blog/content/reviews/books/black-hat-python-python-pro...

+++
title = "Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz"
date = 2016-12-26

[taxonomies]
tags = ["books", "justin seitz", "python", "pentest", "reviews", "it", 
"2 stars"]
+++

[GoodReads Summary](https://www.goodreads.com/book/show/22299369-black-hat-python):
When it comes to creating powerful and effective hacking tools, Python is the
language of choice for most security analysts. But just how does the magic
happen?

<!-- more -->

{{ stars(stars=2) }}

The very first chapter give me high hopes for this book: Since Python is
basically part of every single Linux install, you could do a shitton
retrieving system and user information by just using the normal packages. You
won't even need to install nmap or similar; using plain Python packages, you
could check which services are running and such.

But then, things go downhill.

After the first chapter, you start to add Python packages, which means you
need to have root access -- and even if you use something like a virtualenv,
you still would announce yourself by requesting things over the net using
<code>easy_install</code> (the book never mentions <code>pip</code> -- heck,
it doesn't even *mentions* virtualenv to avoid being root), which could be
easily blocked by sysadmins if your company doesn't have anything with Python.

And it doesn't stop at that: after these starting chapters, it start hacking
Windows machines. Heck, Python is not installed by default on Windows and a
py2exe executable weights something like 15Mb, which isn't much in bandwidth,
but it's noticeable. And then it starts installing packages and more packages
and requesting to run things as administrator, which would surely be a hassle.

The Python code itself is simplistic, to say the least. At the very first
chapters I noticed that the code was basically C code translated to Python,
which wouldn't be a problem if you're thinking about replacing basic hack code
with Python code -- because it is easier to find Python installed than GCC,
for example -- but with the problems cited above actually make me think that
the author never really cared about Pythonic code, just did the very minimum
to make code run and that's it.

So, it's a bad book about hacking because it requires privileged access
beforehand and it's a bad book about Python because it doesn't follow Python
good practices. In the end, it's just a book with a few interesting Python
libraries, nothing more.
sections to make things more organized 6 years ago			`+++`
			`title = "Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz"`
			`date = 2016-12-26`

			`[taxonomies]`
Tagged stars in reviews 4 years ago			`tags = ["books", "justin seitz", "python", "pentest", "reviews", "it",`
			`"2 stars"]`
sections to make things more organized 6 years ago			`+++`

Removed the language tag from taxonomies 5 years ago			`[GoodReads Summary](https://www.goodreads.com/book/show/22299369-black-hat-python):`
			`When it comes to creating powerful and effective hacking tools, Python is the`
			`language of choice for most security analysts. But just how does the magic`
			`happen?`
sections to make things more organized 6 years ago
Removed the language tag from taxonomies 5 years ago			`<!-- more -->`
sections to make things more organized 6 years ago
Removed the language tag from taxonomies 5 years ago			`{{ stars(stars=2) }}`
sections to make things more organized 6 years ago
Removed the language tag from taxonomies 5 years ago			`The very first chapter give me high hopes for this book: Since Python is`
			`basically part of every single Linux install, you could do a shitton`
			`retrieving system and user information by just using the normal packages. You`
			`won't even need to install nmap or similar; using plain Python packages, you`
			`could check which services are running and such.`
sections to make things more organized 6 years ago
Removed the language tag from taxonomies 5 years ago			`But then, things go downhill.`
sections to make things more organized 6 years ago
Removed the language tag from taxonomies 5 years ago			`After the first chapter, you start to add Python packages, which means you`
			`need to have root access -- and even if you use something like a virtualenv,`
			`you still would announce yourself by requesting things over the net using`
			`<code>easy_install</code> (the book never mentions <code>pip</code> -- heck,`
			`it doesn't even mentions virtualenv to avoid being root), which could be`
			`easily blocked by sysadmins if your company doesn't have anything with Python.`

			`And it doesn't stop at that: after these starting chapters, it start hacking`
			`Windows machines. Heck, Python is not installed by default on Windows and a`
			`py2exe executable weights something like 15Mb, which isn't much in bandwidth,`
			`but it's noticeable. And then it starts installing packages and more packages`
			`and requesting to run things as administrator, which would surely be a hassle.`

			`The Python code itself is simplistic, to say the least. At the very first`
			`chapters I noticed that the code was basically C code translated to Python,`
			`which wouldn't be a problem if you're thinking about replacing basic hack code`
			`with Python code -- because it is easier to find Python installed than GCC,`
			`for example -- but with the problems cited above actually make me think that`
			`the author never really cared about Pythonic code, just did the very minimum`
			`to make code run and that's it.`

			`So, it's a bad book about hacking because it requires privileged access`
			`beforehand and it's a bad book about Python because it doesn't follow Python`
			`good practices. In the end, it's just a book with a few interesting Python`
			`libraries, nothing more.`