Python is known for its simplicity and flexibility, unlike other languages, Python becomes the most common vector for launching exploit attempts.
The Python programming language was discovered by Dutch computer scientist in 1989, the economist recently said that python to become a soon as a most used language around the globe.
According to Imperva report more than 20% of GitHub repositories that implement an attack tool / exploit PoC are written in Python.
For web-based attacks, Python modules such as Urllib and Python requests are the most popular. Around 89% of attacks are based on the Python requests and 10.69% with Urllib and Urllib2 requests.
Unlike other clients, in Python, we see a host of different attack vectors and the usage of known exploits. Hackers, like developers, enjoy Python’s advantages which makes it a popular python hacking tool, reads Imperva report.
With Github under every security-related topic majority of the repositories written in Python, including popular tools such as w3af, Sqlmap, PDFMiner, and infamous AutoSploit tool.
According to Imperva analysis of their security incidents, more than 25% of the of the clients were from Python-based tools used by malicious actors, making it the most common vector for launching exploit attempts.
“When examining the use of Python in attacks against sites we protect, the result was unsurprising – a large chunk, up to 77%, of the sites were attacked by a Python-based tool, and in over a third of the cases a Python-based tool was responsible for the majority of daily attacks.”
Python used extensively in making a popular tool for implementing known exploits and python hacking tool, also it used to target specific applications and frameworks such as Struts, WordPress, Joomla, and Drupal.
“Imperva said that two most popular attacks in the last 2 months used CVE-2017-9841 – a PHP based Remote Code Execution (RCE) vulnerability in the PHPUnit framework, and CVE-2015-8562 which is an RCE against the Joomla! Framework.”
Since Python is so widely used by hackers, there is a host of different attack vectors to take into consideration. Python requires minimal coding skills, making it easy to write a script and exploit a vulnerability