Python渗透测试编程技术：方法与实践（第2版）（清华开发者书库.Python）

作者: 李华峰著

出版社: 清华大学出版社

出版时间: 2020-12

版次: 1

ISBN: 9787302563884

定价: 69.00

装帧: 平装

开本: 16开

纸张: 胶版纸

页数: 300页

分类: 计算机与互联网

8 张插图图片

43人买过

本书是资深网络安全教师多年工作经验的结晶。书中系统且深入地将 Python应用实例与网络安全相结合进行讲解，不仅讲述 Python的实际应用方法，而且从网络安全原理的角度分析 Python实现网络安全编程技术，真正做到理论与实践相结合。
全书共分为 16章。第 1章介绍网络安全渗透测试的相关理论；第 2章介绍 Kali Linux 2使用基础；第 3章介绍 Python语言基础；第 4章介绍使用 Python进行安全渗透测试的常见模块；第 5章介绍使用 Python实现信息收集；第 6章和第 7章介绍使用 Python对漏洞进行渗透；第 8章介绍使用 Python实现网络的x探与欺骗；第 9章介绍使用 Python实现拒绝服务攻击；第 10章介绍使用 Python实现身份认证攻击；第 11章介绍使用 Python编写远程控制工具；第 12章和第 13章介绍使用 Python完成无线网络渗透；第 14章介绍使用 Python完成 Web渗透测试；第 15章介绍使用 Python生成渗透测试报告；第 16章介绍 Python取证相关模块。
本书适合网络安全渗透测试人员、运维工程师、网络管理人员、网络安全设备设计人员、网络安全软件开发人员、安全课程培训人员、高校网络安全专业方向的学生阅读。

李华峰，多年来一直从事网络安全方面的教学与研究工作。他同时是一位资深的信息安全顾问和自由撰稿人，在网络安全部署、网络攻击与防御以及社会工程学等方面有十分丰富的实践经验。已出版的著作和译著包括：《精通Metasploit渗透测试（第2版）》《诸神之眼――Nmap网络安全审计技术揭秘》《Python渗透测试编程技术：方法与实践》《Wireshark网络分析从入门到实践》《Kali Linux 2网络渗透测试实践指南》等。目录

第1章概述·············································1
1.1 网络安全渗透测试······················1
1.2 开展网络安全渗透测试················3
1.2.1 前期与客户的交流··································4
1.2.2 收集情报······························································5
1.2.3 威胁建模······························································5
1.2.4 漏洞分析······························································6
1.2.5 漏洞利用······························································6
1.2.6 后渗透攻击·························································································6
1.2.7 报告··································································································7
1.3 网络安全渗透测试需要掌握的技能·················································7
1.4 小结········································8

第2章 Kali Linux 2使用基础··············9
2.1 简介········································9
2.2 安装Kali Linux 2······················10
2.2.1 在VMware虚拟机中安装Kali Linux 2···············10
2.2.2 在树莓派中安装Kali Linux 2···12
2.3 Kali Linux 2的常用操作·············15
2.3.1 文件系统····························17
2.3.2 常用命令····························19
2.3.3 对Kali Linux 2的网络进行配置·················21
2.3.4 在Kali Linux 2中安装第三方应用程序·················25
2.3.5 对Kali Linux 2网络进行SSH远程控制····················25
2.3.6 Kali Linux 2的更新操作········29
2.4 VMware的高级操作··················29
2.4.1 在VMware中安装其他操作系统···············29
2.4.2 VMware中的网络连接··········30
2.4.3 VMware中的快照与克隆功能···················32
2.5 小结······································33

第3章 Python语言基础部分·············34
3.1 Python语言基础·······················35
3.2 在Kali Linux 2系统中安装Python编程环境 ································ 35
3.3 编写第一个 Python程序 ············· 43
3.4 选择结构 ································ 44
3.5 循环结构 ································ 45
3.6 数字和字符串 ·························· 47
3.7 列表、元组和字典 ···················· 49
3.7.1 列表 ·································· 49
3.7.2 元组 ·································· 50
3.7.3 字典 ·································· 50
3.8 函数与模块 ····························· 51
3.9 文件处理 ································ 53
3.10 小结 ····································· 54

