Coding for Hackers

Python › Programming Fundamentals

Conditions and loops

4 min read Beginner 6 sections

This is the lesson where scripts come alive. Conditions let your code choose what to do; loops let it repeat work across many items. Together they’re what turns “check one thing by hand” into “check ten thousand things automatically” — the entire point of automation.

You'll learn to

  • Branch your code with if / elif / else
  • Repeat work with for and while loops
  • Turn a single manual check into a scan

Conditions

status = 200

if status == 200:
    print("OK")
elif status == 403:                # 'else if' — checked only if the first failed
    print("Forbidden — interesting!")
elif status >= 500:
    print("Server error")
else:
    print(f"Other status: {status}")

if tests a condition; the indented block runs only when it’s true. elif adds more cases; else catches everything left over.

The for loop — do something for each item

# Loop over a list:
for sub in ["www", "api", "admin"]:
    print(f"https://{sub}.example.com")

# Loop over a range of numbers (great for ID sweeps):
for user_id in range(1000, 1010):   # 1000 up to (not including) 1010
    print(f"/api/users/{user_id}")

The for loop is the engine of automation: “for each target, do X.” range(1000, 1010) generates numbers, which is perfect for testing sequential IDs — exactly what you’d do hunting for IDOR (accessing objects by guessing their ID).

The while loop — repeat until something changes

# Keep fetching pages until there are no more:
page = 1
while page <= 5:
    print(f"?page={page}")
    page += 1                       # += means "add and store back"

while repeats as long as its condition stays true. It’s ideal for pagination — “keep fetching while there are more pages.”

Controlling loops

for item in items:
    if item == "stop":
        break                       # exit the loop entirely
    if item == "skip":
        continue                    # jump straight to the next item
    print(item)

break stops the loop early (you found what you wanted). continue skips the rest of this iteration and moves on (this one isn’t interesting).

Checkpoint

You want to request /api/users/1 through /api/users/500 to test for IDOR. What loop structure do you use?

Try it yourself

Write a for loop over the list ["www", "api", "admin", "dev"] that prints a full URL for each, like https://api.example.com. Then add an if inside the loop that prints “(interesting!)” next to admin only.

Summary

Conditions (if / elif / else) let your script branch based on True/False tests — but watch your indentation and colons. The for loop runs a block for each item in a collection or each number in a range() (perfect for ID sweeps). The while loop repeats until a condition flips (perfect for pagination). break exits early; continue skips to the next item. These are what convert manual checks into automated scans.

Key takeaways

  • if/elif/else branch your logic; indentation defines the blocks.
  • for ... in loops over items or a range() of numbers.
  • while repeats until its condition becomes false.
  • break exits the loop; continue skips to the next iteration.

Quick quiz

Next, functions — how you package a check once and run it on thousands of inputs.

Was this lesson helpful?