After a long love affair with Ruby, I was excited to get back into more Python in the new year. One of my main goals was to build additional skills with Python, and continue to build up skills in defense and response. When “Python Forensics: A workbench for inventing and sharing digital forensic technology“ by Chet Hosmer came out, I was excited about all of the possibilities. There are a number of books about using Python for attacking, but a strong book on building forensics tools is a nice change of pace.
Python Forensics target audience is “anyone who has a desire to learn how to leverage the Python language to forensic and digital investigation problems.” Hosmer hits the target audience well by both having introductory sections that go over some Python basics as well as a number of cookbook-style chapters that have programs to perform a number of different forensic functions. Let’s take a closer look at this Syngress Publishing title.
Python has rapidly become a popular language for security professionals. It’s human readable with an easy syntax, has a comprehensive standard library and easily importable external libraries, is multi-platform, and is suitable for both larger programs and smaller scripts alike. Python is easy to learn for novice programmers yet robust enough for seasoned developers. What makes it such an effective tool for security professionals is the support of extensive libraries specifically designed for penetration testing. For that reason, it makes perfect sense for the SANS Institute to add SEC573 Python for Penetration Testers to their vast list of InfoSec courses.
“SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more. You also learn how to use Python to create an encoded backdoor to evade IDS and antivirus controls. This article presents an extensive day-by-day review of the in-person course taught by Mark Baggett, the author of SANS Python for Penetration Testers course and the pyWars gaming environment.
As stated in its tagline, Violent Python is A Cookbook for Hackers, Forensic Analysts, Penetration Testers, and Security Engineers. This is a relatively broad scope and demonstrates how Python can be used to automate and assist with tasks across a variety of diverse InfoSec disciplines. However, breadth does not preclude depth in this case; the exercises build up to a fairly advanced level. Violent Python is authored primarily by TJ O’Connor, with Rob Frost contributing a chapter on Web Reconnaissance, and Mark Baggett acting as the Technical Editor. A quick glance at their collective credentials and experience undoubtedly creates high expectations for this title.
For those unfamiliar with cookbook-style resources, the contents are made up of dozens of short, self-contained “recipes.” The objective is not to comprehensively teach Python from the ground-up, but rather present scripts that focus on a specific task. The end result is that the book demonstrates how powerful just a few dozen lines of Python code can be (even the longest of recipes rarely exceed 100 lines). However, while the aim is not to teach Python programming in general, useful tips and tricks will surely be acquired simply by working through the exercises. The recipes were created in a modular fashion, with code reusability in mind, and they can easily be incorporated into larger projects. Let’s take a closer look.
With a title as ambitious as Coding for Penetration Testers, it’s important to set expectations properly at the onset. In this context, coding is synonymous with scripting, and the content primarily focuses on Bash Scripting, Python, PERL, Ruby, PHP, SQL, PowerShell, and scripting related to various scanners such as Nmap and Nessus. Compiled languages such as Assembly, Java, and the C variants are not within the content’s scope.
This Syngress published book by EH-Net Columnists Jason Andress and Ryan Linn strives to remove the mystery surrounding the development of security tools and scripts by presenting dozens of easy-to-follow examples. The ultimate goal is to alleviate the reliance on pre-built security tools and create more versatile and effective penetration testers. With this resource, readers will gain the knowledge to start such a journey that will likely have numerous, “That’s all there is to it!?” epiphanies as they progress through the book.