Python for Penetration Testers
Workshop intro
This workshop is meant to be a quick intro to essentials of Python language and usig Python to automate various tasks that you encounter during a penetration test. We'll spend some amount of time learning the Python language itself and some amount of time in automating security tasks.
Learning outcomes
- You'll learn essentials of Python programming language to be able to write your own (simple) scripts/tools
- You'll learn to use Python language to automate various tasks during security assessments
- You'll learn enough Python to be able to read others code and tweak the code to work for your case
- You'll get a kick start with Python programming that is enough to continue learning the language on your own
What will be covered?
- Quick intro to Python programming
- Interacting with various protocols using Python(especially HTTP & DNS)
- Working with various data formats in Python(JSON, XML etc)
- Using various security related third-party libraries/tools in Python
- Python related concepts that will help you in writing and publishing (better) security tools
- Writing simple web scrapers
What not to expect out of the workshop?
- Coverage of intermediate/advanced Python concepts such as Generators, Iterators, Object Oriented concepts and multithreading etc
- This is a workshop is geared towards penetration testers who want to use Python to automate security tasks so don't expect an exhaustive intro penetration testing during the workshop
What do you need to know?
- Little bit of programming experience in some language but not necessarily Python is preferable. (Enough to know what is a variable, 'if' conditonal, 'for' loop etc.). Concepts covered in this document should be enough: Python in one Easy Lesson
- Some exposure to Penetration Testing is expected. We don't expect audience to be proficient at pentesting but we will expect that you know the basics of a pentest
- Basic knowledge of Linux command-line is necessary (Usage of commands like cd, ls, grep, less etc.)
- Able to use at least any one command line and one graphical text editor (nano, vim, gedit, Sublime, VS Code etc)