第 4章安全渗透测试的常见模块·······55
4.1 Socket模块文件 ······················· 55
4.1.1 简介 ·································· 56
4.1.2 基本用法 ···························· 57
4.2 python-nmap模块文件 ················ 60
4.2.1 简介 ·································· 61
4.2.2 基本用法 ···························· 62
4.3 Scapy模块文件 ························ 66
4.3.1 简介 ·································· 66
4.3.2 基本用法 ···························· 67
4.4 小结 ······································ 76

第 5章信息收集···································77
5.1 信息收集基础 ·························· 78
5.2 主机状态扫描 ·························· 79
5.2.1 基于 ARP的活跃主机发现技术 ·································· 80
5.2.2 基于 ICMP的活跃主机发现技术 ·································· 85
5.2.3 基于 TCP的活跃主机发现技术 ·································· 90
5.2.4 基于 UDP的活跃主机发现技术 ·································· 93
5.3 端口扫描 ································ 94
5.3.1 基于 TCP全开的端口扫描技术 ·································· 95
5.3.2 基于 TCP半开的端口扫描技术 ·································· 98
5.4 服务扫描 ·······························101
5.5 操作系统扫描 ·························105
5.6 小结 ·····································108

第 6章对漏洞进行渗透（基础部分）······························110
6.1 测试软件的溢出漏洞 ················ 110
6.2 计算软件溢出的偏移地址 ·········· 114
6.3 查找JMP ESP指令··················· 117
6.4 编写渗透程序 ·························120
6.5 坏字符的确定 ·························123
6.6 使用Metasploit生成 shellcode ·····126
6.7 小结·····································130

第 7章对漏洞进行渗透（高级部分） ······························131
7.1 SEH溢出简介 ·························132
7.2 编写基于 SEH溢出渗透模块的要点······································134
7.2.1 计算到 catch位置的偏移量····135
7.2.2 查找 POP/POP/RET地址·······141
7.3 编写渗透模块 ·························142
7.4 小结 ·····································145

第8章网络嗅探与欺骗 ··············· 146
8.1 网络数据嗅探 ·························147
8.1.1 编写一个网络嗅探工具 ·········147
8.1.2 调用 Wireshark 查看数据包 ······························150
8.2 ARP的原理与缺陷 ···················152
8.3 ARP欺骗的原理 ······················153
8.4 中间人欺骗 ····························156
8.5 小结 ·····································164

第9章拒绝服务攻击 ·················· 165
9.1 数据链路层的拒绝服务攻击 ·······166
9.2 网络层的拒绝服务攻击 ·············169
9.3 传输层的拒绝服务攻击 ·············171
9.4 基于应用层的拒绝服务攻击 ·······173
9.5 小结 ·····································179

第10章身份认证攻击 ················ 181
10.1 简单网络服务认证的攻击 ·········182
10.2 编写破解密码字典 ··················183
10.3 FTP暴力破解模块 ··················187
10.4 SSH暴力破解模块 ··················191
10.5 Web暴力破解模块 ··················194
10.6 使用BurpSuite对网络认证服务的攻击 ····································201
10.6.1 基于表单的暴力破解 ··········202
10.6.2 绕过验证码（客户端） ·········212
10.6.3 绕过验证码（服务器端） ······214
10.7 小结 ····································215

第11章编写远程控制工具 ·········· 216
11.1 远程控制工具简介 ··················216
11.2 远程控制程序的服务器端和客户端 ·································217
11.2.1 执行系统命令（subprocess模块） ···············217
11.2.2 远程控制的服务器端与客户端（socket模块实现） ···············221
11.3 将 Python 脚本转换为exe 文件 ·······························224
11.4 小结 ····································226

