Tech with Tyler
LinkedInGitHubYouTube
  • 👋Welcome!
    • whoami
    • !!! Disclaimer !!!
  • 🎓Academy
    • AWS Security Cookbook
      • AWS Control Tower
        • Lab: Deploying AWS Control Tower via Terraform
        • Lab: Blocking Regions with AWS Control Tower
      • AWS CloudTrail
      • AWS GuardDuty
        • Lab: Deploying AWS GuardDuty via Terraform
        • Lab: Logging GuardDuty Findings to S3
        • Lab: Adversary Simulation Detection with Stratus Red Team and GuardDuty
      • AWS Organizations
        • Lab: Deploying AWS Organizations via Terraform
      • AWS Root Account Management
        • Lab: Deploying AWS Root Account Management via Terraform
      • AWS Service Control Policies (SCPs)
        • Lab: Deploying AWS Service Control Policies (SCPs) via Terraform
      • TBD - Coming Soon!
        • [TBD] AWS Account Factory
        • [TBD] AWS Identity Center
    • My content on Cybr
      • Course - Terraform on AWS: From Zero to Cloud Infrastructure
      • Lab - Create Static AWS S3 Website with Terraform
      • Lab - Secure EC2 Access with SSM Session Manager and KMS
      • Lab - Encrypt and Decrypt Data with KMS and Data Encryption Keys
    • My content on PwnedLabs
      • Cyber Range - Electra
      • Lab - Abusing Identity Providers in AWS
      • Lab - Prowler and AWS Security Hub
      • Blog - Abusing Identity Providers in AWS
      • Blog - Building Security Guardrails with AWS Resource Control Policies
      • Blog - Defending Against the whoAMI Attack with AWS Declarative Policies
    • My content on YouTube
      • AWS Security Engineering
      • Linux in 60 Seconds!
  • ☁️Cloud Security
    • AWS Attacks and Techniques
      • Enumerate AWS Account IDs
      • Enumerate AWS IAM Users
      • Enumerate (Unauthenticated) IAM Users and Roles
      • Enumerate AWS Public Resources
      • Enumerate Secrets in AWS
      • Generate AWS Console Session
      • Generate IAM Access Keys from CloudShell
      • Password Spraying AWS IAM Users
      • Subdomain Takeovers
    • AWS Privilege Escalation
      • Identity Access Management (IAM)
      • IAM Trust Policies
      • Key Management Service (KMS)
      • Lightsail
      • OpenID Connect (OIDC)
      • S3
      • Secrets Manager
      • Security Token Service (STS)
    • AWS General Info
      • Amazon Bedrock
      • EC2
      • KMS
      • S3
      • SNS Topic
    • AWS CLI Cheat Sheet
    • Capture the Flags (CTFs)
      • Flaws.Cloud
        • Level 1
        • Level 2
        • Level 3
        • Level 4
        • Level 5
        • Level 6
      • PwnedLabs
        • Escalate Privileges by IAM Policy Rollback
        • Exploiting Weak S3 Bucket Policies
        • Leveraging S3 Bucket Versioning
        • S3 Enumeration Basics
        • Pillage Exposed RDS Instances
        • EC2 SSRF Attack
        • Hunt for Secrets in Git Repos
      • Cybr
        • Challenge - Secrets Unleashed
    • Tools
      • Tooling Index
      • dsnap
      • Pacu
      • s3-account-search
      • GoAWSConsoleSpray
      • aws_consoler
      • cloudenum
  • 📦Containers & Orchestration
    • Kubernetes
  • 👨‍💻Coding & CLI Tooling
    • CLI Tools
      • AWS CLI
      • Git
      • GitHub Copilot (CLI)
      • Homebrew
      • jq
      • ngrok
      • ssh
    • Coding and Scripting
      • Bash
      • Python
    • Terminal Customization
  • ⚙️DevSecOps
    • CI/CD
      • GitLab
    • Hashicorp Terraform
    • Hashicorp Vault
    • IAC Scanning
      • tfsec
    • Secrets Scanning
      • Trufflehog
  • 🎁Miscellaneous
    • Jenkins
  • 💻Operating Systems
    • Linux
      • APT Package Manager
      • CLI Tools Cheat Sheet
      • Man Pages
      • Services
      • Users and Groups
  • 🏗️Projects
    • Active Directory Homelab Automation
    • AWS Cloud Resume Challenge
    • Proxmox Homelab as Code
  • 📌Other
    • Useful Resources
Powered by GitBook
On this page
  • Overview
  • Examples
  • Install and Run a Python App with a Specific Python Version
  • Set up a Python Virtual Environment
  • Parsing JSON
  • View installed modules
  • View pip modules
  • Pyenv
  • Installation
  • Useful commands
  • Pipx
  • Installation
  • Useful commands

Was this helpful?

