Python for penetration testing - 1

As last year undergraduate students, we are now working on our graduation project, Automating Penetration Testing. Along with Shell scripting, Python was our choice for a programming language to use, although we went through some time investigating other languages like Ruby and Perl.. but at last we found that Python is our best choice.

Ruby and Perl were the top languages to be compared with Python as they are the most used languages in pen testing and hacking. Who wouldn't want to use any of these three languages in a project like ours anyways?

I mean Ruby is one of the remarkable interpreted languages, the giant Metasploit was written in it. It has so many capabilities that would definitely help any pen tester. It can be used for everything like reverse engineering, fuzzing, and many other. Ruby is very similar to Python and usually compared with it, it also combines concepts from other languages like Perl, Ada, and Lisp. It's flexible, and gives you the ability to create complex one-liners. It does well at networking, protocol manipulating, and object-oriented database access.

How about Perl? it's an awesome interpreted  language with the motto "There is more than one way to do it". Perl is loose and open structured. It's called "The Swiss army chainsaw of scripting languages" which means it's very powerful, although sometimes it lack elegance and tidiness. CPAN is what makes Perl's greatest strength. Perl is also more mature than Ruby and much older. Perl is good at manipulating data and gluing applications together and many other tasks. It generally does well in quick data processing tasks.

But we found Python the most suitable language for us. A long with it being easy to learn, it's the most common platform for security tools, we found that almost 50% of penetration testing tools on GitHub are written in Python (205 out of 453). It has a large number of modules (more than 1000) and it is included in most Linux systems too. Python helps in doing quick tasks, it's well designed and well documented. Ruby and Python are great for complex tasks as they have comprehensive libraries. Python includes a number of easy ways to reuse pre-written code which increases the productivity very well.

Sure that doesn't mean that Python is the best, it simply means that we think it will help us a lot in our project. For penetration testing or security in general, the language choice usually depends on the task it's needed for. There are dozens of languages out there that can be used, and so many hackers use languages other than Python. What make a language better than another are a few points that you might like to put in considerations if you wish to become a pen tester:

1. Time consuming: In pen testing, your own time is the most important, that's why Python and Ruby are the most popular languages in the field over C, C++, Java, and other faster languages (for the machine). What you need is a fast to use language that doesn't need much time to code.
2. Cross-platforms compatibility: Remember to choose a language that can run on many platforms.
3. Libraries and frameworks: A language with much libraries and frameworks to use in the field is better as it will make your job much easier.
4. The type and usage of the language: Languages have many types and are made for specific tasks, they have different abilities. So choose wisely the best language that would suit your task the best.
5. Tools built be that language: The number and rating of tools written by a certain language definitely gives it extra score, especially if they are open source tools as you can always find interesting code and support from the open source community.

In case you're interested, we will post more Python for penetration testing in the future talking about our experience with Python in the field. Stay tuned (◕‿~).

Python 3.3 Alpha is out!

Hurray! Python 3.3 alpha came out :) it contains lots of improvement of the series 3.x.
Some new features are added and many bugs are repaired. Try it out, run your tests and help improving it.
You can download Python 3.3 Alpha from here.
Please help Python by reporting any issues through this link.

Python 2.x or 3.x , what is better !!!!

Three months ago, i begin to python -i use it as a verb- i downloaded the 3.x version,  it was 3.2 as i can remember and as i go further and begin to download some python programs like the PyPe -a great editor- it tells me to download the python 2.7 -or python 27 as they say- i don't know why but i have to do so in order to run the program.

The reason is that the python 2.x 's lifetime have been ended, but the python's creator "Guido van Rossum" insist to make some enhancements to it in order to delay its abortion, it is like that he wants to continue the development of an obsolete old machine in order to let it work the longest time possible, but he agreed that it is in the end of life period for python 2.x and for that he didn't release a 2.8 version but only 2.7.x and the x still increasing until there is nothing to do with it.In the other hand, the python 3.x is the new version of python but until now not all the python applications run on the python 3.x and that's the reason why you have to get the python 27 in some cases.

But, as a beginner and you want to python ,what will you use, the answer is so easy, in fact the python 3.x is better and unless you don't need python 27 you can use it. but if you going to get some programs run on the python 27 ,then, i am sorry you have to python on the python 27, there is no other way.

for more information, go to our links section.

Open sourse licenses

Open source software products have special licenses that states that this product's source code is available for anyone to use. Any one can download the code to review it, edit it, and use it for their own needs.

Usually most licenses gives the user the full freedom to use the code without having to pay any fees, the user can use the code for personal use or redistribute it again as commercial or non-commercial distribution.