第12章无线网络渗透（基础部分） ···················· 227
12.1 无线网络基础 ························228
12.2 Kali Linux 2 中的无线功能 ········229
12.2.1 无线网络嗅探的硬件需求和软件设置 ·························229
12.2.2 无线网络渗透使用的库文件 ····························231
12.3 AP扫描器 ····························231
12.4 无线网络数据嗅探器 ···············233
12.5 无线网络的客户端扫描器 ·········234
12.6 扫描隐藏的 SSID ····················235
12.7 绕过目标的 MAC 过滤机制 ······236
12.8 捕获加密的数据包 ··················238
12.8.1 捕获 WEP 数据包 ··············238
12.8.2 捕获 WPA 类型数据包 ········239
12.9 小结 ····································240

第13章无线网络渗透（高级部分） ···················· 241
13.1 模拟无线客户端的连接过程 ······241
13.2 模拟 AP 的连接行为················245
13.3 编写 Deauth 攻击程序 ··············247
13.4 无线网络入侵检测 ··················248
13.5 小结 ····································248

第14章对 Web 应用进行渗透测试 ······················ 249
14.1 渗透测试所需模块 ··················251
14.1.1 requests 库的使用 ··············252
14.1.2 其他常用模块文件 ·············253
14.2 处理 HTTP 头部 ·····················254
14.3 处理 Cookie ··························254
14.4 捕获 HTTP 基本认证数据包 ·································256
14.5 编写 Web 服务器扫描程序 ········257
14.6 暴力扫描出目标服务器上的所有页面 ······························259
14.7 验证码安全 ···························260
14.8 小结 ····································266

第15章生成渗透测试报告 ·········· 267
15.1 渗透测试报告的相关理论 ·········268
15.1.1 目的 ·······························268
15.1.2 内容摘要 ·························268
15.1.3 包含的范围 ······················268
15.1.4 安全地交付渗透测试报告 ····269
15.1.5 渗透测试报告应包含的内容 ································269
15.2 处理 XML 文件 ······················269
15.3 生成 Excel 格式的渗透报告·······271
15.4 小结 ····································278

第16章 Python 取证相关模块 ······ 279
16.1 MD5值的计算 ·······················279
16.1.1 MD5的相关知识 ···············279
16.1.2 在Python中计算MD5 ········280
16.1.3 为文件计算MD5 ···············280
16.2 对IP地址进行地理定位 ···········281
16.3 时间取证 ······························282
16.4 注册表取证 ···························283
16.5 图像取证 ······························284
16.6 小结 ····································285
内容简介:
本书是资深网络安全教师多年工作经验的结晶。书中系统且深入地将 Python应用实例与网络安全相结合进行讲解，不仅讲述 Python的实际应用方法，而且从网络安全原理的角度分析 Python实现网络安全编程技术，真正做到理论与实践相结合。
全书共分为 16章。第 1章介绍网络安全渗透测试的相关理论；第 2章介绍 Kali Linux 2使用基础；第 3章介绍 Python语言基础；第 4章介绍使用 Python进行安全渗透测试的常见模块；第 5章介绍使用 Python实现信息收集；第 6章和第 7章介绍使用 Python对漏洞进行渗透；第 8章介绍使用 Python实现网络的x探与欺骗；第 9章介绍使用 Python实现拒绝服务攻击；第 10章介绍使用 Python实现身份认证攻击；第 11章介绍使用 Python编写远程控制工具；第 12章和第 13章介绍使用 Python完成无线网络渗透；第 14章介绍使用 Python完成 Web渗透测试；第 15章介绍使用 Python生成渗透测试报告；第 16章介绍 Python取证相关模块。
本书适合网络安全渗透测试人员、运维工程师、网络管理人员、网络安全设备设计人员、网络安全软件开发人员、安全课程培训人员、高校网络安全专业方向的学生阅读。
作者简介:
李华峰，多年来一直从事网络安全方面的教学与研究工作。他同时是一位资深的信息安全顾问和自由撰稿人，在网络安全部署、网络攻击与防御以及社会工程学等方面有十分丰富的实践经验。已出版的著作和译著包括：《精通Metasploit渗透测试（第2版）》《诸神之眼――Nmap网络安全审计技术揭秘》《Python渗透测试编程技术：方法与实践》《Wireshark网络分析从入门到实践》《Kali Linux 2网络渗透测试实践指南》等。
目录:
目录

