Python Web Penetration Testing Cookbook
By Cameron Buchanan, Terry Ip and Andrew Mabbitt
()
About this ebook
- Get useful guidance on writing Python scripts and using libraries to put websites and web apps through their paces
- Find the script you need to deal with any stage of the web testing process
- Develop your Python knowledge to get ahead of the game for web testing and expand your skillset to other testing areas
This book is for testers looking for quick access to powerful, modern tools and customizable scripts to kick-start the creation of their own Python web penetration testing toolbox.
Read more from Cameron Buchanan
Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing: Beginner's Guide Rating: 0 out of 5 stars0 ratings
Related to Python Web Penetration Testing Cookbook
Related ebooks
Kali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsMastering Modern Web Penetration Testing Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsKali Linux Cookbook Rating: 4 out of 5 stars4/5Metasploit Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsKali Linux Web Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsNmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsNmap 6: Network Exploration and Security Auditing Cookbook Rating: 0 out of 5 stars0 ratingsHands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Android Security Cookbook Rating: 0 out of 5 stars0 ratingsMastering Flask Rating: 0 out of 5 stars0 ratingsPractical Linux Security Cookbook Rating: 0 out of 5 stars0 ratingsPython Parallel Programming Cookbook Rating: 5 out of 5 stars5/5Flask Framework Cookbook Rating: 5 out of 5 stars5/5Python Web Scraping - Second Edition Rating: 5 out of 5 stars5/5Effective Python Penetration Testing Rating: 0 out of 5 stars0 ratingsLearning Penetration Testing with Python Rating: 0 out of 5 stars0 ratingsPython Penetration Testing Essentials Rating: 5 out of 5 stars5/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Mastering Metasploit Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsAdvanced Penetration Testing for Highly-Secured Environments - Second Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Rating: 4 out of 5 stars4/5Web Penetration Testing with Kali Linux - Second Edition Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing Rating: 4 out of 5 stars4/5Kali Linux – Assuring Security by Penetration Testing Rating: 3 out of 5 stars3/5
Programming For You
Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Python: Learn Python in 24 Hours Rating: 4 out of 5 stars4/5Python: For Beginners A Crash Course Guide To Learn Python in 1 Week Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5Python Machine Learning By Example Rating: 4 out of 5 stars4/5Python Programming : How to Code Python Fast In Just 24 Hours With 7 Simple Steps Rating: 4 out of 5 stars4/5A Slackers Guide to Coding with Python: Ultimate Beginners Guide to Learning Python Quick Rating: 0 out of 5 stars0 ratingsSQL: For Beginners: Your Guide To Easily Learn SQL Programming in 7 Days Rating: 5 out of 5 stars5/5Python Data Structures and Algorithms Rating: 5 out of 5 stars5/5Java for Beginners: A Crash Course to Learn Java Programming in 1 Week Rating: 5 out of 5 stars5/5Programming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5Learn SQL in 24 Hours Rating: 5 out of 5 stars5/5Learn JavaScript in 24 Hours Rating: 3 out of 5 stars3/5HTML in 30 Pages Rating: 5 out of 5 stars5/5Learn to Code. Get a Job. The Ultimate Guide to Learning and Getting Hired as a Developer. Rating: 5 out of 5 stars5/5PYTHON: Practical Python Programming For Beginners & Experts With Hands-on Project Rating: 5 out of 5 stars5/5Python QuickStart Guide: The Simplified Beginner's Guide to Python Programming Using Hands-On Projects and Real-World Applications Rating: 0 out of 5 stars0 ratingsHTML & CSS: Learn the Fundaments in 7 Days Rating: 4 out of 5 stars4/5The Unofficial Guide to Open Broadcaster Software: OBS: The World's Most Popular Free Live-Streaming Application Rating: 0 out of 5 stars0 ratingsCoding All-in-One For Dummies Rating: 4 out of 5 stars4/5The Little SAS Book: A Primer, Sixth Edition Rating: 5 out of 5 stars5/5Python for Beginners: Learn the Fundamentals of Computer Programming Rating: 0 out of 5 stars0 ratingsLearn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratings
Reviews for Python Web Penetration Testing Cookbook
0 ratings0 reviews
Book preview
Python Web Penetration Testing Cookbook - Cameron Buchanan
Table of Contents
Python Web Penetration Testing Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Disclamer
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Getting ready
How to do it…
How it works…
There's more…
Scripting a Google+ API search
Getting ready
How to do it…
How it works…
See also…
There's more…
Downloading profile pictures using the Google+ API
How to do it
How it works
Harvesting additional results from the Google+ API using pagination
How to do it
How it works
Getting screenshots of websites with QtWebKit
Getting ready
How to do it…
How it works…
There's more…
Screenshots based on a port list
Getting ready
How to do it…
How it works…
There's more…
Spidering websites
Getting ready
How to do it…
How it works…
There's more…
2. Enumeration
Introduction
Performing a ping sweep with Scapy
How to do it…
How it works…
Scanning with Scapy
