Survey data indicates that more than 20% of the current GitHub code base for cyber attack tools or PoC code is written in Python. www.ya-ju.com

The latest survey data shows that Python has become the most popular programming language in the world, and Python’s popularity is spreading to information security. Python, for a change, has also become the preferred tool for hackers to develop cyber attacks.

Imperva’s monitoring data showed that Python-based tools were used in 77% of all attacks on websites between the end of June and mid-September this year. In addition, data also show that Python tools are responsible for the primary attack task in more than a third of network attacks.

“Data indicate that Python tools are increasingly being used by cyber attackers to perform deep network scans,” Imperva said in a statement.

Imperva’s investigation of the GitHub code base, meanwhile, revealed that more than 20 percent of all cyberattack tools or PoC code in the GitHub code base is written in Python. Imperva said: “GitHub has a large number of topics related to network security or information security, and almost every major codebore on that topic is written in Python. Sqlmap and W3AF, the infamous AutoSploit, etc.”

Regarding Web clients, Imperva’s researchers also presented their survey data.

Currently, the two Python code libraries most frequently used by Web attackers are Urllib and Python Requests. In addition, a new module called Async IO has emerged in the community, and more and more people are using this code base.

Of course, if a network attacker wants to attack a project like Struts or WordPress, Python is also their first choice.

Imperva said: “Python offers significant information security advantages as a programming language, not least because many vulnerability code poCs are written in Python. For example, the most popular vulnerabilities are CVE-2017-9841 (PHPUnit remote code execution vulnerability) and CVE-2015-8562 (Joomla! Framework RCE vulnerability) exploit code.”

In fact, Python is not very difficult to learn and does not require deep coding skills, which makes Python a favorite for many beginners. As a result, we will see more and more Python-based attack tools and vulnerability POCs in the future.