Python For Security

Revision + Basics
WHAT IS CYBER SECURITY?
 Cyber Security is the practice of defending and protecting computer
systems, mobile devices, data, networks, and servers from disruptive
malicious attacks.

 It also ensures protection from misdirection or disruption from the

services provided by them.
 What is Python?
 Python is a powerful object-oriented
programming language, and it is:

• Cross-platform
• Free
• Interpreted: it runs directly from the source code
(no need to compile it)
• Often used in scripting roles
• Easily usable in conjunction with components
written in other languages
Why Python?
 Python is friendly.
 Prototyping in Python is quick.
 Many security tools are written in Python
 Adding modules is painless.
 Widely used (Google, NASA, Yahoo, etc)
 It is a multi-platform and open source language.
 It is a simple, fast, robust, and powerful language.
 Python allows penetration testers and programmers to save time
by creating scripts that accelerate a job or task performance.
Python is commonly used for:
 Binary analysis
 Forensics
 Malware analysis
 Network analysis
 Exploring file formats
 Vulnerability and exploit analysis
Binary Analysis - Tasks
 Disassembling code
 Binary to Assembly
 Automating the analysis of code
 Deobfuscating code
 Full binary analysis frameworks have been written in Python
Forensics - Tasks
 File and disk analysis.
 Timelines
 Parsing the registry.
 Memory analysis.
 Analyzing memory dumps
Malware Analysis- Tasks

 Automating the analysis of samples in a sandbox environment.

 Deobfuscation, decompressing and decoding data.

 Debugging and disassembling.

 Scanning files.

 Extracting data.
Network Analysis- Tasks
 Protocol and decoding analysis

 Network and browser emulation.

 PCAP parsing.

 Packet creation, sniffing and manipulation.

 Custom passive DNS tool.

 Automating URL lookups

Exploring File Formats- Tasks
 Carving out embedded files in a data streams.

 Exploring structured data.

 Decompressing files.

 Writing binary parsers

 Analyzing and extracting firmware.

Vulnerability & Exploit Analysis Task

 Fuzzing

Providing invalid, unexpected or random data as input to see if the data invokes exceptions

or crashes

 Scripts.

 Enumerating file and network input and output

 Analyzing data flow and allocation of variables

Working In Python
The print Statement
• Elements separated by commas print with a space between them

• A comma at the end of the statement (print (‘hello’),) will not print a newline
character

• print(‘hello’, ‘there’)
Documentation
• The ‘#’ starts a line comment

>>> 'this will print'

'this will print'
>>> #'this will not'
>>>
String Formatting
• <formatted string> % <elements to insert>

• Can usually just use %s for everything, it will convert the object to its String
representation.

>>> "One, %d, three" % 2

• %s :is assigned to strings 'One, 2, three'
>>> "%d, two, %s" % (1,3)
• %d :is assigned to numbers '1, two, 3'
>>> "%s two %s" % (1, 'three')
'1 two three'
>>>
Variables & Types
• Variables are simply reserved memory locations to store values. points to data
stored in a memory location.

• There are many types of variables, such as integers, real numbers, Booleans, strings,
tuples or more complex data such as lists or dictionaries. .

• Create a variable named ‘x’ and assigns the value 10 to that variable.
The second statement creates a new variable y and assigns the string
“Hello”.
x = 10
• We do not need to declare the type of the variable.
y = “Hello”
Variables & Types
• The same variable could first refer to an integer value, and later be assigned a
different data type.

• Note that new assignments override any previous assignment.

Variables & Types

• Numbers
>>> num1=22
>>> num2=33.5
>>> sum= num1+num2
>>> print("Sum of two numbers is %s"%sum)
Sum of two numbers is 55.5
>>>
 Variables & Types
• String types
• Strings are a sequence of characters, sentences, or words.
>>> my_first="Welcome to python strings ! "
>>> my_first
'Welcome to python strings ! '
>>>

• String Concatenation
>>> userName = “Mousa”
>>> domainName = “philadelphia.edu.jo”
>>> userEmail = userName + “@” + domainName
>>> userEmail
' Mousa @ philadelphia.edu.jo‘
 Variables & Types
• Strings can be declared in many different ways.

