老熟妇乱子伦亚洲视频,sao精品视频免费观看,脱女学小内内摸出水网站免费

內(nèi)容簡(jiǎn)介
序言
作者介紹
目錄

本書是資深網(wǎng)絡(luò)安全教師多年工作經(jīng)驗(yàn)的結(jié)晶。書中系統(tǒng)且深入地將 Python應(yīng)用實(shí)例與網(wǎng)絡(luò)安全相結(jié)合進(jìn)行講解，不僅講述 Python的實(shí)際應(yīng)用方法，而且從網(wǎng)絡(luò)安全原理的角度分析 Python實(shí)現(xiàn)網(wǎng)絡(luò)安全編程技術(shù)，真正做到理論與實(shí)踐相結(jié)合。

全書共分為 16章。第 1章介紹網(wǎng)絡(luò)安全滲透測(cè)試的相關(guān)理論；第 2章介紹 Kali Linux 2使用基礎(chǔ)；第 3章介紹 Python語言基礎(chǔ)；第 4章介紹使用 Python進(jìn)行安全滲透測(cè)試的常見模塊；第 5章介紹使用 Python實(shí)現(xiàn)信息收集；第 6章和第 7章介紹使用 Python對(duì)漏洞進(jìn)行滲透；第 8章介紹使用 Python實(shí)現(xiàn)網(wǎng)絡(luò)的x探與欺騙；第 9章介紹使用 Python實(shí)現(xiàn)拒絕服務(wù)攻擊；第 10章介紹使用 Python實(shí)現(xiàn)身份認(rèn)證攻擊；第 11章介紹使用 Python編寫遠(yuǎn)程控制工具；第 12章和第 13章介紹使用 Python完成無線網(wǎng)絡(luò)滲透；第 14章介紹使用 Python完成 Web滲透測(cè)試；第 15章介紹使用 Python生成滲透測(cè)試報(bào)告；第 16章介紹 Python取證相關(guān)模塊。

本書適合網(wǎng)絡(luò)安全滲透測(cè)試人員、運(yùn)維工程師、網(wǎng)絡(luò)管理人員、網(wǎng)絡(luò)安全設(shè)備設(shè)計(jì)人員、網(wǎng)絡(luò)安全軟件開發(fā)人員、安全課程培訓(xùn)人員、高校網(wǎng)絡(luò)安全專業(yè)方向的學(xué)生閱讀。

前言

為什么要寫這本書

本書自第 1版出版后，反響熱烈，版權(quán)輸出到中國(guó)臺(tái)灣。其間作者收到許多讀者的電子郵件，有的讀者對(duì)本書提出了寶貴的意見，指出了書中的一些不當(dāng)之處，在對(duì)本書做修訂之際，作者對(duì)這些讀者表示衷心的感謝，并希望讀者繼續(xù)關(guān)注本書，不吝賜教。作者也同許多讀者就本書做過較為深入的探討，備感鼓舞和欣慰的同時(shí)深感寫好一本書的不易。

隨著時(shí)代的發(fā)展， Python 2.7已于 2020年 1月 1日正式停止官方維護(hù)，這也意味著 Python 2將被淘汰。因此作者對(duì)這本書做了一次大“手術(shù)”，這是自本書初稿完成后所做的最大一次修改。本次修改了初稿一半左右的篇幅，并將所有的案例使用 Python 3代碼進(jìn)行編寫。本次修訂時(shí)，雖然已仔細(xì)糾正其中的不當(dāng)之處，但仍難免有不妥和錯(cuò)誤之處，懇請(qǐng)讀者批評(píng)指正。

本書提供了大量編程實(shí)例，這些內(nèi)容與目前網(wǎng)絡(luò)安全的熱點(diǎn)問題相結(jié)合，既可以作為高等院校網(wǎng)絡(luò)安全相關(guān)專業(yè)的教材，也適合作為網(wǎng)絡(luò)安全工作者的參考用書。為了幫助讀者高效學(xué)習(xí)本書內(nèi)容，本書配套的案例代碼以及作為高校教學(xué)配套使用的教案、講稿和幻燈片已經(jīng)上傳到作者的公眾號(hào)（邪靈工作室）中。讀者可以通過關(guān)注本書作者的公眾號(hào)下載相關(guān)資源。

