceding screenshots provide a comprehensive list of the Nmap commands that we frequently use in our day-to-day operations. We will not be covering how to run Nmap commands on the Terminal, as it is assumed that this is straightforward.
It should be noted that, from now on, we will be using Kali Linux as our pen-test lab OS. All the Python automation that we will see will therefore be implemented on the Kali Linux box. To install a Kali Linux VM/VirtualBox image, please refer to https://www.osboxes.org/Kali-linux/. To download VirtualBox, refer to https://www.virtualbox.org/wiki/Downloads. Once downloaded, perform the steps shown in the following screenshots.
First, enter a Name for the new virtual machine along with the Type and Version; in our case, this is Linux and Debian (64-bit). After that, allocate the memory size:
Next, choose the virtual hard disk file, as shown in the following screenshot:
Building a network scanner with Python
Now that we are all set up with our VirtualBox image, let's have a look at a simple Python script that will help us to call Nmap and initiate a scan. Later on, we will optimize this script to make it better. We will finish by making it a full-fledged port scanning Python engine with pause, resume, and multiprocessing abilities:
The information produced by the preceding script is hard for the Python code to filter and store. If we want to store all the open ports and services in a dictionary, it would be hard to do that with the preceding method. Let's think about another way in which the information produced can be parsed and processed by the script. We know that the oX flag is used to produce output in XML format. We will use the oX flag to convert the XML string to a Python dictionary as shown in the following sections.
Controlling the Nmap output with the script
In the following example, we reused the same concepts that we studied earlier. We redirected the Nmap output in XML format to the screen. We then collected the output produced as a string and used the import xml.Etree.elementTree Python module as ET in order to convert the XML output to Python dictionaries. Using the following code, we can control Nmap using our program and filter out all the useful information:
We can then store that information in database tables:
Next, run the following commands:
Nmap=NmapPy(["Nmap","-Pn","-sV","-oX","-","127.0.0.1"])
Nmap.scan()
Although the preceding method is good, and gives us granular control over Nmap output, it involves processing and parsing code that we may not want to write every time we conduct a scan with Nmap. An alternative and better approach is to use Python's built-in Nmap wrapper module. We can install Python's Nmap module with pip install, and it does pretty much the same as what we did before, but allows us to avoid writing all the processing and subprocessing logic. It keeps the code clean and more readable. Whenever we wish to have more granular control, we can always fall back to the preceding approach.
Using the Nmap module to conduct Nmap port scanning
Let's now go ahead and install the Python Nmap module as follows:
pip install Nmap
The preceding command will install the Nmap utility. The following section provides an overview as to how the library can be used:
import Nmap # import Nmap.py module
Nmap_obj = Nmap.PortScanner() # instantiate Nmap.PortScanner object
Nmap_obj.scan('192.168.0.143', '1-1024') # scan host 192.1680.143, ports from 1-1024
Nmap_obj.command_line() # get command line used for the scan : Nmap -oX - -p 1-1024 192.1680.143
Nmap_obj.scaninfo() # get Nmap scan informations {'tcp': {'services': '1-1024', 'method': 'connect'}}
Nmap_obj.all_hosts() # get all hosts that were scanned
Nmap_obj['192.1680.143'].hostname() # get one hostname for host 192.1680.143, usualy the user record
Nmap_obj['192.1680.143'].hostnames() # get list of hostnames for host 192.1680.143 as a list of dict
# [{'name':'hostname1', 'type':'PTR'}, {'name':'hostname2', 'type':'user'}]
Nmap_obj['192.1680.143'].hostname() # get hostname for host 192.1680.143
Nmap_obj['192.1680.143'].state() # get state of host 192.1680.143 (up|down|unknown|skipped)
Nmap_obj['192.1680.143'].all_protocols() # get all scanned protocols ['tcp', 'udp'] in (ip|tcp|udp|sctp)
Nmap_obj['192.1680.143']['tcp'].keys() # get all ports for tcp protocol
Nmap_obj['192.1680.143'].all_tcp() # get all ports for tcp protocol (sorted version)
Nmap_obj['192.1680.143'].all_udp() # get all ports for udp protocol (sorted version)
Nmap_obj['192.1680.143'].all_ip() # get all ports for ip protocol (sorted version)
Nmap_obj['192.1680.143'].all_sctp() # get all ports for sctp protocol (sorted version)
Nmap_obj['192.1680.143'].has_tcp(22) # is there any information for port 22/tcp on host 192.1680.143
Nmap_obj['192.1680.143']['tcp'][22] # get infos about port 22 in tcp on host 192.1680.143
Nmap_obj['192.1680.143'].tcp(22) # get infos about port 22 in tcp on host 192.1680.143
Nmap_obj['192.1680.143']['tcp'][22]['state'] # get state of port 22/tcp on host 192.1680.143
This gives a quick start to an excellent utility written by Alexandre Norman. More details of this module can be foun...