Python

From Network Security Wiki
Jump to navigation Jump to search


Basics

Variables

Declaring Variables:

list=[1,2,3]
string="Hello"
int=23


Basic argument specifiers:

%s                      - String (or any object with a string representation, like numbers)
%d                      - Integers
%f                      - Floating point numbers
%.<number of digits>f   - Floating point numbers with a fixed amount of digits to the right of the dot.
%x/%X                   - Integers in hex representation (lowercase/uppercase)


Indentation is Mandatory in python:

num=12
if num>5:
 print("Number is greater than 5")
 if num<20:
   print("Number is lesser than 20")
print("Program Ended")


Operator Precedence from highest to lowest order:

Python precedence order.png

Statements

IF & ELIF statements:

num=9
if num==5:
 print("Number is 5")
elif num ==11:
 print("Number is 11")
elif num==7:
 print("Number is 7")
else:
 print("Number isn't 5,11,7")


AND returns true only if both are true

>>> 1 == 1 and 2==2
True
>>> 1 == 1 and 2==3
False
>>> 1 != 1 and 2==2
False
>>> 1 == 1 and 2==2
True

OR returns true if either of both arguments are true; false if both are false.

>>> 1 != 1 or 2==2
True
>>> 1 == 1 or 2==2
True
>>> 1 == 1 or 2==3
True


Lists

words=["Hello","World","!"]
print(words[0])
print(words[1])
print(words[2])

Mixed List:

number=3
things=['string',0,[1,2,number],4,56]
print(things[1])
print(things[2])
print(things[2][2])


List Operators:

nums = [1,2,3]
print(nums+[4,5,6])
print(nums*3)

in operator:

>>> words=['spam',"egg"]
>>> print("spam" in words)
True
>>> print("tomato" in words)
False
>>> print (not "tomato" in words)
True
>>> print ("tomato" not in words)
True

Append to the list:

nums=[1,2,3]
nums.append(4)
print(nums)

Len function:

  1. Unlike append, len is a normal function rather than a method.
  2. Therefore it is written before the list it is being called on, without a dot.
nums=[1,3,5,2,4]
print(len(nums))


Insert Method is similar to append, but allows to add at any position in the list

words=["Python","fun"]
index=1
words.insert(index,"is")
print(words)

Tuple

  • Tuples are immutable which means you cannot update or change the values of tuple elements.
  • You are able to take portions of existing tuples to create new tuples.
  • Tuples cannot be changed unlike Lists.
  • They use parentheses.
  • Declaring tuples:
tup1 = ()
tup2 = (50,)
tup3 = ('physics', 'chemistry', 1997, 2000)
tup4 = (1, 2, 3, 4, 5 )
tup5 = "a", "b", "c", "d"
  • Printing tuples:
tup1[0]
print "tup2[1:5]: ", tup2[1:5]
  • Adding tuples:
tup1 = (12, 34.56)
tup2 = ('abc', 'xyz')
tup3 = tup1 + tup2
print (tup3)
(12, 34.56, 'abc', 'xyz')
  • Following action is not valid for tuples
  tup1[0] = 100 

Dictionary

  • All keys are unique, If you update item with same keys, Value will get replaced.
  • How a dictionary looks like:
{'abc': '43f9', 'sample': 'fc9e'}
  • Declaring a Dictionary:
x = {}
  • Adding Entry:
x.update({"abc": "112"})
  • Another example for adding Entry:
for file in fullpath(dir):
       filesize = os.path.getsize(file)
       print(file, filesize)
       x.update({file: filesize})
  • Dictionary Comprehension:
sq = {x: x*x for x in range(10)}
print(sq)
for i in sq:
   print(sq[i])
  • Printing Dictionary:
>>> x.items()
dict_items([('a', 12), ('b', 14), ('c', 16), ('d', 18)])
  • Printing items from dictionary:
for k,v in x.items():
   print(k,v)
  • Printing specific entries:
x['a']
x[4]
  • Length of Dictionary:
len(x)

Arrays

  • Declaring Arrays:
x = [1,2,4,6,8,9]
x = [i for i in range(10)]
x = [i*i for i in range(10)]
  • Appending values:
x = []
for i in range(100):
  x.append(i)
  • Printing specific values:
print(x[20])

Loops

While Loop runs more than once, till condition is true, once condition is false, next section of code is executed:

i=1
while i<=500:
 print(i)
 i=i+1

print("Finished !")

Infinity while loop: condition always remain True:

while 1==1:
 print('In a loop..!!')

