I was recently asked this question by a new subscriber:
Why are a lot of tools for pen testing are written in Python? While my knowledge in that area is pathetic, I would assume that the speed of execution of a program would be quite important, and Python is far from being the fastest language on Earth.
This is a very good question, one many people new to Python ask, so I thought I’d answer it in a blog.
He talks specifically about penetration testing (checking software/system for bugs), but the same could apply to any domain.
Data science / machine learning: Here’s a field you think would value speed over everything, and yet Python is the fastest growing and hottest technology here.
How about automation (tests, backend, sysadmin etc)? Surely, anything as slow as Python isn’t suited for this?
Why is everyone from finance to bioinformatics to geo-sciences picking up Python, if it’s so darn slow?
There are two ways to answer this.
Speed of execution is rarely a bottleneck. Speed of writing code, speed of making changes, speed of just playing with stuff to see what works, is more important than CPU time. And Python shines in all this.
For most companies, especially pure software ones, the salaries of their programmers are their biggest expense. If your programmers can save 10% of their time, that’s a HUGGGEEEEEE saving. If you can save 25-50%? You’re rollin’ in the riches.
And even from an individual point of view: I have been writing in C (and some C++) for almost 12-14 years. And yet, if I want to try something, I use Python. You just open up an interpreter (or even better, the Jupyter notebook, the best thing since sliced bread) and start hacking. It’s almost like playing.
C++, on the other hand, looks like work. Digging trenches in the sun level of work. And if I had to program in Java…… let’s not even go there.
Python is simple enough for anyone to get started in, and yet powerful enough to handle complex projects.
Slow compared to what?
I work in the embedded domain, mainly in C/C++. Go to any C/C++ forum, and you are bound to find someone saying This new fangled C thing is so slow, Real Programmers use assembly.
This myth, almost a cliche, just won’t die. You don’t get faster just by getting closer to the metal. There are a million other things, especially for modern real world apps.
The speed you access your database, the network speed (if it’s a webapp), how your data is stored (database, in the cloud, millions of csv files spread all over the disk), the speed and size of your harddisk, the amount of RAM you have, if you are running Windows 10 that reboots every ten minutes.
All these things affect the speed of your program. When people say Python is slow, they usually mean it is slow in the CPU department (which isn’t always true, as you have things like Cython, but let’s ignore them for now). But is raw CPU speed the only measurement unit that matters? In some cases, yes. But in most cases, no.
In most real world situations, the power to throw something together quickly, the power to play with a great interpreter, to try out dozens of cool libraries, and most importantly, the speed at which code can be developed, are more important than the CPU speed of Python.
In summary: Python maybe slow compared to some compiled languages, but the power it gives to programmer productivity more than makes up for it. And if you do want raw CPU speed, Python comes with tools to give you that.
But as Conan said:
PS: My book Python for Hackers is FREE for a short time (normally sells for $39). If you want it, enter your email below.
Subscribers will also get exclusive content I won't share on my blog.