Do you know Python?

Python, probably the most popular programming language in the world, proves to be the most commonly used hacking tool language.

Security Business Imperva came to this conclusion after looking at GitHub and found that more than 20% of GitHub repositories were used for attack tools and proof-of-concepts The exploit is written in Python. (Recommended Learning: Python Video Tutorial)

"In almost all security-related topics in GitHub, most repositories are written in Python, including w3af, Tools like Sqlmap and even the infamous AutoSploit tool," the company explained in a blog post, adding that hackers enjoy Python's advantages - easy to learn, easy to read, comprehensive libraries - just like everyone else.

Python is not only present in GitHub repos, but also in events. Imperva claims that the largest group of web clients it can identify in its security incident data (about 25%) are based on Python.

Most

Looking at the usage of Python in attacks on websites protected by Imperva, the company found that a whopping 77% were attacked by Python-based tools, and in At least one-third of the incidents in most daily attacks can be attributed to coding written in Python.

Security Business points to Urllib and Requests as the two most popular Python libraries used by attackers asyncio, a relative newcomer that is just starting to show signs of adoption. Among the most common attacks involving Python tools, the two most popular attacks over the past two months were against a PHP-based remote execution flaw in the PHPUnit framework (CVE-2017-9841) and a remote code execution flaw in Joomla (CVE -2015-8562).

Imperva’s observations don’t provide much insight into whether mitigating Python-based attacks is any different than dealing with other types of attacks. But the company did note that Python requires minimal coding skills, making it easy to script and exploit vulnerabilities.

IBM researcher Grady Booch told The Register that Imperva's observations appear to be reasonable. "I haven't delved into Imperva's data or methodology, but it's true on many levels: Python is popular because it's most often used at the edges of systems where software is more tractable (and less risky, e.g. - the foundations of a system facilities compared),” he said.

Thomas Reed, director of Mac and mobile at security firm Malwarebytes, said he tends to agree with Imperva's findings. "We've seen some malware on Macs that's coded in nothing but Python!" he told us, pointing to EvilOSX, Bella, and Pupy. "Python is also very popular with white hats... It's now my scripting language of choice and is popular with many other Mac security experts and administrators. There's even a way to include Objectives in Python scripts - C method, via pyobjc, for extra power."

For more Python-related technical articles, please visit the Python Tutorial column to learn!

The above is the detailed content of Do you know Python?. For more information, please follow other related articles on the PHP Chinese website!