Learn Penetration Testing with Python 3.x - 2nd Edition

This book starts with an understanding of penetration testing and red teaming methodologies, and teaches Python 3 from scratch for those who are not familiar with programming. The book also guides on how to create scripts for cracking and brute force attacks. 

The second part of this book will focus on network and wireless level. The book will teach you the skills to create an offensive tool using Python 3 to identify different services and ports. You will learn how to use different Python network modules and conduct network attacks. In the network monitoring section, you will be able to monitor layer 3 and 4. Finally, you will be able to conduct different wireless attacks. The third part of this book will focus on web applications and exploitation developments. It will start with how to create scripts to extract web information, such as links, images, documents etc. We will then move to creating scripts for identifying and exploiting web vulnerabilities and how to bypass web application firewall. It will move to a more advanced level to create custom Burp Suite extensions that will assist you in web application assessments.

This edition brings chapters that will be using Python 3 in forensics and analyze different file extensions. The next chapters will focus on fuzzing and exploitation development, starting with how to play with stack, moving to how to use Python in fuzzing, and creating exploitation scripts. Finally, it will give a guide on how to use ChatGPT to create and enhance your Python 3 scripts.

KEY FEATURES  

• Exciting coverage on red teaming methodologies and penetration testing techniques.
• Explore the exploitation development environment and process of creating exploit scripts.
• This edition includes network protocol cracking, brute force attacks, network monitoring, WiFi cracking, web app enumeration, Burp Suite extensions, fuzzing, and ChatGPT integration.

WHAT YOU WILL LEARN

• Learn to code Python scripts from scratch to prevent network attacks and web vulnerabilities.
• Conduct network attacks, create offensive tools, and identify vulnerable services and ports.
• Perform deep monitoring of network up to layers 3 and 4.
• Execute web scraping scripts to extract images, documents, and links.
• Use Python 3 in forensics and analyze different file types.
• Use ChatGPT to enhance your Python 3 scripts.

WHO THIS BOOK IS FOR

This book is for penetration testers, security researchers, red teams, security auditors and IT administrators who want to start with an action plan in protecting their IT systems. All you need is some basic understanding of programming concepts and working of IT systems.

1. Starting with Penetration Testing and Basic Python
2. Cracking with Python 3
3. Service and Applications Brute Forcing with Python
4. Python Services Identifications: Ports and Banner
5. Python Network Modules and Nmap
6. Network Monitoring with Python 
7. Attacking Wireless with Python
8. Analyzing Web Applications with Python
9. Attacking Web Applications with Python
10. Exploit Development with Python
11. Forensics with Python
12. Python with Burp Suite
13. Fuzzing with Python
14. ChatGPT with Python

Yehia Elghaly brings over 11 years of experience in offensive cybersecurity and red teaming. He has successfully led more than 200 projects across various sectors, including government, banking, telecommunications, aviation, oil & gas, education, construction, energy, healthcare, marine, ports & terminal, and critical country infrastructure systems. These projects were executed across diverse regions, including Asia, Europe, Africa, the Gulf, and Latin America.

Throughout his career, Yehia has held several prestigious positions, including Senior Penetration Testing Consultant and Security Researcher at DTS Solution Dubai, Group Manager of Cyber Security Assurance at DP World Dubai, and is currently serving as a Senior Consultant for the Red Team at CPX Abu Dhabi.

Yehia holds a Bachelor’s degree in Business Administration from The Open University Business School, UK, and a Master’s degree in Information Security and Digital Forensics from the University of East London, UK. He is the author of “Lean Penetration Testing with Python 3.x” and has published articles in renowned international cybersecurity magazines such as Hakin9 and Pentest. Yehia also has experience in exploitation development as he discovered 18+ CVE’s. His name has been mentioned in the Hall of Fame of many websites.

His research in offensive security has established him as a keynote speaker at numerous international cybersecurity conferences, including the Middle East Info Security Summit 2015, QuBit Conference 2016 and 2019, DefCamp 2016 and 2019, and Blackhat 2023. Yehia also holds multiple cybersecurity certifications, underscoring his expertise and commitment to the field.