閱讀本書的建議

* 沒有 Python基礎(chǔ)的讀者，建議從第 1章開始按順序閱讀并練習(xí)每一個(gè)實(shí)例。

* 有一定 Python基礎(chǔ)的讀者，可以根據(jù)實(shí)際情況有重點(diǎn)地選擇閱讀部分技術(shù)要點(diǎn)。

* 對(duì)于每一個(gè)知識(shí)點(diǎn)和項(xiàng)目案例，先通讀一遍，以便有一個(gè)大概印象；然后將每一個(gè)知識(shí)點(diǎn)的示例代碼在開發(fā)環(huán)境中操作，以便加深對(duì)知識(shí)點(diǎn)的理解。

讀者對(duì)象

本書的讀者群主要是網(wǎng)絡(luò)安全滲透測(cè)試人員、運(yùn)維工程師、網(wǎng)絡(luò)管理人員、網(wǎng)絡(luò)安全設(shè)備設(shè)計(jì)人員、網(wǎng)絡(luò)安全軟件開發(fā)人員、安全課程培訓(xùn)學(xué)員、高校網(wǎng)絡(luò)安全專業(yè)方向的學(xué)生，還包括各種非專業(yè)但熱衷于網(wǎng)絡(luò)安全研究的人員。

本書第 1版被很多高校作為網(wǎng)絡(luò)安全專業(yè)的教材。

本書主要內(nèi)容

全書一共 16章。

第 1章主要介紹了網(wǎng)絡(luò)安全滲透測(cè)試的相關(guān)理論。

第 2章主要介紹了 Kali Linux 2的使用基礎(chǔ)。

第 3章主要介紹了 Python語言基礎(chǔ)。

第 4章主要介紹了安全滲透測(cè)試中的常見模塊。

第 5章主要介紹了使用 Python實(shí)現(xiàn)信息收集。

第 6章主要介紹了使用 Python對(duì)漏洞進(jìn)行滲透的基礎(chǔ)部分。

第 7章主要介紹了使用 Python對(duì)漏洞進(jìn)行滲透的高級(jí)部分。

第 8章主要介紹了使用 Python實(shí)現(xiàn)網(wǎng)絡(luò)的嗅探與欺騙。

第 9章主要介紹了使用 Python實(shí)現(xiàn)拒絕服務(wù)攻擊。

第 10章主要介紹了使用 Python實(shí)現(xiàn)身份認(rèn)證攻擊。

第 11章主要介紹了使用 Python編寫遠(yuǎn)程控制工具。

第 12章主要介紹了使用 Python完成無線網(wǎng)絡(luò)滲透基礎(chǔ)部分。

第 13章主要介紹了使用 Python完成無線網(wǎng)絡(luò)滲透高級(jí)部分。

第 14章主要介紹了使用 Python對(duì) Web應(yīng)用進(jìn)行滲透測(cè)試。

第 15章主要介紹了使用 Python生成滲透測(cè)試報(bào)告。

第 16章主要介紹了使用 Python進(jìn)行取證的相關(guān)模塊。

關(guān)于勘誤

雖然作者花了很多時(shí)間和精力去核對(duì)書中的文字、代碼和圖片，但因?yàn)闀r(shí)間倉促和水平有限，書中仍難免會(huì)有一些不足和疏漏，如果讀者發(fā)現(xiàn)問題，懇請(qǐng)反饋給作者，相關(guān)信息可發(fā)到作者的公眾號(hào)（邪靈工作室）或者通過清華大學(xué)出版社 www.tup.com.cn與作者聯(lián)系。作者會(huì)努力回答疑問或者指出一個(gè)正確的方向。

致謝

感謝所有的讀者，是你們的支持促成了本書的面世。感謝作者所在單位提供了自由的科研工作環(huán)境，正是這種完全自由的氛圍才使得作者多年的心血能夠以文字的形式展示出來。感謝清華大學(xué)出版社秦健編輯在本書的編寫過程中對(duì)作者的支持。最后感謝身邊的每一位親人、朋友以及學(xué)生，感謝你們?cè)谧髡呔帉懘藭鴷r(shí)給予的支持與理解。