  1. Coding & CLI Tooling
  2. Coding and Scripting

Python

Tips and tricks for working with Python

PreviousBashNextTerminal Customization

Last updated 3 months ago

Was this helpful?

Overview

  • As Python gets updated older code will cease to run due to changes in Python syntax and functionality

  • To resolve this, we can run code in Containers but that adds a level of complexity

  • Another solution is to utilize and and run the code in virtualized environments with the needed version of Python


Examples

Install and Run a Python App with a Specific Python Version

  • (pmapper) is a tool that requires Python version 3.9 to run (it errors out otherwise)

# list available versions of python to install
pyenv install --list

# install python 3.9.21
pyenv install 3.9.21

# set version of python that pyenv will use
pyenv global 3.9.21

# validate version is set (should match 3.9.21 for this example)
python --version 

# install the tool, principalmapper (aka pmapper)
pipx install --python $(pyenv which python) principalmapper

Set up a Python Virtual Environment

  • We can set up a virtual environment to run any version of Python we want

  • This is useful for isolating your Python code/packages without impacting your system configuration

# install python 2.7.18
pyenv install 2.7.18

# make a directory to work in 
mkdir venv-tyler-python-2-7-18

# create virtualenv for python 2.7.18
pyenv virtualenv 2.7.18 venv-tyler-python-2-7-18

# change into the directory
cd venv-tyler-python-2-7-18

# set directory for virtualenv
pyenv local venv-tyler-python-2-7-18

# validate python version (should match 2.7.18)
python --version

Parsing JSON

"ffuf -w /opt/useful/SecLists/Discovery/DNS/namelist.txt -u http://<target IP> -H HOST: FUZZ.<target domain> -o possible-subdomains.json"
import json

json_dump = "./possible-subdomains.json"

with open(json_dump) as f:
    data = json.load(f)

for host in data["results"]:
    print(host["host"], host["url"]) # print out the host & URL

View installed modules

python3 -c 'help("modules")'

[SNIP]
Cryptodome          cairo               ldb                 retrying
Cython              calendar            lib2to3             rfc3986
IPy                 catfish             libfuturize         rfc3987
IPython             catfish_lib         libpasteurize       rich
[SNIP]

View pip modules

pip list

Package    Version
---------- -------
pip        20.3.4
setuptools 44.1.1
wheel      0.37.1
xlrd       2.0.1

Pyenv

Installation

# install on linux
curl https://pyenv.run | bash

# add to ~/.zshrc
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
echo '[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(pyenv init - zsh)"' >> ~/.zshrc

# restart shell for PATH changes to take effect
exec "$SHELL"

# install python build dependencies (see install instructions as this is specific to your OS)
# this is for Debian-based systems (Ubuntu, Kali, Parrot, etc.)
sudo apt update; sudo apt install build-essential libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev curl git \
libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev

Useful commands

# view all python versions installed with pyenv
pyenv versions

# set global (default) python version for pyenv
pyenv global 3.x.x

# set local (directory) python version for pyenv (trumps global). Adds `.python-version` to directory. All pyenv commands in this directory will use this python version
pyenv local 3.x.x

# view available python versions
pyenv install --list

Pipx

Installation

# install on linux
sudo apt update
sudo apt install pipx
pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument

Useful commands

# install package for user (~/.local/bin)
pipx install trufflehog

# install package for all users (/usr/local/bin/)
sudo pipx install trufflehog --global

# view installed packages
pipx list
sudo pipx list  

# uninstall packages
pipx uninstall trufflehog
sudo pipx uninstall trufflehog --global

is a useful tool for letting us quickly download and switch between multiple versions of Python

Full installation instructions can be

is a useful tool for installing and running python code and apps in isolated virtual environments

Full installation instructions can be

👨‍💻
pyenv
found here
pipx
found here
PrincipalMapper
pyenv
pipx