How to do it…
How it works…
There's more…
Checking username validity
Getting ready
How to do it…
How it works…
There's more…
See also
Brute forcing usernames
Getting ready
How to do it…
How it works…
See also
Enumerating files
Getting ready
How to do it…
How it works…
Brute forcing passwords
Getting ready
How to do it…
How it works…
See also
Generating e-mail addresses from names
Getting ready
How to do it…
How it works…
There's more…
See also
Finding e-mail addresses from web pages
Getting ready
How to do it…
How it works…
There's more…
See also
Finding comments in source code
How to do it…
How it works…
There's more…
3. Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Getting ready
How to do it…
How it works…
There's more
Automated URL-based Cross-site scripting
How to do it…
How it works…
There's more…
Automated parameter-based Cross-site scripting
How to do it…
How it works…
There's more…
Automated fuzzing
Getting ready
How to do it…
How it works…
There's more…
See also
jQuery checking
How to do it…
How it works…
There's more…
Header-based Cross-site scripting
Getting ready
How to do it…
How it works…
See also
Shellshock checking
Getting ready
How to do it…
How it works…
4. SQL Injection
Introduction
Checking jitter
How to do it…
How it works…
There's more…
Identifying URL-based SQLi
How to do it…
How it works…
There's more…
Exploiting Boolean SQLi
How to do it…
How it works…
There's more…
Exploiting Blind SQL Injection
How to do it…
How it works…
There's more…
Encoding payloads
How to do it…
How it works…
There's more…
5. Web Header Manipulation
Introduction
Testing HTTP methods
How to do it…
How it works…
There's more…
Fingerprinting servers through HTTP headers
How to do it…
How it works…
There's more…
Testing for insecure headers
Getting ready
How to do it…
How it works…
Brute forcing login through the Authorization header
Getting ready
How to do it…
How it works…
There's more…
See also
Testing for clickjacking vulnerabilities
How to do it…
How it works…
Identifying alternative sites by spoofing user agents
How to do it…
How it works…
See also
Testing for insecure cookie flags
How to do it…
How it works…
There's more…
Session fixation through a cookie injection
Getting ready
How to do it…
How it works…
There's more…
6. Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Getting ready
How to do it…
How it works…
There's more…
See also
Extracting messages hidden in LSB
How to do it…
How it works…
There's more…
Hiding text in images
How to do it…
How it works…
There's more…
Extracting text from images
How to do it…
How it works…
There's more…
Enabling command and control using steganography
Getting ready
How to do it…
How it works…
7. Encryption and Encoding
Introduction
Generating an MD5 hash
Getting ready
How to do it…
How it works…
Generating an SHA 1/128/256 hash
Getting ready
How to do it…
How it works…
Implementing SHA and MD5 hashes together
Getting ready
How to do it…
How it works…
Implementing SHA in a real-world scenario
Getting ready
How to do it…
How it works…
Generating a Bcrypt hash
Getting ready
How to do it…
How it works…
Cracking an MD5 hash
Getting ready
How to do it…
How it works…
Encoding with Base64
Getting ready
How to do it…
How it works…
Encoding with ROT13
Getting ready
How to do it…
How it works…
Cracking a substitution cipher
Getting ready
How to do it…
How it works…
Cracking the Atbash cipher
Getting ready
How to do it…
How it works…
Attacking one-time pad reuse
Getting ready
How to do it…
How it works…
Predicting a linear congruential generator
Getting ready
How to do it…
How it works…
Identifying hashes
Getting ready
How to do it…
How it works…
8. Payloads and Shells
Introduction
Extracting data through HTTP requests
Getting Ready
How to do it…
How it works…
Creating an HTTP C2
Getting Started
How to do it…
How it works…
Creating an FTP C2
Getting Started
How to do it…
How it works…
Creating an Twitter C2
Getting Started
How to do it…
How it works…
Creating a simple Netcat shell
How to do it…
How it works…
9. Reporting
Introduction
Converting Nmap XML to CSV
Getting ready
How to do it…
How it works…
Extracting links from a URL to Maltego
How to do it…
How it works…
There’s more…
Extracting e-mails to Maltego
How to do it…
How it works…
Parsing Sslscan into CSV
How to do it…
How it works…
Generating graphs using plot.ly
Getting ready
How to do it…
How it works…
Index
Python Web Penetration Testing Cookbook
Python Web Penetration Testing Cookbook
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: June 2015
Production reference: 1180615
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-293-2
www.packtpub.com
Credits
Authors
Cameron Buchanan
Terry Ip
Andrew Mabbitt
Benjamin May
Dave Mound
Reviewers
Sam Brown
James Burns
Rejah Rehim
Ishbir Singh
Matt Watkins
Commissioning Editor
Sarah Crofton
Acquisition Editor
Sam Wood
Content Development Editor
Riddhi Tuljapur
Technical Editor
Saurabh Malhotra
Copy Editors
Ameesha Green
Rashmi Sawant
Sameen Siddiqui
Project Coordinator
Kinjal Bari
Proofreader
Safis Editing
Indexer
Hemangini Bari
Graphics
Sheetal Aute
Disha Haria
Production Coordinator
Nitesh Thakur
Cover Work
Nitesh Thakur
About the Authors
Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF. In his spare time, he enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water. He is married and lives in London.
