dorks | google hack database automation tool | Automation library

A good idea would be transforming your code into a function and call the function in case the user wants to restart the program.

range() in Python 2 is merely a function that returns a list of integers, it is not itself a type of object. And you wouldn't want to use lists here, no, because they contain all integers in the range.

You could use xrange() objects instead, these are hashable, and only store the start and end values. However, unless you plan to use other xrange() objects to test these keys, a dictionary with such keys is not very useful, you'd have to loop over the dictionary to test your rate against each xrange object manually.

Your success rate dictionary could more simply be replaced by maths; just round your numbers up to the nearest multiple of 10 (simply using floor division):

There is a web application called DVWA (Damn Vulnerable Web Application), it's not hosted on the internet. you have to download it and run as localhost on your computer. However it has a range of vulnerabilities, i have used it in the past for trying out a brute force attack. As its localhost its legal. it should be ideal for a walk through tutorial. I know you said that you didn't want to setup your own website, but the setup is a few minutes. Hope this Helps :D

Link: http://www.dvwa.co.uk/

It is the same concept even if it is another technology.

The idea is to test for multiple vulnerabilities in the system. Usually you would want to test and control all the input in the application. The most severe vulnerabilities would be code injection attacks (SQL, Command, Client-Side code etc.), also not excluding many others. You would also want to test for logical security vulnerabilities, like if some application feature is not implemented correctly (e.g. the Authentication/Authorization mechanism, including the user password recovery or account registration etc.)

I would strongly recommend you to go through the OWASP Top 10 list and check for their guidelines for best security coding practices and how to avoid and prevent such attacks. Considering that you mentioned testing on Microservices, for which I suppose they are some kind of REST API's then focus more on API Security issues.