How to Use

Python for
Cybersecurity
Python is a powerful and versatile programming language
that has become a go-to choice for cybersecurity
professionals. This presentation will explore how Python
can be leveraged across various cybersecurity domains to
enhance your security posture.
by bien medina
Introduction to Python
for Cybersecurity
1 Scripting and 2 Robust Libraries
Automation
Python offers a vast
Python's simplicity ecosystem of
and readability make libraries tailored
it ideal for for cybersecurity,
automating repetitive from networking to
security tasks. cryptography.

3 Rapid Prototyping
Python's quick development cycle allows security
professionals to rapidly build and test tools.
Automating Security
Tasks with Python
1 Vulnerability Scanning
Automate the process of identifying and
cataloging vulnerabilities across your
infrastructure.

2 Log Analysis
Develop scripts to parse and analyze security
logs, detecting anomalies and threats.

3 Incident Response
Streamline your incident response workflows
with Python-based automation and
orchestration.
Network Scanning and Vulnerability
Analysis
Port Scanning Vulnerability Mapping Penetration Testing

Use Python libraries like Leverage Python to integrate Develop custom Python scripts
Nmap to perform comprehensive vulnerability databases and to automate various
port scans and service correlate findings with your penetration testing
identification. network data. techniques and exploits.
Cryptography and
Secure Communication
Encryption Secure Messaging
Use Python's Build custom end-to-end
cryptography libraries encrypted messaging
to implement strong applications using
encryption algorithms Python's networking
for data protection. capabilities.

Key Management
Develop Python scripts to streamline the generation,
storage, and distribution of cryptographic keys.
Intrusion Detection and
Incident Response
1 Network Monitoring
Create Python-based network monitoring tools
to detect suspicious activity and anomalies.

2 Log Analysis
Develop scripts to parse and analyze security
logs, identifying indicators of compromise.

3 Incident Response
Automate incident response workflows with
Python to streamline investigation and
remediation.
Malware Analysis and Reverse
Engineering
Static Analysis Dynamic Analysis Reverse Engineering

Use Python to develop tools Leverage Python to create Utilize Python's powerful
for analyzing malware samples dynamic analysis environments libraries to reverse engineer
without executing them. and monitor malware behavior. and decode malware
functionality.
Honeypots and Deception
Technology

Honeypots
Create customized honeypots using Python to lure and monitor attackers.

Deception
Develop Python-based deception solutions to misdirect and confuse
potential adversaries.

Data Analysis
Leverage Python for advanced data analysis and threat intelligence gatherin
Threat Intelligence and Data Analysis
Threat Hunting Use Python to scour the web and dark web for
threat indicators and intelligence.

Data Visualization Develop Python-based dashboards and

visualizations to make sense of security
data.
Threat Modeling Leverage Python to create threat models and
simulate potential attack scenarios.
Best Practices and Future
Trends
Security Mindset
Embrace a security-first mindset when developing
Python-based cybersecurity tools.

Continuous Learning
Stay up-to-date with the latest Python libraries
and techniques in the rapidly evolving field of
cybersecurity.

Collaboration
Engage with the Python cybersecurity community to
share knowledge and contribute to open-source
projects.
Demonstration of
Python Codes for
Cybersecurity
Explore the powerful capabilities of Python in the world of
cybersecurity. From network scanning to vulnerability assessments,
this presentation will showcase how Python can be leveraged to
enhance security and protect against cyber threats.

by bien medina
Introduction to
Cybersecurity
1 Understanding the
Threat Landscape
Cybersecurity threats are
constantly evolving,
requiring a proactive
approach to protect
against various attack
vectors.
2 Importance of
Cybersecurity
Safeguarding sensitive
information, critical
infrastructure, and
systems has become a
crucial priority in the
digital age.

3 Fundamental Cybersecurity Principles

Concepts like confidentiality, integrity, and availability form the
foundation of effective cybersecurity strategies.
The Role of Python in Cybersecurity
Versatility Automation Rapid Prototyping

Python's extensive libraries and Python's ability to automate Python's simplicity and readability
frameworks make it a versatile tool repetitive tasks helps security enable quick development and
for a wide range of cybersecurity professionals streamline their testing of security-related
tasks. workflows and increase efficiency. applications and scripts.
Python Basics for
Cybersecurity
Professionals
Fundamental Syntax
1
Understanding Python's syntax, data types, and control
structures is essential for effective cybersecurity
programming.

2 Libraries and Modules

Leveraging Python's extensive libraries, such as those for
network manipulation and cryptography, enhances security
capabilities.