Break the infinity Loop:

i=0
while 1==1:
 print(i)
 i=i+1
 if i>=25:
  print('Breaking!')
  break

print("Finished!")


Continue this jumps back to top of the loop, rather than stopping it

i=0
while True:
 i=i+1
 if i==10:
  print('Skip 10')
  continue
 if i==25:
  print("Breaking")
  break
 print(i)
print("Finished!")


While Loop
words = ["hello","world","spam","egg"]
counter = 0
max_index = len(words)-1

while counter <= max_index:
 word = words[counter]
 print(word + "!")
 counter = counter + 1
Same code can be created using FOR Loop but fewer lines
words = ["hello","world","spam","egg"]
for word in words:
 print(word + "!")

Loop can be combined with Range objects(No need to call List on range objects in For Loop as it is not indexed):

for i in range(5):
 print("hello")

Functions

def myfunc():
 print("spam")
 print("spam")
 print("spam")

myfunc()

Arguments

def printe(word):
 print(word + "!")

printe("spam")
printe("world")
printe("egg")


Arguments: Functions can have more that 1 argument:

def print_twice(x,y):
 print(x+y)
 print(x+y)

print_twice(5,8)

Function arguments can be used as variables inside function, not outside:

def incr(x):
 x += 1
 print(x)

incr(7)
print(x)

Return: int & str functions return a value which can be used later: Return cannot be used outside of a function.

def max(x,y):
 if x>=y:
  return x
 else:
  return y

print(max(4,7))
z = max(8,5)
print(z)
def short(x,y):
 if len(x) <= len(y):
   return x
 else:
   return y

After using return in a function, it stops executing immediately:

def add(x,y):
 total = x + y
 return total
 print("This wont be printed")

print(add(4,5))

Lambda Function

>>> mul = lambda x: x**2 + 2*x-5
>>> mul(5)
30

>>> add = lambda y: a + b
>>> a=6
>>> b=5
>>> add (10)
11

>>> add2 = lambda a,b: a + b
>>> add2(10,3)
13

>>> rem = lambda a,b: a%b
>>> add (10,3)
1


Functions as an Object: they can be assigned & reassigned to variables.

def multiply(x,y):
 return x*y

a = 4
b = 7
operation = multiply
print(operation(a,b))
def shout(word):
 return word + "!"
speak = shout
output = speak("shout")
print(output)


Function can be used as arguments of other functions:

def add(x,y):
 return x + y

def twice(func(x,y)):
 return func(func(x,y), func(x,y))

a=6
b=12

print(twice(add,a,b))
def square(x):
 return x*x

def test(func,x):
 print(func(x))

test(square,42)

Comments

#This is a comment.
print("Test") #This is also a comment.
#print("Test 2")

Docstrings:

def excl(word):
 """
 Print a word
 with exclamation!
 """
 print(word + "!")

shout("spam")

Examples

Entering variables inside quotation marks:

os.system("""osascript -e 'display notification "{}" with title "{}" sound name "{}"'""".format(text, title, sound))

Modules

Modules are piece of code written by others to fulfil common tasks.

Print 5 random numbers in range 1 to 8:

import random
for i in range(5):
 value = random.randint(1,8)
 print(value)
import math
num = 10
print(math.sqrt(num))


Import certain functions only from module:

from math import pi
print(pi)
from math import pi,sqrt
from math import *            # not recommended, can confuse the variables in code with variables external module.
from math import sqrt as square_root
print(square_root(100))


3 types of Modules:

Standard Library -> string, re, datetime, math, random, os, multiprocessing, subprocess, socket, email, json, doctest, unitest, pdb, argparse, sys
Installed from external sources
Manually written


Python Package Index

PyPI is used to install 3rd party modules.

sudo apt-get install python-pip
pip install library_name
pip install paramiko


List modules:

pip list
pip freeze
help('modules')

Common Packages

paramiko          SSH
ipaddr            IP addressing

Slack

Installation:

pip install slackclient

Simple function:

from slackclient import SlackClient

 def slack(message, channel, icon):
     sc = SlackClient("xoxp-353395......6a42822")
     sc.api_call('chat.postMessage', channel=channel, text=message, username='MyBot', icon_emoji=icon)

 slack("Hello", "@aman", ':scroll:')
 slack("Hello", "team-alerts", ':scroll:')

