Christian Martorella - Learning Python Web Penetration Testing: Automate web penetration testing activities using Python

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Kartikey Pandey
Acquisition Editor: Prachi Bisht
Content Development Editor: Trusha Shriyan
Technical Editor: Sayali Thanekar
Copy Editor: Safis Editing, Laxmi Subramanian
Project Coordinator: Kinjal Bari
Proofreader: Safis Editing
Indexer: Aishwarya Gangawane
Graphics: Jisha Chirayil
Production Coordinator: Aparna Bhagat

First published: June 2018

Production reference: 1260618

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78953-397-2

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Christian Martorella has been working in the field of information security for the last 18 years and is currently leading the product security team for Skyscanner. Earlier, he was the principal program manager in the Skype product security team at Microsoft. His current focus is security engineering and automation. He has contributed to open source security testing tools such as Wfuzz, theHarvester, and Metagoofil, all included in Kali, the penetration testing Linux distribution.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Welcome to learning Python web penetration testing!

In this book, we'll learn the penetration testing process and see how to write our own tools.

You will leverage the simplicity of Python and available libraries to build your own web application security testing tools. The goal of this book is to show you how you can use Python to automate most of the web application penetration testing activities.

I hope you now have a complete grip of what's to come, and that you're as excited as I am.

So then, let's get started on this wonderful journey.

If you are a web developer who wants to step into the web application security testing world, this book will provide you with the knowledge you need in no time! Familiarity with Python is essential, but not to an expert level.

, Introduction to Web Application Penetration Testing, teaches you about the web application security process and why it is important to test application security.

, Interacting with Web Applications, explains how to interact with a web application programmatically using Python and the request libraries.

, Web Crawling with Scrapy Mapping the Application , explains how to write your own crawler using Python and the Scrapy library.

, Resources Discovery, teaches you how to write a basic web application BruteForcer to help us with the resources discovery.

, Password Testing, explains password-quality testing, also known as password cracking.

, Detecting and Exploiting SQL Injection Vulnerabilities, talks about detecting and exploiting SQL injection vulnerabilities.

, Intercepting HTTP Requests, talks about HTTP proxies and also helps you to create your own proxies based on the mitmproxy tool.

The only prerequisite for this course is to have basic programming or scripting experience, which will facilitate quick comprehension of the examples.

In terms of environment, you only need to download the virtual machine that contains the vulnerable target web application and the Python environment with all the libraries necessary. To run the virtual machine, you will need to install virtual box from https://www.virtualbox.org/.

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

1. Log in or register at www.packtpub.com.
2. Select the SUPPORT tab.
3. Click on Code Downloads & Errata .
4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

• WinRAR/7-Zip for Windows
• Zipeg/iZip/UnRarX for Mac
• 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Learning-Python-Web-Penetration-Testing . In case there's an update to the code, it will be updated on the existing GitHub repository.