However some don't give this full freedom to the users, or only allow personal and non-commercial distribution. Such licenses require more restrictions like a requirement to preserve the name of the authors and a copyright statement within the code. Open source focus more on the availability of the source code and the freedom of using it

 The following is a list of open source licenses approved by OSI based on their open source definition:

License that are popular and widely used or with strong communities

• Apache License, 2.0 (Apache-2.0)
• BSD 3-Clause "New" or "Revised" license (BSD-3-Clause)
• BSD 3-Clause "Simplified" or "FreeBSD" license (BSD-2-Clause)
• GNU General Public License (GPL)
• GNU Library or "Lesser" General Public License (LGPL)
• MIT license (MIT)
• Mozilla Public License 2.0 (MPL-2.0)
• Common Development and Distribution License (CDDL-1.0)
• Eclipse Public License (EPL-1.0)

Special purpose licenses

• Educational Community License
• IPA Font License (IPA)
• NASA Open Source Agreement 1.3 (NASA-1.3)
• Open Font License 1.1 (OFL-1.1)

Other/Miscellaneous licenses

• Adaptive Public License (APL-1.0)
• Artistic license 2.0 (Artistic-2.0)
• Open Software License (OSL-3.0)
• Q Public License (QPL-1.0)
• zlib/libpng license (Zlib)

Licenses that are redundant with more popular licenses

• Academic Free License (AFL-3.0)
• Attribution Assurance Licenses (AAL)
• Eiffel Forum License V2.0 (EFL-2.0)
• Fair License (Fair)
• Historical Permission Notice and Disclaimer (HPND)
• Lucent Public License Version 1.02 (LPL-1.02)
• The PostgreSQL License (PostgreSQL)
• University of Illinois/NCSA Open Source License (NCSA)
• X.Net License (Xnet)

Non-reusable licenses

• Apple Public Source License (APSL-2.0)
• Computer Associates Trusted Open Source License 1.1 (CATOSL-1.1)
• CUA Office Public License Version 1.0 (CUA-OPL-1.0)
• EU DataGrid Software License (EUDatagrid)
• Entessa Public License (Entessa)
• Frameworx License (Frameworx-1.0)
• IBM Public License (IPL-1.0)
• LaTeX Project Public License (LPPL-1.3c)
• Motosoto License (Motosoto)
• Multics License (Multics)
• Naumen Public License
• Nethack General Public License (NGPL)
• Nokia Open Source License (Nokia)
• OCLC Research Public License 2.0 (OCLC-2.0)
• PHP License (PHP-3.0)
• Python License (Python-2.0) (overall Python license)
• CNRI Python license (CNRI portion of Python License)
• RealNetworks Public Source License V1.0 (RPSL-1.0)
• Ricoh Source Code Public License (RSCPL)
• Sleepycat License (Sleepycat)
• Sun Public License (SPL)
• Sybase Open Watcom Public License 1.0 (Watcom-1.0)
• Vovida Software License v. 1.0 (VSL-1.0)
• W3C License (W3C)
• wxWindows Library License (WXwindows)
• Zope Public License (ZPL-2.0)

Superseded licenses

• Apache Software License 1.1
• Common Public License 1.0
• Artistic license 1.0
• Eiffel Forum License V1.0
• Lucent Public License (Plan9)
• Mozilla Public License 1.1 (MPL 1.1)
• Mozilla Public License 1.0 (MPL 1.0)
• Open Software License 1.0
• Reciprocal Public License

Licenses that have been voluntarily retired

• Intel Open Source License
• Jabber Open Source License
• MITRE Collaborative Virtual Workspace License (CVW License)
• Sun Industry Standards Source License (SISSL)

Uncategorized Licenses

• Boost Software License (BSL1.0)
• Common Public Attribution License 1.0 (CPAL)
• European Union Public License (EUPL-1.1) (links to every language's version on their site)
• GNU Affero General Public License v3 (AGPL-3.0)
• ISC License (ISC)
• Microsoft Public License (MS-PL)
• Microsoft Reciprocal License (MS-RL)
• MirOS Licence (MirOs)
• Non-Profit Open Software License 3.0 (NPOSL-3.0)
• NTP License (NTP)
• Reciprocal Public License 1.5 (RPL-1.5)
• Simple Public License 2.0 (Simple-2.0)
• Open Group Test Suite License (OGTSL) 

 In the future we will compare between Open source and other software licenses like Free software licenses, and Closed source (or Proprietary) software licenses. And provide some more information in details about open source licenses and what's so special about them.

really,I am starving for an aPPlePy

let it be an introductory post, the title of the post is a sentence i used to laugh to the usage of the 'py' from python to say that this belonged to python like the pype, the pyscripter , the spyder and of course the cherrypy.
in the latest times python have a lot of attention from some pretty large companies like google and as we all know the python's founder "Guido van Rossum" is an employee at google and it had been used in the development of many open source projects as the gnome and kde tools have a pretty much programmed in this language, from my point of view the open source now is both the Linux and python, cause we need more simplicity in both the operating systems and programming languages, for Linux simplicity means speedy and for python it means productivity, but i wish that python will be as speedy as C, but it is really a big dream may be it get done in the meanwhile.
after this introduction you know that we are pythonics who want to have fun and blog , i wish you follow our blog and wait for a completely different posts in the near future.

Hello

This blog is a new blog created by a beginner open source lover to support this amazing culture and idea. Say no more to commercial software and welcome open source software for more freedom :)