A Guide to Python Libraries For Pentesters, Ethical Hackers and System Administrators.
Cybersecurity engineers and penetration tester largely depend upon Python to perform a wide range of tasks. Python is widely used for data science and machine learning applications. The Python community provides numerous libraries for Data Science, Machine Learning, Artificial Intelligence, Web Development, and Cyber Security related functionalities.
In this article, we will shed light on the Python libraries that are beneficial for the development and automation of penetration testing activities.
python-nmap 0.7.1
python-nmap is a python library that helps in using nmap port scanner. It allows to easily manipulate nmap scan results and will be a perfect tool for systems administrators, ethical hackers, and penetration testers who want to automatize scanning tasks and reports.
Installation
From the shell, uncompress python-nmap-0.4.1.tar.gz and then run make :
$ tar xvzf python-nmap-0.4.1.tar.gz
$ cd python-nmap-0.4.1
$ python setup.py install
or using Pip
$ pip install python-nmap
Twisted 22.4.0
An asynchronous networking framework written in Python. Twisted is an event-based framework for internet applications, supporting Python 3.6+.
It includes modules for many different purposes, including the following:
- twisted.web: HTTP clients and servers, HTML templating, and a WSGI server
- twisted.conch: SSHv2 and Telnet clients and servers and terminal emulators
- twisted.words: Clients and servers for IRC, XMPP, and other IM protocols
- twisted.mail: IMAPv4, POP3, SMTP clients and servers
- twisted.positioning: Tools for communicating with NMEA-compatible GPS receivers
- twisted.names: DNS client and tools for making your own DNS servers
- twisted.trial: A unit testing framework that integrates well with Twisted-based code.
Installation
To install the latest version of Twisted using pip:
$ pip install twisted
Scapy
Packet crafting for Python2 and Python3.
Scapy is a powerful interactive packet manipulation program. It can forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks, or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.).
BeautifulSoup4 4.11.1
Beautiful Soup is a library that makes it easy to scrape information from web pages. It sits atop an HTML or XML parser, providing Pythonic idioms for iterating, searching, and modifying the parse tree.
Installation
$ pip install beautifulsoup4
Pymetasploit3
Pymetasploit3 is a full-fledged Python3 Metasploit automation library. It can interact with Metasploit either through msfrpcd or the msgrpc plugin in msfconsole.
Installation
sudo pip3 install pymetasploit3
yara-python
With this library you can use YARA from your Python programs. It covers all YARA’s features, from compiling, saving and loading rules to scanning files, strings and processes.
Installation
The easiest way of installing YARA is by using pip
:
$ pip install yara-python
mechanize 0.4.8
Stateful, programmatic web browsing.
- The browser class mechanize.
- Browser implements the interface of urllib2.
- OpenerDirector, so any URL can be opened not just http.
- Easy HTML form filling.
- Convenient link parsing and following.
- Browser history (.back() and .reload() methods).
- The Referer HTTP header is added properly (optional).
- Automatic observance of robots.txt.
- Automatic handling of HTTP-Equiv and Refresh
Installation
pip3 install mechanize
cryptography 37.0.4
cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your “cryptographic standard library”. It supports Python 3.6+ and PyPy3 7.2+.
Cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. For example, to encrypt something with cryptography’s high level symmetric encryption recipe.
Installation
$ pip install cryptography
Your interest in the article is greatly appreciated. I hope you find the article interesting.
References:
https://pypi.org/project/mechanize/#major-features
https://yara.readthedocs.io/en/stable/yarapython.html
https://pypi.org/project/cryptography/
https://github.com/DanMcInerney/pymetasploit3