Argument Parsing | Python Hacking



I was strolling through my comment section and different subreddits the other day and noticed that a lot of you are asking “how can I use python for hacking?”, “do I need coding for hacking”, or similar questions.

Since I used to be a software developer myself (now transitioning to a PenTester), I thought I would show you how you can use python for hacking and learn some ‘quick and dirty’ as well as sophisticated programming techniques.

So I did some research (even read a book :O) and this is what I came up with:

Overview

Goal

The goal of this lesson is to learn how to do some argument parsing using python.

We will create a python port scanner that can be run like this:

And returns if the ports (-p) are open on the specified target (-H).

We do this, because, in order to learn programming or coding, we actually have to create something!

Requirements

For this guide I will assume that you know the following:

  • variables and data types (int, string, …)
  • that you can run a script like this: ./script.py …
  • some basic logic ( x == true, …)
  • console output (print, console.log() or so)

You will also need:

Repository

The repository for this project can be found on my github.

Argument Parsing? What? How?

What?

Arguments are the characters, numers or other values that follow you script:

arg1, 2 and “lol” are arguments, and argument parsing is the act of doing something with those values in your script.

How?

Python offers a lot of ways to solve a problem. That’s what makes hacking with python so attractive.

You can just freestyle code. But we need to clear out two main options for parsing command line arguments:

Using the native implementation or a library.

Using native (via sys)

The native implementation is very rudimental, and if you’ve worked with bash, Java or C before it should look familiar.

If you start your script with the following arguments they will be stored like this:

Example 1

Result

Example 2

Result

So the native implementation is “position sensitive”. The position of where you put your argument matters.

Using optparse

Optparse has the ability to add a type, destination variable, help text, cmd- arg (-H or -p for example) and more.

You can define multiple options with types like String, Number (or int) and assign it to a “variable” and/or add a help text to the options, so when you start you script with a “-h” it shows the help for that argument/ option.

When creating the optparser you can also add an “usage” text, that will be displayed with your before mentioned help text when an error occurs.

It’s deprecated since version 2.7 and new implementations should use argparse instead, but they don’t differ much in the general usage but does offer some improvements. 1



If you start your script with the following arguments they will be stored like this (in our implementation):

OR

Both variants will work the same:

The optparser variation is not “position sensitive”.

optparse vs native

The native way might work on more systems but is less sophisticated way for argument parsing. Since we’re going to use python 2.7 optparse is an edge case.
So what should we do here?

I suggest we use optparse for the following reasons:

  • It might be easier for beginners
  • We run it on our system, so we can install whatever we want
  • I base this tutorial on this book: Python Hacking
  • optparse is not “position sensitive”

If you wish to see a native variation, leave a comment and I’ll push a native variant to the github repo.

Required Arguments

We touched this subject early on in the post, where we discussed what the goal is.

When you’re hacking with python, there are usually two main scenarios (I’m sure there is much more):

  • You are on a compromised machine with no internet access, but with python installed. So you use it to further pwn it or the network it is in.
  • You have a tedious task that has to be automated (looking at different websites, checking if a port is open, etc..)

In general you want to keep things stupid simple (KISS) and don’t repeat yourself (DRY).

“Wow; such buzzwords. Many cool.” – I hear you say mockingly.

It means that we don’t want to add too many arguments, but just enough to not run the script multiple times. The compromise we will go for here is the following:

-H for the target host
-p for the target ports, separated by space

This way the script can port- scan an entire target with just one execution. We could also allow multiple hosts, but I suggest we don’t for the following reasons:

  • It’s just a demo/ learning project
  • You probably have only one or two targets in your lab (if any)
  • if we have two lists we must iterate over both which will lead to a bigger time complexity 2
  • I don’t want to show you how to create a tool to scan the entire internet. Use masscan if you have to.
  • Once you get the scanner done, you can easily implement that feature yourself! (yay, homework)

Not only that, we can actually lower the work for the argument parsing by a bit. Which is nice for beginners.

So let’s take a look on how it’s done:

Implementation / Demo

 

 

 

 

  1. Why use argparse rather than optparse?
  2. Time complexity in loops