back to article Mega-bites of code: Python snakes into 1st place for cyber-attacks

Python, either the world's most popular programming language or a close runner up, turns out to be the most widely used language for hacking tools. Security biz Imperva came to this conclusion after looking at GitHub and finding that more than 20 per cent of GitHub repositories for attack tools and proof-of-concept exploits …

  1. Version 1.0 Silver badge

    So, is this a surprise?

    Every time a new, easier to learn, user friendly, language is released it becomes popular with the hackers - remember BASIC worms? What are we going to do?

    Let's return to FORTRAN and APL, I think there was a worm written in FORTRAN once but APL was as pure as driven snow - no hacking at all. Yea, that'll slow 'em down.

    1. Anonymous Coward
      Anonymous Coward

      Re: So, is this a surprise?

      APL, if you keep the original keybindings. J (a more understandable version by most counts) is far too easy.

    2. Old Coot

      Re: So, is this a surprise?

      Upvote for mentioning APL (them wuz the days!).

      Only problem with APL, is that, unlike Fortran, you need the interpreter to be present on the victim's system. Python is now included on pretty much every 'nix system, even necessary for certain functions (e.g., Ubuntu software center). Only a few other languages (shell, Perl, Ruby(?)) will have such an extensive installed base.

    3. MiguelC Silver badge

      Re: So, is this a surprise?

      In hacker hell only Lisp is available.

    4. Charlie Clark Silver badge

      Re: So, is this a surprise?

      Got to love the list of popular libraries: urllib, requests and asyncio! Might as well highlight being able to read from stdin!

      One reason for the popularity for attacks is that Python has for years been popular for penetration testing and has a heap of relevant libraries as a result. This meant that things like Low Orbiting Ion Cannon could be written and easily deployed by those with little or no skills in the language.

    5. JLV Silver badge

      Re: So, is this a surprise?

      APL. Once upon a time I worked thru an agency. You know, the ones that always claim you are an expert and privately tell you to shut up if you disagree.

      One of my colleagues got sent to a gig, as, if not an expert, at least knowing APL.

      She was back by lunchtime. Seems she innocently expressed surprise at the custom APL keyboard - “what’s that for?”

      Re. Python, I believe it’s not only simplicity, it’s that it's a language intended for close interaction with the OS. A lot of it seems BASH-inspired and considerable attention has been given to both calling into C, launching processes and interop in general.

      Contrast that with Java and Javascript. The first keeps itself pretty aloof of non-JVM considerations. And the 2nd is deliberately sandboxed in its most common form.

      Ruby could probably be used too. Chef and Puppet’s job is to manipulate and introspect systems, after all.

      PERL would work, but hackers also want to read their code after writing it.

      As much as I like Python, things like this make me think twice about it becoming supported in browsers, a la JS, or in Office, as a VBA replacement. Neither of those 2 vectors really needs a boost in attack capabilities.

  2. Anonymous Coward
    Anonymous Coward

    Python is also increasingly important to 3D / Videogames

    Any recommendations for Udemy / Pluralsight / Lynda courses that cover the range of things you can do with it and link-to as today's Reg article alludes to. Rather than focusing on the nuances of the language itself... Cheers for tips.

    1. Glen 1 Silver badge

      Re: Python is also increasingly important to 3D / Videogames

      How about scratch? (Yes, that one)

      Video of Emfcamp talk. (Inc demo)

  3. EarthDog


    a language gets popular. get's pushed into in appropriate roles. demand for <insert name of language here> programmers spikes. People start taking "Learn <programming language in 21 days head first> courses". Managers start hiring monkeys. Badda bing badda boom, crappy code and security flaws everywhere.

    Lather, rinse, repeat.

    1. Ferry Michael

      Re: typical

      I think you have misunderstood this. It does not relate to poor programming in Python and inappropriate roles for the language. Python is used because it is appropriate with the availability of libraries that allow the rapid construction of tools that interact with web services

  4. Mark 85 Silver badge

    Kneejerk reaction expected.

    Someone, somewhere will now start spewing that GitHub needs to be shutdown because it aids and abets hackers. Perhaps also an attempt to get Python banned. Crazy world we live in.

  5. Anonymous Coward
    Anonymous Coward

    "... more than 20 per cent of GitHub repositories for attack tools and proof-of-concept exploits ..."

    Should a responsible repostory service really be hosting this stuff at all?

    1. Anonymous Coward
      Anonymous Coward

      >> Should a responsible repostory service really be hosting this stuff at all?

      Don't worry, after a short while under Microsfoft's careful ownership, the site will soon wither and be closed down.

  6. SVV Silver badge

    Full conclusion

    100% of hacking tools written in a programming language. Most tools written in most popular languages!

  7. Anonymous Coward
    Anonymous Coward

    Great first Flash was the culprit of all world disasters, now it's Python. What next? Perl?

    Isn't it about time we go back to learn proper programming languages Assembly, C(++) etc...

    In the mean time I'll stick to BBC Basic ;-)

    1. Glen 1 Silver badge

      The flash *runtime* was the nth layer of hell. :P

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020