Function with Attachment:

text1 = 'Case - 73416 - Severity 1 (Critical) - xyz Inc -  System crashed three times'
text2 = 'Case - 73411 - Severity 2 (High) - zyx Ltd -  System stuck in initializing state'
def slack_message(message, email, channel):
    token = 'xoxp-3533423224-303453435575-359136310-95d593463sfs32529057e311tre434822'
    sc = SlackClient(token)
    colors = 0
    sev = message.split('-')[2]
    if '1' in sev:
        colors = 'danger'
    elif '2' in sev:
        colors = '#e5505a'
    elif '3' in sev:
        colors = '#ffee00'
    elif '4' in sev:
        colors = '#a4ef02'
    elif '5' in sev:
        colors = 'good'
    attachments = []
    attachments.append({
                'title': 'Case: ' + message.split('-')[1],
                'text': 'Issue: ' + message.split('-')[4] + '\n' + 'Customer:' + message.split('-')[3] + '\n' + 'Urgency: '+ sev,
                'color': colors,
                'footer': 'Env: ' + email,
                'ts': 123456789
            })
    formatted_result = ({
        'title': 'Execution Results',
        'attachments': attachments,
        'as_user': 'false'
        })
    response = sc.api_call('chat.postMessage', channel=channel,
                text='New Case in Queue', **formatted_result, username='My Bot',
                icon_emoji=':brief_case:')
    if not response['ok']:
        log('Slack Error: {}'.format(response['error']))
slack_message(text1, email_from, 'team-channel')

Slack v2

  • Simple Example
import slack

def slack_message(message):
    token = 'xoxp-3533423224-303453435575-359136310-95d593463sfs32529057e311tre434822'
    sc = slack.WebClient(token, timeout=30)
    sc.chat_postMessage(
        channel='@aman',
        username='My Bot',
        icon_emoji=':robot_face:',
        text=message)

path = '/mnt/cores/Customer/case_10682/'
option = 'Cloud'

slack_message(str("Path: "+path+'\n'+"Option: "+option))
  • Attachment
import slack

path = '/mnt/cores/Customer/case_10682/'
option = 'Cloud'

def slack_message():
    token = 'xoxp-3533423224-303453435575-359136310-95d593463sfs32529057e311tre434822'
    sc = slack.WebClient(token, timeout=30)
    attachments = []
    attachments.append({
        'title': 'Tool: ' + 'Tech Support',
        'text': 'Path: ' + path + '\n' + 'Option:' + option + '\n',
        'color': 'red',
        'footer': 'Sender: ' + 'eMail-ID',
        'ts': 123456789
    })

    formatted_result = ({
        'title': 'Execution Results',
        'attachments': attachments,
        'as_user': 'false'
        })

    response = sc.chat_postMessage(channel='@aman',
                text='New Case in Queue', **formatted_result, username='My Bot',
                icon_emoji=':brief_case:')

    if not response['ok']:
        print('Slack Error: {}'.format(response['error']))

slack_message()

Salesforce

Installation

pip3 install simple_salesforce

Find out Security Token:

https://<yoursalesforcehostname>/_ui/system/security/ResetApiTokenEdit?retURL=%2Fui%2Fsetup%2FSetup%3Fsetupid%3DPersonalInfo&setupid=ResetApiToken

Example:

https://avi.my.salesforce.com/_ui/system/security/ResetApiTokenEdit?retURL=%2Fui%2Fsetup%2FSetup%3Fsetupid%3DPersonalInfo&setupid=ResetApiToken    

Login:

sf = Salesforce(username="test", password="pwd@123", security_token="NSUgqlxewweWdK8bjBEsdsNs")

Query:

results = sf.query_all("SELECT CaseNumber,Subject,IsClosed FROM Case WHERE OwnerId = '00500000erefBz'")
result2 = sf.query_all("SELECT CaseNumber,Subject,IsClosed FROM Case WHERE CaseNumber = '6800'")

Output:

results['records'])

Exceptions

 ImportError: an import fails
 IndexError: list is indexed with an out of range  number
 NameError: an unknown variable is used
 SyntaxError: the code can't be parsed properly
 TypeError: a function is called on a value of inappropriate type
 ValueError: a function is called on value of correct type but with inappropriate value
 OSError:

Third party libraries has their own defined exceptions.

