Is Python legit for pentesting?

Looking for feedback and advice in regards to network security and Python knowledge. In my journey into network security I've come across utilization of Python.

Would it be a good use of time to become strong with Python and become knowledgeable on tools like Scapy?

You dont need to be an expert, but a little knowledge in any scripting language will be useful no matter what path you take.


The reason I ask - rumor is "Python is the still the dominant language in the world of information security...". Just wondering if there is any truth in that statement.

@Eden- Thanks for the response. So would JS familiarity work? Or is that not going to cut it? Should I look into something else like Python or PHP?

Python 2.7 seems to be a go to language for pentesting due to the sheer amount of modules available .
Python 3.4 is slowly catching up , the only other high level language that I have seen being used for pentesting is Ruby ( metasploit is written in Ruby on Rails )

1 Like

@redking In your opinion is it more important to be good with the modules or the language?

Better to learn the language and familiarise yourself with the core features before moving onto the modules , each module is written by a different author so other than being pythonic in style they tend to be quite unique when it comes to use , some modules take priority eg ( threading , os , sys etc ) which have become included in the python 3.4 default modules due to their importance and usefulness .
A word of advice , focus on the core features and default included modules , then learn how to use modules based on requiring them for your projects .
To boil it down to a single point , learn the essentials and then learn how to use specific modules when you need their functionality .

So, if I understand correctly -

there are Python Modules which allow me to quickly script instructions for interacting with the OS or assist with threading. Are modules kind of like library's in C++? You include them and then you can use as "shortcuts" to do common things?

Also, do programmers often use Python as a tool to prototype programs before banging them out in C++?

Python makes it very easy to perform penetration testing with a lot of its built in modules, and given its compatibility with C, there's not much you can't do.