第1章概述·············································1
1.1 网络安全渗透测试······················1
1.2 开展网络安全渗透测试················3
1.2.1 前期与客户的交流··································4
1.2.2 收集情报······························································5
1.2.3 威胁建模······························································5
1.2.4 漏洞分析······························································6
1.2.5 漏洞利用······························································6
1.2.6 后渗透攻击·························································································6
1.2.7 报告··································································································7
1.3 网络安全渗透测试需要掌握的技能·················································7
1.4 小结········································8

第2章 Kali Linux 2使用基础··············9
2.1 简介········································9
2.2 安装Kali Linux 2······················10
2.2.1 在VMware虚拟机中安装Kali Linux 2···············10
2.2.2 在树莓派中安装Kali Linux 2···12
2.3 Kali Linux 2的常用操作·············15
2.3.1 文件系统····························17
2.3.2 常用命令····························19
2.3.3 对Kali Linux 2的网络进行配置·················21
2.3.4 在Kali Linux 2中安装第三方应用程序·················25
2.3.5 对Kali Linux 2网络进行SSH远程控制····················25
2.3.6 Kali Linux 2的更新操作········29
2.4 VMware的高级操作··················29
2.4.1 在VMware中安装其他操作系统···············29
2.4.2 VMware中的网络连接··········30
2.4.3 VMware中的快照与克隆功能···················32
2.5 小结······································33

第3章 Python语言基础部分·············34
3.1 Python语言基础·······················35
3.2 在Kali Linux 2系统中安装Python编程环境 ································ 35
3.3 编写第一个 Python程序 ············· 43
3.4 选择结构 ································ 44
3.5 循环结构 ································ 45
3.6 数字和字符串 ·························· 47
3.7 列表、元组和字典 ···················· 49
3.7.1 列表 ·································· 49
3.7.2 元组 ·································· 50
3.7.3 字典 ·································· 50
3.8 函数与模块 ····························· 51
3.9 文件处理 ································ 53
3.10 小结 ····································· 54

第 4章安全渗透测试的常见模块·······55
4.1 Socket模块文件 ······················· 55
4.1.1 简介 ·································· 56
4.1.2 基本用法 ···························· 57
4.2 python-nmap模块文件 ················ 60
4.2.1 简介 ·································· 61
4.2.2 基本用法 ···························· 62
4.3 Scapy模块文件 ························ 66
4.3.1 简介 ·································· 66
4.3.2 基本用法 ···························· 67
4.4 小结 ······································ 76

第 5章信息收集···································77
5.1 信息收集基础 ·························· 78
5.2 主机状态扫描 ·························· 79
5.2.1 基于 ARP的活跃主机发现技术 ·································· 80
5.2.2 基于 ICMP的活跃主机发现技术 ·································· 85
5.2.3 基于 TCP的活跃主机发现技术 ·································· 90
5.2.4 基于 UDP的活跃主机发现技术 ·································· 93
5.3 端口扫描 ································ 94
5.3.1 基于 TCP全开的端口扫描技术 ·································· 95
5.3.2 基于 TCP半开的端口扫描技术 ·································· 98
5.4 服务扫描 ·······························101
5.5 操作系统扫描 ·························105
5.6 小结 ·····································108

第 6章对漏洞进行渗透（基础部分）······························110
6.1 测试软件的溢出漏洞 ················ 110
6.2 计算软件溢出的偏移地址 ·········· 114
6.3 查找JMP ESP指令··················· 117
6.4 编写渗透程序 ·························120
6.5 坏字符的确定 ·························123
6.6 使用Metasploit生成 shellcode ·····126
6.7 小结·····································130

第 7章对漏洞进行渗透（高级部分） ······························131
7.1 SEH溢出简介 ·························132
7.2 编写基于 SEH溢出渗透模块的要点······································134
7.2.1 计算到 catch位置的偏移量····135
7.2.2 查找 POP/POP/RET地址·······141
7.3 编写渗透模块 ·························142
7.4 小结 ·····································145

第8章网络嗅探与欺骗 ··············· 146
8.1 网络数据嗅探 ·························147
8.1.1 编写一个网络嗅探工具 ·········147
8.1.2 调用 Wireshark 查看数据包 ······························150
8.2 ARP的原理与缺陷 ···················152
8.3 ARP欺骗的原理 ······················153
8.4 中间人欺骗 ····························156
8.5 小结 ·····································164

