Why Python for Cybersecurity?
Python is a beginner-friendly programming language known for its simplicity, readability and versatility. Here’s why it’s a top choice for cybersecurity:
Ease of Use: Python’s clear syntax lets us write complex security tools with fewer lines of code compared to languages like C++ or Java.
Extensive Libraries: Python offers powerful libraries tailored for cybersecurity, such as:
Requests for handling HTTP requests.
Scapy for network packet manipulation.
PyCrypto (or cryptography) for encryption and decryption.
Paramiko is used for creating SSH connections
a - The first step, create a virtual environment (for Python 2), For Python 3, venv is included in the stardard library:
...\> pip install virtualenv
b - Create a virtual environment:
...\> py -m venv venv
c - Activate the virtual environment:
MacOS:
$source ./venv/bin/activateWindow:
>venv\Scripts\activate
d - Deactivate the virtual environment:
$ deactivate...\> deactivate
Requests library simplifies making HTTP requests, which is particularly useful for interacting with web APIs or testing web vulnerabilities.
import requests
# Making a GET request
r = requests.get('https://www.teslapython.com')
# check status code for response received
# success code - 200
print(r)
# print content of request
print(r.content)
Scapy is a powerful library for network packet manipulation, enabling you to craft, send and analyze packets. It’s widely used for network scanning, packet sniffing and custom network tool development. Scapy is a powerful Python-based interactive packet manipulation program and library.
It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.
It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, …), etc.
Scapy supports Python 3.7+. It’s intended to be cross platform, and runs on many different platforms (Linux, OSX, *BSD, and Windows).
PythonforCybersecurity/PortScan.py¶from scapy.all import *
import ipaddress
ports = [25,80,53,443,445,8080,8443]
def SynScan(host):
ans,unans = sr(
IP(dst=host)/
TCP(sport=33333,dport=ports,flags="S")
,timeout=2,verbose=0)
print("Open ports at %s:" % host)
for (s,r,) in ans:
if s[TCP].dport == r[TCP].sport and r[TCP].flags=="SA":
print(s[TCP].dport)
def DNSScan(host):
ans,unans = sr(
IP(dst=host)/
UDP(dport=53)/
DNS(rd=1,qd=DNSQR(qname="google.com"))
,timeout=2,verbose=0)
if ans and ans[UDP]:
print("DNS Server at %s"%host)
host = input("Enter IP Address: ")
try:
ipaddress.ip_address(host)
except:
print("Invalid address")
exit(-1)
SynScan(host)
DNSScan(host)
Creat a virtual environment as above, and then:
$ pip install scapy
...\> pip install scapy
$ python PortScan.py
Enter IP address:
...\> py PortScan.py
Enter IP address:
Cryptography library provides robust encryption and decryption capabilities, allowing you to secure data through various cryptographic operations.
PythonforCybersecurity/cryptography.py¶ from cryptography.fernet import Fernet
# Generate a key and create a cipher suite
key = Fernet.generate_key()
cipher_suite = Fernet(key)
print("Encryption Key:", key.decode())
# Encrypt and decrypt a message
message = "Secure Message".encode()
encrypted_message = cipher_suite.encrypt(message)
print("Encrypted:", encrypted_message)
decrypted_message = cipher_suite.decrypt(encrypted_message)
print("Decrypted:", decrypted_message.decode())
$ pip install cryptography
$ python crytography.py
...\> pip install cryptography
...\> py crytography.py
Terminal:¶Encryption Key: 8-3Rx7r2vuoOBKkWIkm8q86VgEbFCbXQXJJOQ-kEvX8=
Encrypted: b'gAAAAABn7oEtkg_gkyOp-M6tdRKCy-rhBsO6_dtpV36CDD_581Bq9vOVHygm61Ml-75GDnSuzcUGp6n91VgR5A-zWqn1k3DfJw=='
Decrypted: Secure Message
Paramiko is a pure-Python 1 (3.6+) implementation of the SSHv2 protocol 2, providing both client and server functionality. It provides the foundation for the high-level SSH library Fabric, which is what we recommend you use for common client use-cases such as running remote shell commands or transferring files.
PythonforCybersecurity/ParakimoCredentials.py¶import paramiko
import telnetlib
import socket
def SSHLogin(host,port,username,password):
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host,port=port,username=username,password=password)
ssh_session = ssh.get_transport().open_session()
if ssh_session.active:
print("SSH login successful on %s:%s with username %s and password %s" % (host,port,username,password))
ssh.close()
except:
print("SSH login failed %s %s" % (username,password))
def TelnetLogin(host,port,username,password):
tn = telnetlib.Telnet(host,port,timeout=1)
tn.read_until(b"login: ")
tn.write((username + "\n").encode("utf-8"))
tn.read_until(b"Password: ")
tn.write((password + "\n").encode("utf-8"))
try:
result = tn.expect([b"Last login"])
if (result[0] > 0):
print("Telnet login successful on %s:%s with username %s and password %s" % (host,port,username,password))
tn.close()
except (EOFError,socket.timeout):
print("Telnet login failed %s %s" % (username,password))
host = "127.0.0.1"
sshport = 2200
telnetport = 23
with open("defaults.txt","r") as f:
for line in f:
vals = line.split()
username = vals[0].strip()
password = vals[1].strip()
SSHLogin(host,sshport,username,password)
TelnetLogin(host,telnetport,username,password)
Creat a file default.txt:
PythonforCybersecurity/default.txt¶admin pass
user1 Password123
Creat a virtual environment as above, and then:
$ pip install parakimo
$ python ParakimoCredentials.py
...\> pip install parakimo
...\> py ParakimoCredentials.py
Learning Kali Linux for Security Testing, Penetration Testing and Ethical Hacking
Nmap(Network Mapper) is a open source utility for network exploration and security auditing
Scan a range:
|---(kali@kali)-[~]
|--$ sudo su
[sudo] password for kali: kali
|---(root@kali)-[/home/kali]
|--# nmap 192.168.100.1-255
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-09 22:09 EDT
Nmap scan report for AP-AX3000CV2-F9B9.lan (192.168.100.1)
Host is up (0.028s latency).
Not shown: 996 closed tcp ports (reset)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
5000/tcp open upnp
Nmap scan report for 192.168.100.2
Host is up (0.32s latency).
All 1000 scanned ports on 192.168.100.2 are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Nmap scan report for 192.168.100.3
Host is up (0.31s latency).
All 1000 scanned ports on 192.168.100.3 are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Scan a domain:
|---(root@kali)-[/home/kali]
|--# nmap teslapython.com
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-09 22:52 EDT
Nmap scan report for teslapython.com (216.24.57.1)
Host is up (0.023s latency).
Not shown: 996 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 18.35 seconds
No scan. List targets only:
May 11, 2025