Python Web Penetration Testing Cookbook
Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May, Dave Mound
- 出版商: Packt Publishing
- 出版日期: 2015-06-19
- 售價: $1,970
- 貴賓價: 9.5 折 $1,872
- 語言: 英文
- 頁數: 228
- 裝訂: Paperback
- ISBN: 1784392936
- ISBN-13: 9781784392932
-
相關分類:
Python、程式語言、Penetration-test
海外代購書籍(需單獨結帳)
相關主題
商品描述
Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing
About This Book
- Get useful guidance on writing Python scripts and using libraries to put websites and web apps through their paces
- Find the script you need to deal with any stage of the web testing process
- Develop your Python knowledge to get ahead of the game for web testing and expand your skillset to other testing areas
Who This Book Is For
This book is for testers looking for quick access to powerful, modern tools and customizable scripts to kick-start the creation of their own Python web penetration testing toolbox.
What You Will Learn
- Enumerate users on web apps through Python
- Develop complicated header-based attacks through Python
- Deliver multiple XSS strings and check their execution success
- Handle outputs from multiple tools and create attractive reports
- Create PHP pages that test scripts and tools
- Identify parameters and URLs vulnerable to Directory Traversal
- Replicate existing tool functionality in Python
- Create basic dial-back Python scripts using reverse shells and basic Python PoC malware
In Detail
This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.
商品描述(中文翻譯)
超過60個不可或缺的Python配方,確保您隨時擁有正確的程式碼,以進行網頁應用程式測試。
關於本書
- 獲得有關編寫Python腳本和使用庫來測試網站和網頁應用程式的有用指導。
- 找到您需要處理網頁測試過程中的任何階段的腳本。
- 擴展您的Python知識,以在網頁測試方面取得領先地位,並擴展您的技能組以涵蓋其他測試領域。
適合閱讀對象
本書適合測試人員,他們希望快速獲得強大且現代化的工具和可自定義腳本,以啟動他們自己的Python網頁滲透測試工具箱的創建。
您將學到什麼
- 通過Python列舉網頁應用程式上的使用者。
- 通過Python開發複雜的基於標頭的攻擊。
- 提供多個XSS字符串並檢查其執行成功與否。
- 處理來自多個工具的輸出並創建吸引人的報告。
- 創建測試腳本和工具的PHP頁面。
- 識別易受目錄遍歷攻擊的參數和URL。
- 用Python複製現有工具的功能。
- 使用反向殼和基本的Python PoC惡意軟件創建基本的撥號回調Python腳本。
詳細內容
本書為您提供了一系列Python腳本,非常適合在測試過程的每個階段使用或自定義以攻擊網頁應用程式。每個章節都會逐步引導您設計和修改腳本的方法,以攻擊網頁應用程式。您將學習如何從網站中收集開放和隱藏的信息,以進一步進行攻擊,識別漏洞,執行SQL注入,利用Cookie,以及列舉配置不良的系統。您還將發現如何破解加密,創建模擬惡意軟件的有效載荷,並創建工具以將您的發現以可呈現的格式報告給您的雇主。