1. You can use double quotes (“ string ”),

2. single quotes (‘ string ’),
3. triple single quotes (‘‘‘ string ’’’)
4. triple double quotes (“““ string ”””).
 Python Operators
• Arithmetic
Operator Functions Example
= Assignment Assignment a=5
+ Addition Addition a+b
- Subtraction Subtraction a-b
* Multiplication Multiplication a*b
/ Division (results in float) Division a/b
// Division (results in truncation) Floor Division a // b
** Exponentiation Exponentiation a ** b
% Modulus Modulo a%b
Python Operators
• Assignment:

Functions
a=0 evaluates to a=0
a +=1 evaluates to a = a + 1
a -= 1 evaluates to a = a + 1
a *= 2 evaluates to a = a * 2
a /= 5 evaluates to a = a / 5
a **= 3 evaluates to a = a ** 3
a //= 2 evaluates to a= a // 2 (floor division 2)
a %= 5 evaluates to a= a % 5
 Input
• The raw_input(string) method returns a line of user input as a string
• The parameter is used as a prompt
• The string can be converted by using the conversion methods int(string),
float(string), etc.

print "What's your name?" ~: python input.py

name = raw_input("> ") What's your name?
>Michael
print "What year were you born?" What year were you born?
birthyear = int(raw_input("> ")) >1990
Hi Michael! You are 32 years old!
print "Hi %s! You are %d years old!" % (name, 2022 - birthyear)
 Logical operators:
Operator
• The following table summarizes the < Less than
comparison and logical operators
<= Less than or equal
that return True or False.
== Equal
> Greater than
>= Greater than or equal
!= Not equal
And Logical AND
Or Logical OR
Not Logical NOT
 Logical operators:
• And: True: If both the operands are true, then the condition becomes true. For example,
(a and b) is true.

• Or: True: If any of the two operands are non-zero, then the condition becomes true. For
example, (a or b) is true.

• Not: True: This is used to reverse the logical state of its operand.
For example, not (a and b) is false.
Functions Example
and a&b
or a|b
xor a^b
Logical operators:
Conditional statements
• The conditional statements supported by Python are as follows:

1. if condition

2. if...else condition

3. else...if conditional ladder, known as elif in Python

 The if condition
• The if condition or the if statement takes a statement and returns either a Boolean
True or a Boolean False value after evaluating the statement.

if <condition> : and then indented code

• If the condition returns True, the code proceeding the if statement (equally indented)
is executed.
• If the statement/condition evaluates to False, then either the else block of code gets
executed if there is one, or the block of code following the if block is executed, so the
if block is effectively skipped.
a=44
b=33
if a > b:
print("a is greater")
print("End")
 The if...else condition
• The if...else condition is pretty much the same as in any other language.

• If the if condition evaluates to a True value, the code block indented under if is
executed. Otherwise, the code block indented under the else block is executed.

• Where a statement may consist of a single statement, a block of statements, or nothing

(in the case of an empty statement).
a=44
b=66
if a > b:
print("a is Greater")
print(“I love Python")
else:
print("B is either Greater or Equal")
print("End")
The if...elif condition
• The if...elif ladder, popularly known as if...else if in other programming languages such
as C, C ++, and Java, has the same function in Python.

