Python Programming for Penetration Tester and Hacker
Capstone Project
Python Programming for Penetration Tester and Hacker
Penetration tester is like a hacker; however, Penetration tester gets permission from an organization to break its network, while hackers hack for many purposes like as adventure and fame. [2] Nowadays, Penetration testers encounter many challenges to examine their networks and their systems to detect vulnerabilities. This is because they likely face a situation that requires them to generate tools in quickly or modify exploitations in order to implement successful penetration test.[1] Furthermore, use of available tools for penetration test might not be safe, that may contain malicious activities, which causes damage to a system. They also might be inappropriate to all environments due to different systems and protocols in networks that use in an organization.
From this point, I’m interested in improving my knowledge and my skills to build my own tools to fit with what I need to do successful penetration test. Moreover, I found this topic is very beneficial to understand penetration testing and hacking ways practically. That will contribute to fix the vulnerabilities and modify exploitations. By this way, by this way, I will be able to save my time and my effort during doing penetration testing.
Why Python? Python has become the most popular among the world of information security. It provides the outstanding platform for Security’s tools. It has many features, which are:
• Easy and quick scripts. This is due to it is less complexity.
• Facilitating dealing with network. It has built-in modules that support network interactions. It can manage widely known protocols, and make special network packets.
• Cross- platform. Python scripts can be executed on any the host operating system.
• Rich in modules. Python has more than 1,000 modules, which can be shared with others, and be merged with our code easily.[1]
For that, Python is a great language due to have many advantages, which made it be excellent platform for security toolkit.
This paper is going to highlight on advantages of using Python Programming for pen testing and hacking. It is going to describe how create tools with Python for penetration testing. It will explain through the following topics:
1. Networking fundamentals: Python has modules to deal with network by using raw sockets, which include methods to create communication between a client and a server. Socket is a function that takes two variables (IP address and Port number). We need networking fundamentals script to understand other topics.
2. Network scanning: it is a way to gather information on a target before starting the exploitation. The target is a live host, a network, open ports, or services that run on the host. This step is very important to detect vulnerabilities on target, thus, penetration tester can go to deep phase.
3. Sniffing: it is techniques that analyze network traffic to grab the information. Through sniffing, penetration tester or hackers obtain passwords, usernames, and useful information to facilitate intrusion. This paper is going to describe how to implement a network sniffer using Python.
4. A Web Server and a Web Application: this phase will focus on how gather information on a web server and a Web Application. Additionally, it will explain how to write a script to perform Brute-Force attack.
5. SQL and XSS injection: they are serious vulnerabilities on most web applications. I’m going to explain type of these attacks, and how to implement these attacks via Python script. I believe this topic will improve my skill in this important field.
Bibliography
[1] Andress, J & Linn, R. (2011). Coding for Penetration Testers: Building Better Tools. Waltham, MA, USA: Syngress.
[2] Mohit, 2015. Python Penetration Testing Essentials. 1st ed. Birmingham, UK: Packt Publishing.
[3] Seitz, J, 2014. Black Hat Python: Python Programming for Hackers and Pentesters. 1st ed. San Francisco, CA, USA: No Starch Press.
[4] O’Connor, TJ, 2012. Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. 1st ed. Waltham, MA, USA: Syngress.
[5] Rhodes, B & Goerzen, J. (2010). Foundations of Python Network Programming: The comprehensive guide to building network applications with Python. (2nd ed.). New York, NY, USA: Apress.
[6] Sileika, R, 2014. Pro Python System Administration. 2nd. New York, NY, USA: Apress.
[7] Seitz, J, 2009. Gray Hat Python: Python Programming for Hackers and Reverse Engineers. 1st ed. San Francisco, CA, USA: No Starch Press
[8] Python HOWTOs — Python 3.5.0 documentation. 2015. Python HOWTOs — Python 3.5.0 documentation. [ONLINE] Available at: https://docs.python.org/3/howto/index.html.