Book Detail : Python Web Penetration Testing Cookbook

Book Title: 
Python Web Penetration Testing Cookbook
Resource Category: 
Publication Year: 
2 015
Number of Pages: 
Available at Shelf: 

Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing.

Table of Contents (Summary): 
  1. Gathering Open Source Intelligence

  2. Enumeration

  3. Vulnerability Identification

  4. SQL Injection

  5. Web Header Manipulation

  6. Image Analysis and Manipulation

  7. Encryption and Encoding

  8. Payloads and Shells

  9. Reporting


Table of Contents (Expanded): 
  1. Gathering Open Source Intelligence

    • ​​Introduction  

    • Gathering information using the Shodan API 

    • Scripting a Google+ API search  

    • Downloading profile pictures using the Google+ API 

    • Harvesting additional results from the Google+ API using pagination  

    • Getting screenshots of websites with QtWebKit 

    • Screenshots based on a port list 

    • Spidering websites 

  2. Enumeration

    • ​​Introduction  

    • Performing a ping sweep with Scapy  

    • Scanning with Scapy 

    • Checking username validity 

    • Brute forcing usernames  

    • Enumerating files  

    • Brute forcing passwords 

    • Generating e-mail addresses from names  

    • Finding e-mail addresses from web pages 

    • Finding comments in source code  

  3. Vulnerability Identification

    • ​​Introduction  

    • Automated URL-based Directory Traversal 

    • Automated URL-based Cross-site scripting 

    • Automated parameter-based Cross-site scripting 

    • Automated fuzzing 

    • jQuery checking 

    • Header-based Cross-site scripting  

    • Shellshock checking 

  4. SQL Injection

    • ​​Introduction  

    • Checking jitter 

    • Identifying URL-based SQLi  

    • Exploiting Boolean SQLi 

    • Exploiting Blind SQL Injection  

    • Encoding payloads 

  5. Web Header Manipulation

    • ​​Introduction  

    • Testing HTTP methods  

    • Fingerprinting servers through HTTP headers  

    • Testing for insecure headers 

    • Brute forcing login through the Authorization header  

    • Testing for clickjacking vulnerabilities  

    • Identifying alternative sites by spoofing user agents  

    • Testing for insecure cookie flags 

    • Session fixation through a cookie injection  

  6. Image Analysis and Manipulation

    • ​​Introduction  

    • Hiding a message using LSB steganography 

    • Extracting messages hidden in LSB 

    • Hiding text in images 

    • Extracting text from images 

    • Enabling command and control using steganography 

  7. Encryption and Encoding

    • ​​Introduction  

    • Generating an MD5 hash  

    • Generating an SHA 1/128/256 hash 

    • Implementing SHA and MD5 hashes together  

    • Implementing SHA in a real-world scenario  

    • Generating a Bcrypt hash 

    • Cracking an MD5 hash  

    • Encoding with Base64  

    • Encoding with ROT13 

    • Cracking a substitution cipher 

    • Cracking the Atbash cipher  

    • Attacking one-time pad reuse  

    • Predicting a linear congruential generator   

    • Identifying hashes 

  8. Payloads and Shells

    • ​​Introduction  

    • Extracting data through HTTP requests  

    • Creating an HTTP C2 

    • Creating an FTP C2 

    • Creating an Twitter C2  

    • Creating a simple Netcat shell 

  9. Reporting

    • ​​Introduction  

    • Converting Nmap XML to CSV  

    • Extracting links from a URL to Maltego 

    • Extracting e-mails to Maltego  

    • Parsing Sslscan into CSV  

    • Generating graphs using  


Average: 2.6 (231 votes)

Search the Web

Custom Search

Searches whole web. Use the search in the right sidebar to search only within!!!