# Python for Cybersecurity: Writing Scripts for Ethical Hacking

[Python](https://blog.bytescrum.com/series/python-series) has become a go-to language for cybersecurity [professionals](https://www.bytescrum.com/) and ethical hackers due to its simplicity, readability, and extensive libraries. This guide will introduce you to writing Python scripts <mark>for ethical hacking, demonstrating how to use Python for various cybersecurity tasks</mark>, including network scanning, vulnerability assessment, password cracking, and more.

### Why Python for Cybersecurity?

1. **Readability and Ease of Use**: Python's clear syntax makes it easy to write and understand scripts.
    
2. **Extensive Libraries**: Python has a vast ecosystem of libraries for various cybersecurity tasks, such as `scapy`, `nmap`, and `socket`.
    
3. **Cross-Platform**: Python runs on multiple platforms, making it versatile for different environments.
    
4. **Community Support**: A large community of developers and cybersecurity professionals contribute to a wealth of resources and tools.
    

### [Setting Up Your Environment](https://blog.bytescrum.com/how-to-setup-your-python-development-environment-a-step-by-step-tutorial)

Before writing your first script, ensure you have [Python](https://python.org/) installed on your system. You can download it from the official Python website. Additionally, you might want to use a virtual environment to manage dependencies.

```bash
# Install virtualenv
pip install virtualenv

# Create a virtual environment
virtualenv venv

# Activate the virtual environment
# On Windows
venv\Scripts\activate
# On macOS/Linux
source venv/bin/activate
```

### Writing Your First Script: Network Scanner

One common task in cybersecurity is network scanning, which involves discovering active devices on a network. Python's [`scapy`](https://blog.bytescrum.com/networking-in-python) library is a powerful tool for this purpose.

#### Installing Scapy

```bash
pip install scapy
```

#### Script: Network Scanner

```python
from scapy.all import ARP, Ether, srp

def network_scan(ip_range):
    # Create ARP request
    arp_request = ARP(pdst=ip_range)
    # Create Ethernet frame
    ether_frame = Ether(dst="ff:ff:ff:ff:ff:ff")
    # Combine ARP request with Ethernet frame
    packet = ether_frame / arp_request

    # Send packet and receive responses
    result = srp(packet, timeout=3, verbose=0)[0]

    devices = []
    for sent, received in result:
        devices.append({'ip': received.psrc, 'mac': received.hwsrc})

    return devices

# Specify IP range
ip_range = "192.168.1.1/24"
devices = network_scan(ip_range)

print("Available devices in the network:")
print("IP" + " "*18+"MAC")
for device in devices:
    print(f"{device['ip']:16}    {device['mac']}")
```

### Vulnerability Scanning with Python and Nmap

Nmap is a popular network scanning tool that can be controlled using Python via the `python-nmap` library.

#### Installing Nmap and Python-Nmap

First, ensure you have Nmap installed on your system. You can [download](https://nmap.org/) it from the Nmap website.

Next, install the `python-nmap` library.

```bash
pip install python-nmap
```

#### Script: Vulnerability Scanner

```python
import nmap

def vulnerability_scan(target):
    nm = nmap.PortScanner()
    nm.scan(target, '1-1024', '-sV')

    vulnerabilities = []

    for host in nm.all_hosts():
        for proto in nm[host].all_protocols():
            ports = nm[host][proto].keys()
            for port in ports:
                service = nm[host][proto][port]['name']
                version = nm[host][proto][port]['version']
                vulnerabilities.append({'port': port, 'service': service, 'version': version})

    return vulnerabilities

# Specify target
target = '192.168.1.1'
vulnerabilities = vulnerability_scan(target)

print(f"Vulnerabilities on {target}:")
print("Port  Service        Version")
for vuln in vulnerabilities:
    print(f"{vuln['port']:5} {vuln['service']:12} {vuln['version']}")
```

### Password Cracking with Python

Python can also be used for password cracking by leveraging libraries like `hashlib` for hashing and [`itertools`](https://blog.bytescrum.com/mastering-python-coding-advanced-techniques-and-best-practices) for generating possible combinations.

#### Script: Brute Force Password Cracker

```python
import hashlib
import itertools

def brute_force_crack(hash_to_crack, charset, max_length):
    for length in range(1, max_length + 1):
        for attempt in itertools.product(charset, repeat=length):
            attempt = ''.join(attempt)
            hashed_attempt = hashlib.md5(attempt.encode()).hexdigest()
            if hashed_attempt == hash_to_crack:
                return attempt
    return None

# Example MD5 hash
hash_to_crack = '5f4dcc3b5aa765d61d8327deb882cf99'  # Hash for "password"
charset = 'abcdefghijklmnopqrstuvwxyz'
max_length = 5

password = brute_force_crack(hash_to_crack, charset, max_length)
if password:
    print(f"Password found: {password}")
else:
    print("Password not found")
```

### Web Scraping for Security Information

Web [scraping](https://blog.bytescrum.com/exploring-the-web-scraping-website-data-with-python) can be used to gather security-related information from websites. Libraries like `BeautifulSoup` and `requests` are handy for this purpose.

#### Installing BeautifulSoup and Requests

```bash
pip install beautifulsoup4 requests
```

#### Script: Scraping Security News

```python
import requests
from bs4 import BeautifulSoup

def scrape_security_news(url):
    response = requests.get(url)
    soup = BeautifulSoup(response.content, 'html.parser')
    articles = soup.find_all('article')

    news = []
    for article in articles:
        title = article.find('h2').get_text()
        link = article.find('a')['href']
        news.append({'title': title, 'link': link})

    return news

# URL of the security news website
url = 'https://www.securitymagazine.com/articles/topic/2236-cyber-security-news'
news_articles = scrape_security_news(url)

print("Latest Security News:")
for article in news_articles:
    print(f"Title: {article['title']}\nLink: {article['link']}\n")
```

### [Encrypting and Decrypting Data with Python](https://blog.bytescrum.com/encrypting-and-decrypting-data-with-fernet-in-python)

#### Installing Cryptography

```bash
pip install cryptography
```

#### Script: Encrypt and Decrypt Data

```python
from cryptography.fernet import Fernet

def generate_key():
    return Fernet.generate_key()

def encrypt_data(key, data):
    cipher = Fernet(key)
    encrypted_data = cipher.encrypt(data.encode())
    return encrypted_data

def decrypt_data(key, encrypted_data):
    cipher = Fernet(key)
    decrypted_data = cipher.decrypt(encrypted_data).decode()
    return decrypted_data

# Generate a key
key = generate_key()
print(f"Key: {key}")

# Encrypt data
data = "Sensitive Information"
encrypted_data = encrypt_data(key, data)
print(f"Encrypted Data: {encrypted_data}")

# Decrypt data
decrypted_data = decrypt_data(key, encrypted_data)
print(f"Decrypted Data: {decrypted_data}")
```

<details data-node-type="hn-details-summary"><summary>Conclusion</summary><div data-type="detailsContent">Python is an invaluable tool in the arsenal of cybersecurity professionals and ethical hackers. Its readability, extensive libraries, and community support make it ideal for a wide range of tasks, from network scanning to vulnerability assessment, password cracking, web scraping, and data encryption. By mastering Python scripting, you can enhance your ability to identify and mitigate security risks effectively.</div></details>

Explore more about Python for cybersecurity through resources like the Python Security Project on GitHub and start building your own tools to secure networks and systems. Happy hacking, and remember to always hack ethically!
