The document is to act as a cumulative list of all Python modules we have encountered and recommend all individuals at least know of. This list was originally written by John and written for Pat, but obviously it it considered open and readable/writable to everything.
urllib: interact with web applications, get and post to websites -- userequestsinstead, but use this to encode/decode URL encoding with thequote/unquotefunctionsrequests: better module thanurllib; use this to actually interact with webpages,base64: encode and decode base64 data,b64encode()andb64decode()binascii: convert ascii data to hex and hex data to ascii easilysocket: connect and automate network connections -- essentiallynetcatin [Pythonpwntools: better library to connect to services, also has a LOT of exploitation functionsjson: interact with JSON data, quickly create and load from strings and files withloads()anddumps()os: get information from OS and filesystem; use to create, copy, move files and test for path directories, change directories, etc. Also used to call quick shell commands withsystem()subprocess: used to actually call a remote process, like a shell command. You can control all standard input/output/error streams with it throughPopen()or just quickly grab output of a command withcheck_output().zipfile: create or extract from .zip files, can be used to try and crack passwords against an archive filePIL: library for working with image files; interact with all pixels and colors and lots more; absolutely awesome for some steganography challenges.scapy: save the world through network packet manipulation. lets you loop through every packet in a pcap file and do things with it, along with sniff and send packets of your ownBeautifulSoup: parse through HTML pages extremely easilyre: use regular expressionssqlite3: interact with SQLite databasesstring: library that holds the entire alphabet in uppercase and lowercase, along with all numbers and whitespace characters and printable characters etc.Flask: used to create a web server with Python -- often used in CTF challenges (and we seriously saw it as the backend of one challenge at Cyberstakes LIVE last year) so it is good to know how it works or at least what it looks likerandom: used to get a random numbersympy: symbolic calculation, like solving equations or derivatives or integralsmath: basic math functions, round a number up or down, absolute value, etc.sys: get information from the system; most commonly used to get command-line arguments for your script throughargvstruct: perform conversions between Python values and C structs; most commonly used withpackto convert a hex number memory address into an encoded string for an exploitpexpect: not often used, but can be used to automate the interactions of a programcolorama: just used to print in color on the terminal; really nice for scripts and writing exploitsthreading: used to create multiple threads; let your program multitask!time: work with time: convert it, get dates, sleep for a certain duration, etcsh: can call any external program as if it were a functionpyenchant: spell-checker and dictionary; can be used to test for English during a brute-force attackpycrypto: cryptography library for Python; does practically everything you could ever need for crypto (but it also bewildering)nltk: the Natural Language Toolkit has pretty much every word ever and can tokenize sentences and paragraphs well; not often used in exploitation, but good to know it existsparamiko: used for automating SFTP or SSH connection in Pythongtk: to create a GUI; again not often seen in CTF challenges but a good module to know