Scripting

I use Python locally within Visual Studio Code to call a public API. The goal of this exercise is not only to make a successful HTTP request, but also to understand the individual parts of a small Python script that interacts with a real internet service.

A good beginner API for this type of project is the GitHub REST API. This API is useful because it allows new developers to practice with real-world data while learning concepts that commonly appear in professional software development. These concepts include HTTP status codes, JSON responses, environment variables, API tokens, error handling, and storing project dependencies in a local virtual environment.

All modern websites consist of at least 3 fundamental components: HTML, CSS, and JavaScript. HTML creates structure, CSS is used for styling, and JavaScript enables interactive user experiences through manipulation of the DOM (Document Object Model). JavaScript however, can also be used by malicious actors to access sensitive information on the client-side. One major category of web application vulnerabilities is known as cross-site scripting (XSS). This vulnerability occurs precisely due to any malicious user’s ability to inject JS code into a vulnerable website. If proper security controls are not implemented, this vulnerability makes it possible for an attacker to read and steal an end-user’s cookies and session information that otherwise should be private and confidential.

Nmap is an extremely powerful, free and open-source network mapping utility that can be used for many purposes. In this post, I provide a brief overview of what Nmap can be used for in the cybersecurity industry. These various and useful functions include determining what hosts exist on a network, what services those hosts may offer, and what operating systems (and OS versions) may be running on the backend. Nmap can also scan information about firewalls and potentially also how to evade them. All of this information is acquired across whichever devices respond in the scanned range of IP addresses.

In this writeup, I will cover how a custom script in python “knows” to read text input by the user written at the command line. In line 1, the sys module is first imported. This makes all functions defined within the sys module available to the namespace of the rest of our program.

The dot operator accesses the “argv” property contained within the sys module, and this value is stored in the “message” variable. Then, when we print this variable, python returns a list object with 3 indexes. The string ‘argv.py’ is contained at the [0] index, ‘hello’ at the [1] index, and ‘everyone!’ at the [2] index.