3 Scripting and Automation

Developing Python scripts to automate repetitive tasks and
streamline security workflows is a valuable skill.
Network Scanning and
Port Mapping with Python
Port Scanning
Python scripts can be used to
identify open ports and services
on a target system, revealing
potential vulnerabilities.
Service Fingerprinting
Determining the types of
services running on a system
can help identify potential
weaknesses and
misconfigurations.
IP Address Mapping
Mapping IP addresses and their
associated devices on a network
can provide valuable insights for
security assessments.
Stealth Scanning
Implementing stealthy scanning
techniques to avoid detection
and bypass security measures is
a crucial skill.
Cryptography and
Encryption in Python

Symmetric Encryption Asymmetric Encryption

Leveraging Python's cryptography Utilizing public-key cryptography
libraries to implement symmetric techniques, such as RSA, for secure
encryption algorithms like AES for data exchange and digital signatures.
data protection.

Hashing and Digests Digital Certificates

Applying hashing functions like SHA- Integrating Python with public-key
256 to ensure the integrity and non- infrastructure (PKI) to manage and
repudiation of sensitive information. validate digital certificates for
authentication.
Automating Vulnerability
Assessments with Python
Vulnerability Scanning
Automating the process of identifying security vulnerabilities in
systems and networks using Python scripts.

Penetration Testing
Leveraging Python's capabilities to conduct ethical hacking and
penetration testing activities safely and effectively.

Reporting and Remediation

Generating comprehensive reports and providing actionable
recommendations for addressing identified vulnerabilities.
Incident Response and
Forensics using Python
Incident Handling Developing Python scripts to
automate the detection,
containment, and remediation
of security incidents.

Digital Forensics Utilizing Python's data

processing and analysis
capabilities to extract,
examine, and preserve digital
evidence.
Log Analysis Automating the collection,
parsing, and interpretation of
security-related logs to
identify patterns and
anomalies.
Ethical Hacking and Penetration Testing
with Python

Vulnerability Exploitation Automated Exploitation Reporting and Remediation

Developing Python scripts to identify Leveraging Python's capabilities to Generating comprehensive reports
and exploit vulnerabilities in systems automate the process of penetration and providing actionable
and applications for authorized testing and vulnerability exploitation. recommendations to address
assessments. identified security weaknesses.
Conclusion and Next Steps
1 Continuous Learning
Staying up-to-date with
the latest trends, tools,
and techniques in
cybersecurity is crucial for
effective Python-based
solutions.
2 Collaboration and
Sharing
Engaging with the
cybersecurity community,
sharing knowledge, and
contributing to open-
source projects can
enhance Python-based
security tools.

3 Ethical Considerations
Upholding ethical standards and responsible practices when
leveraging Python for cybersecurity purposes is of paramount
importance.
In today’s society, in which technological advances surround us, one of
the important priorities is cybersecurity. Cyber threats have been
growing quickly, and it has become challenging for cybersecurity
experts to keep up with these attacks. Python plays a role here.
Python, a high-level programming language, has grown in relevance in
the field of cybersecurity.
Python’s prominence in
cybersecurity originates from its
simplicity, readability, and
adaptability. Python is a robust
programming language suitable for
various purposes ranging from web
development to scientific computing.
It has a huge and active community
that maintains and develops several
open-source libraries, frameworks,
and tools for cybersecurity. Likewise,
Python can be used to swiftly
construct prototypes, which makes it
an excellent choice for testing
enefits of Python Programming in Cyber Securit
1.Easy to Learn: Python is one of the easiest programming languages to learn,
which is a huge benefit for cybersecurity experts. The syntax is straightforward and
accessible, making it simple to develop and comprehend code even for
inexperienced programmers.

2.Large and Active Community: Python has a huge and active developer
community that contributes to creating libraries and tools that may be utilized for
cybersecurity. This community also offers assistance and tools to help people solve
difficulties and develop new skills.

3.Versatile: Python is a flexible programming language that may be used for

various cybersecurity activities, such as penetration testing, malware analysis, and
security automation. It may also be used for data analysis, web development, and
machine learning, among other things.

4.Portable: Python code is portable because it can be readily ported from one
platform to another. This is crucial in cybersecurity, as code may need to be run on
numerous platforms and devices.
6.A large Number of Libraries: Python includes many libraries that may be used
for cybersecurity, including Scapy, Requests, BeautifulSoup, and others. These
libraries can save time and effort by offering pre-written code for common tasks.

7.Automation: Python’s simplicity of use and adaptability make it an excellent

language for automation. It may be used to automate repetitive operations like
vulnerability detection, log file analysis, and firewall configuration.

8.Open-Source: Python is an open-source language, which implies that anybody may

freely use and update it. This has resulted in the creation of a significant number of
tools and libraries that are publicly available for use by cybersecurity experts.

