About This Book

Get useful guidance on writing Python scripts and using libraries to put websites and web apps through their pacesFind the script you need to deal with any stage of the web testing processDevelop your Python knowledge to get ahead of the game for web testing and expand your skillset to other testing areas

Who This Book Is For

This book is for testers looking for quick access to powerful, modern tools and customizable scripts to kick-start the creation of their own Python web penetration testing toolbox.

What You Will Learn

Enumerate users on web apps through Python Develop complicated header-based attacks through Python Deliver multiple XSS strings and check their execution success Handle outputs from multiple tools and create attractive reports Create PHP pages that test scripts and tools Identify parameters and URLs vulnerable to Directory Traversal Replicate existing tool functionality in Python Create basic dial-back Python scripts using reverse shells and basic Python PoC malware

In Detail

This book gives you an arsenal of Python scripts perfect to use or to customize your needs for each stage of the testing process. Each chapter takes you step by step through the methods of designing and modifying scripts to attack web apps. You will learn how to collect both open and hidden information from websites to further your attacks, identify vulnerabilities, perform SQL Injections, exploit cookies, and enumerate poorly configured systems. You will also discover how to crack encryption, create payloads to mimic malware, and create tools to output your findings into presentable formats for reporting to your employers.

About the Author

Cameron Buchanan

Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF. In his spare time, he enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water. He is married and lives in London.

Terry Ip

Terry Ip is a security consultant. After nearly a decade of learning how to support IT infrastructure, he decided that it would be much more fun learning how to break it instead. He is married and lives in Buckinghamshire, where he tends to his chickens.

Andrew Mabbitt

Andrew Mabbitt is a penetration tester living in London, UK. He spends his time beating down networks, mentoring, and helping newbies break into the industry. In his free time, he loves to travel, break things, and master the art of sarcasm.

Benjamin May

Benjamin May is a security test engineer from Cambridge. He studied computing for business at Aston University. With a background in software testing, he recently combined this with his passion for security to create a new role in his current company. He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father.

Dave Mound

Dave Mound is a security consultant. He is a Microsoft Certified Application Developer but spends more time developing Python programs these days. He has been studying information security since 1994 and holds the following qualifications: C|EH, SSCP, and MCAD. He recently studied for OSCP certification but is still to appear for the exam. He enjoys talking and presenting and is keen to pass on his skills to other members of the cyber security community. When not attached to a keyboard, he can be found tinkering with his 1978 Chevrolet Camaro. He once wrestled a bear and was declared the winner by omoplata.