Rejah Rehim - Effective Python Penetration Testing

Rejah Rehim is currently a security architect with FAYA India and is a long-time preacher of open source. He is a steady contributor to the Mozilla Foundation, and his name has been featured on the San Francisco Monument made by the Mozilla Foundation.

He is a part of the Mozilla add-on review board and has contributed to the development of several node modules. He has to his credit the creation of eight Mozilla add-ons, including the highly successful Clear Console add-on, which was selected as one of the best Mozilla add-ons of 2013. With a user base of more than 44,000, it has registered more than 6,90,000 downloads to date. He has successfully created the world's first, one-of-a-kind security testing browser bundle, PenQ, an open source Linux-based penetration testing browser bundle preconfigured with tools for spidering, advanced web searching, fingerprinting, and so on.

Rejah is also an active member of OWASP and is the chapter leader of OWASP Kerala. He is also an active speaker at FAYA:80, one of the premier monthly tech rendezvous in Technopark, Kerala. Besides being a part of the cyber security division of FAYA currently and QBurst in the past, Rejah is also a fan of process automation and has implemented it in FAYA. In addition to these, Rejah also volunteers with Cyberdome, an initiative of the Kerala police department, as Deputy Commander.

I am thankful to God the Almighty for helping me complete this book. I wish to express my deep and sincere gratitude to my parents and my wife, Ameena Rahamath, for their moral support and prayers in every phase of my life and growth.

I also express my deep gratitude to my friends and family for their constant help in both personal and professional spheres. I am truly blessed to be working with the smartest and most dedicated people in the world at FAYA. This humble endeavor has been successful with the constant support and motivation of my colleagues, notably Deepu S. Nath and Arunima S. Kumar. I would like to specially thank Onkar Wani (content development editor at Packt Publishing) for supporting me during the course of completing this book.

About the Reviewer

Richard Marsden has over 20 years of professional software development experience. After starting in the field of geophysical surveying for the oil industry, he has spent the last 10 years running Winwaed Software Technology LLC, an independent software vendor. Winwaed specializes in geospatial tools and applications, including web applications, and operate the http://www.mapping-tools.com website for tools and add-ins for geospatial products, such as Caliper Maptitude and Microsoft MapPoint.

Richard was also a technical reviewer for the following books by Packt publishing: Python Geospatial Development and Python Geospatial Analysis Essentials , both by Erik Westra; Python Geospatial Analysis Cookbook by Michael Diener; and Mastering Python Forensics by Dr. Michael Spreitzenbarth and Dr. Johann Uhrmann.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser

Free access for Packt account holders

Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.

Preface

Python is a high-level and general-purpose language with clear syntax and a comprehensive standard library. Often referred to as a scripting language, Python is dominant in information security with its low complexity, limitless libraries, and third-party modules. Security experts have singled out Python as a language for developing information security toolkits, such as w3af . The modular design, human-readable code, and fully developed suite of libraries make Python suitable for security researchers and experts to write scripts and build tools for security testing.

Python-based tools include all types of fuzzers, proxies, and even the occasional exploit. Python is the driving language for several current open source penetration-testing tools from Volatility for memory analysis to libPST for abstracting the process of examining e-mails. It is a great language to learn because of the large number of reverse engineering and exploitation libraries available for your use. So, learning Python may help you in difficult situations where you need to extend or tweak those tools.