9.Interoperability: Python is readily connected with other languages and

technologies, making it a flexible language for cybersecurity. It is compatible with
various languages and tools like Bash, PowerShell, and Wireshark.

10.Cost-effective: Python is a cost-effective language for cybersecurity since it is

free and does not require costly license costs. This makes it an appealing option for
small organizations and people who cannot afford pricey software solutions.
 Cybersecurity Analysts use Python
1.Penetration Testing: Python is frequently used in penetration testing,
which examines a system or network for vulnerabilities. Python enables
researchers to create bespoke scripts and tools for identifying and
exploiting vulnerabilities.

2.Malware Analysis: Python may be used to identify and analyze

malware. Analysts can create scripts to detect and isolate suspect code
and apply machine learning to find trends in massive datasets.

3.Network Traffic Analysis: Python frequently analyzes network data

and identifies unusual behavior. Analysts can create scripts to collect and
analyze packets and employ machine learning to detect trends in traffic.

4.Security Automation: Python may be used to automate common

security activities like log analysis, vulnerability detection, and patch
administration. Analysts can create scripts that run automatically and
5.Web Scraping: Python may be used to collect information from websites such as
login pages, search forms, and other sensitive data. Analysts may create scripts that
automate the scraping process, making enormous volumes of data easier to acquire
and evaluate.
6.Forensic Analysis: Python may be used to analyze security issues and data
breaches in forensic analysis. Analysts can create scripts that evaluate logs, system
files, and other data sources to determine the cause of an issue.
7.Password Cracking: Python is useful for password cracking, which is the process
of guessing or cracking passwords. Analysts can create bespoke scripts that break
passwords and get access to systems using brute force or other approaches.
8.Data Analysis: Python may be used in cybersecurity for data analysis, such as
examining log files, network traffic, and other data sources. Analysts can write scripts
to analyze and display data to spot trends and abnormalities.
9.Threat Intelligence: Python may be used to acquire and evaluate threat
intelligence data, such as information on new vulnerabilities, malware, and attack
tactics. Analysts may create scripts automatically acquiring and evaluating this data,
delivering real-time alerts on potential hazards.
10.Reporting and Documentation: Python may be used to generate reports and
documentation on security incidents and other occurrences. Analysts may create
scripts that generate automated reports, making transmitting critical information
easier for management and other stakeholders.
 SCAPY
Scapy is a capable Python-based network packet production, manipulation, and
analysis tool. Scapy may be used to generate customized packets and interact
with them in real time. Scapy is a network analysis, penetration testing, and
forensic investigation tool that is widely used in cybersecurity.

Scapy offers a high-level interface for building and transmitting customized

network packets. Scapy allows users to generate packets with fine-grained
control, setting characteristics such as source and destination addresses,
protocol, and payload data. Scapy also has a robust interactive mode for
analyzing network data in real time.

Scapy is used in cybersecurity for a variety of purposes. Scapy may be used to

scan a network for open ports or to find susceptible devices, which is a typical
use case. Scapy may also be used to construct and deliver customized packets as
part of a penetration testing or ethical hacking operation. Scapy may also be
used for forensic network traffic analysis, allowing investigators to recreate
network conversations and discover criminal activities.
Scapy is used in the above code to
send an SYN message to port 80 on a
remote computer. This is a standard
network reconnaissance technique for
identifying open ports on a distant
computer. We build the packet with
Scapy’s IP and TCP classes, then send it
with the sr1 function. The timeout
option indicates the amount of time to
wait for a response. If we get a
response, we use the show method to
display the packet in a human-readable
format.
 PyCrypto

PyCrypto is a Python package that implements cryptographic functions such as

encryption, decryption, digital signatures, and hash functions. PyCrypto may be
used for various cybersecurity applications such as data encryption, secure
communication, and safe data storage.

PyCrypto supports a variety of cryptographic methods, including symmetric key

encryption techniques such as AES, Blowfish, and DES, as well as asymmetric key
encryption algorithms such as RSA. PyCrypto includes hash functions such as SHA-
1 and SHA-256 and digital signature algorithms such as DSA and RSA.

PyCrypto is used in cybersecurity to protect data confidentiality and integrity.

PyCrypto, for example, may be used to encrypt sensitive data such as passwords
or credit card numbers, making it harder for an attacker to access or steal the
information. PyCrypto may also be used to sign and validate digital documents,
guaranteeing they have not been tampered with and came from a reliable source.
We use PyCrypto in the code above to encrypt
sensitive data with AES encryption. Secondly,
we produce a random encryption key and use
the AES.new function to build an AES cipher
object. The encrypt and digest method is then
used to encrypt the data and produce a tag
that will be used to verify the data’s integrity
after decryption.