李華峰，多年來一直從事網(wǎng)絡(luò)安全方面的教學(xué)與研究工作。他同時(shí)是一位資深的信息安全顧問和自由撰稿人，在網(wǎng)絡(luò)安全部署、網(wǎng)絡(luò)攻擊與防御以及社會(huì)工程學(xué)等方面有十分豐富的實(shí)踐經(jīng)驗(yàn)。已出版的著作和譯著包括：《精通Metasploit滲透測(cè)試（第2版）》《諸神之眼——Nmap網(wǎng)絡(luò)安全審計(jì)技術(shù)揭秘》《Python滲透測(cè)試編程技術(shù)：方法與實(shí)踐》《Wireshark網(wǎng)絡(luò)分析從入門到實(shí)踐》《Kali Linux 2網(wǎng)絡(luò)滲透測(cè)試實(shí)踐指南》等。

第1章概述·············································1

1.1 網(wǎng)絡(luò)安全滲透測(cè)試······················1

1.2 開展網(wǎng)絡(luò)安全滲透測(cè)試················3

1.2.1 前期與客戶的交流··································4

1.2.2 收集情報(bào)······························································5

1.2.3 威脅建模······························································5

1.2.4 漏洞分析······························································6

1.2.5 漏洞利用······························································6

1.2.6 后滲透攻擊·························································································6

1.2.7 報(bào)告··································································································7

1.3 網(wǎng)絡(luò)安全滲透測(cè)試需要掌握的技能·················································7