• An if condition let's specify a condition alongside the else part of the code. Only if the
condition is true is the section proceeding the conditional statement executed.

a=44
b=66
if a > b:
print("a is Greater")
elif b > a:
print("B is either Greater or Equal")
else:
print("A and B are equal")
print("End")
 Loops
Python offers two loops:
• while loop
• for loop

• As long as the condition is evaluated to True, the body of the while (statement_block) is
executed repeatedly.
• When the condition is evaluated to False, the while loop terminates, and the
post_while_statementswill be executed.
Loops
• while loop

5 => 5+4+3+2+1+0 => 15

1 => 1+0 => 1
 Loops
• For loop
• Another loop statement is the for loop. Its general form is:

• Unlike many other programming languages, in Python, the for loop does not
increment and test a variable against a condition on each iteration.
Loop Control Statements

break Jumps out of the closest enclosing loop

continue Jumps to the top of the closest enclosing loop

pass Does nothing, empty statement placeholder

The Loop Else Clause
• The optional else clause runs only if the loop exits normally (not by
break)

x=1
~: python whileelse.py
while x < 3 :
1
print x
2
x=x+1
hello
else:
print 'hello'
Loops
• for loop

• in the first loop, x is set to be the first item in the sequence;

• in the second loop, it is set to be the second item of the sequence,
• and so on (no matter what was its value before the loop).
Loops
• To write a program that calculates the exponential value (^2) of all
the even numbers in the range from 0 to a given number.
The Loop Else Clause

• For loops also may have the optional else clause

for x in range(5):
print x
break ~: python elseforloop.py
else : 1
print 'i got here'
 Lists
• Python lists are similar to arrays in other programming languages; they are ordered
collections of any type of object.

• Lists are data structures that hold values separated by commas inside square brackets
([]) These values can either be strings or integers.
Lists
• In almost every programming language, indices start from 0; this
applies to Python as well.

Index Element value

0 first
1 2
2 els
3 4
 Lists
• lists can contain objects of different types.
• We do not need to fix its size.
• Python gives you the ability to append values at the end of the list.
• You can also remove a value from the list.

>>> example = ['python', 'is', 'number', 1]

>>> print (example)
['python', 'is', 'number', 1]
Nested Lists
Lists
Python implements many functions that can be used to modify a list:
• append: append a new element to the target list
• extend: allows to add one list to another
• insert: add a new list element right before a specific index
 Lists
• While the previous methods can be used to add or edit list elements, the del method can
be used to delete list items.
• Note that once elements are deleted, indices are automatically updated.
 Lists
• The remove method is quite different from the others. It does not work with indices;
instead, it looks for a given value within the list, and if this exists, it removes the
element.

• Note that only the first instance of that value is removed.

 Dictionaries
• The general form of a dictionary consists of one or more “key:value”
pairs embraced in curly brackets:

• Where the element on the left of the of the colon is the key, and the
element on the right is its associated value.

• As much as lists, dictionaries can store objects of any type and values
are not implicitly ordered.
 Dictionaries
• The above code shows some operations on dictionary elements.
• we can access an element like we did with lists, but now we have to use
keys instead of indices.
Functions
• A function is a group of statements that gets executed when it is called
(function call).
• The general form of a function definition is:

Where:

 def indicates a function definition.

 function_name is the identifier of the function.
 parameters is a comma-separated list of variables.
 function_statements is the body of the function.
 return exits a function and gives the execution back to the caller.
Functions
Can be assigned to a variable

Can be passed as a parameter

Can be returned from a function

Functions are treated like any other variable in Python, the def
statement simply assigns a function to a variable
Functions

• The program shows how to define a function that returns

the sum of two numbers.
• Note that every function should be documented.
Functions
• One of the most important things when using functions is to understand the scope of
variables.

• In Python, each call to a function creates a new local scope as well as all the assigned
names within a function that are local to that function.
Functions
The variable scope
• Two variables x are used, but they have different values depending on their scope.
• The first x is local to the function and can be used only within my_sum. Each change
made to this variable has no effect outside the function.
• The second x is global and can be used in the entire program (within the single file).
Functions
• Parameters are usually passed by position; this means that when we call a function,
the parameters in the calling function are matched according to their order.