Terry Ip is a security consultant. After nearly a decade of learning how to support IT infrastructure, he decided that it would be much more fun learning how to break it instead. He is married and lives in Buckinghamshire, where he tends to his chickens.
Andrew Mabbitt is a penetration tester living in London, UK. He spends his time beating down networks, mentoring, and helping newbies break into the industry. In his free time, he loves to travel, break things, and master the art of sarcasm.
Benjamin May is a security test engineer from Cambridge. He studied computing for business at Aston University. With a background in software testing, he recently combined this with his passion for security to create a new role in his current company. He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father.
Dave Mound is a security consultant. He is a Microsoft Certified Application Developer but spends more time developing Python programs these days. He has been studying information security since 1994 and holds the following qualifications: C|EH, SSCP, and MCAD. He recently studied for OSCP certification but is still to appear for the exam. He enjoys talking and presenting and is keen to pass on his skills to other members of the cyber security community.
When not attached to a keyboard, he can be found tinkering with his 1978 Chevrolet Camaro. He once wrestled a bear and was declared the winner by omoplata.
This book has been made possible through the benevolence and expertise of the Whitehatters Academy.
About the Reviewers
Sam Brown is a security researcher based in the UK and has a background in software engineering and electronics. He is primarily interested in breaking things, building tools to help break things, and burning himself with a soldering iron.
James Burns is currently a security consultant, but with a technology career spanning over 15 years, he has held positions ranging from a helpdesk phone answerer to a network cable untangler, to technical architect roles. A network monkey at heart, he is happiest when he is up to his elbows in packets but has been known to turn his hand to most technical disciplines.
When not working as a penetration tester, he has a varied range of other security interests, including scripting, vulnerability research, and intelligence gathering. He also has a long-time interest in building and researching embedded Linux systems. While he's not very good at them, he also enjoys the occasional CTF with friends. Occasionally, he gets out into the real world and pursues his other hobby of cycling.
I would like to thank my parents for giving me the passion to learn and the means to try. I would also like to thank my fantastic girlfriend, Claire, for winking at me once; never before has a wink led to such a dramatic move. She continues to support me in all that I do, even at her own expense. Finally, I should like to thank the youngest people in my household, Grace and Samuel, for providing me with the ultimate incentive for always trying to improve myself. These are the greatest joys that a bloke could wish for.
Rejah Rehim is currently a software engineer for Digital Brand Group (DBG), India and is a long-time preacher of open source. He is a steady contributor to the Mozilla Foundation and his name has featured in the San Francisco Monument made by the Mozilla Foundation.
He is part of the Mozilla Add-on Review Board and has contributed to the development of several node modules. He has also been credited with the creation of eight Mozilla add-ons, including the highly successful Clear Console add-on, which was selected as one of the best Mozilla add-ons of 2013. With a user base of more than 44,000, it has registered more than 4,50,000 downloads till date. He successfully created the world's first one-of-the-kind Security Testing Browser Bundle, PenQ, which is an open source Linux-based penetration testing browser bundle, preconfigured with tools for spidering, advanced web searching, fingerprinting, and so on.
He is also an active member of the OWASP and the chapter leader of OWASP, Kerala. He is also one of the moderators of the OWASP Google+ group and an active speaker at Coffee@DBG, one of the premier monthly tech rendezvous in Technopark, Kerala. Besides currently being a part of the Cyber Security division of DBG and QBurst in previous years, he is also a fan of process automation and has implemented it in DBG.
Ishbir Singh is studying computer engineering and computer science at the Georgia Institute of Technology. He's been programming since he was 9 and has built a wide variety of software, from those meant to run on a calculator to those intended for deployment in multiple data centers around the world. Trained as a Microsoft Certified System Engineer and certified by Linux Professional Institute, he has also dabbled in reverse engineering, information security, hardware programming, and web development. His current interests lie in developing cryptographic peer-to-peer trustless systems, polishing his penetration testing skills, learning new languages (both human and computer), and playing table tennis.
Matt Watkins is a final year computer networks and cyber security student. He has been the Cyber Security Challenge master class finalist twice. Most of the time, you'll find him studying, reading, writing, programming, or just generally breaking things. He also enjoys getting his heart pumping, which includes activities such as running, hitting the gym, rock climbing, and snowboarding.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply