Snake Charming for Beginners

“Snake Charming for Beginners” was a free two day Python training course put together for 0xCC in 2019 an information security training conference by women for women. It serves as a tutorial and guide to the Python language for a beginner audience with a focus on using Python for penetration testing or bug hunting.

This training material has since been updated in 2021 with more comprehensive information and new chapters on unit testing in Python.

Training Description

Snake-charming is an age-old practice of hypnotizing snakes by playing and waving a murli - in the modern day this practice looks much different, equipped with an Integrated Development Environment (IDE), a clackity keyboard and a trusty guide we’ll be taking you through how you can effectively charm Python 3.8.

On the first day of our trek through the dense jungles of Pythonia we will be looking at how to build a simple sub-domain enumeration tool and how to get started building simple exploits - for those who have trekked these paths before - extra challenges will await you.

Day two we will move further into the dark jungles of Pythonia delving into forbidden user-land territory and how you can use Python to gather useful system-level information and contact the UNIX daemons of old.

While writing this training description, errbufferoverfl wrote two Python fan fictions, the next cyber-themed Hollywood blockbuster and Shakespearian a play about the training.

What we won’t be covering

git and how to use it, there are many tutorials and walk-throughs available for git online and I want to focus as much time as possible on building things. My favourite resources are:

  • Try Github: How to use GitHub, this translates relatively well for most git based services (BitBucket, goget, GitLab)

  • Git Ready: Beginner to advanced walk-throughs on git things – handy if you already know git but need to brush up in particular areas

  • Codecademy - Learn Git: Walk-throughs of different git commands (this is the tool I used when I started learning git)

  • Learn Git Branching: Interactive walk-throughs sorted by task rather than difficulty level – handy if you already know git but need to brush up in particular areas

How to setup and install Python - there are two sections provided in this guide with general information on Python 3.x.x installation on Windows, macOS and apt-based Linux as well general information about setting up your Python development environment for the purpose of this training all of this has been done for you.

License

This book is licensed under a Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

You are free to:

  • You are free to Share i.e. to copy, distribute and transmit this book

  • You are free to Remix i.e. to make changes to this book (especially translations)

Under the following terms:

  • You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

  • You may not use the material for commercial purposes.

  • If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

  • You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

For more information see Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

Dedication

To @zemmip0bia for always being there, encouraging me to do dumb projects and reading over the first drafts (P.S. I wrote this before you agreed to it).

To all my favourite rats for allowing me the time to put this together and asking me all the hard questions.

And, finally to all the wonderful friends I made while running this training who continued to encourage me to grow and always do better.

Preface

When I originally wrote the preface in 2019 Python was quickly becoming one of the most popular programming languages with over 1 million [1] repositories on GitHub containing primarily Python. The 2018 Stack Overflow developer profile revealed Python is used by 37.9% of professional developers and 38.8% of all respondents [2].

It didn’t even place in the Top 25 most dreaded languages (% of developers who are developing with the language or technology but have not expressed interest in continuing to do so), however, it topped the list of most wanted languages [3] (% of developers who are not developing with the language or technology but have expressed interest in developing with it).

In 2021 there was just over 2 million [4] repositories on GitHub containing primarily Python. However, the 2020 Stack Overflow developer survey did reveal Python had lost its crown of most loved language to TypeScript and Rust. With that said Python use has grown since 2019, from 37.9% to 41.6% of professional developers and 38.8% to 44.1% of all respondents [5].

Since 2019 though Python has risen to be the 23rd most dreaded language (out of 25) (% of developers who are developing with the language or technology but have not expressed interest in continuing to do so), however, it still tops the list of most wanted languages [6] (% of developers who are not developing with the language or technology but have expressed interest in developing with it).

So, I feel that my words from 2019 still ring very true: whether this is the first time you are using Python, or you have been using it a bit and want to know more, congrats on picking a fantastic language!

Credits

All work work within the Public Domain or licensed can be found attributed within the ‘Credits’ page. If you find any work incorrectly referenced or licensed please contact [email protected]