General security

Python for network penetration testing: An overview

Python is an extremely powerful and versatile scripting language.  It is designed to be easy to write, and its large number of libraries provide a great deal of built-in functionality.

These benefits make Python an ideal tool for network penetration testing.  Python makes it easy to communicate over the network — in a variety of different ways — and can help with automating reconnaissance, vulnerability exploitation, and more.

Python and networking

One of the biggest advantages of the Python programming language is the wide variety of libraries that it has available.  These libraries make it easy to add advanced functionality to a Python program, including support for network communications.

Python includes a number of libraries for networking.  These range from scapy, which supports the creation of custom packets and automated responses over the network, to full protocol implementations, such as the http requests library.

Taking advantage of these libraries can make Python-based network penetration testing much more effective.  By crafting custom packets or trying different variations of HTTP requests, a penetration tester can identify and exploit a wide range of vulnerabilities.

Applications of Python for network penetration testing

Python can be used to support almost every stage of a network penetration test.  However, two of the most common and valuable applications of Python for network penetration testing are automating reconnaissance and vulnerability exploitation.

Reconnaissance

Python libraries can be used to automate many of the stages of the reconnaissance process.  Example applications of Python for network reconnaissance include:

• DNS exploration: Python has DNS libraries that make it possible to explore an organization’s DNS entries, which can provide useful information about the purpose of the system at a particular IP address.
• Network scanning: The scapy Python library enables the creation of custom network packets.  This can be used to duplicate the functionality of network scanners like nmap.
• Banner grabbing: Many services send an informational banner message on first connection.  Python can connect to a service, collect this banner, and use it to identify the application and its version.

These are some examples of how Python scripts can be used for network reconnaissance.  By automating this functionality, a network penetration tester can rapidly learn a great deal of information about a target network.

Exploitation

Python scripting is also useful for exploitation of vulnerabilities within a target network or system.  By analyzing the network using Python, a penetration tester may determine that a particular target is running a vulnerable version of an application or that it is running a web server that may be hosting pages with exploitable vulnerabilities.

For example, network scanning and banner grabbing may reveal a Windows machine running an SMB server with an unpatched EternalBlue vulnerability.  Exploitation of this vulnerability could allow a penetration tester to gain code execution on the vulnerable machine.

Using scapy, the penetration tester can craft custom packets designed to exploit the EternalBlue vulnerability.  This allows them to design a unique payload and automate the entire process of exploiting the vulnerability and leveraging the access that it provides using Python.

Conclusion

Automation is invaluable for a network penetration tester as the scope of most penetration tests is too large to perform all aspects of the test manually.  Python can be used to both easily automate routine and repetitive tasks and to quickly craft custom exploits or other code.

Sources

Scapy Documentation, https://scapy.readthedocs.io/

Requests Documentation, https://requests.readthedocs.io/

EternalBlue CISecurity, https://www.cisecurity.org/wp-content/uploads/2019/01/Security-Primer-EternalBlue.pdf