My hosting provider, and my own servers, have py, but that doesn't mean you have access to the libraries mentioned in this fine little book! It attempts to be both an introduction to Python and an intro to some sploits and some forensics. It does a good job if you're into either, and just now starting to learn some of your own Python coding.

The "hot book" on Python Forensics right now is Hosmer-- Python Forensics: A workbench for inventing and sharing digital forensic technology-- much more detailed, more expensive, more recent, and a much tighter focus on forensics than the broader brush of this book, which includes some pen development. Elesevier always gives their text web resources in the format elsevierdirect dot com forward slash companion then the isbn. This book's code is not as error filled as some earlier reviews said, so I'm guessing that it has been updated and corrected. Again, you'll need library access, and the code isn't as well annotated as Hosmer or Ligh's fine and classic Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, but remember it is pure Python, which will help both introduce and fill in some blanks in both Ligh and Hosmer.

By the way, Ligh also has a new, wonderful book out on forensics: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, and of course Ligh uses Python in all his books, blogs and articles as the "behind the scenes" create your own resource. I'm also a developer and contribute to zsand dot com's sandboxes, and one thing this book is missing that you'll find in both Ligh and Hosmer, are COMBINATIONS of sploit software that let you customize or see things like little python windows adding elements to the bigger API. An example would be embedding any PE (dll/exe etc.) in a "harmless" looking extension like .pdf, a network update or even a non-kernel/root looking extension like a screen tip or update.

Speaking of, since the authors of this book are all military, the upside is seeing how that world thinks (worked in it for some years), but the downside is their "courtesy." For example, they will say that the problem with a Google sploit is that it "requires a developer id which compromises anonymity" but completely ignores how easy it is to buy, hack, borrow or get those credentials, ids and codes anonymously online. This doesn't have to be black, it can even be for your own honeypot or a follow up on an attack where you don't want your developer id revealed even if you do have you own!

Highly recommended for beginners and those with access to py libraries. The caveat is that the freeware and GNU libraries out there are not enough, although they are much better than they were when this text was written, and Hosmer also shows you how to go direct instead of relying on libraries when you can't get them.

Took a quick flick through to get an idea of the content and went back to cover the parts I am interested in.

Although the book does cover some Python basics very well and steps through the install of both Python and packages used throughout the book, explaining why and where each one is needed I am not sure I would recommend the book to beginners and I do not think that is the target audience. If however you understand some programming basics and want to get into writing your own tools in Python this book will give you some of the most concise and well documented examples I have seen. Providing not just instructions on what you need to do but (more importantly) why you would want to do it. It provides the base scripts and the understanding leaving it up to the reader to take the script and expand on it as needed, an approach I like.

The writing style is clear and easy to follow, I am working my way back through the sections on packet capture using the nmap libraries getting a lot of info as I go along. Without a doubt one of the best book purchases I have made and I would seriously recommend it to someone looking to write their own tools or to just get an understanding of Python hacking.

A lot of security folks have little to no development experience, complicating their jobs when they want to do something that's slightly different from what existing tools can do. Python provides a particularly useful tool for them because of its innate readability, support for multiple programming paradigms, and tremendous library of existing modules that can be adapted and connected to do new and interesting things. And for those of us with more extensive programming backgrounds in addition to our security skillsets, Python provides an excellent workbench for nearly any relevant task.

Violent Python does not pretend in any way to teach readers how to program. In fact, when kicking off the brief section introducing the language itself, it flat out refers to to the reader "as an experienced programmer" (p. 6). However, a motivated hacker with limited exposure to Python can still follow along and pick things up relatively quickly, as VP doesn't really use any particularly esoteric language features.

That said, it also does not necessarily require the reader to cover it linearly from page 1 to the end. The subtitle of the book, after all, calls it a "cookbook for hackers", and it handles its end of the bargain. VP does not go into great detail for these projects but illustrates how to accomplish them relatively simply, primarily as inspiration for the reader who can then use the ideas and code as building blocks for self-driven projects.

I rarely like getting technology books in electronic format, and so I have the paperback copy. Given the complete lack of diagrams in this book, however, it wouldn't matter as much in this case. The quality of the paper and printing seems relatively high; the papers have a smooth, creamy texture, and the book has wide margins that lend themselves very well to note taking and similar marginalia. While I'm not particularly a fan of the particular typeface used for code in the book, I didn't find it so distracting as to make it impossible to work. As has become sadly common these days, the book contains a number of typographical errors and I really wish the publisher had put it through one more review iteration to catch them.

Contents

Chapter 2, "Penetration Testing with Python", provides examples of how to perform a port scan (first using the socket API and then with nmap integration), brute forcing, using weaknesses in SSH key generation, injecting malicious IFRAMEs, interacting with Metasploit, and sending custom buffer overflow code over the network.

Chapter 3, "Forensic Investigations with Python", discusses analyzing the history of wireless access points in the Windows registry (including geolocation), investigation of the Recycle Bin, examining metadata in various document types, and using application artifacts like SQLite databases in Firefox and Skype or iTunes Mobile.

Chapter 4, "Network Traffic Analysis with Python", gets into better geolocation, packet parsing using dpkt and Scapy, KML generation, and analyzing various types of traffic like the LOIC DDOS tool, varying TTLs from spoofed port scans, and DNS fast-flux, and TCP sequence prediction. It also briefly covers generating packets to match IDS signatures.

Chapter 5, "Wireless Mayhem with Python", reviews mining WiFi traffic for personal information like payment cards and authentication credentials, analyzing 802.11 probes and beacons, intercepting and hijacking UAV command traffic, detecting Firesheep use, and manipulate Bluetooth networks.

Chapter 6, "Web Recon with Python", explains the Mechanize and BeautifulSoup libraries as well as using the Google and Twitter APIs, plus a small section on spear phishing.

Chapter 7, "Antivirus Evasion with Python", covers how to use Pyinstaller to obfuscate a Metasploit payload from antivirus as well as how to check your code automatically against AV scanners.

TJ's book "Violent Python" is an exceptional book by any standard. It is well written, packed full of useful information, and presents material in an easy to read method. Beyond that, TJ donates all proceeds from this book to the Wounded Warrior program. To anyone that has had the pleasure of meeting and knowing TJ you understand that this is not a move out of the ordinary. He is helpful, intelligent, witty, kind, an expert on these matters, and exactly what you would want in both an author and a friend. The qualities are very similar in many ways; you want someone truthful but willing to help you break down the hard to understand concepts.

The other reviews on here have given great insight into the book and what you learn from it. If you are in this industry or interested in Python/hacking/forensics/pen-testing this is a must read. This review though was specifically meant to note the kind of person TJ is. The book speaks for itself but knowing a bit more about the quality of person TJ is makes it that much of a better read.

I have wanted to play around with the Python scripting language for a while, but life is busy and I never really got the opportunity. Then Violent Python showed up on my "to read" list. So I opened it and there were coding examples very early in the book. The author talks about creating a development environment and that is probably a good idea, but I work on a Mac, and hoped things would just work. So when we got to page 21, Your First Program, I just brought up a terminal window and typed in what it said on the page. It worked! That got me excited and I went back through the first chapter where the author introduces the language. I do not know that I will ever be a great Python scripter, but it is fun to know the basics. I spent the next four days playing with some of the examples. I could not do all the examples, for instance the Windows Registry, but I found the networking stuff to be fascinating. I do not personally aspire to become a penetration tester, but for anyone that does, I am confident this is an excellent resource.

I am a seasoned PHP and JavaScript programmer trying to get my hands around some python code and this book has been perfect. I have a great library of software books but this is one of the best for teaching yourself. The subject is very fun and interesting and if you are just getting started with Python then what a great way to get started than with this book on grey hat hacking. I have done the first few chapters and I am loving it. The books examples are very clear and you hit the road running. It's not an extensive treaty on the subject of either Python or Penetration Testing/ Hacking but it is a really fun way to get started.

I recommend it if you are trying to just learn Python since it is a fun way to do it. Most books have really dry examples.

I have this book in my bag when I go to work. I read it when I am on the train to work. Sometime a few pages a day and sometime more. I have already finished reading this book for more than 3 times but I still found something interesting to learn.

There is an old proverb says 'Practice makes perfect !'. I believe this book contain the basic 'Kung Fu' that I need to practice daily. Trust me, master the techniques in this book, you will benefit from it .

I've only got through most of Ch2 and have had bad experience with all of the SSH scripts. I originally retyped them myself, and then even ran the author's code (modified appropriately) and have not been able to successfully debug them yet. Maybe I'm not as an experienced programmer as I thought, but working examples would be nice. I'll update my review if I end up getting past any of these road blocks.

I hope to have more success throughout the rest of the book as the projects seem exciting and useful and should be able to encourage some of my own ideas for building tools.

Juste super !

Livre qui reprend les faits réel et essaye de les recréer, ducoup ça donne des choses réalisable, et en plus, il y a le code dedans, et tout est expliqué !

Ce livre est vraiment génial !

Im Rahmen des Studiums unseres Sohnes mega hilfreich

所謂世間一般のハッキングの本です。実際にPythonでスクリプトを作成しつつ ネットワーク侵入の手口や トラフィック解析などを取り上げます。

各章の前半に語られるストーリーも面白く 英語も平易な書き方なので 何を言ってるか分からないという事はないと思います。

日本にはこういうある意味コンピュータサイエンスを悪用？する手法を解説したものがないため、そういった手口を学ぶにはうってつけだと思います

great book for starting out in python. it gives great examples and information about past use of the scripts. a must for any pen tester

Comprei o livro sem me atentar a versão do Python, acabei devolvendo. Acredito que deveria atualizar o livro e tirar esse de circulação.