Python is an excellent asset for your pentester toolbox. When using it with cybersecurity in mind, it’s important to master a certain side ofthe language that’s geared to the technology and processes that are of interest in this domain. Here we’ve compiled a list of tools, commands, and processes touse and learn more in depth about when getting into Python for pentesting!
A proper functioning tool has a proper argument system. There are two main arguments to look at…
sys.argv – This is simply a list of command line arguments that can make referencing inputs straight forward, especially for simple projects.
argparse – This is a parser which can be used to parse sys.argv, returning data in a pleasant format. If your script is more complicated than a few required positional arguments, it can be very handy to parse. Argparse is in the Python standard library along with getopt and optparse.
In pentesting, talking to a computer’s operating system is common. Automating this by calling external commands is super handy for pentesting Python scripts.
subprocess – This is a powerful module from the Python standard library that lets you easily run external programs and inspect their outputs. If you’ve heard of os.system() (a now depreciated tool), subprocess was meant to replace it.
If you’re pentesting a networking, you obviously need to interact with it.
Requests – This is a “simple, yet elegant, HTTP library.” It allows you to send HTTP/1.1 requests right from your script. This is one of the most popular Python libraries NOT included in the standard Python library.
Socket – This is a module that gives access to what’s called the BSD socket interface – an API (Application Programming Interface) for interacting with network sockets. Basically, you can work with networking interactions on a whole different level. This includes sending, listening, scanning, etc.
Nmap – When referring to Nmap (network mapper), you’re typically talking about the powerful CLI (Command Line Interface) port scanner. Alongside this there’s also a Python library you can import to easily use the tool. This allows you to manipulate scans while interacting directly with other functionalities of the high-level language.
Sys – This module is crucial to navigate how the script will run based on where it’s running. Sys provides insight into variables of the interpreter and to functions that interact with it. This comes in handy for both general script functionality and information exploitation. We already saw its used in sys.argv. Here are some other common use cases:
sys.platform – Returns the operating system the script is running on. This can be used to make a script platform insensitive.
sys.path – Returns what’s added to PATH. This is similar to the Bash command $ echo $PATH
sys.version – Returns version of the interpreter.
sys.getfilesystemencoding() – Returns encoding used by the file system.
sys.getdefaultencoding() – Returns system’s default encoding
sys.stdin – Returns system’s standard input
sys.stout – Returns system’s standard output
sys.sterr – Returns system’s standard error
There are many more modules to explore. This is a nice start.
The powerful web application pentesting tool BurpSuite includes an extension API. This enables you to take the software and tailor it to your execution. Technically because BurpSuite is written in Java,interaction would actually be through Jython: the Java variant of Python. For a walk through on how to do delve into this, checkout our Burp Suit Python Extension post!
There’s always something new to learn in Python, and for the cybersecurity space itself. Now you have a base of knowledge to kick start using Python for pentesting efficiently! For more insights like this, check out our other posts and find new ones weekly!