Python for Ethical Hacking — an introductory article

1. What is ethical hacking?

Ethical hacking (also called penetration testing or red-teaming when done professionally) is the authorized practice of probing computer systems to find vulnerabilities so they can be fixed before malicious actors exploit them. Ethical hackers follow clear rules:

• Authorization: written permission to test the target systems.

• Scope: clearly defined systems, IPs, apps and time windows.

• Non-destructive testing: avoid causing downtime or data loss.

• Responsible disclosure: report findings to the owner and give time to remediate.

2. The ethical hacking methodology (high level)

1. Scope & rules — obtain permission and document scope.

2. Reconnaissance — collect public information (DNS, WHOIS, public web).

3. Enumeration — list services and versions (only on in-scope systems).

4. Vulnerability analysis — match versions/configs against known issues.

5. Exploitation (controlled) — only when authorized and safe.

6. Post-exploitation (analysis) — determine impact (data access, lateral movement).

7. Reporting & remediation — deliver clear, actionable findings.

3. Why Python is useful for security professionals

Python is widely used because:

• Easy to write and read.

• Large ecosystem (parsers, network libs, crypto libs).

• Great for automating tasks: log analysis, scanning (when legal), telemetry, fuzzing, or building defensive tooling.

4. Legal & ethical reminder

Never run scripts or scans against systems you do not own or have explicit written authorization to test. Misuse can be illegal and harmful.

5. Practical, safe Python examples (defensive / learning)

Below are small, safe example scripts to help you learn how Python can be used for defensive tasks: generating secure passwords, hashing passwords correctly, monitoring logs for suspicious activity, and checking service availability on systems you own.

All code examples are intended for defensive use (system admin, blue team, or authorized penetration testing labs). I include comments and explanation so you understand what each example does.

Example 1 — Secure password generator

Use secrets for cryptographically secure random secrets. This is useful for generating admin passwords or API keys.

# secure_password.py # Usage: python secure_password.py import secrets import string def generate_password(length=16, use_symbols=True): alphabet = string.ascii_letters + string.digits if use_symbols: alphabet += "!@#$%^&*()-_=+[]{};:,.<>/?" # Ensure at least one lower, upper, digit, symbol if possible: while True: pwd = ''.join(secrets.choice(alphabet) for _ in range(length)) if (any(c.islower() for c in pwd) and any(c.isupper() for c in pwd) and any(c.isdigit() for c in pwd) and (not use_symbols or any(c in string.punctuation for c in pwd))): return pwd if __name__ == "__main__": print("Secure password:", generate_password(20))

Why this is safe/useful: Produces strong, random passwords for use in provisioning and avoids predictable RNG.

Example 2 — Proper password hashing with bcrypt

Never store plaintext passwords. Use a slow hash (bcrypt, argon2). Below is a bcrypt example. Install bcrypt (pip install bcrypt) before running.

# hash_password.py import bcrypt def hash_password(plain_text_password: str) -> bytes: # Generate a salt and hash the password salt = bcrypt.gensalt(rounds=12) # rounds: work factor (adjust per environment) hashed = bcrypt.hashpw(plain_text_password.encode(), salt) return hashed def check_password(plain_text_password: str, hashed: bytes) -> bool: return bcrypt.checkpw(plain_text_password.encode(), hashed) if __name__ == "__main__": p = "CorrectHorseBatteryStaple123!" h = hash_password(p) print("Hashed:", h) print("Check (correct):", check_password(p, h)) print("Check (wrong):", check_password("wrongpass", h))

Why this is safe/useful: Demonstrates secure password storage and verification — a critical defensive practice.

Example 3 — Basic local service availability checker (for admins)

This script attempts to connect to a TCP port on an IP/hostname you own or that is in scope. This is not a port scanning tool for random targets — use only on systems you control or are authorized to test.

# service_check.py import socket from contextlib import closing import sys def check_tcp(host: str, port: int, timeout=2.0) -> bool: with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s: s.settimeout(timeout) try: s.connect((host, port)) return True except (socket.timeout, ConnectionRefusedError, OSError): return False if __name__ == "__main__": # Example usage: python service_check.py localhost 22 if len(sys.argv) != 3: print("Usage: python service_check.py <host> <port>") sys.exit(1) host = sys.argv[1] port = int(sys.argv[2]) up = check_tcp(host, port) print(f"{host}:{port} is {'open' if up else 'closed/unreachable'}")

Why this is safe/useful: Helps administrators verify that services are up and listening. It’s not an attack — it’s a health check. Use only against systems you manage.

Example 4 — Simple log watcher to detect repeated failed login attempts

This example shows how to parse a logfile (e.g., an auth log you own) and find IPs with repeated failures. It’s for monitoring and alerting.

# failed_login_detector.py # Example: feed it an auth log from your system (ensure you have permission) import re from collections import Counter def find_failed_logins(log_lines, pattern=None): # A highly simplified regex for demo purposes — adapt to your log format # Example lines might include "Failed password for invalid user bob from 1.2.3.4 port 587" if pattern is None: pattern = re.compile(r'Failed .* from (?P<ip>\d+\.\d+\.\d+\.\d+)') ips = [] for line in log_lines: m = pattern.search(line) if m: ips.append(m.group('ip')) return Counter(ips) if __name__ == "__main__": sample_log = [ "Nov 8 10:00:01 host sshd[1234]: Failed password for invalid user root from 192.0.2.10 port 51322 ssh2", "Nov 8 10:00:05 host sshd[1235]: Failed password for invalid user admin from 192.0.2.10 port 51323 ssh2", "Nov 8 10:02:10 host sshd[1240]: Failed password for invalid user test from 198.51.100.5 port 51234 ssh2", ] counts = find_failed_logins(sample_log) for ip, c in counts.most_common(): print(f"{ip} -> {c} failed attempts")

Why this is safe/useful: Shows how to build simple detection rules for defensive monitoring. In production, integrate into SIEM or alerting with thresholds and blocklists (after validation).

6. Learning path and safe labs

If you want to learn ethically and practically, follow this path:

• Learn fundamentals: TCP/IP, OS internals, web security (HTTP, cookies, sessions).

• Study secure coding practices and common web vulnerabilities (OWASP Top 10).

• Practice in isolated labs and CTFs: set up virtual machines, use intentionally vulnerable targets (e.g., OWASP Juice Shop, Metasploitable) on local networks or online platforms that provide legal testbeds.

• Read defensive posts and vulnerability writeups to understand remediation.

(If you’d like, I can list some recommended books, free resources, or labs — safe and legal choices — and how to set up a local lab.)

7. Responsible disclosure & reporting

If you discover a vulnerability (and you discovered it legally and ethically):

1. Stop further testing that could cause harm.

2. Document steps and evidence (time, systems, non-sensitive screenshots).

3. Notify the owner through their official channel (security@ or a bug bounty program).

4. Wait a reasonable time to allow remediation before public disclosure; follow the vendor’s disclosure policy.