SANS Penetration Testing

SANS Pen Test Cheat Sheet: Python - pyWars (SEC573)

by: Mark Baggett

Python skills are incredibly useful for all kinds of information security personnel, from pen testers to cyber defenders to forensics pros. With so many tools written in Python and so many Python libraries to work magic in just a few lines of code, I wrote a course (SANS SEC573) on how to get the most out of this handy language.

But, In 2012 I faced a challenge.

I had created a software platform for delivering SEC573's Python based labs to students called pyWars and I needed to test that server under load before I used it in a classroom environment. I had already run fuzzers and traffic generators against the server, but nothing quite matches the testing that is done by a human. I know this to be true because we succeed as Penetration testers despite the availability of high quality vulnerability scanners! I decided to have a SANS@Night session where I would issue an open invitation to students at the conference to come and try out the new SEC573 labs. One of the immutable rules of information security is this, if you invite people to come hack stuff and give them free beer, then people will come. So that is what we did.

But what about people who don't know Python?!

I can't expect people to really test my labs when I haven't taught them any Python. So, I boiled down the bare essentials into a 1 hour introduction I could present to get people going on the labs. I would present the material and if everyone remembered EVERYTHING I said they could complete the labs. But none of us remember everything. I needed a condensed version of the essential Python skills required to perform common tasks covered in the courseware that I could hand out. Thus the SEC573 Python 2.7 cheat sheet was born.

This cheat sheet is specific to version 2.7 and it covers the bare essential of coding in Python. It is intended to help you quickly find the proper syntax of commonly used Python commands. Whether you are going to take the new GPYC - GIAC (Python Coder) Certification or just want to knock out a program without pulling our your reference manuals I hope that you will find the cheat sheet useful.Python_CheatSheet_07052016

Download: Python Cheat Sheet - 2pg PDF

Would you like more information about how you can create your own Python-powered attack tools? I'm sure you do! :) Join me for SEC573 - Automating Information Security for Python, in Austin, TX at SANS Pen Test Austin, in March 2018 or at SANS 2018 in Orlando, FL in April 2018.

Learn more about GIAC's *new* Python Coder Certification - GPYC.

Mark Baggett
SANS Instructor
Course Author - SEC573

SANS Pen Test Austin 2018 - Training Event:


  • Choose from 12 world-class training courses w/ our best instructors!
  • Play in (3) Nights of NetWars
  • Join a team as you hack/defend SANS CyberCity
  • Enjoy a special night of networking and fun for all attendees
  • Earn up to (5) SANS Pen Test Challenge Coins during Coin-A-Palooza
  • March 19 - 24, 2018 - Austin, TX
  • Learn more:

Post a Comment


* Indicates a required field.