Found a use for python

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
Alight so I guess this is kind of a stupid to post but whatever...
I've been learning Bash and Python for some time but the beginner books seem (to me) that they don't really have any use. I usually end up doing the whole "Hello World!", Loops (attempt to), Variables and whatever else. I know that these books are to start out with but I'm like, how am I gonna really use this stuff.

So I checked out a book on Amazon for pentesting and python. I saw something about sockets and it looked interesting so I started to do some research and something about DNS lookups came up. So today I wrote a script to do DNS lookups by IP address. At first it was by Domain Name but it was static in the script like google.com or yahoo.com. Then I changed it so that I can input the ip address for DNS server and I would get the name.

For Bash, I would just make a script to add a user account with a directory or make Nmap scans easier. I'm looking to do more with Bash in the future...

I wondered how someone would take the OSCP course and edit the exploits for Metasploit but now I guess I'm getting closer to understanding. I gotta learn some Ruby for the eCPPT.

I'm kinda exciting that I'm actually getting learn how this stuff can be applied to daily use. I just gotta be creative about stuff :)
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • varelgvarelg Banned Posts: 790
    Congratulations, the same curve you described actually is pretty valid when learning other programming languages. Loops and variables first and then it's on with the API's. In your case, you found socket programming interesting.
    It's when you start drowning in those API's that things stop being fun.
  • OctalDumpOctalDump Member Posts: 1,722
    Python is great for system programming in Linux/Unix, since you are dealing with text based commands and configs all the time. And writing things to manipulate text is fairly straight forward with Python. You can mix bash and python together, calling Bash commands from python and parsing the output, or inserting python into bash scripts for more custom tasks.

    HTML, CSS and Javascript are all just textfiles as well. So you can use that python to generate webpages.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for the input varelg and OctalDump.

    I think that it's great to be able to realize that I can create a tool if I need to, such as a port scanner. I'll have to see about using Bash and Python together later on but I hope it'll be something easy to catch on to because that would be super awesome. I don't a reason to use this stuff at work but I think I'll have some fun learning a few things.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    With regard to mixing Bash and Python, I would recommend using the best tool for the job. Generally speaking, avoid breaking the cross-platform nature of Python if you don't have to.

    I was in the same boat - I wanted to do something other than count to 100 with my scripting. Early on, it can be difficult to identify opportunities for automation. Over time it becomes much easier and those automation pieces will make themselves obvious to you.

    OP, if you're interested in taking a look, I have a few of my Python projects publicly hosted on GitHub here. A couple of my tools found their way into the SANS SIFT kit which was really cool. Keep working at it - learning to programatically solve problems will really set you free in IT.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    So I checked out a book on Amazon for pentesting and python.

    Do you remember the name of the book???
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • p@r0tuXusp@r0tuXus Member Posts: 532 ■■■■□□□□□□
    ITSpectre wrote: »
    Do you remember the name of the book???

    It was likely https://www.nostarch.com/blackhatpython
    A great site with lots of useful books. Give it a go.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I asked a buddy once, who was great with Python, how do I get great with Python? He said: write Python. Years later, picking up books and viewing video courses, finally at work I had a project that I wanted to use Python with. Everything started to click. Hit a problem, Google and Stack Overflow, problem solved. It really comes down to having a project otherwise there isn't another way to learn, in my humble opinion.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    p@r0tuXus wrote: »
    It was likely https://www.nostarch.com/blackhatpython
    A great site with lots of useful books. Give it a go.

    Thank you so much! icon_cheers.gificon_cheers.gif
    I will bookmark this when I get home and read away icon_study.gif
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • icebearicebear Member Posts: 6 ■□□□□□□□□□
    p@r0tuXus wrote: »
    It was likely https://www.nostarch.com/blackhatpython
    A great site with lots of useful books. Give it a go.
    looks like a site I've been dreaming of! thank you for sharing
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    p@r0tuXus wrote: »
    It was likely https://www.nostarch.com/blackhatpython
    A great site with lots of useful books. Give it a go.

    Ha!

    I have that book and Violent Python.
    Working on Violent Python as we speak!
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    I think its Py version 2.7 which comes standard with ubuntu.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I've been putting in 3-10 hours per week of Python for many months now. Regarding the Python pentesting books, Black Hat Python, Grey Hat Python, Violent Python, etc. I'm afraid to crack any of them open that are not Python 3 because I don't know what I'd be getting myself into mixing 2 and 3.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I bought a 36 Hr+ python course on Udemy 2 weeks ago (it was on a 10$ sale period), planning to start learning it soon.

    recently (this week) I learned that python is used by data analysts for data mining, one more reason to learn python.

    https://www.udemy.com/python-the-complete-python-developer-course/
  • EagerDinosaurEagerDinosaur Member Posts: 114
    I started learning Python because I wanted to read data from some sensors attached to a Raspberry Pi, and I recommend that as a way to start out with Python. I found the learning curve in that environment very easy compared to most languages.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    yoba222 wrote: »
    I've been putting in 3-10 hours per week of Python for many months now. Regarding the Python pentesting books, Black Hat Python, Grey Hat Python, Violent Python, etc. I'm afraid to crack any of them open that are not Python 3 because I don't know what I'd be getting myself into mixing 2 and 3.

    Isn't 3 backwards compatible with 2? If so, shouldn't be an issue to either learn what's in those books and mix it in with 3 code, or update/rewrite the stuff to 3.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    There's a few differences between Python 2 and 3. For the beginner, the differences rarely ever come up. And simply knowing that there is a difference helps a ton so that when something you think should work, doesn't, you know it might be worth Googling if it's not something supported in the version you're using.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    My problem is that whenever I go to Google for help, I find out someone has already created the script I need :P Oh well, that's how it goes until you run into a use case that requires you to modify or create your own script.
  • aditya5670aditya5670 Registered Users Posts: 1 ■□□□□□□□□□
  • ImYourOnlyDJImYourOnlyDJ Member Posts: 180
    varelg wrote: »
    Congratulations, the same curve you described actually is pretty valid when learning other programming languages. Loops and variables first and then it's on with the API's. In your case, you found socket programming interesting.
    It's when you start drowning in those API's that things stop being fun.

    ^This

    I was stuck in the same boat for the longest time because I didn't really know where to go after learning the basics. Once you start learning APIs and libraries then it all starts to click. I too just started working with sockets recently and already have a few scripts that use them.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I tell IT people all the time that you need to learn Python. It can make your job some much easier and can be learned in such a short period of time that there is no reason not to learn it. Every week I end up writing something in Python to automate a task or to develop a tools for our Detectives to use.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.