Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz2016-12-26 #books #justin seitz #python #pentest #reviews #it #stars:2 #published:2014
GoodReads Summary: When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?
The very first chapter give me high hopes for this book: Since Python is basically part of every single Linux install, you could do a shitton retrieving system and user information by just using the normal packages. You won't even need to install nmap or similar; using plain Python packages, you could check which services are running and such.
But then, things go downhill.
After the first chapter, you start to add Python packages, which means you
need to have root access -- and even if you use something like a virtualenv,
you still would announce yourself by requesting things over the net using
easy_install (the book never mentions
pip -- heck,
it doesn't even mentions virtualenv to avoid being root), which could be
easily blocked by sysadmins if your company doesn't have anything with Python.
And it doesn't stop at that: after these starting chapters, it start hacking Windows machines. Heck, Python is not installed by default on Windows and a py2exe executable weights something like 15Mb, which isn't much in bandwidth, but it's noticeable. And then it starts installing packages and more packages and requesting to run things as administrator, which would surely be a hassle.
The Python code itself is simplistic, to say the least. At the very first chapters I noticed that the code was basically C code translated to Python, which wouldn't be a problem if you're thinking about replacing basic hack code with Python code -- because it is easier to find Python installed than GCC, for example -- but with the problems cited above actually make me think that the author never really cared about Pythonic code, just did the very minimum to make code run and that's it.
So, it's a bad book about hacking because it requires privileged access beforehand and it's a bad book about Python because it doesn't follow Python good practices. In the end, it's just a book with a few interesting Python libraries, nothing more.