1.2 Why Cybersecurity Analysts and Penetration Testers Need Python

00:00

Hello, one. Welcome to this ethical hacking tools with Python video In today's lesson, we're going to address the need for Python in cyber security.

00:09

So here's a brief overview of what we're gonna cover.

00:14

We're going to look into what it means to work in cyber security and the practical nature of many of the jobs in this field. Now, this same practical nature as well as the methodical aspect of many practices. Most often they're not calls for automation.

00:29

And what better way to do automation than python?

00:32

Okay, so let's consider the following scenario.

00:35

You work as a penetration tester for a large cyber security company. Your team has been assigned a number of targets toe assess their security.

00:44

Each one of your colleagues has been given precise instructions by the team leader in terms of what to do and what tools to use.

00:52

You are in charge of finding all open ports on each target, as well as fingerprinting the operating system.

01:00

How will you actually approach this?

01:02

Well,

01:03

um, you know, a couple of tools that might help you achieve your goals. You could use and map

01:10

with a different parameters set in as well as multiple runs of and map to cross. Check the validity of your results.

01:19

Now this would require you to manually right and run each of the commands.

01:23

There's nothing wrong with that, of course, but if you have to do the same thing for each target and then save all the output by copying and based in get the report filed,

01:34

this might become very boring and repetitive.

01:38

So how else could you tackle this problem in a more efficient way?

01:44

Now this is where a cold to automation makes really good sense.

01:49

What does that mean?

01:51

Well, in this particular scenario, automation means having the entire process were at least a very large part of it. Put on autopilot.

02:00

You'd have to define a clear objective of the automation process so that you would know exactly when and what scenario it can be. Applied

02:12

automation allows you to take your hands off the process itself, making it much more efficient, less prone to error if it's designed appropriately, of course, and the last time consuming,

02:23

which would allow you to focus on other aspects of the request, which actually would need hands on attention.

02:30

So getting back to the question. How can you automate this?

02:36

Well,

02:37

you could use the Python programming language, which is very easy to understand, rapid to develop in. It has a clean syntax, and it's quite straightforward

02:46

due to its open nature. There are thousands of libraries built in python that allow you tow

02:54

achieve your objective in just a few lines of code. In our particular case, by phone and map would be this library.

03:01

Okay, let's stop for a moment and do a quick knowledge check.

03:06

So what is a good tool to use for network and target scanning? Is it Ennis? Look up and map or derby?

03:14

Okay, so let's take them one by one.

03:16

Anna's look up is a two fork wearing Deanna's information, so that's actually not it.

03:23

Derby. If you're familiar with Ben, Testing Tools is a Web directory. Brute force, sir. So that's not the answer, either,

03:30

which makes B and map or only choice for the right answer. So, and map is, ah, a too that lets you do very customized scanning over the network

03:43

as well as on individual targets now

03:46

getting back toe our main thread.

03:51

So by phone and map

03:53

is a Python library that allows us to extend sheet and run multiple and map scans programmatically or by writing lines of code.

04:01

In this case, we would write a Python script to run each scan sequentially and save the output of each of these scans to file.

04:10

We could then use by phone for OS fingerprinting, or we could simply do a ping from within by phone to that host. And based on the response of the pink, we would determine the OS. Of course, all this would be done from a single script,

04:28

so when the script is completed, we would just run it

04:30

and all of the commands would be executed. So a simple python auto and map dot p y

04:39

to the target would achieve our goals in just one instruction instead of having multiple lines

04:46

in the terminal.

04:48

So I hope that by now you understand the power of automation and how knowing howto work with programming or scripting language is like Python

04:58

will make your cyber security assessments much more efficient and less time consuming.

05:02

All right, it's time for another quick knowledge check.

05:05

So how can you oughta make your cyber security assessments?

05:10

Is it a by typing the commands and multiple terminals. Be by typing the commands faster, or see by using a programming language such a spy phone.

05:19

Let's take them one by one, so typing the commands in multiple terminals

05:25

will probably much run the scans in parallel. But this is not automation, so a is a wrong answer.

05:33

Typing the commands faster is not automation, either, because you have to type. Each commend itself, so the is also wrong.

05:42

Which leads us to see writing

05:46

a script and by phone to run all the commands and then executing the script. This is automation, so see is the right one.

05:55

Okay, so what have we learned today? Well,

05:59

we learned that there's a lot of hands on working many several security practices. Good automation will make the entire process less prone to error. And ultimately, we learned that Python will help us put things on autopilot when it comes to our cyber security assessments.

06:15

Next we'll start looking into hot water mate information gathering,