Python Scripting with LLMs for Geeky Testers: A Bytecode Intro
A Humble Note to the Readers: This write up is one of the hands-on parts of an online course titled Python Scripting for Geeky Testers. The course once taken by the author is now in limbo due to various factors like ‘work, life and interest balance’. So, the author decided to make the class lectures and codes public for testing enthusiasts with a view to getting invaluable feedback from them to improve his own scripting skills.
In this series we will
- Have a basic introduction to Python programming language
- Python Programming language data types basics
- Build a simple port scanner
- Build a simple Chrome browser forensics tool
- Extract photo metadata
- Remotely exploit an Android device and doing a thorough anatomy of the procedure
Please notice that most of the tasks we will accomplish had already been done and available in the internet. But in this tutorial series we will utilise the power of LLMs that will rejuvenate our previous learning along with a new learning… when and when not to depend on our new trusted friend … AI/LLMs
In this tutorial we will use the LLM models from mostly three sources
- Trypromptly
- ChatGPT and
- Gemini
What is it all about: Define Your Needs
Forget about what they say, focus on your needs. Think, Plan, Rethink, Write codes, make your hands dirty as per your needs — and you will learn WTF is needed. We’re not bound to learn anything that we’ll forget in the long run — as a tester, as a human being…
When TO and NOT TO use Python [in my opinion]*
And the rest comes from needs, workplace needs and experience.
Reasons behind its Popularity in [my opinion]*
- We READ codes more than we WRITE
- Simple syntax
- Multi-paradigm Programming Language
- Writing dirty codes in a short time
>>> import this
*there might be argument among fellow hackers, naturally…
Python is BOTH a compiled and interpreted language just look at the diagram that explains how `foo.py` is compiled into bytecodes, loaded on the RAM, processed by the CPU and printed an output.
A Recommended Reading is Here
Sample Code: A Simple Port Scanner
#!/usr/bin/env python3 # ... 1
import socket # ... 2
# The source code of socket module is here
#print(socket.__file__)
PORTS = {
'ftp': 21,
'ssh': 22,
'http': 80,
'https': 443,
'upnp': 1900,
'domain': 53
} # ... 3
def scan_open_ports(ip: str, key: str): # ... 4
sct = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
status = sct.connect_ex((ip, PORTS[key]))
if status == 0: # ... 5
print(f'\t[+] Open {key} : {PORTS[key]}')
sct.close() #... note the manual close statement here
IP = input('IP address here: ') # ... 6
print(f'Scanning {IP} for open ports...') # ... 7
for key in PORTS: # ... 8
scan_open_ports(IP, key)
So, anyone will show you the code and say ‘Look, how sexy is Python!!, তুমি শুধু ইম্পোরট করো, সুডো কোড লিখো, বাকিটা ও দেখতেসে…’
Don’t trust them. The above snippet is an absolute f&*(g unoptimised s^&t. Nmap, a masterpiece written in C++ by Gordon Lyon, beats the scenario.
Carefully notice the comments from 1
to 8
Recommended Reading
Use Cases and Popular Libraries/Frameworks
Python, from my experience and opinion, is a good tool for automating repetitive tasks. It is also a good choice as a wrapper around complex libraries for writing less codes. That is why the language is gaining a popularity in Data Science and Machine Learning section.
The following are some popular Libraries/Frameworks in python
Web
- Flask
- Django
- Scrapy
- Requests
Automation
- Selenium
- Playwright
Cyber-security
- Scapy
- Pillow
- PyPDF2
- Faker
- Requests
Data Science [And I’m not a data scientist]
- Pytorch
- Pandas
- Numpy
Focus on the Problem: Define Your Needs Reiterated
The simplicity of Python syntax along with available libraries and frameworks let a hacker focus on the solution to a problem at hand. It is expected that s/he is well experienced and informed about what actually is going on behind the scene.
So, again the learned hacker is advised to clear her/his needs.