Black Hat Python: Python Programming for Hackers and Pentesters
by Justin Seitz
No Starch Press 2015.
ISBN ISBN 978-1-59327-590-7 Book Web Site: http://www.nostarch.com/blackhatpython
Reviewed by Richard Austin 1/14/2015
To cut to the chase, this is a charming little book on using Python to do interesting, security-related tasks quickly with a minimum of fuss and bother. The writing style is both fast-paced and lively. I thought to spend a few minutes exploring the book but was quickly captured by "It can't be that easy! Let's see." and the next thing I knew, I was halfway through the book.
The book opens with a quick setup of Kali Linux in a virtual machine and installing the Wing interactive development environment. This is done to get the reader up and running quickly with a minimum of bother with prerequisites but if you already have Python installed on your platform of choice, you are pretty much ready to dive right in.
After the first three pages of chapter 2, "The Network: Basics", you will have scripted opening a HTTP connection to Google. Though I was somewhat familiar with Python, I have to admit this was a "Wow!" moment. The script is quick and dirty with no error checking but it works. The action doesn't pause there but speeds on to implementing a network server and SSH tunneling. By the end of the chapter, one feels like one is a Python ninja but there is much more to come.
Chapter 3, "The Network: Raw Packets and Sniffing", definitely should be introduced with "You think that's cool? You ain't seen nothing yet!" In a scant 12 pages, Seitz guides you through building a pretty functional packet sniffer and host discovery tool. And to be clear, this isn't the "type-this-in-and-here's-what-you'll-see" type of presentation; Seitz's clear explanations go far beyond annotated code listings into actually teaching you how to get things done.
As the table of contents shows, the pace never slows as the remainder of the book guides the reader in building even more functional tools (though the tools aren't really the point but rather what the reader learns in putting them together). When you turn page 161 and find that you've finished the book, you'll likely be disappointed that there's nothing more. Seitz anticipates your disappointment with "homework" assignments peppered through the text and an invitation to let him know what kinds of interesting things you've gone on to implement in Python.
This is a fascinating book that frankly will seduce you into spending quality time reading it and working through its many examples. In return, you'll gain a powerful new tool that will make you wonder how you ever got along without it. Definitely a recommended read for the technical security professional with some basic previous exposure to Python.
It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin (http://cse.spsu.edu/raustin2) fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org