• So the number of parameters used by the caller and the called function must be the
same; otherwise, an exception will be raised.
Functions
• In Python, we can change this behavior passing variables by name;
this is possible by using the name of the corresponding parameter.
Modules
• A module is a file that contains source code. The main purpose of modules is to
group Python functions and objects in order to organize larger projects. Note that
in addition to Python code, we can also import C++ object files.
• To import any function or any object within the module, we can use the following
syntax:

• Moreover, if we want to import all functions and objects within the module, we
can also use the following syntax:
Modules

• The most commonly used modules with security coding are:

 string, re
 os, sys, socket
 hashlib
 httplib, urllib2
 The OS Module
• Python OS module provides the facility to establish the interaction between the
user and the operating system.

• It offers many useful OS functions that are used to perform OS-based tasks and
get related information about operating system.

• The OS comes under Python's standard utility modules. This module offers a
portable way of using operating system dependent functionality.

• To work with the OS module, we need to import the OS module. 
 
import os  
 The OS Module
• Running external programs are very essential in most programming languages,
especially the scripting.  
>>> Import os
>>> print os.system("notepad.exe")

• Getting Current Working Directory

• The os.getcwd() function confirms returns the current working directory.

>>> import os
>>> os.getcwd()
'C:\\Python27'
>>>
The OS Module
• The os.mkdir() function is used to create new directory.
• It will create the new directory to the path in the string argument of the
function in the D drive named folder philadelphia.
>>> os.mkdir("d:\\ philadelphia")
>>>

• The rmdir() function removes the specified directory with an absolute or related

path.

>>> os.rmdir("d:\\ philadelphia")

>>>
The OS Module
• The os.name : gives the name of the OS module it imports. This differs based
on the underlying Operating System. Currently, it registers ‘posix’, ‘os2’,
‘ce’, ‘nt’, ‘riscos’ and ‘java’.

• We run it on Windows 7: Windows 7 is also known as Windows NT 6.1

>>> import os
>>> os.name
'nt'
 The OS Module
• The os.startfile() method allows us to “start” a file with its associated program.

• In other words, we can open a file with it’s associated program, just like when
you double-click a PDF and it opens in Adobe Reader.

>>> os.startfile('D:\py1.pdf')
>>>
 The sys Module
• The sys module provides system specific parameters and functions.
• To work with the SYS module, we need to import the SYS module. 
 
import sys  
• The sys.platform value is a platform identifier.

>>> import sys

>>> sys.platform
'win32'
>>>
The sys Module
• The sys.exit() function allows to exit from Python.
• The exit function takes an optional argument, typically an integer, that gives an
exit status.
• Zero is considered a “successful termination”.

>>> import sys

>>> print(“I am student”)
>>> sys.exit(0)
The sys Module
• The sys.path is a list of strings that specifies the search path for modules.

• Basically this tells Python what locations to look in when it tries to import a module.

>>> import sys

>>> print(sys.path)

['', 'C:\\Python27\\python27.zip', 'C:\\Python27\\DLLs', 'C:\\

Python27\\lib', 'C:\\Python27\\lib\\plat-win', 'C:\\Python27\\lib\\lib-
tk', 'C:\\Python27', 'C:\\Python27\\lib\\site-packages’]

>>>
The hashlib Module
• The  hashlib module is an interface for hashing messages easily. This contains numerous
methods which will handle hashing any raw message in an encrypted format.

• The core purpose of this module is to use a hash function on a string, and encrypt it so
that it is very difficult to decrypt it.
 The hashlib Module
• To work with the hashlib module, we need to import the hashlib module. 
 
import hashlib  

 Available Hashing Algorithms:  

1. The algorithms_available attribute prints every algorithm used in the system,

which includes other programs such as ssh and OpenSSL.

