General security

Python for pentesting: Programming, exploits and attacks

March 24, 2021 by Howard Poston

Why use Python for pentesting?

Python is one of the most popular programming languages in existence for several reasons. It’s easy to use, has a large number of available libraries and the ability to quickly develop usable scripts in Python.

These same advantages also make Python a valuable tool for penetration testing. The ability to quickly and easily develop custom scripts to test for and exploit potential vulnerabilities makes it a very flexible tool for attack automation.

Preparing for pentesting with Python

While Python is designed to be easy to use, some preparation is necessary before using it for penetration testing. Three crucial skill sets are a basic knowledge of Python programming, an understanding of common vulnerabilities and some familiarity with certain Python libraries.

Basics of Python programming

Python is designed to be an extremely user-friendly programming language. That said, it is still a programming language. To effectively develop exploits in Python, it is necessary to understand at least the basics of Python programming.

Most of the basic theory behind Python programming is the same as with any other programming language. In many cases, only minimal tweaks are required to convert code from another language into Python.

However, Python is designed with many optimizations. Code written as a list comprehension runs more quickly than other implementations. While this may not matter in some cases, execution speed may be critical for the exploitation of race conditions and similar time-dependent vulnerabilities. As a result, becoming an effective Python penetration tester requires learning to use Python correctly and to the best of its abilities.

Common exploitable vulnerabilities

An understanding of Python programming provides the foundation required for developing an exploit. What’s missing is the ability to determine a vulnerability to exploit.

Several resources exist for helping with this. Some of the best places to start include:

  • The Open Web Application Security Project (OWASP) has a wide range of security resources. While their Top Ten List of Web Application Vulnerabilities is the most famous, they also have resources for web APIs and other types of systems
  • Common Vulnerabilities and Exposures (CVEs) list and describe known vulnerabilities for different software products. This can help with determining if a particular target is vulnerable and how it can be exploited
  • The Common Weakness Enumeration (CWE) outlines a variety of different classes of vulnerabilities and is commonly referenced in CVEs. In addition to the main repository, different views discuss the most dangerous CWEs, CWEs that affect a particular language and more
  • The MITRE ATT&CK framework outlines the various methods by which an attacker can achieve goals throughout the lifecycle of a cyberattack. This helps with identifying how to achieve certain objectives while penetration testing

Reading through all of the information provided by these resources is unnecessary. However, a thorough understanding of the OWASP Top Ten and familiarity with the other tools provide a solid foundation for getting started in penetration testing.

Interacting with targets

After learning how to write Python and getting the theory out of the way, the final step is working to exploit vulnerable applications. This is one area where Python becomes an invaluable tool.

Python has several libraries available, which provide ready-made implementations of different protocols or the tools for developing new ones. For example, Scapy supports the development and transmission of custom network packets, which can be useful for vulnerability scanning and exploitation over the network.

Python has many libraries, and penetration testers may require different packages for different projects. However, getting familiar with Scapy and packages for parsing and sending HTTP requests is good preparation for developing exploits in Python.

A flexible testing tool

Python is a great choice for penetration testing due to its flexibility and ease of use. However, to maximize the effectiveness of Python-based pentesting, a solid understanding of the Python language and the vulnerabilities to be exploited is essential.

Sources

OWASP Foundation
CVE 
Common Weakness Enumeration
MITRE ATT&CK

Posted: March 24, 2021
Articles Author
Howard Poston
View Profile

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master’s degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security.

Leave a Reply

Your email address will not be published. Required fields are marked *