The source content for blog.juliobiason.me
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.4 KiB

+++ title = "Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz" date = 2016-12-26

[taxonomies] tags = ["books", "justin seitz", "python", "pentest", "reviews", "it", "2 stars"] +++

GoodReads Summary: When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?

{{ stars(stars=2) }}

The very first chapter give me high hopes for this book: Since Python is basically part of every single Linux install, you could do a shitton retrieving system and user information by just using the normal packages. You won't even need to install nmap or similar; using plain Python packages, you could check which services are running and such.

But then, things go downhill.

After the first chapter, you start to add Python packages, which means you need to have root access -- and even if you use something like a virtualenv, you still would announce yourself by requesting things over the net using easy_install (the book never mentions pip -- heck, it doesn't even mentions virtualenv to avoid being root), which could be easily blocked by sysadmins if your company doesn't have anything with Python.

And it doesn't stop at that: after these starting chapters, it start hacking Windows machines. Heck, Python is not installed by default on Windows and a py2exe executable weights something like 15Mb, which isn't much in bandwidth, but it's noticeable. And then it starts installing packages and more packages and requesting to run things as administrator, which would surely be a hassle.

The Python code itself is simplistic, to say the least. At the very first chapters I noticed that the code was basically C code translated to Python, which wouldn't be a problem if you're thinking about replacing basic hack code with Python code -- because it is easier to find Python installed than GCC, for example -- but with the problems cited above actually make me think that the author never really cared about Pythonic code, just did the very minimum to make code run and that's it.

So, it's a bad book about hacking because it requires privileged access beforehand and it's a bad book about Python because it doesn't follow Python good practices. In the end, it's just a book with a few interesting Python libraries, nothing more.