December 2021 · Python · 4 min read

Setting up Python Playground

Python is the go-to language for security work, and there's a simple reason why. When you're on an engagement and need to write a quick exploit, parse some output, or automate a repetitive task, you don't want to fight with the language. You want to think about the problem and have the code just flow out.

Python lets you do that. The syntax stays out of your way. The standard library handles sockets, HTTP, crypto, and file operations without pulling in external dependencies. And almost every security tool you'll encounter (Scapy, Impacket, pwntools, Requests) is written in Python or has Python bindings.

What You'll Build With This

Once your environment is set up, you can start building things like port scanners, packet crafters, web scrapers that pull data from targets, scripts that automate enumeration, and tools that interact with APIs. The series that follows this post covers the Python fundamentals you need to get there.

But first, you need a clean Python install. Let's get that sorted.

Installation

Windows

  1. Download the latest version from python.org/downloads/windows.
  2. Run the installer. Check the box that says "Add Python to PATH" before you click anything else. This is the one step people skip and then spend an hour debugging.
  3. Open a command prompt and verify it works:
python --version
python -c "print('Hello, World!')"

macOS

macOS ships with an older Python, but you want the latest. The cleanest way is Homebrew:

brew install python

Or download the installer from python.org/downloads/mac-osx and run through the prompts. Either way, verify with:

python3 --version

Linux

Most distros have Python pre-installed. If you need to install or update:

Ubuntu/Debian:

sudo apt-get update
sudo apt-get install python3

Fedora/Red Hat:

sudo yum update
sudo yum install python3

One More Thing: Virtual Environments

Before you start installing packages, get in the habit of using virtual environments. They keep your projects isolated so you don't end up with dependency conflicts when one tool needs version X and another needs version Y.

python3 -m venv myproject
source myproject/bin/activate

Now anything you pip install goes into that project's environment, not your system Python. When you're done, just run deactivate.

If you're managing multiple Python versions across different projects, look into pyenv. It lets you switch between Python versions per directory, which is handy when you're working with older tools that haven't been updated yet.

With your environment ready, the next posts in this series will cover the Python fundamentals you need to start writing security tools: data types, control flow, functions, and then the fun stuff like sockets and HTTP requests.

← Back to all posts