A Guide to Python Libraries For Pentesters, Ethical Hackers and System Administrators.

Khalil Afridi
3 min readJul 29, 2022
Python for Pentesters

Cybersecurity engineers and penetration tester largely depend upon Python to perform a wide range of tasks. Python is widely used for data science and machine learning applications. The Python community provides numerous libraries for Data Science, Machine Learning, Artificial Intelligence, Web Development, and Cyber Security related functionalities.

In this article, we will shed light on the Python libraries that are beneficial for the development and automation of penetration testing activities.

python-nmap 0.7.1

python-nmap is a python library that helps in using nmap port scanner. It allows to easily manipulate nmap scan results and will be a perfect tool for systems administrators, ethical hackers, and penetration testers who want to automatize scanning tasks and reports.

Installation

From the shell, uncompress python-nmap-0.4.1.tar.gz and then run make :

$ tar xvzf python-nmap-0.4.1.tar.gz
$ cd python-nmap-0.4.1
$ python setup.py install

or using Pip

$ pip install python-nmap

Twisted 22.4.0

An asynchronous networking framework written in Python. Twisted is an event-based framework for internet applications, supporting Python 3.6+.

It includes modules for many different purposes, including the following:

  • twisted.web: HTTP clients and servers, HTML templating, and a WSGI server
  • twisted.conch: SSHv2 and Telnet clients and servers and terminal emulators
  • twisted.words: Clients and servers for IRC, XMPP, and other IM protocols
  • twisted.mail: IMAPv4, POP3, SMTP clients and servers
  • twisted.positioning: Tools for communicating with NMEA-compatible GPS receivers
  • twisted.names: DNS client and tools for making your own DNS servers
  • twisted.trial: A unit testing framework that integrates well with Twisted-based code.

Installation

To install the latest version of Twisted using pip:

$ pip install twisted

Scapy

Packet crafting for Python2 and Python3.

Scapy is a powerful interactive packet manipulation program. It can forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks, or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.).

BeautifulSoup4 4.11.1

Beautiful Soup is a library that makes it easy to scrape information from web pages. It sits atop an HTML or XML parser, providing Pythonic idioms for iterating, searching, and modifying the parse tree.

Installation

$ pip install beautifulsoup4

Pymetasploit3

Pymetasploit3 is a full-fledged Python3 Metasploit automation library. It can interact with Metasploit either through msfrpcd or the msgrpc plugin in msfconsole.

Installation

sudo pip3 install pymetasploit3

yara-python

With this library you can use YARA from your Python programs. It covers all YARA’s features, from compiling, saving and loading rules to scanning files, strings and processes.

Installation

The easiest way of installing YARA is by using pip:

$ pip install yara-python

mechanize 0.4.8

Stateful, programmatic web browsing.

  • The browser class mechanize.
  • Browser implements the interface of urllib2.
  • OpenerDirector, so any URL can be opened not just http.
  • Easy HTML form filling.
  • Convenient link parsing and following.
  • Browser history (.back() and .reload() methods).
  • The Referer HTTP header is added properly (optional).
  • Automatic observance of robots.txt.
  • Automatic handling of HTTP-Equiv and Refresh

Installation

pip3 install mechanize

cryptography 37.0.4

cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your “cryptographic standard library”. It supports Python 3.6+ and PyPy3 7.2+.

Cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. For example, to encrypt something with cryptography’s high level symmetric encryption recipe.

Installation

$ pip install cryptography

Your interest in the article is greatly appreciated. I hope you find the article interesting.

References:

https://pypi.org/project/mechanize/#major-features

https://yara.readthedocs.io/en/stable/yarapython.html

https://pypi.org/project/cryptography/

https://github.com/DanMcInerney/pymetasploit3

https://pypi.org/project/beautifulsoup4/

https://scapy.net/

https://pypi.org/project/python-nmap/

--

--

Khalil Afridi

Cybersecurity Professional | Experience in diverse domains of infosec | Sharing Knowledge & Insights with Community