1.4 小結(jié)········································8

第2章 Kali Linux 2使用基礎(chǔ)··············9

2.1 簡(jiǎn)介········································9

2.2 安裝Kali Linux 2······················10

2.2.1 在VMware虛擬機(jī)中安裝Kali Linux 2···············10

2.2.2 在樹莓派中安裝Kali Linux 2···12

2.3 Kali Linux 2的常用操作·············15

2.3.1 文件系統(tǒng)····························17

2.3.2 常用命令····························19

2.3.3 對(duì)Kali Linux 2的網(wǎng)絡(luò)進(jìn)行配置·················21

2.3.4 在Kali Linux 2中安裝第三方應(yīng)用程序·················25

2.3.5 對(duì)Kali Linux 2網(wǎng)絡(luò)進(jìn)行SSH遠(yuǎn)程控制····················25

2.3.6 Kali Linux 2的更新操作········29

2.4 VMware的高級(jí)操作··················29

2.4.1 在VMware中安裝其他操作系統(tǒng)···············29

2.4.2 VMware中的網(wǎng)絡(luò)連接··········30

2.4.3 VMware中的快照與克隆功能···················32

2.5 小結(jié)······································33

第3章 Python語言基礎(chǔ)部分·············34

3.1 Python語言基礎(chǔ)·······················35

3.2 在Kali Linux 2系統(tǒng)中安裝Python編程環(huán)境 ································ 35

3.3 編寫第一個(gè) Python程序 ············· 43

3.4 選擇結(jié)構(gòu) ································ 44

3.5 循環(huán)結(jié)構(gòu) ································ 45

3.6 數(shù)字和字符串 ·························· 47

3.7 列表、元組和字典 ···················· 49

3.7.1 列表 ·································· 49

3.7.2 元組 ·································· 50

3.7.3 字典 ·································· 50

3.8 函數(shù)與模塊 ····························· 51

3.9 文件處理 ································ 53

3.10 小結(jié) ····································· 54

第 4章安全滲透測(cè)試的常見模塊·······55

4.1 Socket模塊文件 ······················· 55

4.1.1 簡(jiǎn)介 ·································· 56

4.1.2 基本用法 ···························· 57

4.2 python-nmap模塊文件 ················ 60

4.2.1 簡(jiǎn)介 ·································· 61

4.2.2 基本用法 ···························· 62

4.3 Scapy模塊文件 ························ 66

4.3.1 簡(jiǎn)介 ·································· 66

4.3.2 基本用法 ···························· 67

4.4 小結(jié) ······································ 76

第 5章信息收集···································77

5.1 信息收集基礎(chǔ) ·························· 78

5.2 主機(jī)狀態(tài)掃描 ·························· 79

5.2.1 基于 ARP的活躍主機(jī)發(fā)現(xiàn)技術(shù) ·································· 80

5.2.2 基于 ICMP的活躍主機(jī)發(fā)現(xiàn)技術(shù) ·································· 85

5.2.3 基于 TCP的活躍主機(jī)發(fā)現(xiàn)技術(shù) ·································· 90

5.2.4 基于 UDP的活躍主機(jī)發(fā)現(xiàn)技術(shù) ·································· 93

5.3 端口掃描 ································ 94

5.3.1 基于 TCP全開的端口掃描技術(shù) ·································· 95

5.3.2 基于 TCP半開的端口掃描技術(shù) ·································· 98

5.4 服務(wù)掃描 ·······························101

5.5 操作系統(tǒng)掃描 ·························105

5.6 小結(jié) ·····································108

第 6章對(duì)漏洞進(jìn)行滲透（基礎(chǔ)部分）······························110

6.1 測(cè)試軟件的溢出漏洞 ················ 110

6.2 計(jì)算軟件溢出的偏移地址 ·········· 114

6.3 查找JMP ESP指令··················· 117

6.4 編寫滲透程序 ·························120

6.5 壞字符的確定 ·························123

6.6 使用Metasploit生成 shellcode ·····126

6.7 小結(jié)·····································130

第 7章對(duì)漏洞進(jìn)行滲透（高級(jí)部分） ······························131

7.1 SEH溢出簡(jiǎn)介 ·························132

7.2 編寫基于 SEH溢出滲透模塊的要點(diǎn)······································134

7.2.1 計(jì)算到 catch位置的偏移量····135

7.2.2 查找 POP/POP/RET地址·······141

7.3 編寫滲透模塊 ·························142

7.4 小結(jié) ·····································145

第8章網(wǎng)絡(luò)嗅探與欺騙 ··············· 146

8.1 網(wǎng)絡(luò)數(shù)據(jù)嗅探 ·························147

8.1.1 編寫一個(gè)網(wǎng)絡(luò)嗅探工具 ·········147

8.1.2 調(diào)用 Wireshark 查看數(shù)據(jù)包 ······························150

8.2 ARP的原理與缺陷 ···················152

8.3 ARP欺騙的原理 ······················153

8.4 中間人欺騙 ····························156

8.5 小結(jié) ·····································164

第9章拒絕服務(wù)攻擊 ·················· 165

9.1 數(shù)據(jù)鏈路層的拒絕服務(wù)攻擊 ·······166

9.2 網(wǎng)絡(luò)層的拒絕服務(wù)攻擊 ·············169

9.3 傳輸層的拒絕服務(wù)攻擊 ·············171

9.4 基于應(yīng)用層的拒絕服務(wù)攻擊 ·······173

9.5 小結(jié) ·····································179

第10章身份認(rèn)證攻擊 ················ 181

10.1 簡(jiǎn)單網(wǎng)絡(luò)服務(wù)認(rèn)證的攻擊 ·········182

10.2 編寫破解密碼字典 ··················183

10.3 FTP暴力破解模塊 ··················187

10.4 SSH暴力破解模塊 ··················191

10.5 Web暴力破解模塊 ··················194

10.6 使用BurpSuite對(duì)網(wǎng)絡(luò)認(rèn)證服務(wù)的攻擊 ····································201