第9章拒绝服务攻击 ·················· 165
9.1 数据链路层的拒绝服务攻击 ·······166
9.2 网络层的拒绝服务攻击 ·············169
9.3 传输层的拒绝服务攻击 ·············171
9.4 基于应用层的拒绝服务攻击 ·······173
9.5 小结 ·····································179

第10章身份认证攻击 ················ 181
10.1 简单网络服务认证的攻击 ·········182
10.2 编写破解密码字典 ··················183
10.3 FTP暴力破解模块 ··················187
10.4 SSH暴力破解模块 ··················191
10.5 Web暴力破解模块 ··················194
10.6 使用BurpSuite对网络认证服务的攻击 ····································201
10.6.1 基于表单的暴力破解 ··········202
10.6.2 绕过验证码（客户端） ·········212
10.6.3 绕过验证码（服务器端） ······214
10.7 小结 ····································215

第11章编写远程控制工具 ·········· 216
11.1 远程控制工具简介 ··················216
11.2 远程控制程序的服务器端和客户端 ·································217
11.2.1 执行系统命令（subprocess模块） ···············217
11.2.2 远程控制的服务器端与客户端（socket模块实现） ···············221
11.3 将 Python 脚本转换为exe 文件 ·······························224
11.4 小结 ····································226

第12章无线网络渗透（基础部分） ···················· 227
12.1 无线网络基础 ························228
12.2 Kali Linux 2 中的无线功能 ········229
12.2.1 无线网络嗅探的硬件需求和软件设置 ·························229
12.2.2 无线网络渗透使用的库文件 ····························231
12.3 AP扫描器 ····························231
12.4 无线网络数据嗅探器 ···············233
12.5 无线网络的客户端扫描器 ·········234
12.6 扫描隐藏的 SSID ····················235
12.7 绕过目标的 MAC 过滤机制 ······236
12.8 捕获加密的数据包 ··················238
12.8.1 捕获 WEP 数据包 ··············238
12.8.2 捕获 WPA 类型数据包 ········239
12.9 小结 ····································240

第13章无线网络渗透（高级部分） ···················· 241
13.1 模拟无线客户端的连接过程 ······241
13.2 模拟 AP 的连接行为················245
13.3 编写 Deauth 攻击程序 ··············247
13.4 无线网络入侵检测 ··················248
13.5 小结 ····································248

第14章对 Web 应用进行渗透测试 ······················ 249
14.1 渗透测试所需模块 ··················251
14.1.1 requests 库的使用 ··············252
14.1.2 其他常用模块文件 ·············253
14.2 处理 HTTP 头部 ·····················254
14.3 处理 Cookie ··························254
14.4 捕获 HTTP 基本认证数据包 ·································256
14.5 编写 Web 服务器扫描程序 ········257
14.6 暴力扫描出目标服务器上的所有页面 ······························259
14.7 验证码安全 ···························260
14.8 小结 ····································266

第15章生成渗透测试报告 ·········· 267
15.1 渗透测试报告的相关理论 ·········268
15.1.1 目的 ·······························268
15.1.2 内容摘要 ·························268
15.1.3 包含的范围 ······················268
15.1.4 安全地交付渗透测试报告 ····269
15.1.5 渗透测试报告应包含的内容 ································269
15.2 处理 XML 文件 ······················269
15.3 生成 Excel 格式的渗透报告·······271
15.4 小结 ····································278

第16章 Python 取证相关模块 ······ 279
16.1 MD5值的计算 ·······················279
16.1.1 MD5的相关知识 ···············279
16.1.2 在Python中计算MD5 ········280
16.1.3 为文件计算MD5 ···············280
16.2 对IP地址进行地理定位 ···········281
16.3 时间取证 ······························282
16.4 注册表取证 ···························283
16.5 图像取证 ······························284
16.6 小结 ····································285

查看详情

Python渗透测试编程技术：方法与实践（第2版）（清华开发者书库.Python）

内容简介:

作者简介:

目录: