Skip to main contentSkip to main content
The Red Raffle banner icon.

The Jr Pentester Path just got rebuilt. Complete rooms, earn tickets, and win a free PT1 cert.

Room Banner
Back to all walkthroughs
Room Icon

Python: Pentesting Scripts

Premium room

Build Python scripts for web recon, network scanning, hash cracking, and SSH brute-forcing.

medium

60 min

7

User profile photo.
User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Your team just wrapped up the reconnaissance phase of a penetration test against a mid-sized e-commerce company. The client’s scope document lists 12 subdomains, a /24 internal network, and three web applications. Your lead hands you a checklist: enumerate every subdomain for hidden services, scan the internal network for live hosts, probe open ports on each one, and test a set of harvested password hashes against a wordlist. You could fire up a dozen different tools and juggle their output formats, or you could write a handful of Python scripts that do exactly what you need, formatted exactly how you want, and integrated into a single workflow.

That is the power Python brings to penetration testing. It is not about replacing tools like or ; it is about filling the gaps between them, automating repetitive tasks, and building custom solutions when no off-the-shelf tool fits the situation.

In the previous three rooms, you built a solid Python foundation. In Python: Simple Demo, you learned variables, conditionals, and while loops through a guessing game. In Python: Core Concepts, you expanded into data types, strings, lists, dictionaries, for loops, and operators. In Python: Building Scripts, you structured real programs with functions, error handling, file I/O, and libraries, culminating in a Password Strength Checker. Every one of those skills comes into play in this room.

Spaceship

Learning Objectives

In this room, we shift from general-purpose scripting to security-focused automation. You will build tools that penetration testers use in real engagements:

  • Web reconnaissance: enumerating subdomains and directories using HTTP requests and wordlists
  • Network discovery: identifying live hosts on a local network using ARP scanning with Scapy
  • Port scanning: probing targets for open TCP ports using raw sockets
  • Automated downloads: retrieving files from remote servers during engagements
  • Hash cracking: using hashlib to find cleartext values behind password hashes
  • Credential testing: brute-forcing SSH logins with Paramiko
  • Integration: combining multiple tools into a cohesive mini-toolkit

Prerequisites

Complete the following rooms before starting this one:

Each task builds a working script from the ground up. We do not just show you the final code and move on. Instead, we walk through why each design decision matters, build the script incrementally, and connect every pattern back to concepts from the earlier rooms.

A Note on Ethics and Authorization

Every technique in this room can cause real harm if used without permission. Scanning a network you do not own is illegal in most jurisdictions. Brute-forcing credentials on a system without authorisation violates laws like the Computer Fraud and Abuse Act (CFAA) in the United States and the Computer Misuse Act (CMA) in the United Kingdom.

Throughout this room, you will run your scripts exclusively against the target machine provided by TryHackMe. In this lab environment, we are writing Python scripts for penetration testing; we will also test them against the same virtual machine we use to write them. Our localhost (127.0.0.1) will serve as our controlled, authorised environment. In professional engagements, penetration testers operate under a signed Statement of Work (SOW) and Rules of Engagement (RoE) that explicitly define which systems may be tested and which techniques are permitted. Never run these tools against systems you do not own or for which you do not have written authorisation to test.

This room assumes you are comfortable with variables, conditionals, loops, functions, error handling, file I/O, and importing libraries. We will not re-teach these concepts, but we will reference them frequently as we apply them in new contexts.

Machine Access

Click the Start Machine button below to launch the Target machine (VM). Visual Studio Code (VS Code) should open automatically with a modern Python installation ready for you. All scripts discussed in this room are saved in the /home/ubuntu/Pentesting-Scripts directory on the Target machine. The wordlist used in Tasks 2, 6, and 7 (wordlist.txt) is also inside /home/ubuntu/Pentesting-Scripts/, but if you are using your own machine it is attached to Task 2 for download.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Target machine
Status:Off

If you are using your own machine, you will need Python 3.x installed along with the requests, scapy, and paramiko libraries. You can use the following command install the required libraries:

Terminal
           pip3 install requests scapy paramiko

 

Answer the questions below

I have read the introduction and started the target machine.

We use cookies to ensure you get the best user experience. For more information see our cookie policy.