渗透测试人员的PYTHON工具箱

本文首发于公众号：乌云安全，提供关于渗透测试、社会工程学、黑产的技术及资讯，关注该公众号回复关键词“教程”，获取渗透测试入门到精通实战教程。

如果你从事的行业是漏洞研究，逆向工程或者渗透测试，那么Python语言你将值得拥有。它是一个具有丰富的扩展库和项目的编程语言。本文仅仅列出了其中的一小部分。下面列举的工具大部分是用Python写的，剩下的一部分是C语言库的Python实现，且他们很容易被Python所使用。其中有些有攻击性比较强的工具（如：渗透测试框架，蓝牙，web漏洞扫描器，等等）被遗漏了，因为这些工具的使用在我国仍然存在一些法律风险。

网络：

Scapy, Scapy3k: send, sniff and dissect
and forge network packets. Usable interactively or as a library

pypcap, Pcapy and pylibpcap: several different
Python bindings for libpcap

libdnet: low-level networking
routines, including interface lookup and Ethernet frame transmission

dpkt: fast, simple packet
creation/parsing, with definitions for the basic TCP/IP protocols

Impacket:
craft and decode network packets. Includes support for higher-level
protocols such as NMB and SMB

pynids: libnids wrapper offering
sniffing, IP defragmentation, TCP stream reassembly and port scan
detection

Dirtbags py-pcap: read pcap
files without libpcap

flowgrep: grep through
packet payloads using regular expressions

Knock Subdomain Scan, enumerate
subdomains on a target domain through a wordlist

SubBrute, fast subdomain
enumeration tool

Mallory, extensible
TCP/UDP man-in-the-middle proxy, supports modifying non-standard
protocols on the fly

Pytbull: flexible IDS/IPS testing
framework (shipped with more than 300 tests)

调试与逆向工程：
Paimei: reverse engineering
framework, includes PyDBG, PIDA,
pGRAPH

Immunity Debugger:
scriptable GUI and command line debugger

mona.py:
PyCommand for Immunity Debugger that replaces and improves on
pvefindaddr

IDAPython: IDA Pro plugin that
integrates the Python programming language, allowing scripts to run
in IDA Pro

PyEMU: fully scriptable IA-32
emulator, useful for malware analysis

pefile: read and work with
Portable Executable (aka PE) files

pydasm:
Python interface to the libdasm x86 disassembling library

PyDbgEng: Python wrapper for the
Microsoft Windows Debugging Engine

uhooker:
intercept calls to API calls inside DLLs, and also arbitrary
addresses within the executable file in memory

diStorm: disassembler library
for AMD64, licensed under the BSD license

python-ptrace:
debugger using ptrace (Linux, BSD and Darwin system call to trace
processes) written in Python

vdb / vtrace: vtrace is a
cross-platform process debugging API implemented in python, and vdb
is a debugger which uses it

Androguard: reverse
engineering and analysis of Android applications

Capstone: lightweight
multi-platform, multi-architecture disassembly framework with Python
bindings

PyBFD: Python interface
to the GNU Binary File Descriptor (BFD) library

Fuzzing：
Sulley: fuzzer development and
fuzz testing framework consisting of multiple extensible components

Peach Fuzzing Platform:
extensible fuzzing framework for generation and mutation based
fuzzing (v2 was written in Python)

antiparser: fuzz testing and
fault injection API

TAOF, (The Art of Fuzzing)
including ProxyFuzz, a man-in-the-middle non-deterministic network
fuzzer

untidy: general purpose XML fuzzer

Powerfuzzer: highly automated and
fully customizable web fuzzer (HTTP protocol based application
fuzzer)

SMUDGE

Mistress:
probe file formats on the fly and protocols with malformed data,
based on pre-defined patterns

Fuzzbox:
multi-codec media fuzzer

Forensic Fuzzing
Tools:
generate fuzzed files, fuzzed file systems, and file systems
containing fuzzed files in order to test the robustness of forensics
tools and examination systems

Windows IPC Fuzzing
Tools:
tools used to fuzz applications that use Windows Interprocess
Communication mechanisms

WSBang:
perform automated security testing of SOAP based web services

Construct: library for parsing
and building of data structures (binary or textual). Define your
data structures in a declarative manner

fuzzer.py
(feliam):
simple fuzzer by Felipe Andres Manzano

Fusil: Python library
used to write fuzzing programs

Web：
Requests: elegant and simple HTTP
library, built for human beings

HTTPie: human-friendly cURL-like command line
HTTP client

ProxMon:
processes proxy logs and reports discovered issues

WSMap:
find web service endpoints and discovery files

Twill: browse the Web from a command-line
interface. Supports automated Web testing

