Python Environment For Pentesting

July 18, 2022
Zandt Lavish
5 min read


For those looking to transcend the level of script kiddie to that of a master of your own pentesting tools, this is the digest for you. We’ll be walking through the basic development environment setup anyone should be leveraged with when scripting Python in the cybersecurity world. Let’s setup our digital workshop.

Virtual Machine

When scripting in the cybersecurity world, it’s important to use a Virtual Machine (VM) for our environment. This way while we’re playing around with potentially malicious software, we won’t worry about breaking our computer accidentally. For this we need a Hypervisor ­­– an application that allocates a computer’s hardware to a virtualized computer. Basically, it lets us run a software that emulates a physical computer. Think of it as a computer inside your computer. By keeping our Python skills contained in a VM, our actual computer is out of harm’s way. Here are some well-known hypervisors to look into:

VMware – There are many versions of the virtualization platforms from VMware. The free version (VMware Workstation Player) is only made for x64 computers running Windows or Linux.

VirtualBox­ – Developed by Oracle to run VMs on Windows, macOS, Linux, and Solaris. While the GUI might not be as exciting as VMware’s, it’s an excellent free option for the individual.

Hyper-V – This is the hypervisor native to windows. It can be used to make virtual machines on x64 systems running Windows.


Operating System

Because we’re setting up a VM, we get to choose the operating system want to be coding in. When getting the hang of pentesting, Kali Linux is an excellent OS with many cybersecurity tools automatically installed. For a deeper understanding into Linux and the differences between their distributions (AKA “distros”) check out our Linux Distributions Explained post!

When prompted to provide an OS when setting up our hypervisor, we can download an image of our desired OS online and apply it to the VM as instructed.



Once we have our VM running with a fit OS, we can make sure the latest version of Python is installed on it. For those using Linux, this can be checked with the following command in the Terminal:

           $ python --version 

The response should look something like this:

           Python 3.8.8

If this isn’t the case, we can use the apt package manager to install python.

           $ apt install python3

For a deeper understanding of the Command Line Interface,check out our Intro to Bash Shell Commands post!


Package Manager

With Python in our setup, now we’ll install a package manager. This will allow us to directly install Python libraries without needing to manually unpack them and track down each of their dependencies. Like apt for Linux, pip will grab and handle Python resources for us while doing the complex stuff behind the scenes. To install pip on the Linux command line, use the following command:

           $ apt-get install python-setup tools python-pip



An Integrated Development Environment (IDE) is an application with common developer tools all in a single GUI. Here are some popular IDEs to look into:

IDLE – Good for learning, lightweight, and simple to use. Probably not for the projects we’re looking to work on.

WingIDE – Includes all the basic IDE functionality. It’s debugging capabilities set it apart.

VS Code – A free IDE made by Microsoft. Visual Studio Code has a tight setup of built-in features with many plug-in options for surface-level features. It’soften pointed to for performance.

Atom­­­ – Designed with a plugin-based approach around nearly everything.



We’re ready to get coding! While the proper environment setup for pentesting-oriented scripting can be daunting, doing it correctly will provide us with safety and security. For Python-for-pentesting project ideas, check out some of our other writings!

Let's Get Started

Book a time to chat about your security needs.
* Indicates a required field.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.