Python for Pentesting

Introduction to my blog

Published on Apr 23, 2020

Python for petesting is an essential collection of pentesting that can be helpful during pentests.

Python simple HTTP Server

sudo python3 -m http.server --bind 127.0.0.1 80

It starts an http server with python from port 80. It is very useful if a short test will be done on the internal network

sudo python3 -m http.server --bind 0.0.0.0 8080

Spawn interactive BASH Shell with Python

Most time you usually get a basic shell during pentests, use this below python snippet to upgrade to an interactive TTY

python -c 'import pty; pty.spawn("/bin/bash")'

Make Request using Python

The below code allows you to send an HTTP request using Python. The following code snippets require python requests library.

import requests

req = requests.get("http://<URL>")
print req.status_code
print req.text

If custom headers are required for the webserver, you can include that as well in the requests.

import requests

headers = {
"header-name": "value",
}
req = requests.get("http://<URL>", headers=headers)
print req.status_code
print req.text