Learning Penetration Testing with Python

Christopher Duffy

  • 出版商: Packt Publishing
  • 出版日期: 2015-09-30
  • 售價: $2,010
  • 貴賓價: 9.5$1,910
  • 語言: 英文
  • 頁數: 320
  • 裝訂: Paperback
  • ISBN: 1785282328
  • ISBN-13: 9781785282324
  • 相關分類: Python程式語言Penetration-test
  • 下單後立即進貨 (約3~4週)

商品描述

Utilize Python scripting to execute effective and efficient penetration tests

About This Book

  • Understand how and where Python scripts meet the need for penetration testing
  • Familiarise yourself with the process of highlighting a specific methodology to exploit an environment to fetch critical data
  • Develop your Python and penetration testing skills with real-world examples

Who This Book Is For

If you are a security professional or researcher, with knowledge of different operating systems and a conceptual idea of penetration testing, and you would like to grow your knowledge in Python, then this book is ideal for you.

What You Will Learn

  • Familiarise yourself with the generation of Metasploit resource files
  • Use the Metasploit Remote Procedure Call (MSFRPC) to automate exploit generation and execution
  • Use Python's Scrapy, network, socket, office, Nmap libraries, and custom modules
  • Parse Microsoft Office spreadsheets and eXtensible Markup Language (XML) data files
  • Write buffer overflows and reverse Metasploit modules to expand capabilities
  • Exploit Remote File Inclusion (RFI) to gain administrative access to systems with Python and other scripting languages
  • Crack an organization's Internet perimeter
  • Chain exploits to gain deeper access to an organization's resources
  • Interact with web services with Python

In Detail

Python is a powerful new-age scripting platform that allows you to build exploits, evaluate services, automate, and link solutions with ease. Python is a multi-paradigm programming language well suited to both object-oriented application development as well as functional design patterns. Because of the power and flexibility offered by it, Python has become one of the most popular languages used for penetration testing.

This book highlights how you can evaluate an organization methodically and realistically. Specific tradecraft and techniques are covered that show you exactly when and where industry tools can and should be used and when Python fits a need that proprietary and open source solutions do not.

Initial methodology, and Python fundamentals are established and then built on. Specific examples are created with vulnerable system images, which are available to the community to test scripts, techniques, and exploits. This book walks you through real-world penetration testing challenges and how Python can help.

From start to finish, the book takes you through how to create Python scripts that meet relative needs that can be adapted to particular situations. As chapters progress, the script examples explain new concepts to enhance your foundational knowledge, culminating with you being able to build multi-threaded security tools, link security tools together, automate reports, create custom exploits, and expand Metasploit modules.

Style and approach

This book is a practical guide that will help you become better penetration testers and/or Python security tool developers. Each chapter builds on concepts and tradecraft using detailed examples in test environments that you can simulate.

商品描述(中文翻譯)

利用Python腳本執行有效且高效的滲透測試

關於本書
- 了解Python腳本在滲透測試中的應用和需求
- 熟悉突顯特定方法來利用環境以獲取關鍵數據的過程
- 通過實例開發Python和滲透測試技能

本書適合對不同操作系統有一定了解並對滲透測試有概念性理解的安全專業人員或研究人員,並希望在Python方面擴展知識的讀者。

你將學到什麼
- 熟悉生成Metasploit資源文件
- 使用Metasploit遠程過程調用(MSFRPC)自動生成和執行攻擊
- 使用Python的Scrapy、network、socket、office、Nmap庫和自定義模塊
- 解析Microsoft Office試算表和可擴展標記語言(XML)數據文件
- 編寫緩衝區溢出和反向Metasploit模塊以擴展功能
- 利用Python和其他腳本語言的遠程文件包含(RFI)獲得系統的管理訪問權限
- 破解組織的互聯網邊界
- 鏈接攻擊以深入訪問組織的資源
- 使用Python與Web服務進行交互

詳細內容
Python是一個功能強大的新時代腳本平台,可以輕鬆構建攻擊、評估服務、自動化和連接解決方案。Python是一種多範式編程語言,非常適合面向對象的應用程序開發和功能設計模式。由於其提供的功能和靈活性,Python已成為最受歡迎的用於滲透測試的語言之一。

本書重點介紹如何系統地和實際地評估組織。涵蓋了特定的技術和技巧,向您展示了何時何地應該使用行業工具,以及何時Python能滿足專有和開源解決方案無法滿足的需求。

首先建立了初始方法和Python基礎,然後進一步擴展。通過提供易受攻擊的系統映像的具體示例,讓社區能夠測試腳本、技術和攻擊。本書引導您解決現實世界的滲透測試挑戰,並展示Python的幫助。

從頭到尾,本書將引導您創建滿足相關需求並可適應特定情況的Python腳本。隨著章節的進展,腳本示例將解釋新概念以增強您的基礎知識,最終使您能夠構建多線程安全工具、連接安全工具、自動化報告、創建自定義攻擊和擴展Metasploit模塊。

風格和方法
本書是一本實用指南,將幫助您成為更好的滲透測試人員和/或Python安全工具開發人員。每一章都建立在概念和技術基礎上,並使用測試環境中的詳細示例進行說明。