-- 會員 / 註冊 --  
 帳號:
 密碼:
  | 註冊 | 忘記密碼
4/6 新書到! 3/30 新書到! 3/23 新書到! 3/17 新書到!
購書流程Q & A站務留言版客服信箱
3ds MaxMayaRhinoAfter EffectsSketchUpZBrushPainterUnity
PhotoShopAutoCadMasterCamSolidWorksCreoUGRevitNuke
C#CC++Java遊戲程式Linux嵌入式PLCFPGAMatlab
駭客資料庫搜索引擎影像處理FluentVR+ARANSYS深度學習
單晶片AVROpenGLArduinoRaspberry Pi電路設計CadenceProtel
HadoopPythonStm32CortexLabview手機程式AndroidiPhone
可查書名,作者,ISBN,3dwoo書號
詳細書籍分類

Python滲透測試編程技術:方法與實踐(第2版)

( 簡體 字)
作者:李華峰類別:1. -> 程式設計 -> Python
譯者:
出版社:清華大學出版社Python滲透測試編程技術:方法與實踐(第2版) 3dWoo書號: 53894
詢問書籍請說出此書號!

有庫存
NT定價: 345
折扣價: 276

出版日:1/1/2021
頁數:285
光碟數:0
站長推薦:
印刷:黑白印刷語系: ( 簡體 版 )
加入購物車 加到我的最愛
(請先登入會員)
ISBN:9787302563884
作者序 | 譯者序 | 前言 | 內容簡介 | 目錄 | 
作者序:

譯者序:

前言:

為什么要寫這本書
本書自第 1版出版后,反響熱烈,版權輸出到中國臺灣。其間作者收到許多讀者的電子郵件,有的讀者對本書提出了寶貴的意見,指出了書中的一些不當之處,在對本書做修訂之際,作者對這些讀者表示衷心的感謝,并希望讀者繼續關注本書,不吝賜教。作者也同許多讀者就本書做過較為深入的探討,備感鼓舞和欣慰的同時深感寫好一本書的不易。
隨著時代的發展, Python 2.7已于 2020年 1月 1日正式停止官方維護,這也意味著 Python 2將被淘汰。因此作者對這本書做了一次大“手術”,這是自本書初稿完成后所做的最大一次修改。本次修改了初稿一半左右的篇幅,并將所有的案例使用 Python 3代碼進行編寫。本次修訂時,雖然已仔細糾正其中的不當之處,但仍難免有不妥和錯誤之處,懇請讀者批評指正。
本書提供了大量編程實例,這些內容與目前網絡安全的熱點問題相結合,既可以作為高等院校網絡安全相關專業的教材,也適合作為網絡安全工作者的參考用書。為了幫助讀者高效學習本書內容,本書配套的案例代碼以及作為高校教學配套使用的教案、講稿和幻燈片已經上傳到作者的公眾號(邪靈工作室)中。讀者可以通過關注本書作者的公眾號下載相關資源。
閱讀本書的建議
* 沒有 Python基礎的讀者,建議從第 1章開始按順序閱讀并練習每一個實例。
* 有一定 Python基礎的讀者,可以根據實際情況有重點地選擇閱讀部分技術要點。
* 對于每一個知識點和項目案例,先通讀一遍,以便有一個大概印象;然后將每一個知識點的示例代碼在開發環境中操作,以便加深對知識點的理解。
讀者對象
本書的讀者群主要是網絡安全滲透測試人員、運維工程師、網絡管理人員、網絡安全設備設計人員、網絡安全軟件開發人員、安全課程培訓學員、高校網絡安全專業方向的學生,還包括各種非專業但熱衷于網絡安全研究的人員。
本書第 1版被很多高校作為網絡安全專業的教材。
本書主要內容
全書一共 16章。
第 1章主要介紹了網絡安全滲透測試的相關理論。
第 2章主要介紹了 Kali Linux 2的使用基礎。
第 3章主要介紹了 Python語言基礎。
第 4章主要介紹了安全滲透測試中的常見模塊。
第 5章主要介紹了使用 Python實現信息收集。
第 6章主要介紹了使用 Python對漏洞進行滲透的基礎部分。
第 7章主要介紹了使用 Python對漏洞進行滲透的高級部分。
第 8章主要介紹了使用 Python實現網絡的嗅探與欺騙。
第 9章主要介紹了使用 Python實現拒絕服務攻擊。
第 10章主要介紹了使用 Python實現身份認證攻擊。
第 11章主要介紹了使用 Python編寫遠程控制工具。
第 12章主要介紹了使用 Python完成無線網絡滲透基礎部分。
第 13章主要介紹了使用 Python完成無線網絡滲透高級部分。
第 14章主要介紹了使用 Python對 Web應用進行滲透測試。
第 15章主要介紹了使用 Python生成滲透測試報告。
第 16章主要介紹了使用 Python進行取證的相關模塊。