2. The algorithms_guaranteed attribute lists all the algorithms in the module.

The hashlib Module
• Algorithms Available:
>>> import hashlib
>>> print(hashlib.algorithms_available)
set(['SHA1', 'SHA224', 'SHA', 'SHA384', 'ecdsa-with-SHA1', 'SHA256', 'SHA512', 'md4',
'md5', 'sha1', 'dsaWithSHA', 'DSA-SHA', 'sha224', 'dsaEncryption', 'DSA', 'RIPEMD160',
'sha', 'MD5', 'MD4', 'sha384', 'sha256', 'sha512', 'ripemd160', 'whirlpool’])

• Algorithms Guaranteed:

>>> import hashlib

>>> print(hashlib.algorithms_guaranteed)
set(['sha1', 'sha224', 'sha384', 'sha256', 'sha512', 'md5'])
 The hashlib Module

• Two way to create the hashlib function :

1. hashlib.md5(password) 2. hashlib.new('md5',password)

>>> import hashlib >>> import hashlib

>>> password = '18779385769wl'.encode() >>> password = '18779385769wl'.encode()
>>> result2 = hashlib.md5(password) >>> result1 = hashlib.new('md5',password)
>>> print(result2) >>> print(result1)
<md5 HASH object @ 0301B878> <md5 HASH object @ 0301B230>
>>> >>>
 The hashlib Module
• hash.digest()
Return the digest of the data passed >>> import hashlib
to the update() method. This is a
bytes object of size digest_size which
>>> sha1 = hashlib.sha1()
may contain bytes in the whole range >>> data = "this is the first security python program"
from 0 to 255. >>> sha1.update(data.encode("utf-8"))
>>> print(sha1.hexdigest())
hash.hexdigest() 91b36a3546057e1778605847eac2b216fae7f432
Like digest() except the digest is >>> print(sha1.digest())
returned as a string object of double
ّ│j5F~x`XG2َ‫م┬▓·ق‬
length, containing only hexadecimal
digits. This may be used to exchange >>> print(sha1)
the value safely in email or other <sha1 HASH object @ 0301B398>
non-binary environments. >>>
Reading and Writing Files
• in Python, a file operation takes place in the following order:
 Open a file
 Read or write
 Close the file

Mode Description
'r' Open for text file for reading text
'w' Open a text file for writing text
'a' Open a text file for appending text
Reading and Writing Files
Opening Files in Python
• Python has a built-in open() function to open a file. This function returns a file
object, also called a handle, as it is used to read or modify the file accordingly.

>>> f = open("test.txt“, “r”) # open file in current directory

>>> f = open("C:\PythonForSecurity\test1.txt“,”w”) # specifying full path
Reading and Writing Files
Closing Files in Python
• When we are done with performing operations on the file, we need to
properly close the file.
• It is done using the close() method available in Python.

>>>f = open("test.txt“, “r”)

# perform file operations
>>>f.close()
Reading and Writing Files
Writing to Files in Python
• In order to write into a file in Python, we need to open it in write ”w” ,
or “a” append mode.

• We need to be careful with the w mode, as it will overwrite into the file if it

already exists. Due to this, all the previous data are erased.

>>> f = open("D:\Test\First.txt","w")
>>> f.write("my first file\n")
>>> f.write(“This file\n\n")
>>> f.write(“contains three lines file\n")
>>>f.close()
Reading and Writing Files
The file object provides three methods for reading text from a text file:

• read() : read all text from a file into a string.

• readline() : read the text file line by line and return all the lines as strings.
• readlines() : read all the lines of the text file and return them as a list of strings

•  read all texts from the file.txt file into a string

>>> f = open("D:\Test\First.txt","r")
>>> f.readlines()
['my first file\n', 'my first file22222\n', 'my first file55555']
>>>f.close()
>>>
Reading and Writing Files
Appended line
• Sometimes, we often append new content to an existing file at the end
of the file .
• we can use the append mode (a).

>>> f = open("D:\Test\First.txt","a")
>>> f.write(“\npython for security is very importan\n")
>>> f.close()
>>> f = open("D:\Test\First.txt","r")
>>> f.readlines()
['my first file\n', 'my first file22222\n', 'my first file55555\n’,’python for security
is very importan\n’]
>>>f.close()
>>>