Khan - Hands-on penetration testing with Python enhance your ethical hacking skills to build automated and intelligent systems

Copyright 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha
Acquisition Editor: Shrilekha Inani
Content Development Editor: Nithin George Varghese
Technical Editor: Mohit Hassija
Copy Editor: Safis Editing
Language Support Editor: Mary McGowan
Project Coordinator: Drashti Panchal
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Graphics: Tom Scaria
Production Coordinator: Jisha Chirayil

First published: January 2019

Production reference: 1310119

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78899-082-0

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Furqan Khan is a security researcher who loves to innovate in Python, pentesting, ML, AI, and big data ecosystems.

With a gold medal at both M.Tech and B.Tech, he started off as a research scientist at NITK, where he developed a web app scanner for the Ministry of IT (India). He then worked as a security researcher with Paladion Networks and Wipro Dubai exploring pentesting/exploitation space where he developed tools such as vulnerability scanner and a threat intelligence platform.

Currently, he is working with Du-Telecom Dubai as a pentesting manager. He has published and co-authored white papers and journals with Springer and Elsevier, and has also presented his research and development work at international conferences, including CoCon.

Phil Bramwell acquired the Certified Ethical Hacker and Certified Expert Penetration Tester certifications at the age of 21. His professional experience includes common criteria design reviews and testing, network security consulting, penetration testing, and PCI-DSS compliance auditing for banks, universities, and governments. He later acquired the CISSP and Metasploit Pro Certified Specialist credentials. Today, he is a cyber security and cryptocurrency consultant and works in the automotive industry, specializing in malware detection and analysis.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

With so many amazing books out there in the cyber security and Python programming space, written by brilliant people, what does this book have to offer that's different? It's a very valid question, so now let's try to answer this.

This book makes a humble attempt to capture the practical and hands-on experience I have acquired working with Python and the penetration testing space over the past few years. It is a unique amalgamation of Python, penetration testing/offensive security, defensive security, and machine learning use cases in the pentesting ecosystem. The book starts off gently, covering all the key concepts of Python, enabling the reader to acquire a very decent grasp of Python by the end of the first four chapters, before then clicking into gear and delving into the hard core automation of penetration testing and cyber security use cases. Readers will find out how to develop industry standard vulnerability scanners from scratch, identical to Nessus and Qualys. The book then explores concepts concerning web application vulnerabilities, their exploitation, and automating web exploitation with custom tailored exploits. It also affords very deep insights into reverse engineering, fuzzing, and buffer overflow vulnerabilities in both Windows and Linux environments, utilizing Python as a centerpiece. There is a section dedicated to custom exploit development, with a focus on evading anti-virus detection. The book also has a chapter dedicated to developing a web crawler and its utilization in the cyber security space. The book also gives decent insights on defensive security concepts, talking about cyber threat intelligence, and how a custom threat scoring algorithm can be developed. The book concludes with many other beneficial use cases of Python, such as developing a custom keylogger.