ZeroDivisionError:

 x = 7
 y = 0
 print(x/y)

Exception Handling

try:
 x = 7
 y = 0
 print(x/y)
 print("Calc Done")
except ZeroDivisionError:
 print("An Error Occured")
 print("due to zero division")

Handling multiple exceptionin a single except statement:

try:
 x = 10
 print(x + "Hello")
 print(x / 2)
except ZeroDivisionError:
 print("Division by Zero")
except(ValueError, TypeError):
 print("Error occured")

Catch all error(not recommended, they can catch unexpected errors and hide programming mistakes): Exception handling is quite useful when dealing with user input.

try:
 word = "spam"
 print(word / 0)
except:
 print("An error occured")

Finally: this code will always run, even if uncaught exception occurs.

try: 
 print("Hello")
 print(1/0)
except ZeroDivisionError:
 print("Div by Zero")
finally:
 print("This will always run")
try:
 print(1)
 print(10/0)
except ZeroDivisionError:
 print(unknown_var)
finally:
 print("This is executed last")

Raising Exceptions:

print(1)
raise ValueError
print(2)
name = "123"
raise NameError("Invalid name!")
x = input(":")
if float(x) < 0:
 raise ValueError("Negative!")

Raise statement can be used to raise whatever exception occurs:

try:
 x = 5/0
except:
 print("An error occured")
 raise

Traceback

import traceback

try:
    <something>
except:
    traceback.print_exc()
    pass

Assertions

Used for sanity checking, programmers use this at start of fuction to check for valid input and after function call to check for valid output.
Expression is tested, if result is false, an exception is raised.

print(1)
assert 2+2 == 4
print(2)
assert 1 + 1 == 3
print(3)

Assertons can take a second argument passed to AssertionError if assertion fails:
Assertions can be caught & handled like other exceptions using Try-Except statement.
If not handled, it can terminate the program.

temp = -10
assert (temp >= 0),"Colder than absolute Zero!"

Exercise

Function that returns sum of all numbers from 0 till that number:

def sum(x):
 res=0
 for i in range(x):
 res+=1
 return res

What is highest nymber output by this code?

def nums(x):
 for i in range(x):
  print(i)
  return
nums(10)

What is the output of this code?

def func(x):
 res = 0
 for i in range(x):
  res += i
 return res

print(func(4))

What is the highest number printed by this code:

print(0)
assert "h" != "w"
print(1)
assert False
print(2)
assert True
print(3)

Running Unix Commands

os.system(deprecated)

import os
os.system("date")
 import os
 f = os.popen('date')
 now = f.read()
 print "Today is ", now


Subprocess

Basic usage:

import subprocess
subprocess.call("command1")
subprocess.call(["command1", "arg1", "arg2"])

Execute the date command:

import subprocess
subprocess.call("date")

Execute ls command with arguments:

import subprocess
subprocess.call(["ls", "-l", "/etc/resolv.conf"])

Execute date command:

import subprocess
p = subprocess.Popen("date", stdout=subprocess.PIPE, shell=True)
(output, err) = p.communicate()
print "Today is", output


import subprocess
p = subprocess.Popen(["ls", "-l", "/etc/resolv.conf"], stdout=subprocess.PIPE)
output, err = p.communicate()
print "*** Running ls -l command ***\n", output
import subprocess
p = subprocess.Popen(["ping", "-c", "10", "4.2.2.2"], stdout=subprocess.PIPE)
output, err = p.communicate()
print  output

The only problem with above code is that output, err = p.communicate() will block next statement till ping is completed i.e. you will not get real time output from the ping command.
So you can use the following code to get real time output:

import subprocess
cmdping = "ping -c4 4.2.2.2"
p = subprocess.Popen(cmdping, shell=True, stderr=subprocess.PIPE)
while True:
    out = p.stderr.read(1)
    if out == '' and p.poll() != None:
        break
    if out != '':
        sys.stdout.write(out)
        sys.stdout.flush()

SSH

import paramiko
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect( '192.168.1.23', username = 'root', password = 'libreelec' )
stdin, stdout, stderr = ssh.exec_command( 'ls -al' )

for line in stdout:
    print('... ' + line.strip('\n'))
ssh.close()

Regex

Importing Library

import re

Methods:

re.match() => Matches Beginning

Here for 'dog' it matches:

>>> re.match(r'dog', 'dog cat dog')
<_sre.SRE_Match object at 0xb743e720<
>>> match = re.match(r'dog', 'dog cat dog')
>>> match.group(0)
'dog'

However for 'cat' it does not:

>>> re.match(r'cat', 'dog cat dog')
>>>
re.search() => Matches Anywhere
re.search(r'cat', 'dog cat dog')
 >>> match.group(0)
 'cat'

