Form Fuzzing with Python and Mechanize

Another module in the Python standard library, is that of Mechanize.  Mechanize is a Python headless browser.  With Mechanize you can interact with web applications.  This could allow for headless verification of functionality (QA) or could be used in Penetration Testing. Proof of Concept with Python Mechanize In the following POC, I wrote a little script that interacted with some test web apps I ... »

Link Harvesting in Python

I’ve done extensive work with link validation in websites, using a mix of Ruby / Anemone (spidering library) and Watir (web automation library.) In this post I’ll cover a similar approach from the Python side using Python and BeautifulSoup.  What’s nice about this pairing is that it’s all part of the standard library in Python.  You don’t have to install or download a... »

Python – Processes

In taking Vivek Ramachandran’s course on Python for Pentesting, in lecture 13 he deals with the subject of processes.  Personally I feel he jumps into a more intermediate/advanced topic from where we were in the previous lectures. For that reason of his jump in difficulty, I pulled some information from various sources to help digest what he’s teaching here. What is a Process vs. a Thr... »

Python & Pentesting: Signals Exercise

At the Pentester Academy I took a course called Pentesting with Python.  It’s a great course… if you have an interest in Python and Security, I highly recommend it. Task The instructor (Vivek Ramachandran) provides student exercises at the end of most of the lectures.  In lesson 16 (on signaling) he asks the students to write a Python script that does the following: Create a TCP server... »

Python Port Banner Grabber

As this is considered an Active and not Passive Scan, be sure you either own the hardware you are port scanning, or you have permission to do so.  The legalities depend on geo location, but in some cases have involved arrest, detainment or fines.  Again – be sure you have permission (or own the network in question) to perform a port scan. Banner Grabber Rather than use a 3rd party tool, a si... »

Hacking Biofeedback Machines with Python

Overview This walk-through will make use of Python and Wireshark to sniff data packets out of a commercial product with bio sensors (heart rate and GSR.)  We will pull data from an iOM device that has no public endpoints and a closed API.  We will make use of a packet sniffer (Wireshark) and Python to write a few lines of code to listen to the port and send the commands we discover in the sniffing... »

Python Block Comments

You may have read on Stack Overflow (such as a comment on the approved answer) or other sites that you could use triple quotes as block comments in Python… in fact the author of Python (Guido van Rossum) mentioned in a tweet a few years back and that quote seems to be the source of much of this philosophy: @gvanrossum @BSUCSClub I found in Python 3, that something like (i.e. DeviceNPF_..) wi... »

Language Choices

Scripting: Groovy, Python or Ruby I work with these three languages all the time, along with their Web Frameworks (Grails and Rails – I haven’t yet picked up Django.) Quite often I start a project and wonder, “which language should I use?” For me each language has it’s perks and set backs…. Groovy/Grails Groovy is actually very fast… and static typing in G... »

Statically Typing Better Performance?

I’ve heard this quite a bit about dynamically typed languages (like Python, Ruby, Groovy, etc.) It actually makes a lot of sense.  If the compiler doesn’t have to discover/lookup what something is, it should be faster, right? Python / Cython Check out this article on Python and Cython: Just by statically defining the variables/params... »

Python: Recursive Palindrome Testing

Similar to this other post on a method to check for a palindrome: I wrote another attempt but using recursion, rather then a loop. def recur_pali(word): last_char = word[(len(word) - 1)] first_char = word[0] if len(word) > 0: if last_char == first_char: updated_word = word[1:-1] if len(updated_wor... »

Page 1 of 3123