Effective Python Penetration Testing
上QQ阅读APP看书,第一时间看更新

Chapter 1. Python Scripting Essentials

Python is still the leading language in the world of penetration testing (pentesting) and information security. Python-based tools include all kinds of tools (used for inputting massive amounts of random data to find errors and security loop holes), proxies, and even the exploit frameworks. If you are interested in tinkering with pentesting tasks, Python is the best language to learn because of its large number of reverse engineering and exploitation libraries.

Over the years, Python has received numerous updates and upgrades. For example, Python 2 was released in 2000 and Python 3 in 2008. Unfortunately, Python 3 is not backward compatible, hence most of the programs written in Python 2 will not work in Python 3. Even though Python 3 was released in 2008, most of the libraries and programs still use Python 2. To do better penetration testing, the tester should be able to read, write, and rewrite Python scripts.

Python being a scripting language, security experts have preferred Python as a language to develop security toolkits. Its human-readable code, modular design, and large number of libraries provide a start for security experts and researchers to create sophisticated tools with it. Python comes with a vast library (standard library) which accommodates almost everything, from simple I/O to platform-specific API  calls. Many of the default and user-contributed libraries and modules can help us in penetration testing with building tools to achieve interesting tasks.

In this chapter, we will cover the following:

  • Setting up the scripting environment in different operating systems
  • Installing third party Python libraries
  • Working with virtual environments
  • Python language basics