渗透测试人员的Python工具箱

jack

如果你从事的行业是漏洞研究，逆向工程或者渗透测试，那么Python语言你将值得拥有。它是一个具有丰富的扩展库和项目的编程语言。本文仅仅列出了其中的一小部分。下面列举的工具大部分是用Python写的，剩下的一部分是C语言库的Python实现，且他们很容易被Python所使用。

网络：

Scapy, Scapy3k: send, sniff and dissect
and forge network packets. Usable interactively or as a library
pypcap, Pcapy and pylibpcap: several different
Python bindings for libpcap
libdnet: low-level networking
routines, including interface lookup and Ethernet frame transmission
dpkt: fast, simple packet
creation/parsing, with definitions for the basic TCP/IP protocols
Impacket:
craft and decode network packets. Includes support for higher-level
protocols such as NMB and SMB
pynids: libnids wrapper offering
sniffing, IP defragmentation, TCP stream reassembly and port scan
detection
Dirtbags py-pcap: read pcap
files without libpcap
flowgrep: grep through
packet payloads using regular expressions
Knock Subdomain Scan, enumerate
subdomains on a target domain through a wordlist
SubBrute, fast subdomain
enumeration tool
Mallory, extensible
TCP/UDP man-in-the-middle proxy, supports modifying non-standard
protocols on the fly
Pytbull: flexible IDS/IPS testing
framework (shipped with more than 300 tests)
调试与逆向工程：

Paimei: reverse engineering
framework, includes PyDBG, PIDA,
pGRAPH
Immunity Debugger:
scriptable GUI and command line debugger
mona.py:
PyCommand for Immunity Debugger that replaces and improves on
pvefindaddr
IDAPython: IDA Pro plugin that
integrates the Python programming language, allowing scripts to run
in IDA Pro
PyEMU: fully scriptable IA-32
emulator, useful for malware analysis
pefile: read and work with
Portable Executable (aka PE) files
pydasm:
Python interface to the libdasm x86 disassembling library
PyDbgEng: Python wrapper for the
Microsoft Windows Debugging Engine
uhooker:
intercept calls to API calls inside DLLs, and also arbitrary
addresses within the executable file in memory
diStorm: disassembler library
for AMD64, licensed under the BSD license
python-ptrace:
debugger using ptrace (Linux, BSD and Darwin system call to trace
processes) written in Python
vdb / vtrace: vtrace is a
cross-platform process debugging API implemented in python, and vdb
is a debugger which uses it
Androguard: reverse
engineering and analysis of Android applications
Capstone: lightweight
multi-platform, multi-architecture disassembly framework with Python
bindings
PyBFD: Python interface
to the GNU Binary File Descriptor (BFD) library
Fuzzing：

Sulley: fuzzer development and
fuzz testing framework consisting of multiple extensible components
Peach Fuzzing Platform:
extensible fuzzing framework for generation and mutation based
fuzzing (v2 was written in Python)
antiparser: fuzz testing and
fault injection API
TAOF, (The Art of Fuzzing)
including ProxyFuzz, a man-in-the-middle non-deterministic network
fuzzer
untidy: general purpose XML fuzzer
Powerfuzzer: highly automated and
fully customizable web fuzzer (HTTP protocol based application
fuzzer)
SMUDGE
Mistress:
probe file formats on the fly and protocols with malformed data,
based on pre-defined patterns
Fuzzbox:
multi-codec media fuzzer
Forensic Fuzzing
Tools:
generate fuzzed files, fuzzed file systems, and file systems
containing fuzzed files in order to test the robustness of forensics
tools and examination systems
Windows IPC Fuzzing
Tools:
tools used to fuzz applications that use Windows Interprocess
Communication mechanisms
WSBang:
perform automated security testing of SOAP based web services
Construct: library for parsing
and building of data structures (binary or textual). Define your
data structures in a declarative manner
fuzzer.py
(feliam):
simple fuzzer by Felipe Andres Manzano
Fusil: Python library
used to write fuzzing programs
Web：

Requests: elegant and simple HTTP
library, built for human beings
HTTPie: human-friendly cURL-like command line
HTTP client
ProxMon:
processes proxy logs and reports discovered issues
WSMap:
find web service endpoints and discovery files
Twill: browse the Web from a command-line
interface. Supports automated Web testing
Ghost.py: webkit web client written
in Python
Windmill: web testing tool designed
to let you painlessly automate and debug your web application
FunkLoad: functional and load web
tester
spynner: Programmatic web
browsing module for Python with Javascript/AJAX support
python-spidermonkey:
bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the
evaluation and calling of Javascript scripts and functions
mitmproxy: SSL-capable, intercepting HTTP
proxy. Console interface allows traffic flows to be inspected and
edited on the fly
pathod / pathoc: pathological daemon/client
for tormenting HTTP clients and servers
取证分析：