關于勘誤
雖然作者花了很多時間和精力去核對書中的文字、代碼和圖片,但因為時間倉促和水平有限,書中仍難免會有一些不足和疏漏,如果讀者發現問題,懇請反饋給作者,相關信息可發到作者的公眾號(邪靈工作室)或者通過清華大學出版社 www.tup.com.cn與作者聯系。作者會努力回答疑問或者指出一個正確的方向。
致謝
感謝所有的讀者,是你們的支持促成了本書的面世。感謝作者所在單位提供了自由的科研工作環境,正是這種完全自由的氛圍才使得作者多年的心血能夠以文字的形式展示出來。感謝清華大學出版社秦健編輯在本書的編寫過程中對作者的支持。最后感謝身邊的每一位親人、朋友以及學生,感謝你們在作者編寫此書時給予的支持與理解。
內容簡介:

本書是資深網絡安全教師多年工作經驗的結晶。書中系統且深入地將 Python應用實例與網絡安全相結合進行講解,不僅講述 Python的實際應用方法,而且從網絡安全原理的角度分析 Python實現網絡安全編程技術,真正做到理論與實踐相結合。
全書共分為 16章。第 1章介紹網絡安全滲透測試的相關理論;第 2章介紹 Kali Linux 2使用基礎;第 3章介紹 Python語言基礎;第 4章介紹使用 Python進行安全滲透測試的常見模塊;第 5章介紹使用 Python實現信息收集;第 6章和第 7章介紹使用 Python對漏洞進行滲透;第 8章介紹使用 Python實現網絡的嗅探與欺騙;第 9章介紹使用 Python實現拒絕服務攻擊;第 10章介紹使用 Python實現身份認證攻擊;第 11章介紹使用 Python編寫遠程控制工具;第 12章和第 13章介紹使用 Python完成無線網絡滲透;第 14章介紹使用 Python完成 Web滲透測試;第 15章介紹使用 Python生成滲透測試報告;第 16章介紹 Python取證相關模塊。
本書適合網絡安全滲透測試人員、運維工程師、網絡管理人員、網絡安全設備設計人員、網絡安全軟件開發人員、安全課程培訓人員、高校網絡安全專業方向的學生閱讀。
目錄:

第1章概述·············································1
1.1網絡安全滲透測試······················1
1.2開展網絡安全滲透測試················3
1.2.1前期與客戶的交流··································4
1.2.2收集情報······························································5
1.2.3威脅建模······························································5
1.2.4漏洞分析······························································6
1.2.5漏洞利用······························································6
1.2.6后滲透攻擊·························································································6
1.2.7報告··································································································7
1.3網絡安全滲透測試需要掌握的技能·················································7
1.4小結········································8
第2章KaliLinux2使用基礎··············9
2.1簡介········································9
2.2安裝KaliLinux2······················10
2.2.1在VMware虛擬機中安裝KaliLinux2···············10
2.2.2在樹莓派中安裝KaliLinux2···12
2.3KaliLinux2的常用操作·············15
2.3.1文件系統····························17
2.3.2常用命令····························19
2.3.3對KaliLinux2的網絡進行配置·················21
2.3.4在KaliLinux2中安裝第三方應用程序·················25
2.3.5對KaliLinux2網絡進行SSH遠程控制····················25
2.3.6KaliLinux2的更新操作········29
2.4VMware的高級操作··················29
2.4.1在VMware中安裝其他操作系統···············29
2.4.2VMware中的網絡連接··········30
2.4.3VMware中的快照與克隆功能···················32
2.5小結······································33
第3章Python語言基礎部分·············34
3.1Python語言基礎·······················35
3.2在KaliLinux2系統中安裝Python編程環境································35
3.3編寫第一個Python程序·············43
3.4選擇結構································44
3.5循環結構································45
3.6數字和字符串··························47
3.7列表、元組和字典····················49
3.7.1列表··································49
3.7.2元組··································50
3.7.3字典··································50
3.8函數與模塊·····························51
3.9文件處理································53
3.10小結·····································54
第4章安全滲透測試的常見模塊·······55
4.1Socket模塊文件·······················55
4.1.1簡介··································56
4.1.2基本用法····························57
4.2python-nmap模塊文件················60
4.2.1簡介··································61
4.2.2基本用法····························62
4.3Scapy模塊文件························66
4.3.1簡介··································66
4.3.2基本用法····························67
4.4小結······································76
第5章信息收集···································77
5.1信息收集基礎··························78
5.2主機狀態掃描··························79
5.2.1基于ARP的活躍主機發現技術··································80
5.2.2基于ICMP的活躍主機發現技術··································85
5.2.3基于TCP的活躍主機發現技術··································90
5.2.4基于UDP的活躍主機發現技術··································93
5.3 端口掃描································94
5.3.1基于TCP全開的端口掃描技術··································95
5.3.2基于TCP半開的端口掃描技術··································98
5.4服務掃描·······························101
5.5操作系統掃描·························105
5.6小結·····································108
第6章對漏洞進行滲透(基礎部分)······························110
6.1測試軟件的溢出漏洞················110
6.2計算軟件溢出的偏移地址··········114
6.3查找JMPESP指令···················117
6.4編寫滲透程序·························120
6.5壞字符的確定·························123
6.6使用Metasploit生成shellcode·····126
6.7小結·····································130
第7章對漏洞進行滲透(高級部分)······························131
7.1 SEH溢出簡介·························132
7.2 編寫基于SEH溢出滲透模塊的要點······································134
7.2.1計算到catch位置的偏移量····135
7.2.2查找POP/POP/RET地址·······141
7.3 編寫滲透模塊·························142
7.4小結·····································145
第8章網絡嗅探與欺騙···············146
8.1網絡數據嗅探·························147
8.1.1編寫一個網絡嗅探工具·········147
8.1.2調用Wireshark查看數據包······························150
8.2ARP的原理與缺陷···················152
8.3ARP欺騙的原理······················153
8.4中間人欺騙····························156
8.5小結·····································164
第9章拒絕服務攻擊··················165
9.1數據鏈路層的拒絕服務攻擊·······166
9.2網絡層的拒絕服務攻擊·············169
9.3傳輸層的拒絕服務攻擊·············171
9.4基于應用層的拒絕服務攻擊·······173
9.5小結·····································179
第10章身份認證攻擊················181
10.1簡單網絡服務認證的攻擊·········182
10.2編寫破解密碼字典··················183
10.3FTP暴力破解模塊··················187
10.4SSH暴力破解模塊··················191
10.5Web暴力破解模塊··················194
10.6使用BurpSuite對網絡認證服務的攻擊····································201
10.6.1基于表單的暴力破解··········202
10.6.2繞過驗證碼(客戶端)·········212
10.6.3繞過驗證碼(服務器端)······214
10.7小結····································215
第11章編寫遠程控制工具··········216
11.1遠程控制工具簡介··················216
11.2遠程控制程序的服務器端和客戶端·································217
11.2.1執行系統命令(subprocess模塊)···············217
11.2.2遠程控制的服務器端與客戶端(socket模塊實現)···············221
11.3將Python腳本轉換為exe文件·······························224
11.4小結····································226
第12章無線網絡滲透(基礎部分)····················227
12.1無線網絡基礎························228
12.2KaliLinux2中的無線功能········229
12.2.1無線網絡嗅探的硬件需求和軟件設置·························229
12.2.2無線網絡滲透使用的庫文件····························231
12.3AP掃描器····························231
12.4無線網絡數據嗅探器···············233
12.5無線網絡的客戶端掃描器·········234
12.6掃描隱藏的SSID····················235
12.7繞過目標的MAC過濾機制······236
12.8捕獲加密的數據包··················238
12.8.1捕獲WEP數據包··············238
12.8.2捕獲WPA類型數據包········239
12.9小結····································240
第13章無線網絡滲透(高級部分)····················241
13.1模擬無線客戶端的連接過程······241
13.2模擬AP的連接行為················245
13.3編寫Deauth攻擊程序··············247
13.4無線網絡入侵檢測··················248
13.5小結····································248
第14章對Web應用進行滲透測試······················249
14.1滲透測試所需模塊··················251
14.1.1requests庫的使用··············252
14.1.2其他常用模塊文件·············253
14.2處理HTTP頭部·····················254
14.3處理Cookie··························254
14.4捕獲HTTP基本認證數據包·································256
14.5編寫Web服務器掃描程序········257
14.6暴力掃描出目標服務器上的所有頁面······························259
14.7驗證碼安全···························260
14.8小結····································266
第15章生成滲透測試報告··········267
15.1滲透測試報告的相關理論·········268
15.1.1目的·······························268
15.1.2內容摘要·························268
15.1.3包含的范圍······················268
15.1.4安全地交付滲透測試報告····269
15.1.5滲透測試報告應包含的內容································269
15.2處理XML文件······················269
15.3生成Excel格式的滲透報告·······271
15.4小結····································278
第16章Python取證相關模塊······279
16.1MD5值的計算·······················279
16.1.1MD5的相關知識···············279
16.1.2在Python中計算MD5········280
16.1.3為文件計算MD5···············280
16.2對IP地址進行地理定位···········281
16.3時間取證······························282
16.4注冊表取證···························283
16.5圖像取證······························284
16.6小結····································285
序: