Form Fuzzing with Python and Mechanize

Another module in the Python standard library, is that of Mechanize.  Mechanize is a Python headless browser.  With Mechanize you can interact with web applications.  This could allow for headless verification of functionality (QA) or could be used in Penetration Testing. Proof of Concept with Python Mechanize In the following POC, I wrote a little script that interacted with some test web apps I ... »

Link Harvesting in Python

I’ve done extensive work with link validation in websites, using a mix of Ruby / Anemone (spidering library) and Watir (web automation library.) In this post I’ll cover a similar approach from the Python side using Python and BeautifulSoup.  What’s nice about this pairing is that it’s all part of the standard library in Python.  You don’t have to install or download a... »

Python – Processes

In taking Vivek Ramachandran’s course on Python for Pentesting, in lecture 13 he deals with the subject of processes.  Personally I feel he jumps into a more intermediate/advanced topic from where we were in the previous lectures. For that reason of his jump in difficulty, I pulled some information from various sources to help digest what he’s teaching here. What is a Process vs. a Thr... »

Python & Pentesting: Signals Exercise

At the Pentester Academy I took a course called Pentesting with Python.  It’s a great course… if you have an interest in Python and Security, I highly recommend it. Task The instructor (Vivek Ramachandran) provides student exercises at the end of most of the lectures.  In lesson 16 (on signaling) he asks the students to write a Python script that does the following: Create a TCP server... »

Python Port Banner Grabber

As this is considered an Active and not Passive Scan, be sure you either own the hardware you are port scanning, or you have permission to do so.  The legalities depend on geo location, but in some cases have involved arrest, detainment or fines.  Again – be sure you have permission (or own the network in question) to perform a port scan. Banner Grabber Rather than use a 3rd party tool, a si... »

Hacking Biofeedback Machines with Python

Overview This walk-through will make use of Python and Wireshark to sniff data packets out of a commercial product with bio sensors (heart rate and GSR.)  We will pull data from an iOM device that has no public endpoints and a closed API.  We will make use of a packet sniffer (Wireshark) and Python to write a few lines of code to listen to the port and send the commands we discover in the sniffing... »

Page 1 of 512345