I have become very fond of Python over the past few years and after assisting with the teaching of an offensive Python class for my local Owasp chapter I realized it would be a good idea to throw together a jumping in article. Python can be a great language for all infosec professionals and coming from a C background it has been a great way to throw scripts together quickly and easily. It is a very robust and functional scripting language that has proven itself to be very useful. In this article I’ll teach you how grow your skills into a succesful Python coder so that you can start making offensive Python scripts.
The first thing you will want to do is start learning the basics of the language. A lot of great resources exist to help you get started on your path. Code Academy is a great place to start in my opinion. It offers an interactive learning experience that tracks your progress from the basics all the way to writing classes and advanced topics. Another resource I have found to be useful is Learn Python The Hard Way. It’s broken out into exercises that you can do at your own pace and takes you through all the necessary elements to learn the basics of Python. The last resource I recommend is the book Beginning Python From Novice to Professional(see book section). I found this book to be extensive and very thorough. Once you have chosen your resource be sure to get hands on experience as often as possible. The Python interpreter is one of the best ways to start breaking down Python concepts in a simple hands on way (see below):
After obtaining basic Python skills and getting a good understanding of the language you can move on to some more intermediate exercises. At this stage throwing together some small scripts can assist you with building up your skills. Start moving some of your ideas from the interperter to a file and running them, adding additional features, and fixing issues you find. Also beginning to analyze offensive Python code can help you learn some techniques for building scripts. In this stage the most important thing is to find a way to code with a purpose. Find a problem even if it’s already been solved and start coding away. At this stage I recommend starting the book Violent Python(see book section). This book starts introducing you to offensive Python techniques while reviewing the basics and will help you start understanding how to apply your newly found Pythons skills. It also takes a hands on approach while having you code port scanners, password crackers, and ssh botnets. This should get you excited about the work you have been putting in which will leave you wanting to do further research to build your skills.
Here are some simple intermediate script I made that can help you start growing your skills:
Once you have a good understanding of all the things necessary to put together larger scripts you are going to start wanting to make more developer friendly code. What I mean by this is making code that a developer would put his stamp of approval on. This means groupings things properly in your script and using best practices. If you are going to start contributing to other projects your not going to want to submit poorly written and sloppy code. This will also make your code more readable. At this stage you should have a solid understanding of classes, functions, and threading. This is the stage where you can start becoming active in open source projects if you choose. To really solidify your understanding at this stage I would recommend reading the book Black Hat Python(see book section). This book assumes at least intermediate knowledge of Python and dives right in with some solid networking code. Later on in the book it starts covering more advanced topics such as writing your own botnet and scripting privilege escalation on Windows. After all this has been completed it’s up to you to keep finding ways to build your skills. I recommend uploading your code to Github so you can start a project yourself or becoming active in other projects. The ability to modify other’s code to add customizations, write modules for popular projects, or build your own offensive Pythons scripts can be limitless.