The search() method stops looking after it finds a match, so search()-ing for ‘dog’ finds the first occurrence:

 >>> match = re.search(r'dog', 'dog cat dog')
 >>> match.group(0)
 'dog'
re.findall() => All Matching Objects
>>> re.findall(r'dog', 'dog cat dog')
['dog', 'dog']
>>> re.findall(r'cat', 'dog cat dog')
['cat']
Substitute
s = "Example String"
replaced = re.sub('[ES]', 'a', s)
print(replaced)

Using Databases

Installing Modules for MySQL:

sudo apt-get install python-pip python-dev libmysqlclient-dev
pip install MySQL-python

Connecting to a DB on localhost(need to create a db 'testdb' beforehand):
Source: tutorialspoint.com

#!/usr/bin/python
import MySQLdb
db = MySQLdb.connect("localhost","guest","guest123","testdb")

cursor = db.cursor()
cursor.execute("SELECT VERSION()")
data = cursor.fetchone()
print "Database Version : %s " % data
db.close()


Creating Database:

#!/usr/bin/python
import MySQLdb
db = MySQLdb.connect("localhost","guest","guest123","testdb")

cursor = db.cursor()
sql="""CREATE table book_tbl (
       book_id INT NOT NULL AUTO_INCREMENT,
       book_title VARCHAR(100) NOT NULL,
       book_author VARCHAR(100) NOT NULL,
       submission_date DATE,
       PRIMARY KEY( book_id ));"""

cursor.execute(sql)
db.close()

Writing to Database with User Input:

#!/usr/bin/python
import MySQLdb
a=int(input('Please enter the Book ID:\n'))
b=str(raw_input('Please enter the Book Title:\n'))
c=str(raw_input('Please enter the Book Author:\n'))
d=int(input('Please enter the Book Submission Date:\n'))

db = MySQLdb.connect("localhost","guest","guest123","testdb" )

cursor = db.cursor()

sql = "INSERT INTO book_tbl(book_id, \
       book_title, book_author, submission_date) \
       VALUES ('%d', '%s', '%s', '%d' )" % \
       (a, b, c, d )
try:
   cursor.execute(sql)
   db.commit()
   print("Database Updated.")
except:
   db.rollback()
   print("Error when saving to DB.\n")
db.close()

Read from Database:

#!/usr/bin/python
import MySQLdb
db = MySQLdb.connect("localhost","guest","guest123","testdb" )

cursor = db.cursor()

sql = "SELECT * FROM book_tbl WHERE book_id > '%d'" % (10)

try:
  cursor.execute(sql)
  results = cursor.fetchall()
  for row in results:
      ID = row[0]
      Title = row[1]
      Author = row[2]
      Date = row[3]

      print "ID=%d,Title=%s,Author=%s,Date=%s" % (ID, Title, Author, Date )
except:
  print "Error: unable to fetch data"
db.close()

Pillow

  • Install in Python3
sudo apt-get install python3-pip
sudo apt-get install python3-dev python3-setuptools
sudo apt-get install libjpeg8-dev zlib1g-dev libwebp-dev tcl8.5-dev tk8.5-dev
sudo pip3 install Pillow
from PIL import Image

im = Image.open("sample.webp").convert("RGB")
im.save("test.jpg","jpeg")

OpenCV

Windows
  • Install NumPy
sudo pip3 install numpy
  • Download the relevant WHL file from:
https://www.lfd.uci.edu/~gohlke/pythonlibs/#opencv
  • Install OpenCV WHL file:
pip install opencv_python‑3.3.1‑cp36‑cp36m‑win32.whl
  • Verify installation:
import cv2
print(cv2.__version__)
Linux
sudo pip3 install opencv-contrib-python

Non Recursive files only list

Using Functions(file name only)
dir = sys.argv[1]

def files(path):
    for file in os.listdir(path):
        if os.path.isfile(os.path.join(path, file)):
            yield file

for file in files(dir):
    print(file)
Using Functions(full paths)
dir = sys.argv[1]

def fullpath(path):
    for file in os.listdir(path):
        if os.path.isfile(os.path.join(path, file)):
            yield (os.path.join(path, file))

for file in fullpath(dir):
    print(file)
Without using Functions
dir = sys.argv[1]

files = [f for f in os.listdir(dir) if os.path.isfile(os.path.join(dir, f))]

for file in files:
    print(file)

Misc

Python 2 to Python 3 conversion tool
2to3 -w test.py
Print in the same position
print(data, end='\r')


References





blog comments powered by Disqus