+++
title = "Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz"
date = 2016-12-26
[taxonomies]
tags = ["books", "justin seitz", "python", "pentest", "reviews", "it"]
+++
[GoodReads Summary](https://www.goodreads.com/book/show/22299369-black-hat-python):
When it comes to creating powerful and effective hacking tools, Python is the
language of choice for most security analysts. But just how does the magic
happen?
{{ stars(stars=2) }}
The very first chapter give me high hopes for this book: Since Python is
basically part of every single Linux install, you could do a shitton
retrieving system and user information by just using the normal packages. You
won't even need to install nmap or similar; using plain Python packages, you
could check which services are running and such.
But then, things go downhill.
After the first chapter, you start to add Python packages, which means you
need to have root access -- and even if you use something like a virtualenv,
you still would announce yourself by requesting things over the net using
easy_install
(the book never mentions pip
-- heck,
it doesn't even *mentions* virtualenv to avoid being root), which could be
easily blocked by sysadmins if your company doesn't have anything with Python.
And it doesn't stop at that: after these starting chapters, it start hacking
Windows machines. Heck, Python is not installed by default on Windows and a
py2exe executable weights something like 15Mb, which isn't much in bandwidth,
but it's noticeable. And then it starts installing packages and more packages
and requesting to run things as administrator, which would surely be a hassle.
The Python code itself is simplistic, to say the least. At the very first
chapters I noticed that the code was basically C code translated to Python,
which wouldn't be a problem if you're thinking about replacing basic hack code
with Python code -- because it is easier to find Python installed than GCC,
for example -- but with the problems cited above actually make me think that
the author never really cared about Pythonic code, just did the very minimum
to make code run and that's it.
So, it's a bad book about hacking because it requires privileged access
beforehand and it's a bad book about Python because it doesn't follow Python
good practices. In the end, it's just a book with a few interesting Python
libraries, nothing more.