-2

I am planning on creating a network security testing tool with python that carries out a variety of attacks and tests other vulnerability issues on a host (Such as: Ping of death, slow loris, teardrop and so on) so security teams can quickly PoC different vendor appliances.

Since this is my first real "own" project...I do not know how to go on structuring it.

So far I thought about it this way:

  ├ role
  | ├ attacker.py
  | └ victim.py
  ├ tests
  | ├ slow_loris.py
  | └ teadrop.py
  ├ CLI.py
  └ main.py

Where in role we have two scripts that would define the services to be run (If it's a victim, then it runs a web server on port 80 and so on), in tests we have the different tests to be run and in CLI we find all the possible interactions with the CLI the user can have, menus, "do you want to quit" and so on.

Finally in main we import everything and run the program.

Should I keep this structure or is there something I might be not be addressing/forgetting?

4d4143
  • 33
  • You should keep that structure until you have valid reasons to change it, at which point you will refactor it and make it better. – Dan Wilson Feb 12 '21 at 14:08

1 Answers1

0

It is perfectly fine to architect a tool this way. Separating different roles/responsibilities into different modules is pretty good, as is keeping the CLI interface separate from your “business logic”.

However, Python's import mechanism is fairly fragile. If you import CLI, it is not guaranteed that you'll get your CLI.py file. Instead, it would be more sensible to move all your files into a single module, and then use relative imports:

- README.md
- tests/
  - ...
- your_awesome_tool/
  - __init__.py
  - __main__.py
  - cli.py
  - role/
    - ...

The __init__.py file represents the your_awesome_tool module. The __main__.py file will be invoked when you execute your module via python3 -m your_awesome_tool. Within these files, you can use relative imports like from .cli import some_function.

Whether to use modules like this or whether to use separate scripts like you are doing depends on your goals. For just playing around with the tool, it doesn't matter. Using established Python mechanisms is more useful when you want an installable tool that you can run like a normal program.

amon
  • 134,135