10.6.1 基于表單的暴力破解 ··········202

10.6.2 繞過驗(yàn)證碼（客戶端） ·········212

10.6.3 繞過驗(yàn)證碼（服務(wù)器端） ······214

10.7 小結(jié) ····································215

第11章編寫遠(yuǎn)程控制工具 ·········· 216

11.1 遠(yuǎn)程控制工具簡(jiǎn)介 ··················216

11.2 遠(yuǎn)程控制程序的服務(wù)器端和客戶端 ·································217

11.2.1 執(zhí)行系統(tǒng)命令（subprocess模塊） ···············217

11.2.2 遠(yuǎn)程控制的服務(wù)器端與客戶端（socket模塊實(shí)現(xiàn)） ···············221

11.3 將 Python 腳本轉(zhuǎn)換為exe 文件 ·······························224

11.4 小結(jié) ····································226

第12章無線網(wǎng)絡(luò)滲透（基礎(chǔ)部分） ···················· 227

12.1 無線網(wǎng)絡(luò)基礎(chǔ) ························228

12.2 Kali Linux 2 中的無線功能 ········229

12.2.1 無線網(wǎng)絡(luò)嗅探的硬件需求和軟件設(shè)置 ·························229

12.2.2 無線網(wǎng)絡(luò)滲透使用的庫文件 ····························231

12.3 AP掃描器 ····························231

12.4 無線網(wǎng)絡(luò)數(shù)據(jù)嗅探器 ···············233

12.5 無線網(wǎng)絡(luò)的客戶端掃描器 ·········234

12.6 掃描隱藏的 SSID ····················235

12.7 繞過目標(biāo)的 MAC 過濾機(jī)制 ······236

12.8 捕獲加密的數(shù)據(jù)包 ··················238

12.8.1 捕獲 WEP 數(shù)據(jù)包 ··············238

12.8.2 捕獲 WPA 類型數(shù)據(jù)包 ········239

12.9 小結(jié) ····································240

第13章無線網(wǎng)絡(luò)滲透（高級(jí)部分） ···················· 241

13.1 模擬無線客戶端的連接過程 ······241

13.2 模擬 AP 的連接行為················245

13.3 編寫 Deauth 攻擊程序 ··············247

13.4 無線網(wǎng)絡(luò)入侵檢測(cè) ··················248

13.5 小結(jié) ····································248

第14章對(duì) Web 應(yīng)用進(jìn)行滲透測(cè)試 ······················ 249

14.1 滲透測(cè)試所需模塊 ··················251

14.1.1 requests 庫的使用 ··············252

14.1.2 其他常用模塊文件 ·············253

14.2 處理 HTTP 頭部 ·····················254

14.3 處理 Cookie ··························254

14.4 捕獲 HTTP 基本認(rèn)證數(shù)據(jù)包 ·································256

14.5 編寫 Web 服務(wù)器掃描程序 ········257

14.6 暴力掃描出目標(biāo)服務(wù)器上的所有頁面 ······························259

14.7 驗(yàn)證碼安全 ···························260

14.8 小結(jié) ····································266

第15章生成滲透測(cè)試報(bào)告 ·········· 267

15.1 滲透測(cè)試報(bào)告的相關(guān)理論 ·········268

15.1.1 目的 ·······························268

15.1.2 內(nèi)容摘要 ·························268

15.1.3 包含的范圍 ······················268

15.1.4 安全地交付滲透測(cè)試報(bào)告 ····269

15.1.5 滲透測(cè)試報(bào)告應(yīng)包含的內(nèi)容 ································269

15.2 處理 XML 文件 ······················269

15.3 生成 Excel 格式的滲透報(bào)告·······271

15.4 小結(jié) ····································278

第16章 Python 取證相關(guān)模塊 ······ 279

16.1 MD5值的計(jì)算 ·······················279

16.1.1 MD5的相關(guān)知識(shí) ···············279

16.1.2 在Python中計(jì)算MD5 ········280

16.1.3 為文件計(jì)算MD5 ···············280

16.2 對(duì)IP地址進(jìn)行地理定位 ···········281

16.3 時(shí)間取證 ······························282

16.4 注冊(cè)表取證 ···························283

16.5 圖像取證 ······························284

16.6 小結(jié) ····································285

你還可能感興趣

大學(xué)物理實(shí)驗(yàn)
Python科學(xué)計(jì)算入門
Python趣味編程：從入門到人工智能
深度學(xué)習(xí)入門基于Python的理論與實(shí)現(xiàn)
ECMAScript 2018快速入門

我要評(píng)論

您的姓名	驗(yàn)證碼：
留言內(nèi)容