Python › Security Tool Development
From script to real tool
So far you’ve written scripts; this lesson is about turning them into tools — with command-line arguments, concurrency for speed, and clean output. The same recon logic, packaged so you and your teammates can run it reliably on real engagements.
You'll learn to
- Give a tool a proper command-line interface
- Run network work concurrently for speed
- Structure output for piping and reporting
A command-line interface with argparse
import argparse
def parse_args():
ap = argparse.ArgumentParser(description="Recon tool")
ap.add_argument("target", help="target domain or URL")
ap.add_argument("-o", "--output", default="results.json")
ap.add_argument("-t", "--threads", type=int, default=20)
ap.add_argument("-v", "--verbose", action="store_true")
return ap.parse_args()
args = parse_args()
print(args.target, args.threads, args.output)
argparse turns a script into a proper CLI: positional arguments, options with defaults, type conversion, boolean flags, and an auto-generated --help. This is what makes a tool reusable — no editing source to change the target.
Concurrency for speed
from concurrent.futures import ThreadPoolExecutor, as_completed
import requests
def probe(url):
try:
r = requests.get(url, timeout=8)
return url, r.status_code
except requests.RequestException:
return url, None
def scan(urls, threads=20):
with ThreadPoolExecutor(max_workers=threads) as pool:
futures = [pool.submit(probe, u) for u in urls]
for fut in as_completed(futures):
url, status = fut.result()
if status:
print(f"[{status}] {url}")
Network tools spend their time waiting for responses, so doing requests concurrently is a huge speedup. ThreadPoolExecutor runs many probes at once; as_completed yields results as they finish. The per-task try/except ensures one dead URL never crashes the pool.
Checkpoint
Why does running network requests concurrently produce such a large speedup for recon tools?
Network tools spend almost all their time waiting for responses, not computing. While one request waits for a server, others can be in flight. Running them concurrently (with a thread pool) overlaps all that waiting, so a scan that would take minutes sequentially finishes in seconds — the work is I/O-bound, which is exactly what concurrency helps.
Try it yourself
Take a simple liveness checker and add an argparse interface so the target and thread count are command-line arguments. Then wrap the requests in a ThreadPoolExecutor so it checks many URLs concurrently. Compare the speed against the sequential version.
Key takeaways
argparsegives a tool a reusable command-line interface.ThreadPoolExecutorruns I/O-bound work concurrently for big speedups.- Per-task error handling keeps one failure from crashing the run.
- Concurrency multiplies load — stay rate-aware and in authorised scope.
Quick quiz
Next, applying Python to malware analysis — extracting indicators and triaging samples statically.