Python for Automating Information Security

Video description

The process of finding and eradicating an attacker is time-consuming and costs a lot, which hurts your organization. You need to write tools that will help you automate your defensive and offensive security. As a penetration tester, you need to evolve quickly. When off-the-shelf tools and exploits fall short, writing your own tool will help you safeguard your data.

In this course, learn how to leverage Python to perform routine tasks quickly and efficiently. You will automate log analysis and packet analysis with file operations, regular expressions, and analysis modules; interact with websites to collect intelligence; and develop TCP client and server applications for use in penetration testing. You will learn how to build automation tools for information security, and will hopefully find that these examples will help inspire you to design and build your own!

By the end of this course, you will have the skills and confidence you need to automate both offensive and defensive security techniques using Python; and have developed several small security tools and one large comprehensive penetration testing tool, all of which can be used in the real world.

What You Will Learn

  • Read and modify exploit scripts so they can be used in a real penetration test
  • Analyze a packet capture file to look for network traffic anomalies
  • Collect open-source intelligence (OSINT) to speed up the passive-intelligence-gathering phase of a penetration test
  • Analyze a log file for suspicious activity
  • Write a Python replacement for Netcat that can be used for many purposes including obtaining a shell after a successful exploit
  • Collect packets of the wire for use in live network traffic analysis
  • Develop your first penetration-testing tool

Audience

If you are a security professional, a networking enthusiast, or just plain curious in understanding how networks and packets work internally, then this course is for you!

Requirements: Beginner to intermediate-level Python proficiency recommended, Oracle VirtualBox, Kali Linux, Metasploitable 2 and PyCharm IDE in your Kali system.

About The Author

Thomas McNeela: Thomas McNeela is an experienced information security professional and continuing-education instructor. Over his nine-year career, he has worked for several companies including Motorola Mobility and U.S. Cellular.

Thomas specializes in network engineering and security, security assessments, threat intelligence, and automation. He earned a Master of Science (M.S.) degree in Information Systems from Northwestern University and holds many industry-recognized certifications including the CISSP and CEH (Master), and is currently working for information security software and services firm located in the Chicago area.

Table of contents

  1. Chapter 1 : Reading, Modifying, and Testing an Exploit Script
    1. The Course Overview
    2. Setting Up Your Virtual Environment
    3. Finding an Exploit Script
    4. Understanding the Script
    5. Modifying the Script
    6. Testing the Script
  2. Chapter 2 : Analyzing a Packet Capture File
    1. Viewing a Packet Capture File in Wireshark
    2. Understanding Normal Traffic Patterns
    3. Writing a Python Script to Look for Malicious Network Traffic
    4. Writing a Python Script to Calculate a Network Traffic Baseline
    5. Writing a Python Script to Compare a Baseline Against Network Traffic
  3. Chapter 3 : Gathering Open-Source Intelligence
    1. What OSINT Is
    2. Enumerating Domain Names with Python
    3. What Is Google Dorking
    4. Automating Google Dorking with Python
    5. Web Directory Enumeration with Python
  4. Chapter 4 : Analyzing a Log File
    1. Reading a Log File
    2. Understanding Normal Log Messages
    3. Writing a Python Script to Look for Logs Indicating Malicious Activity
    4. Writing a Python Script to Calculate a Log Message Baseline
    5. Writing a Python Script to Compare a Baseline Against a Log File
  5. Chapter 5 : Writing a Python Replacement for Netcat
    1. What Is Netcat?
    2. Writing the Input Arguments
    3. Writing the Client
    4. Writing the Server
    5. Testing Your Program
  6. Chapter 6 : Collecting Network Packets Off the Wire
    1. Introduction to Passive Network Capture
    2. Writing a Python Packet Sniffer
    3. Capturing Plain-Text Credentials from Network Packets with Python
    4. Introduction to ARP Cache Poisoning
    5. Writing a Python ARP Cache Poisoner
  7. Chapter 7 : Building a Penetration Testing Tool
    1. Introduction to the Metasploit Framework
    2. Writing the Discovery Module
    3. Writing the Exploit Framework
    4. Stitching It All Together with an Interactive Command Shell
    5. Testing MSFPY

Product information

  • Title: Python for Automating Information Security
  • Author(s): Thomas McNeela
  • Release date: May 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781838828219