To decode the data, we construct a new

cipher object with the same encryption key
and nonce (which the cipher object generates
automatically) and then use the decrypt and
verify method to decrypt the ciphertext to
validate the tag. The plaintext data is
returned if the tag verification is successful.
 REQUESTS

Requests is a well-known Python package for sending HTTP requests and handling
the responses. It provides a basic and straightforward interface for sending HTTP
requests and may be used in various cybersecurity applications, such as web
application testing and vulnerability detection.

Requests support authentication, cookies, and SSL/TLS encryption and may be

used to send HTTP and POST requests to web servers. Requests also provide
several essential cybersecurity capabilities, such as the ability to route requests
through a proxy server and alter the User-Agent header to prevent detection by
web application firewalls.

Requests is frequently used in concert with other cybersecurity solutions to

automate web application testing and vulnerability detection. A Python script, for
example, may utilize Requests to send HTTP queries to a web application and then
use a vulnerability testing tool like SQLmap to evaluate the site’s response for SQL
injection vulnerabilities.
Requests are used in the above
code to send a GET request to the
Google homepage. We then check
the response’s status code to
ensure the request succeeded and
print the response’s headers and
content.
 BeautifulSoup

BeautifulSoup is a popular Python module for web scraping and HTML and XML
document processing. It allows you to explore and retrieve information from HTML
and XML files simply and powerfully. It is frequently used in the context of
cybersecurity to extract data from websites that include sensitive information, such
as login passwords or other forms of data that might be helpful to attackers.

BeautifulSoup’s ability to interpret and browse HTML and XML texts is one of its
primary strengths. This is accomplished by constructing a BeautifulSoup object from
an HTML or XML file, navigating the page, and extracting the needed information
using its different methods. The library includes several methods for searching for
and extracting certain tags or components from an HTML or XML file.

BeautifulSoup’s ability to tolerate faulty or badly organized HTML texts is another

essential feature. Web scraping can be difficult in many circumstances because the
HTML on a website may be poorly structured or include mistakes. BeautifulSoup is
intended to handle similar situations and can frequently extract information from
such papers when other libraries fail.
In this example, we start by
making a GET request to the Site
we wish to scrape using the
requests library. We then build a
BeautifulSoup object from the
response content and use the find
all() function to scan the HTML
page for all anchor tags (). Lastly,
we use the get() function to obtain
the href property value for each
anchor tag and report it to the
console.
 Paramiko

The Python package Paramiko implements the SSH protocol for secure remote
access to servers and other network devices. The library provides a simple API for
initiating SSH connections, securely uploading and downloading data, and running
remote commands on a remote machine. In the context of cybersecurity, Paramiko
is a useful tool for executing several security-related activities, such as remote
system management, vulnerability scanning, and automated penetration testing.

One of Paramiko’s key characteristics is its ability to give secure remote access to
systems using the SSH protocol. SSH is a popular protocol for secure remote access
to servers and other network devices, and it is frequently used in cybersecurity to
manage and access systems remotely. SSH protocol implementation in Python,
provided by Paramiko, allows users to create secure connections to distant
computers using SSH.

Paramiko contains facilities for securely transferring files to and from distant
computers, running remote commands on a remote system, and SSH functionality.
As a result, it is a flexible solution for a wide range of security-related tasks,
including automating penetration testing, executing security audits, and controlling
In this example, we first construct an SSHClient
object and configure the host key policy to
automatically add new hosts to the known host’s
file. The connect() function then creates an SSH
connection to the remote machine. After
connecting, we use the exec command()
function to run the ls command on the remote
machine and collect the result. Lastly, we
publish the result to the console and disconnect
from the network.

This code will provide a list of files and

directories in the remote directory where the ls
command was run. This explains how to use
Paramiko to execute remote commands on a
distant machine and obtain the results. This is
just a simple example of how Paramiko can be
used in the context of cybersecurity, but it
demonstrates the power and flexibility of the
Other packages include the following:
Nmap
Scikit-learn
Tensor-flow
PyAutoGUI
Tornado
ACTIVITY FOR DEC 5, 2024

You are to demonstrate the first 6 packages of python for cybersecurity

Details

1. Detail the steps on the process of operation – ( Detelyado at siguraduhin masusundan)

2. Format of the clip is mp4 – MP4 ang ating klase sa video.
3. Duration is only for 15 mins. - KINSE minutos lang ang limit – pagkasyahin
4. The Creator should be present on the video – Dapat ipakita na kau ang nagawa nang demonstration
5. Any alterations of the said process will result in a voided event – Sumunod para maganda grade

Total grade is : 100

Originality ( discrete ) 60 pts DABUDZ

Clarity of delivery 20 pts
Presentation 20 pts
Subs
Design
“Diskarte sa video”

PRESENT THE VIDEO ON DECEMBER 5, 2024