Ghost.py: webkit web client written
in Python

Windmill: web testing tool designed
to let you painlessly automate and debug your web application

FunkLoad: functional and load web
tester

spynner: Programmatic web
browsing module for Python with Javascript/AJAX support

python-spidermonkey:
bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the
evaluation and calling of Javascript scripts and functions

mitmproxy: SSL-capable, intercepting HTTP
proxy. Console interface allows traffic flows to be inspected and
edited on the fly

pathod / pathoc: pathological daemon/client
for tormenting HTTP clients and servers

取证分析：
Volatility:
extract digital artifacts from volatile memory (RAM) samples

Rekall:
memory analysis framework developed by Google

LibForensics: library for
developing digital forensics applications

TrIDLib, identify file types
from their binary signatures. Now includes Python binding

aft: Android forensic toolkit

恶意代码分析：
pyew: command line hexadecimal
editor and disassembler, mainly to analyze malware

Exefilter: filter file formats
in e-mails, web pages or files. Detects many common file formats and
can remove active content

pyClamAV: add
virus detection capabilities to your Python software

jsunpack-n, generic
JavaScript unpacker: emulates browser functionality to detect
exploits that target browser and browser plug-in vulnerabilities

yara-python:
identify and classify malware samples

phoneyc: pure Python
honeyclient implementation

CapTipper: analyse, explore and
revive HTTP malicious traffic from PCAP file

PDF文件分析：
peepdf:
Python tool to analyse and explore PDF files to find out if they can be harmful

Didier Stevens’ PDF
tools: analyse,
identify and create PDF files (includes PDFiD, pdf-parser and make-pdf and mPDF)

Opaf: Open PDF Analysis Framework.
Converts PDF to an XML tree that can be analyzed and modified.

Origapy: Python wrapper
for the Origami Ruby module which sanitizes PDF files

pyPDF2: pure Python PDF toolkit: extract
info, spilt, merge, crop, encrypt, decrypt…

PDFMiner:
extract text from PDF files

python-poppler-qt4:
Python binding for the Poppler PDF library, including Qt4 support

杂项：
InlineEgg:
toolbox of classes for writing small assembly programs in Python

Exomind:
framework for building decorated graphs and developing open-source
intelligence modules and ideas, centered on social network services,
search engines and instant messaging

RevHosts: enumerate
virtual hosts for a given IP address

simplejson: JSON
encoder/decoder, e.g. to use Google’s AJAX
API

PyMangle: command line tool
and a python library used to create word lists for use with other
penetration testing tools

Hachoir: view and
edit a binary stream field by field

py-mangle: command line tool
and a python library used to create word lists for use with other
penetration testing tools

其他有用的扩展库与工具：
IPython: enhanced interactive Python
shell with many features for object introspection, system shell
access, and its own special command system

Beautiful Soup:
HTML parser optimized for screen-scraping

matplotlib: make 2D plots of
arrays

Mayavi: 3D scientific
data visualization and plotting

RTGraph3D: create
dynamic graphs in 3D

Twisted: event-driven networking engine

Suds: lightweight SOAP client for
consuming Web Services

M2Crypto:
most complete OpenSSL wrapper

NetworkX: graph library (edges, nodes)

Pandas: library providing
high-performance, easy-to-use data structures and data analysis
tools

pyparsing: general parsing
module

lxml: most feature-rich and easy-to-use library
for working with XML and HTML in the Python language

Whoosh: fast, featureful
full-text indexing and searching library implemented in pure Python

Pexpect: control and automate
other programs, similar to Don Libes Expect system

Sikuli, visual technology
to search and automate GUIs using screenshots. Scriptable in Jython

PyQt and PySide: Python bindings for the Qt
application framework and GUI library

相关书籍：
Violent Python by TJ O’Connor. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

Grey Hat Python by Justin Seitz:
Python Programming for Hackers and Reverse Engineers.

Black Hat Python by Justin Seitz:
Python Programming for Hackers and Pentesters

Python Penetration Testing Essentials by Mohit:
Employ the power of Python to get the best out of pentesting

Python for Secret Agents by Steven F. Lott. Analyze, encrypt, and uncover intelligence data using Python

其他：
SecurityTube Python Scripting Expert (SPSE) is an online course and certification offered by Vivek Ramachandran.

SANS offers the course SEC573: Python for Penetration Testers.

The Python Arsenal for Reverse Engineering is a large collection of tools related to reverse engineering.

There is a SANS paper about Python libraries helpful for forensic analysis (PDF).

For more Python libaries, please have a look at PyPI, the Python Package Index.

参考链接：https://github.com/dloss/python-pentest-tools