Scribd
Upload
3 views40 pages

common-python-libraries-for-security-slides

The document outlines various common Python libraries and modules used for security purposes, including Sys, OS, Re, PSUtil, Cryptography, YARA, Socket, Scapy, Requests, and BeautifulSoup. Each section provides a brief description of the library's functionality, key methods, and relevant links for further information. The document serves as a resource for understanding how to leverage these libraries for security-related tasks in Python.

Uploaded by

Alejandro Saldias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views40 pages

common-python-libraries-for-security-slides

The document outlines various common Python libraries and modules used for security purposes, including Sys, OS, Re, PSUtil, Cryptography, YARA, Socket, Scapy, Requests, and BeautifulSoup. Each section provides a brief description of the library's functionality, key methods, and relevant links for further information. The document serves as a resource for understanding how to leverage these libraries for security-related tasks in Python.

Uploaded by

Alejandro Saldias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Common Python Libraries and Modules

for Security

Michael Woolard
Risk and Compliance Manager

@wooly6bear wooly6bear.wordpress.com
Sys
Sys

https://docs.python.org/3/library/sys.html

Standard module of python

When you want to interact with the


interpreter
Sys

.argv (argparse)

.path
.stderr
.version (Version_info)
OS
OS

https://docs.python.org/3/library/os.html

Standard module of python

When you want to interact with the


Operating System
OS

.open
.close
.remove
.getcwd
.getpid
.system (subprocess)
Re
Re

https://docs.python.org/3/library/re.html

Pattern Recognition for Searching and


Manipulating Strings

Indicator of Compromise
Log Check
Re

Regular Expression Syntax


Ordinary Characters
Metacharacters
Special Sequences
Regex Format

String: r“The tool costs $3000”

\d\d* : Will return [‘3000’]

\d\d? : Will return [‘30’,’00’]

\d\d+ : Will return [‘3000’]


Regex Format

String: r“The tool costs $3”

\d\d* : Will return [‘3’]

\d\d? : Will return [‘3’]

\d\d+ : Will return [ ]


Re
Regular Expression Syntax
Ordinary Characters
Metacharacters
Special Sequences

.compile()
.search()
.match()
.findall()
PSUtil
PSUtil

pypi.org/project/psutil/

psutil.readthedocs.io/en/latest/

Process and System Utilities


PSUtil

.net_connections
.process
.oneshot
.cpu_...
.disk_...
.virtual_memory…
Cryptography
Cryptography

Provides cryptographic recipes (symmetric


encryption) and primitives

https://cryptography.io/en/latest/

https://pypi.org/project/cryptography

pip install cryptography


Cryptography

fernet
.generate_key()
.Fernet()
.encrypt
.decrypt
Fernet Class
fernet
Fernet(KEY)

Fernet.generate_key()

Encrypt()

Decrypt()
Cryptography

scrypt
Scrypt()
.derive
.verify
Fernet Class
scrypt
Scrypt(salt, length, n, r, p)

Derive()

Verify()
YARA
YARA

https://pypi.org/project/yara/

https://yara.readthedocs.io/en/stable
/yarapython.html

pip install yara


YARA Rule Template

Rule (rule name) rule Tofu_Backdoor


Example_rule
{
{ meta:
meta:
meta: author = "Cylance=Spear
description Team" Yara rule"
“An example
created = “” strings: threat_level = 10
modified = “” $a = "Cookies:
in_the_wild Sym1.0"
= true
$b = "\\\\.\\pipe\\1[12345678]"
strings:
author = “” $c = {66 0F FC C1 0F 11 40 D0 0F 10 40 D0
vendor = “” $a = {4A 10 40 0A 42 AD 80 4B 00 10 }
66 0F EF C2 0F 11 40 D0 0F 10 40 E0}
$b = {6A B0 99 59 2B C0 F7 16 0A 00 24 AA C7 D9}
strings: condition:
$c = “HISDBCIBUNSDCLLJSXQZAKCBGMT"
$variable = “” $a or $b or $c
condition:
condition: } $a or $b or $c
(condition to be met to kick off rule) }
}
YARA

.compile
.match
Socket
Socket

https://docs.python.org/3/library/socket.html#functions

Communicate back to central dashboard


Penetration Test
Socket
.socket()
.bind()
.listen()
.accept()
.connect()
.send() / sendall()
.recv()
.close()
Scapy
Scapy
https://scapy.net/

https://pypi.org/project/scapy/

https://scapy.readthedocs.io/en/latest/installation.html

https://github.com/secdev/scapy

Network Packets Crafting / Sniffing

pip install scapy


Scapy

conf()
sr() / sr1()
send()IP/TCP/DNS)
sniff()
show()
Requests
Requests

https://pypi.org/project/requests/

https://app.pluralsight.com/guides/web-scraping-with-
request-python

https://app.pluralsight.com/guides/implementing-web-
scraping-with-requests

pip install requests


Requests

.get()
.post()
.status_code()
.text() / .content()
.header()
Beautifulsoup4
Beautifulsoup4

https://pypi.org/project/beautifulsoup4/

https://www.crummy.com/software/BeautifulSoup/bs4/doc/

pip install beautifulsoup4


Beautifulsoup4

Beautifulsoup(web, parser)
§ Can provide local html file
§ Requests.get to pull in external
Parsers
- html.parser
- lxml
- lxml-xml
- html5lib
Beautifulsoup4

.find()
.find_all()
.find_parent()
.find_next()
.find_previous()
Sys
OS
PSUtil
Course Summary
Re
Cryptography
YARA
Socket
Scapy
Requests
Beatuifulsoup

You might also like