In this blog, I'm going to briefly break down 4 libraries commonly used in Cyber Security. It's an area I am interested to do more research in. I may make another blog about this field. Now, the libraries I will be exploring are:
Python has even more open-source software(OSS) libraries that suit many cybersecurity needs. The community is active, meaning the tools are ever-growing. Some use cases for this may be networking, cryptography, data serialization, machine learning, math, etc.
One advantage of having these libraries is that it abstracts away a lot of the complexity behind the scenes and lets professionals put out scripts in only a few lines. This allows counter-attacks to happen ASAP.
SCAPY
Scapy is a tool used to "send, sniff, dissect, and forge network packets... Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery."
A packet is just a small portion of a larger piece of data. They are relevant to cybersecurity because they have information about the source and destination IP address. They can also be manipulated to form malicious attacks, overwhelming a system with too many packets (DDoS) or exploiting a system's vulnerabilities. This is a versatile tool because of its ability for surveillance and attacks alike.
Scapy prides itself in this versatility. Apparently, "90% of network probing tools can be rewritten in 2 lines of Scapy."
>>> p = sr1(IP(dst="www.slashdot.org")/ICMP()/"XXXXXXXXXXX")
Begin emission:
...Finished to send 1 packets.
.*
Received 5 packets, got 1 answers, remaining 0 packets
>>> p
<IP version=4L ihl=5L tos=0x0 len=39 id=15489 flags= frag=0L ttl=42 proto=ICMP
chksum=0x51dd src=66.35.250.151 dst=192.168.5.21 options='' |<ICMP type=echo-reply
code=0 chksum=0xee45 id=0x0 seq=0x0 |<Raw load='XXXXXXXXXXX'
|<Padding load='\x00\x00\x00\x00' |>>>>
>>> p.show()
---[ IP ]---
version = 4L
ihl = 5L
tos = 0x0
len = 39
id = 15489
flags =
frag = 0L
ttl = 42
proto = ICMP
chksum = 0x51dd
src = 66.35.250.151
dst = 192.168.5.21
options = ''
---[ ICMP ]---
type = echo-reply
code = 0
chksum = 0xee45
id = 0x0
seq = 0x0
---[ Raw ]---
load = 'XXXXXXXXXXX'
---[ Padding ]---
load = '\x00\x00\x00\x00'
Scapy runs from the terminal, so it is very quick to run prompts, and variables that are made (like p in this example) get saved to your current session.
As we can see above, the sr1 function sends a packet and receives the first answer. p.show() allows us to display details about that packet. By default, it will show everything, but the display can be filtered.
Scapy pairs well with a packet analyzer software like wireshark, so you can view packets moving on your network live.
REQUESTS
Requests is simply a tool to make http requests. It is designed to be highly readable and quick to implement. "Thereโs no need to manually add query strings to your URLs, or to form-encode your POST data. Keep-alive and HTTP connection pooling are 100% automatic." This lets requests get made in a single line.
All instantiations of Request will have access to many methods like text, headers, encoding, json, etc., so viewing certain parts of the response are easy.
Here is an example of making a basic request and viewing it's url:
payload = {'key1': 'value1', 'key2': ['value2', 'value3']}
r = requests.get('https://httpbin.org/get', params=payload)
print(r.url)
# https://httpbin.org/get?key1=value1&key2=value2&key2=value3
Requests also has a Session class, so we can save some params or cookies to be used across all request made in that session.
Here is an example from Ayushman Dubey in an article from TryHackMe where data is extracted from an IP using the requests library:
import requests
import json # Need to parse recieved data
def iplookup(public_ip):
r = requests.get("http://ip-api.com/"+public_ip)
if r.status_code == 200: # If success
data = json.loads(r.text) # Load the recieved data in json object
for key, value in (data).items(): # This will iterate over dictionary
print("{}:{}".format(key, value))
else: # If error occurs
print("Error Occured while making request")
if __name__ == "__main__":
try:
ip = input("Enter IP: ")
iplookup(ip)
except:
print("Error Occured!")
CRYPTOGRAPHY
Data encryption is important for good security, and this library is perfect for that. It offers many encryption formulas, although, the developers do not suggest using the "hazmat" level of encryption without a good understanding first.
The encryption is made with a key that the key holder must keep safe, as that is their method of decrypting the hidden data. It looks like this:
>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
b'...'
>>> f.decrypt(token)
b'my deep dark secret'
"The result of this encryption is known as a 'Fernet token' and has strong privacy and authenticity guarantees."
More specifications about how data is encrypted with Fernet can be found here.
These are very basic libraries, but there are more advanced ones for doing things like pen-testing and ethical hacking! If you're interested in that, I would check out pwntools. This is a very broad library with a wide range of use, so I didn't touch on it this blog. It deserves its own blog.
Top comments (0)