64. Python Web Penetration Testing Cookbook

    Author: Myanmar Ebook Store Genre: »
    Rating

    Preface

    Chapter 1: Gathering Open Source Intelligence
    Introduction
    Gathering information using the Shodan API
    Scripting a Google+ API search
    Downloading profile pictures using the Google+ API
    Harvesting additional results from the Google+ API using pagination
    Getting screenshots of websites with QtWebKit
    Screenshots based on a port list
    Spidering websites

    Chapter 2: Enumeration
    Introduction
    Performing a ping sweep with Scapy
    Scanning with Scapy
    Checking username validity
    Brute forcing usernames
    Enumerating files
    Brute forcing passwords
    Generating e-mail addresses from names
    Finding e-mail addresses from web pages
    Finding comments in source code

    Chapter 3: Vulnerability Identification
    Introduction
    Automated URL-based Directory Traversal
    Automated URL-based Cross-site scripting
    Automated parameter-based Cross-site scripting
    Automated fuzzing
    jQuery checking
    Header-based Cross-site scripting
    Shellshock checking

    Chapter 4: SQL Injection
    Introduction
    Checking jitter
    Identifying URL-based SQLi
    Exploiting Boolean SQLi
    Exploiting Blind SQL Injection
    Encoding payloads

    Chapter 5: Web Header Manipulation
    Introduction
    Testing HTTP methods
    Fingerprinting servers through HTTP headers
    Testing for insecure headers
    Brute forcing login through the Authorization header
    Testing for clickjacking vulnerabilities
    Identifying alternative sites by spoofing user agents
    Testing for insecure cookie flags
    Session fixation through a cookie injection

    Chapter 6: Image Analysis and Manipulation
    Introduction
    Hiding a message using LSB steganography
    Extracting messages hidden in LSB
    Hiding text in images
    Extracting text from images
    Enabling command and control using steganography

    Chapter 7: Encryption and Encoding
    Introduction
    Generating an MD5 hash
    Generating an SHA 1/128/256 hash
    Implementing SHA and MD5 hashes together
    Implementing SHA in a real-world scenario
    Generating a Bcrypt hash
    Cracking an MD5 hash
    Encoding with Base64
    Encoding with ROT13
    Cracking a substitution cipher
    Cracking the Atbash cipher
    Attacking one-time pad reuse
    Predicting a linear congruential generator
    Identifying hashes

    Chapter 8: Payloads and Shells
    Introduction
    Extracting data through HTTP requests
    Creating an HTTP C2
    Creating an FTP C2
    Creating an Twitter C2
    Creating a simple Netcat shell

    Chapter 9: Reporting
    Introduction
    Converting Nmap XML to CSV
    Extracting links from a URL to Maltego
    Extracting e-mails to Maltego
    Parsing Sslscan into CSV
    Generating graphs using plot.ly

    Index

    Posted by Myanmar Ebook Store Posted on

    Leave a Reply

    Blogger templates

    Blogger news

    Blogroll