InfoSec Things with Python

InfoSec Things You Can Do with a little Python

programming experience helpful, but not required

An idea for presentation or two, feedback appreciated

  • contribute bugs, code, documentation, and tests to projects
  • do simple or complex data analysis, and make charts and graphs
    • Jupyter, Pandas :
  • capture, analyse, and manipulate packets
    • scapy:
  • reformat and decode data
    • unhexlify, codecs etc => Didier Steven’s tools:
    • check entropy and detect computer-generated data strings:
  • upload and download files over http(s) and and other means
    • http.server, requests
    • hit an API and get stuff
  • exploit vulnerabilities
    • python -c "print('{}'.format('A' * 1024))"
  • automate & extend security tools:
    • Ghidra eg:
    • Burp Suite , ZAP
    • Metasploit Framework etc.
  • get a (better) terminal session
    • python3 -c "import pty;pty.spawn('/bin/whoami')"
  • (advanced) integrate tools and glue systems together
  • (advanced) make entirely new tools


  • Cool python3 programming tricks:
    • speciality dictionaries like Counter:
  • small projects or use cases to work on
  • books (NoStarch) and courses recommendations (SEC573)
Written on April 20, 2022