Volatility:
extract digital artifacts from volatile memory (RAM) samples
Rekall:
memory analysis framework developed by Google
LibForensics: library for
developing digital forensics applications
TrIDLib, identify file types
from their binary signatures. Now includes Python binding
aft: Android forensic toolkit
恶意代码分析：

pyew: command line hexadecimal
editor and disassembler, mainly to analyze malware
Exefilter: filter file formats
in e-mails, web pages or files. Detects many common file formats and
can remove active content
pyClamAV: add
virus detection capabilities to your Python software
jsunpack-n, generic
JavaScript unpacker: emulates browser functionality to detect
exploits that target browser and browser plug-in vulnerabilities
yara-python:
identify and classify malware samples
phoneyc: pure Python
honeyclient implementation
CapTipper: analyse, explore and
revive HTTP malicious traffic from PCAP file
PDF文件分析：

peepdf:
Python tool to analyse and explore PDF files to find out if they can be harmful
Didier Stevens’ PDF
tools: analyse,
identify and create PDF files (includes PDFiD, pdf-parser and make-pdf and mPDF)
Opaf: Open PDF Analysis Framework.
Converts PDF to an XML tree that can be analyzed and modified.
Origapy: Python wrapper
for the Origami Ruby module which sanitizes PDF files
pyPDF2: pure Python PDF toolkit: extract
info, spilt, merge, crop, encrypt, decrypt…
PDFMiner:
extract text from PDF files
python-poppler-qt4:
Python binding for the Poppler PDF library, including Qt4 support
杂项：

InlineEgg:
toolbox of classes for writing small assembly programs in Python
Exomind:
framework for building decorated graphs and developing open-source
intelligence modules and ideas, centered on social network services,
search engines and instant messaging
RevHosts: enumerate
virtual hosts for a given IP address
simplejson: JSON
encoder/decoder, e.g. to use Google’s AJAX
API
PyMangle: command line tool
and a python library used to create word lists for use with other
penetration testing tools
Hachoir: view and
edit a binary stream field by field
py-mangle: command line tool
and a python library used to create word lists for use with other
penetration testing tools
其他有用的扩展库与工具：

IPython: enhanced interactive Python
shell with many features for object introspection, system shell
access, and its own special command system
Beautiful Soup:
HTML parser optimized for screen-scraping
matplotlib: make 2D plots of
arrays
Mayavi: 3D scientific
data visualization and plotting
RTGraph3D: create
dynamic graphs in 3D
Twisted: event-driven networking engine
Suds: lightweight SOAP client for
consuming Web Services
M2Crypto:
most complete OpenSSL wrapper
NetworkX: graph library (edges, nodes)
Pandas: library providing
high-performance, easy-to-use data structures and data analysis
tools
pyparsing: general parsing
module
lxml: most feature-rich and easy-to-use library
for working with XML and HTML in the Python language
Whoosh: fast, featureful
full-text indexing and searching library implemented in pure Python
Pexpect: control and automate
other programs, similar to Don Libes `Expect` system
Sikuli, visual technology
to search and automate GUIs using screenshots. Scriptable in Jython
PyQt and PySide: Python bindings for the Qt
application framework and GUI library
相关书籍：

Violent Python by TJ O’Connor. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Grey Hat Python by Justin Seitz:
Python Programming for Hackers and Reverse Engineers.
Black Hat Python by Justin Seitz:
Python Programming for Hackers and Pentesters
Python Penetration Testing Essentials by Mohit:
Employ the power of Python to get the best out of pentesting
Python for Secret Agents by Steven F. Lott. Analyze, encrypt, and uncover intelligence data using Python
其他：

SecurityTube Python Scripting Expert (SPSE) is an online course and certification offered by Vivek Ramachandran.
SANS offers the course SEC573: Python for Penetration Testers.
The Python Arsenal for Reverse Engineering is a large collection of tools related to reverse engineering.
There is a SANS paper about Python libraries helpful for forensic analysis (PDF).
For more Python libaries, please have a look at PyPI, the Python Package Index.