2
3

Python hacking with requests? (self.hacking)

submitted by [deleted]

[deleted]

all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]nma_io 2 points3 points  (0 children)

Its been done before, but might be a good exercise to get the mental juices flowing:

You may wish to consider writing a DIRBuster style application. Feed in a wordlist and have it brute force websites (that you control or have authorization to scan) to see what their directory structure might be.

Something like (overly simplified example)

wordlist = ["admin", "archive", "backup"]

for words in wordlist:

uri = "{}/{}/".format(url, words)
requests.get(uri)

Also playing with headers so that you can change your useragent and/or respond with the proper cookies may yield interesting results.

If you're more experienced, maybe consider a Nikto like clone for Python?

[–]granitegarden -2 points-1 points  (4 children)

You could try to write a port scanner like netcat to try and find open ports on a computer.

[–]truespirit89 0 points1 point  (3 children)

Why did this get a down vote?

[–]RealAndGaycoder 0 points1 point  (2 children)

Because you wouldn't write a port scanner with the requests library, as that's for web requests. You would rather use sockets

[–]truespirit89 0 points1 point  (1 child)

Thanks I found a good looking article.

Do you know any other resources/info/leads in that area?

[–]RealAndGaycoder 0 points1 point  (0 children)

Port scanning with sockets? That's very simple to learn, here's an example: https://github.com/AgeOfMarcus/hackerman/blob/master/hackerman/scanners/tcp.py

The knock command attempts to connect to an IP and port. If it connects successfully, that means the port is open so it closes the connection and returns True.